Backbone Support

Backbone Support

Site protection requires training, vigilance and the latest electronic equipment

Our nation’s critical infrastructure serves as the backbone supporting activities at manufacturing plants to elementary schools. The network of power plants, water facilities, bridges and more are so vital that any significant disruption of their operations could profoundly impact our nation’s economy, public health or safety.

The USA Patriot Act defines 16 critical infrastructure sectors. Protecting thousands of sites against both foreign and domestic terrorists requires training, vigilance and layers of the latest electronic equipment and some of the most basic security activities.

HARDEN THE PERIMETER

It is best to stop intruders before they reach their targets. Many critical infrastructure facilities install perimeter fencing incorporating fiber optic sensors. These sensors detect disruptions in light sent down the length of the cable. They integrate with software controlling security cameras, including low-light infrared devices, to provide first responders with live video of attempted breaches. Waterfront properties discourage divers by using the same type of fiber cable woven into anchored, stainless-steel rope fences. Trees along the perimeter should be removed or regularly trimmed so they don’t allow intruders to scale barriers.

Terrorists have successfully used vehicles to deliver explosive payloads. A 15,000-pound truck traveling at 50 miles per hour can be stopped by fencing made of the same steel cable used to catch fighter jets landing on an aircraft carrier.

Also, fortified gates with an installed video intercom enable a security officer to see and have a two-way conversation with vehicle drivers before remotely opening the barrier. A card reader can be either separately mounted or embedded in the intercom allowing employees to use a card-key to enter without assistance.

Extra lighting around the perimeter acts as a deterrent to would-be attackers and enables patrolling guards to see better at night. Concrete bollards protect building entries from vehicular attacks while also serving as planters or benches that blend into an area’s landscape plan.

Access control. Access control protects buildings and critical areas within. Keypads or readers at entries to sensitive areas limit access to authorized employees, vendors and visitors. The credentials, which also serve as photo ID badges, should be worn whenever a person is on secured property. The cards also may include colored stripes, quickly indicating which areas a person is authorized to access.

Mobile credentialing allows vendors to access unattended sites such as remote utility substations without an escort. Vendors download a mobile app and email credential to their smartphones. The device’s Bluetooth technology signals the access control reader or keyless padlock to allow entry. Security is enhanced as mobile credentialing requires possession of the smartphone, a PIN or biometric verification to unlock the device, the app and a downloaded credential. The smartphone’s built-in GPS enables security officers to precisely track each phone and its owner.

Highly secured areas such as airport tarmac entries, laboratories and security command centers often require a second identity authenticator. Biometric readers using iris, fingerprint or facial recognition are commonly used.

Video. Surveillance cameras provide security officers with realtime views of facilities, both inside and out. Cameras should be positioned at all external entry points, as well as in any lobbies, interior hallways and at secure rooms to enable officers to see who enters. Network-based cameras allow video monitoring from remote command centers or on smart devices of patrolling officers.

Thermal cameras spot people at night and may also identify those with elevated body temperatures, a potential sign of a COVID- 19 virus infection. The Centers for Disease Control recently advised that critical infrastructure employees be permitted to work after possible exposure to COVID-19 as long as they remain asymptomatic and precautions to protect them and other workers are added.

Drones. They may be both an asset and a liability when it comes to protecting critical infrastructure. A drone with a mounted video camera can provide security officers with excellent aerial views of the immediate perimeter, and beyond, to see early warnings of a potential attack.

However, drones may also be used by terrorists to spy as well as to deliver explosives and other hazardous materials. Non-military drones can carry 20-plus-pound payloads for distances up to 20 miles – or more – and can easily travel at speeds of 40 miles per hour.

U.S. law has not fully caught up with the threat drones represent. Currently, private organizations are prohibited from shooting down drones or using electronic signals to jam a pilot’s control capabilities. However, a 2018 federal law gives the Department of Homeland Security and the FBI authority to disable drones that pose a threat to critical infrastructure.

Systems, including radar technology, can spot drones and provide information on a pilot’s location, the drone type and the controller’s IP address. Data is displayed on a smartphone app and may be shared with authorities for possible apprehension and prosecution of the pilot.

Resiliency. This implies an ability to withstand and rapidly recover from an attack, accident or natural disaster. Protecting people should be the first step taken during and immediately following an emergency. Emergency notification systems are essential for sharing information to avoid panic that increases the likelihood of injuries and possible deaths.

Fire systems are often a first-line choice for notifying people via email blasts, sirens, voice and strobe lights. Separate highpower speaker arrays share emergency information over larger areas. Tower-mounted speakers can deliver intelligible live and pre-recorded messages at distances of up to a third of a mile or more, depending upon topography.

Smartphone apps, may be developed for a specific site, enable employees to report suspicious activity and receive text, voice and email warnings from the security staff. Officers can use apps to contact people en route to a site, alerting them to an emergency and advising them to stay away until the situation is resolved.

Critical infrastructure sites require backup generators to continue emergency operations in case of a power failure. Protecting key employees as they travel also may avoid or reduce operational disruptions. Critical management software providers can warn of significant threats worldwide, enabling people to eliminate or re- route travel plans.

Security teams need to create an emergency plan that includes procedures for shelter-in-place and evacuations. Regularly conducted drills allow the team to check the operability of communications systems and response times. The results of each exercise should be reviewed and used to make changes to the plan, if necessary.

In case of an attack, a well-trained security team will help shorten the recovery process.

Consider an integrator’s offer to embed an experienced employee or two as part of a site’s security team.

Risk assessments. Before creating a new plan, work with an outside security integrator to help conduct a risk assessment. It’s easy for the in-house security team to overlook deficiencies due to familiarity with the site. An experienced integrator will review legacy systems and suggest where new tactics and solutions are warranted. The assessment helps security directors focus their limited budgets on those areas most in need of improvement.

Plans for new critical infrastructure or renovations of existing sites should include physical security requirements from the outset. The results are often more effective security at a lower cost.

Cyberattacks. Cybersecurity plays an increasingly important role as virtually all modern physical security systems rely on network connections. Those connections that improve security operations also increase the risk of a successful cyberattack. Security officials must harden their system software with firewalls and anti-malware to reduce the chance of the devices providing hackers a pathway into the network.

To use a site workstation, employees should use Personal Identity Verification (PIV) cards with greater encryption and embedded biometric data authenticated by a separate reader. Also, keep the organization’s laptops and mobile phones locked up when not in use.

Cyber and physical attacks differ in nature, but the results may be the same – a segment of the nation’s critical infrastructure being out of service. And a review of recent cyberattacks on government, financial and retail organizations shows almost any group is susceptible to dedicated and sophisticated hackers.

These are just a few highlights of all the steps required to secure critical infrastructure. Work with an experienced integrator to provide current best practices. And plan on working closely with federal, state and local first responders to improve communication and coordination during an emergency.

The security needs of each critical infrastructure site may vary widely based on its use and location. More than 80 percent of these sites are owned by non-governmental organizations, with their own budgets and views on protecting employees and assets. Any security solution requires multiple layers of integrated systems. There is no one technology capable of meeting all physical and cybersecurity needs.

Also, not all disruptions are due to terrorists. Other causes may include severe weather and other natural disasters, pandemics and accidents. Security directors must always plan, prepare, monitor, and, when necessary, react and innovate to harden their facilities against all threats.

This article originally appeared in the July / August 2020 issue of Security Today.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”