The Physical Security_&_Risk_Management_book

SECURITY TECHNOLOGY BEST PRACTICES

The Physical Security Risk Management Book

A PROUD MEMBER OF INFRAGARD, IFMA, ASIS & IAHSS BY JAMES McDONALD, PSNA

2 | P a g e

Table of Contents

Table of Contents 2

Introduction 2

Risk Management & Physical Security 4

Critical Infrastructure Monitoring 8

Implementation 9

Policy Basics 11

Non-Compliance 11

Identification Procedures 12

Summary 12

Appendix A: Understanding Physical

Access Control Solutions 14

Site Survey for Access Systems 18

Physical Security Data or Key Facility

Assessment Checklist 20

Contact Information 46

Introduction

Today, integrated electronic and IP security systems can do many things. They can provide better security detection and confirmation, with less labor than ever before; they can work seamlessly with other systems running within the organization to alert and investigate activities, detect threats and automatically initiate a threat response. Over the last decade the integration and use of physical security solutions as a Risk Management and Asset Management tool has reduced theft, fraud and violence by huge numbers. In most cases the return on investment (ROI) of these systems, used correctly, has been in months and weeks not in years. My goal here is to discuss how my associates and I have been successful in multiple industries providing these solutions and at the same time improving the overall security, productivity and profits of our clients. For thousands of years man has developed systems and countermeasures to protect

assets, whether buildings, people, food supplies, etc. What we do in the security industry is to constantly improve and update those countermeasures to keep pace with those who would do you harm physically, financially or emotionally for their own personal or organizational gain. Where 2,000 years a

Roman Centurion may have protected the assets of the time, today we can use wireless camera systems and audio, which is monitored 24/7/365 days per year through a central command center to protect any asset at any time, almost anywhere. Since 911, to address the threat posed by those who wish to harm the United States or their own employees, critical infrastructure owners and operators today are continually assessing their policies, procedures, vulnerabilities and increasing their investment in security. State

Disclaimer Reference to any specific commercial product, process or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by American Alarm and Communications, Inc. or INFRAGARD. The views and opinions of author expressed within this document shall not be used for advertising or product endorsement purposes. To the fullest extent permitted by law, the author accepts no liability for any loss or damage (whether direct, indirect or consequential and including, but not limited to, loss of profits or anticipated profits, loss of data, business or goodwill) incurred by any person and howsoever caused arising from or connected with any error or omission in this document or from any person acting, omitting to act or refraining from acting upon, or otherwise using, the information contained in this document or its references. You should make your own judgment as regards use of this document and seek independent professional advice on your particular circumstances. © 2012 by James E. McDonald

3 | P a g e

and municipal governments across the country continue to take important steps to identify and assure the protection of key assets and services within their jurisdictions. Federal departments and agencies are working closely with industry to take stock of key assets and facilitate protective actions, while improving the timely exchange of important security related information. The Office of Homeland Security is working closely with key public- and private-sector entities to implement the Homeland Security Advisory System across all levels of government and the critical sectors. As a proud member if INFRAGARD, and their goal to promote ongoing dialogue and timely communication between members and the FBI. My team and I work hard every day to help those in key sectors protect their facilities, employees and visitors from internal and external threats. In today's ever-growing regulatory compliance landscape, organization can greatly benefit from implementing viable and proven physical security best practices for their organization. There are plenty of complicated documents that can guide companies through the process of designing a secure facility from the gold-standard specs used by the federal government to build sensitive facilities like embassies, to infrastructure standards published by industry groups like the Telecommunications Industry Association, to safety requirements from the likes of the National Fire Protection Association. Recent federal legislation, ranging from the Gramm-Leach Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA) and The Sarbanes Oxley Act of 2002 (SOX)

