Protect Critical Infrastructure With Advanced Identity Management Solutions

Protect Critical Infrastructure With Advanced Identity Management Solutions

We live in a high-risk world. Our post 9-11 culture has taught us not to be as trusting as we once were. Sadly, our nation's critical infrastructures have increasingly become high-risk terrorist targets. While risks and threats are always out there, a huge component in protecting critical infrastructure in times of crises is properly managing the identities of those who are trying to get in - and out - of secured zones.

It's a daunting task, but building a trusted community in support of secure operations and incident response is possible. In an age when identification cards and credentials can be so easily replicated and duped, real-time verification of individuals’ identity, employment affiliations, background and skills is essential in mitigating the “inside threat” inherent in the construction and operations of our nation’s critical infrastructure.

Protect Critical Infrastructure With Advanced Identity Management SolutionsAs a co-founder of the Secure Worker Access Consortium program, known as SWAC, I can attest to the increased efficiency and effectiveness that results from uniting otherwise disconnected organizations in support of trusted communities of workers - people who stand ready to support critical infrastructure and re-enter a site with the proper identity, clearances and skill sets. The program has been implemented at some of our highest value targets - World Trade Center, the NY/NJ region’s bridges, airports and tunnels. So, how can an identity management solution work for you? How do you go about implementing such a program? Here are some simple steps:

Collect personal information securely, and validate it. It's critical to validate personal information as it’s collected. In running these types of program, we have a responsibility to collect information securely and maintain the integrity of that data so it can be trusted for secure operations. Rule # 1 - Stop the Faxes! Faxing documents that contain sensitive information such as a Social Security Number, date of birth, address and employment history, can very easily compromise highly personal information.

To establish trusted communities, we must collect personal information securely, protect it, and, most importantly, validate identities and backgrounds as being truly authentic. For instance, very simple document authentication equipment can analyze the security features embedded within any government-issued ID to assure that an identity document presented is, in fact, legitimate. It enables you to positively ID that person for entry to facilities.

Organize personnel by active affiliations and skill sets. We must understand individuals’ employment affiliations and skill sets. Simply because someone is who they say they are doesn't mean that he/she is authorized to perform certain tasks, or that they belong at a particular incident scene. Contracted workers often attempt using obsolete credentials to gain access to secure sites.  Once inside they may have access to sensitive facilities and mechanical system, and the opportunity to do harm.  In public safety communities, emergency responders can be tempted by radio traffic from nearby incidents to self-dispatch and inappropriately respond to emergency scenes. That type of unauthorized response results in unnecessary risks, and can prolong the duration of the incident, and the cost associated with response and recovery efforts.

Different people possess unique, specialized skillsets that can keep us safe and minimize risk and liability. These should be tracked to ensure that someone is not only who they say they are, but also that they belong at a site because they were summoned there, and have the proper training and skill sets to perform the job that needs to be done.  This can sometimes involve integrating third parties, such as the training academies, to assure the proper assignment of certifications to individuals. This comprehensive view of a person creates a profile that goes way beyond a mere name on a list, but rather an educated selection of individuals to expedite a response and minimize the impact of that event.

Standards and audit controls. Don't be anxious that you're collecting personal information, and will know who’s affiliated with whom, who does what, and when someone's security clearance or training certification expires. Yes, you're collecting and managing a lot of personal data, but you can protect yourself with standards that are already established, and audit controls that prove compliance with those standards. Many standards have already been put in place, such as Homeland Security Presidential Directives, FIPS data standards, and CFRs related to national infrastructure protection that clearly define, at the federal level, what an individual's profile should look like in order to comply with federal recommendations and mandates.

This allows you to say "We don’t set the criteria. We simply collect information, process it to third parties who are certifying authorities in that particular discipline, and enable the secure need-to-know sharing of that information with public safety officials for the purpose of securing a zone, or allowing only those individuals needed back into a zone for expedited response and minimized impact."

Provide officers with accurate, real-time information. To establish a trusted community, officers and emergency responders must be empowered with accurate, real-time information that’s secure, trusted, and reliable. Data contained on credentials is potentially obsolete in a short period of time. And ID cards can be relatively easily forged.  Today’s fake IDs look authentic. They may not have the security features that are invisible to the eye that a bona-fide Real-ID has, but in a flash and pass program, someone would likely get through nine or more times out of 10!

Protect Critical Infrastructure With Advanced Identity Management SolutionsSWAC’s trusted community empowers security personnel with real-time information that doesn't disclose personal information, but instead, privately says that an individual accessing critical infrastructure meets the criteria to access the location at a specific time. When we consider identities, affiliations, and skill sets as part of the access decision equation, it drastically cuts the chaos at entry points, enabling our public safety officers to more efficiently and effectively control entry to secure locations and critical incident scenes.

Action Plan

Positively identify the community that works for you and track their skill sets if they’re in environments where that’s important. Pinpoint criteria that makes sense for you and authenticate that access, not by issuing an ID card that anybody can fake or defraud, but by authenticating it back to the original data source. Where’s the protected data that we know is valid? That’s the data that should be used for authenticating individuals’ access rights. It's the backbone to building trusted communities for secure operations and incident response.

(Image #1 - SWAC bridge in NY)

(Image #2 - SWAC terminal)

About the Author

Daniel W. Krantz is managing director and CEO of Real-Time Technology Group (RTTG).

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Busy South Africa Building Integrates Custom Access Control System

    Nicol Corner, based in Bedfordview, Johannesburg, South Africa, is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. This is the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption. Nicol Corner (Pty) LTD has developed a landmark with sophisticated design and unique architecture by collaborating with industry-leading partners and specifying world-class equipment throughout the project. This includes installing a high-spec, bespoke security and access control system. Read Now

  • Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

Featured Cybersecurity

Webinars

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3