Hardened Networks Add Reliability to Remote Monitoring

IP-enabled video cameras have dramatically changed the way physical security can be implemented

Industrial Ethernet is a powerful tool when planning for the deployment of remote security monitoring in any setting that has environmental challenges. Physical security is a concern for most segments of national infrastructure, from public utilities and transportation systems to private industry, local governments and education. The ability to deploy a seamless, highly reliable and redundant, high-bandwidth communications network is paramount. It must convey data, video—at various levels of resolution—and VoIP-based alerts and conversations. Industrial Ethernet, which has been adopted as a global communications standard by prestigious and powerful groups such as the IEC for power utilities (IEC 68150), provides the platform for which numerous manufacturers of security appliances and other industrial equipment can create widely available, well-priced, future-proof equipment. An examination of several case studies where sensitive locations deployed Ethernet- based security monitoring systems can prove instructive.

Protecting National Infrastructure

Power utilities are at the center of a national (and international) effort to create security standards that can protect these national lifelines from intentional or inadvertent security breaches. Given the far-flung nature of the power grid, remote security monitoring enabled by an Ethernet communications network offers the most affordable answer to increased security and surveillance needs.

Nuclear Power Facility Uses Thermal Fence

A nuclear power facility installed a fully integrated perimeter alert system for simultaneous threat detection and assessment capability. The thermal fence incorporates both thermal security cameras and control and management software for the sensors deployed around the perimeter, providing a full virtual fence solution. Hardened managed Ethernet switches integrated the internal control and monitoring activities with the perimeter monitoring and alarm system.

Managed industrial Ethernet switches provide the network transport system “glue” that transfers the information collected in the field to redundant servers in the central monitoring station. Multiple resilient rings ensure high availability in an environment where failure is not an option. The same communications protocol delivers video information to the security hub that manages up to 256 VLANs, providing secure data pipes and keeping various control and monitoring channels separate within the facility.

Managed switches also can reduce traffic through the use of protocols such as Internet Group Management Protocol (IGMP). The primary goal of IGMP is to eliminate unwanted multicast traffic from video feeds. Typically, IGMP requires expensive and complex layer-3 switch/router implementations to manage multicast video streams so that they are sent only to target switches. However, this nuclear facility used a combination of layer 2 switches, implementing IGMP-Snooping (a kind of IGMP-lite) and IGMP-L2, a Belden proprietary protocol developed by its GarrettCom brand. This brand also works with layer 2 switches that provide similar results with less complexity in many applications.

Far-flung Power Gen and Substations Require Flexible Op tions Power utilities have challenges beyond the protection of a single facility. The entire smart grid consists of complex interactions among power generation equipment, substations, transmission and distribution lines and consumers.

Centralized monitoring of operational data is critical for cost-effective operation while new regulatory requirements and good practices dictate increased access security. Connectivity across the smart grid uses the full gamut of technologies available. Some networks use Gigabit fiber backbones that stretch for miles, often configured in redundant rings for resiliency. When it is neither practical nor cost effective to lay dedicated fiber cable, connections may be accomplished with the use of Ethernet over wireless Ethernet or by sending Ethernet over WAN circuits (e.g., DDS, T1/E1) from local telephone providers. A router equipped with a firewall is required at each end of the line to provide an electronic security perimeter to protect sensitive data. Further demonstrating the flexibility of IP, new routers have been developed that send data over a fiber or WAN backbone and also provide a cellular connection as backup. The flexibility of Ethernet transport equipment solves the problem of distance when aggregating security or operational activity data from remote sites for centralized monitoring, data storage and coordinated response when necessary.

Remote security applications typically consist of video cameras supplemented by access control devices that also provide personnel logging to meet NERC/CIP requirements. These security devices transmit either consistently or on an exception basis when an event occurs. The security information passes over the same communications channel as the data that is being transferred for monitoring and control of the equipment at that location. VoIP phones support secure communication when members of the maintenance or operations staff are at the remote site.

In many cases, the switches required to manage these security appliances are deployed in the field where they are exposed to temperature extremes and possibly moisture and dust; hardened networking devices are required. When the switches are installed inside remote substations, they need to be additionally hardened—sometimes called substation-level hardening— to withstand high electromagnetic radiation and the possibility of power spikes.

Crime Prevention and Personal Security

A more traditional application for many security dealers and integrators is a surveillance and security system designed to protect property and people. While a considerable number of these installations are deployed within buildings and can be supported by commercial-grade networking equipment, many others require that at least some of the networking equipment be installed in harsher environments. Industrially hardened switches, routers and other equipment are typically the best choice for installation in environments such as parking lots, garages and campuses, which are damp, dusty and regularly exposed to temperature extremes or high levels of electrical noise.

Campus Security in Weather Extremes

Campus security, like city-wide security, requires strategic planning. A college in central Florida provides video surveillance coupled with emergency phones campus-wide. This surveillance and VoIP system had the usual issues of connecting back to a central facility— with one extra consideration. Florida’s combination of frequent lightning strikes and relatively high water tables contributed to far too many failures in the emergency phone system.

The original network had two separate networks, a Cat-5e copper wire system for the emergency phones and a separate fiber optic and copper system that linked surveillance cameras. The phones were daisy-chained together while the camera system used a star topology. The campus had a shallow water table that was only 1.5 feet below the surface. During the frequent lightning strikes, electric current was conducted through the ground and found its way through the copper wiring installed, burning out the outdoor phones.

By integrating phone and camera services onto a single Ethernet network over a resilient fiber ring, the campus reduced cabling costs while increasing reliability. The new network runs over a fiber optic backbone that is terminated above the water table line on the camera and phone towers.

Because fiber does not conduct electricity, the extended use of fiber cabling, combined with a more aggressive grounding strategy that included a lightning rod on each tower, addressed the lightning issue.

To withstand the heat buildup and humidity of the Florida campuses, an industrially hardened switch, fully enclosed and with robust management capabilities, was required.

The new system is more reliable and significantly reduces deployment and maintenance costs. An automated alarm system monitors all managed switches every 10 minutes. When problems occur, the network analyst is immediately notified via email or text message. SNMP traps are stored on a syslog server for each switch and are available to help troubleshoot issues.

IP-based security devices and the associated ability to employ network convergence enable a wide variety of security applications that formerly were either impossible or impractical to deploy. Standards-based equipment and networking components not only reduce equipment, deployment and training costs, but they also provide a stable platform upon which to build future security systems. Ethernet’s ability to support data, video and voice over a single network further reduces complexity and cost in a security deployment.

Within the Ethernet community there are a variety of products designed to operate in different environmental conditions. Because security requires failsafe communication, choosing reliable equipment is a critical component of the design.

This article originally appeared in the October 2012 issue of Security Today.

Featured

  • CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    The Cybersecurity and Infrastructure Security Agency (CISA) recently announced the kickoff of the 20th Cybersecurity Awareness Month. Throughout October, CISA and the National Cybersecurity Alliance (NCA) will focus on ways to “Secure Our World” by educating the public on how to stay safe online. Read Now

  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3