Homeland Security Presidential Directives 7 and 8 are putting pressure on public and private locations, and managed services entities to comply with a myriad amount of security and privacy issues. Within the broad concept of the United States' national and homeland security policies are several specific policies which focus on a specific aspect of national or homeland security. These policies include: the National Security Strategy, the National Infrastructure Protection Plan, the National Health Security Strategy, the National Strategy for Physical Protection of Critical Infrastructure and Key Assets, the National Strategy for Homeland Security, the National Counterintelligence Strategy of the United States, the National Strategy to Secure Cyberspace, and the National Military Strategy of the United States of America. Each of these strategies form a part of the overall national and homeland security policies of the United States, and in combination defines how the United States acts to protect itself from enemies, both foreign and domestic. Homeland Security Presidential Directive 7 (HSPD-7) & Physical Protection of Critical Infrastructure and Key Assets identified 18 critical infrastructure and key resources (CIKR) sectors. Each sector is responsible for developing and implementing a Sector-Specific Plan (SSP) and providing sector-level performance feedback to the Department of Homeland Security (DHS) to enable gap assessments of national cross-sector CIKR protection programs. SSAs are responsible for collaborating with public and private sector security partners and encouraging the development of appropriate information-sharing and analysis mechanisms within the sector. These Industry Sectors are broken down as follows:

Agriculture and Food

Banking and Finance

Chemical

Commercial Facilities

Communications

Critical Manufacturing

Dams

4 | P a g e

Defense Industrial Base

Emergency Services

Energy

Government Facilities

Healthcare and Public Health

Information Technology

National Monuments

Nuclear Reactors, Materials, and Waste

Postal and Shipping

Transportation

Water As a Physical Security Professional the tools we use may be the same or similar in each sector, however the integration, policies, goals and solution may differ. This document is dedicated to give you a basic overview of the different technologies we us and some examples of how they have been used. If you have specific needs, questions and concerns, please contact the author or a security professional to learn more about your needs.

Risk Management & Physical Security

The use of appropriate physical security technology measures can prevent or deter a wide variety of insider and external attacks, from staff fraud through to the facilitation or conduct of a terrorist attack. However, these counter-measures can also be costly, so it is important that they are implemented in a way that reflects the severity of the risk. Risk Management provides a systematic basis for proportionate and efficient security. From the moment an individual arrives on the grounds and walks through the doors, the following items should be part of a physical security best practices program for any facility.

The Risk Assessment or Physical Security Assessment

The Risk Assessment & Physical Security Assessment is the first step in the process to protect any facility or location and justify the investment in that protection. The Risk Assessment or Physical Security Assessment process is the same they incorporate identifying threats and assessing vulnerabilities then evaluating and implementing countermeasures. In this context, risk is usually understood to be the product of two factors: the likelihood of an event occurring, and the impact that the event

Identify Threats

Evaluate Countermeasures

Implement Countermeasures

Assess Vulnerabilities

Risk & Physical Security Management

Cycle

5 | P a g e

would have. When each of these has been evaluated, they are combined to provide an overall measure of risk. Then we use our security technology countermeasures to further reduce the opportunity and risk. Likelihood can be further broken down into three factors: intent, capability and opportunity. Intent is a measure of the insider’s determination to carry out the attack, while capability is the degree to which the insider possesses the skills, knowledge and resources to be successful in the attempt. I my study of fraud as a member of the Association of Certified Fraud Examiners (ACFE) I learned that according to Donald R. Cressey (April 27, 1919 – July 21, 1987) who was an American penologist, sociologist, and criminologist who made innovative contributions to the study of organized crime, prisons, criminology, the sociology of criminal law, white-collar crime. He is also known as the farther of the Fraud Triangle which states that there are three factors that need to exist for someone to commit fraud. They are Motive or Financial Pressure, Rationalization and Opportunity. Some things we can control and others we cannot, I have always focused on eliminating the Opportunity. My goal is to create the Perception of Detection with the security technology to stop fraud and other crimes. Besides a terrorist who is willing to die for their cause, most people, in my experience will think twice or find another target if they feel they will be unsuccessful or caught.

Opportunity is a combination of the access that an insider has to an organization’s assets (by virtue of their role or position), together with the vulnerability of the environment (for example, an environment that is constantly supervised or monitored by CCTV cameras is less vulnerable to some insider threats than an environment which is not subject to these controls). Impact should be considered in terms of the value of the assets affected and any wider consequences. For example, insider fraud can have both financial and reputational impacts.

