Protect Critical Infrastructure With Advanced Identity Management Solutions

Protect Critical Infrastructure With Advanced Identity Management Solutions

We live in a high-risk world. Our post 9-11 culture has taught us not to be as trusting as we once were. Sadly, our nation's critical infrastructures have increasingly become high-risk terrorist targets. While risks and threats are always out there, a huge component in protecting critical infrastructure in times of crises is properly managing the identities of those who are trying to get in - and out - of secured zones.

It's a daunting task, but building a trusted community in support of secure operations and incident response is possible. In an age when identification cards and credentials can be so easily replicated and duped, real-time verification of individuals’ identity, employment affiliations, background and skills is essential in mitigating the “inside threat” inherent in the construction and operations of our nation’s critical infrastructure.

Protect Critical Infrastructure With Advanced Identity Management SolutionsAs a co-founder of the Secure Worker Access Consortium program, known as SWAC, I can attest to the increased efficiency and effectiveness that results from uniting otherwise disconnected organizations in support of trusted communities of workers - people who stand ready to support critical infrastructure and re-enter a site with the proper identity, clearances and skill sets. The program has been implemented at some of our highest value targets - World Trade Center, the NY/NJ region’s bridges, airports and tunnels. So, how can an identity management solution work for you? How do you go about implementing such a program? Here are some simple steps:

Collect personal information securely, and validate it. It's critical to validate personal information as it’s collected. In running these types of program, we have a responsibility to collect information securely and maintain the integrity of that data so it can be trusted for secure operations. Rule # 1 - Stop the Faxes! Faxing documents that contain sensitive information such as a Social Security Number, date of birth, address and employment history, can very easily compromise highly personal information.

To establish trusted communities, we must collect personal information securely, protect it, and, most importantly, validate identities and backgrounds as being truly authentic. For instance, very simple document authentication equipment can analyze the security features embedded within any government-issued ID to assure that an identity document presented is, in fact, legitimate. It enables you to positively ID that person for entry to facilities.

Organize personnel by active affiliations and skill sets. We must understand individuals’ employment affiliations and skill sets. Simply because someone is who they say they are doesn't mean that he/she is authorized to perform certain tasks, or that they belong at a particular incident scene. Contracted workers often attempt using obsolete credentials to gain access to secure sites.  Once inside they may have access to sensitive facilities and mechanical system, and the opportunity to do harm.  In public safety communities, emergency responders can be tempted by radio traffic from nearby incidents to self-dispatch and inappropriately respond to emergency scenes. That type of unauthorized response results in unnecessary risks, and can prolong the duration of the incident, and the cost associated with response and recovery efforts.

Different people possess unique, specialized skillsets that can keep us safe and minimize risk and liability. These should be tracked to ensure that someone is not only who they say they are, but also that they belong at a site because they were summoned there, and have the proper training and skill sets to perform the job that needs to be done.  This can sometimes involve integrating third parties, such as the training academies, to assure the proper assignment of certifications to individuals. This comprehensive view of a person creates a profile that goes way beyond a mere name on a list, but rather an educated selection of individuals to expedite a response and minimize the impact of that event.

Standards and audit controls. Don't be anxious that you're collecting personal information, and will know who’s affiliated with whom, who does what, and when someone's security clearance or training certification expires. Yes, you're collecting and managing a lot of personal data, but you can protect yourself with standards that are already established, and audit controls that prove compliance with those standards. Many standards have already been put in place, such as Homeland Security Presidential Directives, FIPS data standards, and CFRs related to national infrastructure protection that clearly define, at the federal level, what an individual's profile should look like in order to comply with federal recommendations and mandates.

This allows you to say "We don’t set the criteria. We simply collect information, process it to third parties who are certifying authorities in that particular discipline, and enable the secure need-to-know sharing of that information with public safety officials for the purpose of securing a zone, or allowing only those individuals needed back into a zone for expedited response and minimized impact."

Provide officers with accurate, real-time information. To establish a trusted community, officers and emergency responders must be empowered with accurate, real-time information that’s secure, trusted, and reliable. Data contained on credentials is potentially obsolete in a short period of time. And ID cards can be relatively easily forged.  Today’s fake IDs look authentic. They may not have the security features that are invisible to the eye that a bona-fide Real-ID has, but in a flash and pass program, someone would likely get through nine or more times out of 10!

Protect Critical Infrastructure With Advanced Identity Management SolutionsSWAC’s trusted community empowers security personnel with real-time information that doesn't disclose personal information, but instead, privately says that an individual accessing critical infrastructure meets the criteria to access the location at a specific time. When we consider identities, affiliations, and skill sets as part of the access decision equation, it drastically cuts the chaos at entry points, enabling our public safety officers to more efficiently and effectively control entry to secure locations and critical incident scenes.

Action Plan

Positively identify the community that works for you and track their skill sets if they’re in environments where that’s important. Pinpoint criteria that makes sense for you and authenticate that access, not by issuing an ID card that anybody can fake or defraud, but by authenticating it back to the original data source. Where’s the protected data that we know is valid? That’s the data that should be used for authenticating individuals’ access rights. It's the backbone to building trusted communities for secure operations and incident response.

(Image #1 - SWAC bridge in NY)

(Image #2 - SWAC terminal)

About the Author

Daniel W. Krantz is managing director and CEO of Real-Time Technology Group (RTTG).

Featured

Featured Cybersecurity

Webinars

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3