Protect Critical Infrastructure With Advanced Identity Management Solutions

Protect Critical Infrastructure With Advanced Identity Management Solutions

  • By Daniel W. Krantz
  • Jul 22, 2014

We live in a high-risk world. Our post 9-11 culture has taught us not to be as trusting as we once were. Sadly, our nation's critical infrastructures have increasingly become high-risk terrorist targets. While risks and threats are always out there, a huge component in protecting critical infrastructure in times of crises is properly managing the identities of those who are trying to get in - and out - of secured zones.

It's a daunting task, but building a trusted community in support of secure operations and incident response is possible. In an age when identification cards and credentials can be so easily replicated and duped, real-time verification of individuals’ identity, employment affiliations, background and skills is essential in mitigating the “inside threat” inherent in the construction and operations of our nation’s critical infrastructure.

Protect Critical Infrastructure With Advanced Identity Management SolutionsAs a co-founder of the Secure Worker Access Consortium program, known as SWAC, I can attest to the increased efficiency and effectiveness that results from uniting otherwise disconnected organizations in support of trusted communities of workers - people who stand ready to support critical infrastructure and re-enter a site with the proper identity, clearances and skill sets. The program has been implemented at some of our highest value targets - World Trade Center, the NY/NJ region’s bridges, airports and tunnels. So, how can an identity management solution work for you? How do you go about implementing such a program? Here are some simple steps:

Collect personal information securely, and validate it. It's critical to validate personal information as it’s collected. In running these types of program, we have a responsibility to collect information securely and maintain the integrity of that data so it can be trusted for secure operations. Rule # 1 - Stop the Faxes! Faxing documents that contain sensitive information such as a Social Security Number, date of birth, address and employment history, can very easily compromise highly personal information.

To establish trusted communities, we must collect personal information securely, protect it, and, most importantly, validate identities and backgrounds as being truly authentic. For instance, very simple document authentication equipment can analyze the security features embedded within any government-issued ID to assure that an identity document presented is, in fact, legitimate. It enables you to positively ID that person for entry to facilities.

Organize personnel by active affiliations and skill sets. We must understand individuals’ employment affiliations and skill sets. Simply because someone is who they say they are doesn't mean that he/she is authorized to perform certain tasks, or that they belong at a particular incident scene. Contracted workers often attempt using obsolete credentials to gain access to secure sites.  Once inside they may have access to sensitive facilities and mechanical system, and the opportunity to do harm.  In public safety communities, emergency responders can be tempted by radio traffic from nearby incidents to self-dispatch and inappropriately respond to emergency scenes. That type of unauthorized response results in unnecessary risks, and can prolong the duration of the incident, and the cost associated with response and recovery efforts.

Different people possess unique, specialized skillsets that can keep us safe and minimize risk and liability. These should be tracked to ensure that someone is not only who they say they are, but also that they belong at a site because they were summoned there, and have the proper training and skill sets to perform the job that needs to be done.  This can sometimes involve integrating third parties, such as the training academies, to assure the proper assignment of certifications to individuals. This comprehensive view of a person creates a profile that goes way beyond a mere name on a list, but rather an educated selection of individuals to expedite a response and minimize the impact of that event.

Standards and audit controls. Don't be anxious that you're collecting personal information, and will know who’s affiliated with whom, who does what, and when someone's security clearance or training certification expires. Yes, you're collecting and managing a lot of personal data, but you can protect yourself with standards that are already established, and audit controls that prove compliance with those standards. Many standards have already been put in place, such as Homeland Security Presidential Directives, FIPS data standards, and CFRs related to national infrastructure protection that clearly define, at the federal level, what an individual's profile should look like in order to comply with federal recommendations and mandates.

This allows you to say "We don’t set the criteria. We simply collect information, process it to third parties who are certifying authorities in that particular discipline, and enable the secure need-to-know sharing of that information with public safety officials for the purpose of securing a zone, or allowing only those individuals needed back into a zone for expedited response and minimized impact."

Provide officers with accurate, real-time information. To establish a trusted community, officers and emergency responders must be empowered with accurate, real-time information that’s secure, trusted, and reliable. Data contained on credentials is potentially obsolete in a short period of time. And ID cards can be relatively easily forged.  Today’s fake IDs look authentic. They may not have the security features that are invisible to the eye that a bona-fide Real-ID has, but in a flash and pass program, someone would likely get through nine or more times out of 10!

Protect Critical Infrastructure With Advanced Identity Management SolutionsSWAC’s trusted community empowers security personnel with real-time information that doesn't disclose personal information, but instead, privately says that an individual accessing critical infrastructure meets the criteria to access the location at a specific time. When we consider identities, affiliations, and skill sets as part of the access decision equation, it drastically cuts the chaos at entry points, enabling our public safety officers to more efficiently and effectively control entry to secure locations and critical incident scenes.

Action Plan

Positively identify the community that works for you and track their skill sets if they’re in environments where that’s important. Pinpoint criteria that makes sense for you and authenticate that access, not by issuing an ID card that anybody can fake or defraud, but by authenticating it back to the original data source. Where’s the protected data that we know is valid? That’s the data that should be used for authenticating individuals’ access rights. It's the backbone to building trusted communities for secure operations and incident response.

(Image #1 - SWAC bridge in NY)

(Image #2 - SWAC terminal)

About the Author

Daniel W. Krantz is managing director and CEO of Real-Time Technology Group (RTTG).

Featured

  • Progressing in Capabilities

    Progressing in Capabilities

    Hazardous areas within industries like oil and gas, manufacturing, agriculture and the like, have long-sought reliable video surveillance cameras and equipment that can operate safely in these harsh and unpredictable environments. Read Now

  • A Comprehensive Nationwide Solution

    A Comprehensive Nationwide Solution

    Across the United States, manufacturing facilities, distribution centers, truck yards, parking lots and car dealerships all have a common concern. They are targets for catalytic converters. In nearly every region, cases of catalytic converter thefts have skyrocketed. Read Now

  • Planning for Your Perimeter

    Planning for Your Perimeter

    The perimeter is an organization’s first line of defense and a critical element of any security and surveillance program. Even if a building’s interior or exterior security is strong, without a solid perimeter surveillance approach any company or business is vulnerable. Read Now

  • The Key Issue

    The Key Issue

    It is February 2014. A woman is getting ready in her room on a cruise ship when she hears a knock on the door; it is a crewmember delivering breakfast. She is not presentable so she tells him to leave it by the door. Read Now

Most   Popular

Featured Cybersecurity

New Products

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • SecureAuth

    SecureAuth

    The acceleration of digital transformation initiatives as a result of COVID-19 has created a lasting impact on how businesses empower their workforce and engage customers. 3

  • PDK IO Access Control Software

    PDK.IO Access Control Software

    ProdataKey now allows for "custom fields" within the interface of its pdk.io software. Custom fields increase PDK's solutions' overall functionality by allowing administrators to include a wide range of pertinent data associated with each user. 3