Levels of risk assessment

There are three levels at which personnel security risk assessments can be conducted:

1. Organization 2. Group 3. Individual

The first examines and prioritizes the types of insider threats that are of concern to the organization as a whole, the second focuses on groups of employees with differing levels of opportunity to commit the threats, while the third deals with each employee on an individual basis. Most risk practitioners will find it helpful to start with the simplest and highest level approach, the organization level risk assessment, which provides a useful overview of the threats facing the organization and an opportunity to review countermeasures in general. The group level assessment will require a greater commitment of time and effort, but can yield significant insight into the groups of employees that give most cause for concern and the proportionate application of countermeasures within the organization. The individual level assessment is the most labor intensive of all, looking at every employee in turn to determine their combined opportunity and insider potential (i.e. threat and susceptibility). The levels of risk assessment that you use will depend on the threats faced by your organization and the nature of the workforce. It

6 | P a g e

is important that you understand the way in which the three approaches support different types of decision. For example, if the organizational risk assessment reveals that there is a negligible threat to the organization from an insider bringing a bomb into the building, this may rule out the need for baggage checks on entry to the site. Alternatively, the group level assessment could reveal that certain employees, due to their role in the organization, have regular access to highly confidential or sensitive information, and they may therefore require higher levels of supervision in the office. If, at the individual level, a particular employee is considered to have high insider potential and a high level of opportunity, then an individually tailored risk management plan might be required. The remaining two stages are implementation, which involves putting the new countermeasures identified by the risk or security assessment into operation, and evaluation, during which the effectiveness of the counter-measures is reviewed. The lists of assumptions made during the risk assessment will prove particularly useful during this evaluation. Depending on how much time has passed since the risk assessment, the evaluation stage should also show that the threats identified either have or have not been reduced by the counter-measures you have introduced. It is worth bearing in mind, however, those factors outside your control, such as the current threat level, or economic, political and social issues, may also have an influence. These same factors are likely to introduce new threats to be addressed in future assessments.

Design Solution Check List

The following are some key examples of points to consider when building a new data center. I use this as an example because Physical and Cyber Strategies share common underlying policy objectives and principles. The first objective of this Strategy is to identify and assure the protection of those assets, systems, and functions that are deemed most “critical” to the organization. Almost every facility today has data access or data storage and in many cases the “Data Room or Closet” is one of the least secured locations in the facility and is the most vulnerable. The liability of data loss for almost every organization is astronomical. The customer or personal data, organizational confidential information or trade secrets could destroy an organization without firing a shot. Most MDF rooms or main equipment room is where inside and outside cables and conduit terminate. It is usually referred to as the MDF (Main Distribution Frame) are accessible by everyone in the organization from the receptionist to the janitor. So, as you read through this next section, apply the principles to your facility and think of how you could enhance you security to reduce your risk of loss.

Build on the Right Spot

Be sure the building is some distance from headquarters (20 miles is typical) and at least 100 feet from the main road. Bad neighbors: airports, chemical facilities, power plants. Bad news: earthquake fault lines and (as we've seen all too clearly this year) areas prone to hurricanes and floods. And scrap the "data center" sign.

Restrict Area Perimeter

Secure and monitor the perimeter of the facility.

Have Redundant Utilities

Data centers need two sources for utilities, such as electricity, water, voice and data. Trace electricity sources back to two separate substations and water back to two different main lines. Lines should be underground and should come into different areas of the building,

7 | P a g e

with water separate from other utilities. Use the data center's anticipated power usage as leverage for getting the electric company to accommodate the building's special needs.

Deter, Detect, and Delay

Deter, detect, and delay an attack, creating sufficient time between detection of an attack and the point at which the attack becomes successful.

Pay Attention to Walls

Foot-thick concrete is a cheap and effective barrier against the elements and explosive devices. For extra security, use walls lined with Kevlar.

Avoid Windows

Think warehouse and not an office building. If you must have windows, limit them to the break room or administrative area, and use bomb-resistant laminated glass.

Use Landscaping for Protection

Trees, boulders and gulleys can hide the building from passing cars, obscure security devices (like fences), and also help keep vehicles from getting too close. Oh, and they look nice too.

Keep a 100-foot Buffer Zone around the Site

Where landscaping does not protect the building from vehicles, use crash-proof barriers instead. Bollard planters are less conspicuous and more attractive than other devices.

Use Retractable Crash Barriers at Vehicle Entry Points

Control access to the parking lot and loading dock with a staffed guard station that operates the retractable bollards. Use a raised gate and a green light as visual cues that the bollards are down and the driver can go forward. In situations when extra security is needed, have the barriers left up by

default, and lowered only when someone has permission to pass through.

Plan for Bomb Detection

For data facilities that are especially sensitive or likely targets, have guards use mirrors to check underneath vehicles for explosives, or provide portable bomb-sniffing devices. You can respond to a raised threat by increasing the number of vehicles you check, perhaps by checking employee vehicles as well as visitors and delivery trucks.

Limit Entry Points

Control access to the building by establishing one main entrance, plus a back one for the loading dock. This keeps costs down too.

Make Fire Doors Exit Only

For exits required by fire codes, install doors that don't have handles on the outside. When any of these doors is opened, a loud alarm should sound and trigger a response from the security command center.

Use Plenty of Cameras

Surveillance cameras should be installed around the perimeter of the building, at all entrances and exits, and at every access point throughout the building. A combination of motion-detection devices, low-light cameras, pan-tilt-zoom cameras and standard fixed cameras is ideal. Footage should be digitally recorded and stored offsite.

Protect the Building's Machinery

Keep the mechanical area of the building, which houses environmental systems and uninterruptible power supplies, strictly off limits. If generators are outside, use concrete walls to secure the area. For both areas, make sure all contractors and repair crews are accompanied by an employee at all times.

Personnel Surety

Perform appropriate background checks on and ensure appropriate credentials for facility personnel, and, as appropriate, for unescorted visitors with access to restricted areas or critical assets.

8 | P a g e

Plan for Secure Air Handling

Make sure the heating, ventilating and air-conditioning systems can be set to recirculate air rather than drawing in air from the outside. This could help protect people and equipment if there were some kind of biological or chemical attack or heavy smoke spreading from a nearby fire. For added security, put devices in place to monitor the air for chemical, biological or radiological contaminant.

Ensure nothing can hide in the walls and ceilings

In secure areas of the data center, make sure internal walls run from the slab ceiling all the way to subflooring where wiring is typically housed. Also make sure drop-down ceilings don't provide hidden access points.

Use two-factor Authentication

Biometric identification is becoming standard for access control to sensitive areas of data centers, with hand geometry or fingerprint scanners usually considered less invasive than retinal scanning. In other areas, you may be able to get away with less-expensive access cards.

Harden the Core with Security Layers

Anyone entering the most secure part of the data center will have been authenticated at least three times, including at the outer door. Don't forget you'll need a way for visitors to buzz the front desk (IP Intercom works well for this). At the entrance to the "data" part of the data center. At the inner door separates visitor area from general employee area. Typically, this is the layer that has the strictest "positive control," meaning no piggybacking allowed. For implementation, you have two options: -A floor-to-ceiling turnstile

If someone tries to sneak in behind an authenticated user, the door gently revolves in the reverse direction. (In case of a fire, the walls of the turnstile flatten to allow quick egress.)

A "mantrap"

Provides alternate access for equipment and for persons with disabilities. This consists of two separate doors with an airlock in between. Only one door can be opened at a time, and authentication is needed for both doors.

At the Door to an Individual Computer Processing Room

This is for the room where actual servers, mainframes or other critical IT equipment is located. Provide access only on an as-needed basis, and segment these rooms as much as possible in order to control and track access.

Watch the Exits Too

Monitor entrance and exit—not only for the main facility but for more sensitive areas of the facility as well. It'll help you keep track of who was where, when. It also helps with building evacuation if there's a fire..

Prohibit Food in the Computer Rooms

Provide a common area where people can eat without getting food on computer equipment.

Install Visitor Rest Rooms

Make sure to include rest rooms for use by visitors and delivery people who don't have access to the secure parts of the building.

Critical Infrastructure Monitoring

"Critical infrastructure" is defined by federal law as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. The Information Technology (IT) Sector is central to the nation's security, economy, and public health and safety. Businesses, governments, academia, and private citizens

9 | P a g e

are increasingly dependent upon IT Sector functions. These virtual and distributed functions produce and provide hardware, software, and IT systems and services, and—in collaboration with the Communications Sector —the Internet. Communication between your business alarm system and our Monitoring Center is a critical part of your protective system. Require an Underwriters’ Laboratories (U.L.) Listed Monitoring Center with sophisticated communications operation. In the event of an alarm, the CPU in your security system sends an alarm signal to the monitoring facility through the phone lines, or thru the network with AES radio or cellular back-up communications. The signal is then retrieved by the monitoring center, and the operators quickly notify the appropriate authorities, as well as the designated responder, of the emergency.

Monitoring Capabilities

Fire

Hold-Up

Intrusion

Halon/Ansul

Panic/Ambush

Man Down

Elevator Phones

Off-Premises Video

HVAC/Refrigeration

Sprinkler/Tamper/Flow

Power Loss/Low Battery

Gas/Hazardous Chemicals

Water Flow/Flood Alarms

Environmental Devices (CO2/CO/ETC.)

Radio/Cellular Back-Up Communications

Implementation

Use a proven integrator who can utilize and integrate mutable solutions to create a physical security compliance and risk management solution that can automate and enforce physical security policies, from restricting area perimeter and securing site assets to personnel surety and reporting of significant security incidents; this helps to ensure both governance and compliance utilizing an organization’s existing physical security and IT infrastructure. This can centrally manage all regulations and associated controls and automate assessment, remediation and reporting as per defined review cycles. Automatically trigger compliance-based actions, such as rule-based generation of actions/penalties, based on physical access events. Correlate alarms and identities to better manage situations and responses across the security infrastructure. Incorporate real-time monitoring and detailed risk analysis tools to instantly enforce, maintain and report on compliance initiatives

Key External Technology Measures

Entry Point

Data centers are generally designed with a central access point that’s used to filter employees and visitors into the data center. All requests are vetted by a security guard with an intercom link to ensure that they have a legitimate reason for entering the premises.

Automatic Bollards

As an alternative to a guard-controlled gate, automatic bollards can be used at entry points. These short vertical posts pop out of the ground to prevent unauthorized vehicles from driving onto the site. When a vehicle’s occupants are verified by a guard, an access card or other secure process, the bollards are quickly lowered to allow the vehicle to enter. When in the lowered position, the top of each bollard is flush with the pavement or asphalt and completely hidden. The bollards move quickly and are designed to prevent more than one vehicle from passing through at any one time.

10 | P a g e

Closed-Circuit TV or IP Video

External video cameras, positioned in strategic locations, including along perimeter fencing, provide efficient and continuous visual surveillance. The cameras can detect and follow the activities of people in both authorized and “off limits” locations. In the event someone performs an unauthorized action or commits a crime, the digitally stored video can supply valuable evidence to supervisors, law enforcement officials and judicial authorities. For added protection, the video should be stored off-site on a digital video recorder (DVR).

Key Internal Technology Measures

Lobby Area

With proper software and surveillance and communications tools, a staffed reception desk, with one or more security guards checking visitors’ credentials, creates an invaluable first line of access control.

Surveillance

Like their external counterparts, internal cameras provide constant surveillance and offer documented proof of any observed wrongdoing.

Biometric Screening

Once the stuff of science fiction and spy movies, biometric identification now plays a key role in premises security. Biometric systems authorize users on the basis of a physical characteristic that doesn’t change during a lifetime, such as a fingerprint, hand or face geometry, retina or iris features.

Mantrap

Typically located at the gateway between the lobby and the rest of the data center, mantrap technology consists of two interlocking doors positioned on either side of an enclosed space. The first door must close before

the second one opens. In a typical mantrap, the visitor needs to first “badge-in” and then once inside must pass a biometric screening in the form of an iris scan.

Access Control List

Defined by the data center customer, an access control list includes the names of individuals who are authorized to enter the data center environment. Anyone not on the list will not be granted access to operational areas.

Badges and Cards

Visually distinctive badges and identification cards, combined with automated entry points, ensure that only authorized people can access specific data center areas. The most common identification technologies are magnetic stripe, proximity, barcode, smart cards and various biometric devices.

Guard Staff

A well-trained staff that monitors site facilities and security technologies is an essential element in any access control plan.

Loading and Receiving

For full premises security, mantraps, card readers and other access controls located in public-facing facilities also need to be duplicated at the data center’s loading docks and storage areas.

Operational Areas

The final line of physical protection falls in front of the data center’s IT resources. Private cages and suites need to be equipped with dedicated access control systems while cabinets should have locking front and rear doors for additional protection. Humans are the weakest link in any security scheme. Security professionals can do their best to protect systems with layers of anti-malware, personal and network firewalls, biometric login authentication, and even data encryption, but give a good hacker (or computer forensics expert) enough time with physical access to the hardware, and there’s a good chance they’ll break in. Thus, robust physical

11 | P a g e

access controls and policies are critical elements of any comprehensive IT security strategy. According to a report by the SANS Institute, “IT security and physical security are no longer security silos in the IT environment; they are and must be considered one and the same or, as it should be called, overall security.” It is the innermost layer—physical entry to computer rooms—over which IT managers typically have responsibility, and the means to have effective control over human access focuses on a set of policies, procedures, and enforcement mechanisms.

Policy Basics

Given their importance and ramifications on employees, access policies must come from the top leadership. After setting expectations and behavioral ground rules, actual data center access policies have several common elements. The most essential are definitions of various access levels and procedures for authenticating individuals in each group and their associated privileges and responsibilities when in the data center.

Step 1

Authorize, identify and authenticate individuals that require physical access:

Identify the roles that require both regular as well as occasional physical access and identify the individuals that fill these roles.

Provide standing authorization and a permanent authenticator to individuals that require regular access.

Require individuals that require occasional access to submit a request that must be approved prior to access being attempted or allowed.

Authenticate individuals with regular access requirements through the use of their assigned permanent authenticator.

Authenticate individuals with occasional access requirements through the use of a personal identification mechanism that includes name, signature and photograph.

Step 2

Verify that work to be performed has been pre-approved or meets emergency response procedures:

Verify against standard Change Control procedures.

Verify against standard Maintenance procedures.

Step 3

Make use of logs to document the coming and goings of people and equipment:

Assign the responsibility for the maintenance of an access log that records personnel access. Record the following:

Date and time of entry.

Name of accessing individual and authentication mechanism.

Name and title of authorizing individual.

Reason for access.

Date and time of departure.

Assign the responsibility for the maintenance of a delivery and removal log that records equipment that is delivered to or removed from facilities; Record the following:

Date and time of delivery/removal.

Name and type of equipment to be delivered or removed.

Name and employer of the individual performing the delivery/removal and the authentication mechanism used.

Name and title of authorizing individual.

Reason for delivery/removal.

Non-Compliance

Violation of any of the constraints of these policies or procedures should be considered a security breach and depending on the nature of the violation, various sanctions will be taken:

12 | P a g e

A minor breach should result in written reprimand.

Multiple minor breaches or a major breach should result in suspension.

Multiple major breaches should result in termination.

Although older data centers typically just consisted of a large, un-partitioned raised-floor area, newer enterprise facilities have taken a page from ISP designs by dividing the space into various zones—for example, a cage for high-availability servers, another area for Tier 2 or 3 systems, a dedicated network control room, and even separate areas for facilities infrastructure such as PDUs and chillers. Such partitioned data centers provide control points for denying access to personnel with no responsibility for equipment that’s in them.

Identification Procedures

The next step in a physical security policy is to set up controls and identification procedures for authenticating data center users and granting them physical access. Although biometric scanners look flashy in the movies and certainly provide an added measure of security, a magnetic stripe badge reader is still the most common entry technology, as it’s simple, cheap, and effective and allows automated logging, which is a necessary audit trail. One problem with magnetic readers, according is their susceptibility to tailgating, or allowing unauthorized personnel to trail a colleague through an entryway. That’s why we advise supplementing doors and locks with recorded video surveillance. I also like to add a form of two-factor authentication to entry points by coupling a card reader (“something you have”) with a PIN pad (“something you know”), which reduces the risks of lost

cards. I also recommend using time-stamped video surveillance in conjunction with electronic access logs and a sign-in sheet to provide a paper trail. Access levels and controls, with identification, monitoring, and logging, form the foundation of an access policy, but two other major policy elements are standards of conduct and behaviors inside the data center such as: prohibitions on food and beverages or tampering with unauthorized equipment, limitations and controls on the admission of personal electronics such as USB thumb drives, laptops, Smartphones, or cameras are critical. Policies should also incorporate processes for granting access or elevating restriction levels, an exception process for unusual situations, sanctions for policy violations, and standards for reviewing and auditing policy compliance. Stahl cautions that penalties for noncompliance will vary from company to company because they must reflect each enterprise’s specific risk tolerance, corporate culture, local employment laws, and union contracts.

Summary

It’s time to get physical—as in physically protecting a data center and all of its assets. The need for ironclad virtual security measures, such as managed firewalls, is well known. Yet physical security is often placed on the back burner, largely forgotten about until an unauthorized party manages to break into or sneak onto a site and steals or vandalizes systems. Today’s security systems include:

Intrusion and Monitoring Systems

Access Control Systems

Visitor Management Systems

Surveillance Systems

Emergency Communications Systems

PISM Software Platforms The newest of these is the PISM or Physical Security Information Management system.

13 | P a g e

Physical Security Information Management (PISM)

The PSIM Platform enables the integration and organization of any number and type of security devices or systems and provides a common set of services for analyzing and managing the incoming information. It also serves as the common services platform for video and situation management applications. Effectively maintaining security of critical infrastructure does not happen by accident, it means giving your security professionals the best security/software tools available today. By unifying your existing surveillance system and providing spatial context to your camera feeds, PISM brings out the best of your equipment. To investigate day-to-day incidents, as well as prepare for emergency situations, the security department makes use of a vast network of video cameras, access control points, intercoms, fire and other safety systems. PISM unifies all of these disparate feeds, including systems from diverse manufacturers, into a single decision-oriented Common Operating Picture. Within the PSIM Platform are five key components:

Integration Services

Multiple strategies are used for connection, communication with, and management of installed devices and systems from multiple vendors. The PSIM Platform offers complete support for the industry’s most commonly-used device types – out of the box. In addition, it employs customizable “pipeline” architecture to receive device events. Network connectivity is achieved using combinations of multiple communications protocols.

Geo-Location Engine

The Geo Location Engine provides spatial recognition for geo-location of devices and supports situation mapping functionality. The physical position of devices is stored in an internal knowledge base as GIS/GPS positions or building coordinates. The engine uses the information to determine relevance, selects, and relate devices involved in a given situation. The system uses the information to overlay graphical representations of security assets and activities onto Google-type maps or building layouts.

Routing Engine

The Routing Engine is an intelligent switch that connects any security device to PISM command interfaces or output device(s) and accommodates any required transformation of formats and protocols between connected devices. In most cases, devices connect directly to each other and exchange data streams directly, avoiding possible bottlenecks that would arise from routing all traffic through a single centralized server. An internal knowledge base of all connected devices and their characteristics is maintained by the Routing Engine, which uses that information to ensure a viable communication path, compatibility of signal format and acceptable quality of service.

Rules Engine

The PSIM Platform contains a powerful Rules Engine that analyzes event and policy information from multiple sources to correlate events, make decisions based upon event variables and initiate activities.

Dispatch Engine

The Dispatch Engine integrates with communications infrastructure to initiate external applications or the transmission of messages, data and commands. Dispatch actions are automatically triggered by the rules engine as it executes recommendations for situation resolution. Operators can manually initiate actions as well. The key benefits of today’s technology is allowing system users to do more with less by getting maximum benefits through integrated technologies with each system (Both new and old) and with the goals of company policies and procedures like never before.

14 | P a g e

Appendix A: Understanding Physical Access Control Solutions

SOLUTION STRENGTHS WEAKNESSES COMMENTS KEYS •Most traditional form of

access control • Easy to use • Don’t require power for operation

• Impossible to track if they are lost or stolen, which leaves facility vulnerable • Potential for unauthorized sharing of keys • Difficult to audit their use during incident investigations • Difficult to manage on large campuses with multiple doors • Re-coring doors when a key is lost or stolen is expensive

• Several solutions are currently available on the market to manage keys and keep key holders accountable.

LOCKS

Maglock Electric Strike

• Easy installation • Economical • Easy retrofit • Quiet operation • Can be either fail-secure or fail-safe • Does not need constant power • Door knob overrides for safe exit

• Power always on (fail-safe) • Typically requires exit device to break circuit • Requires backup power supply for 24-hour service • Door/lock hardware experience needed

• DC only • Comes in different “pull” strengths • Check extra features, such as built in door sensor • Requires more door hardware experience than Maglock • Specify for life-safety requirements • Can be both AC and DC (DC lasts longer) • Fail-safe must have power backup • Fail-secure most popular

ACCESS CARDS

Magnetic Stripe Proximity

• Access rights can be denied without the expense of re-coring a door and issuing a new key • Can limit access to a building to certain times of the day • Systems can provide audit trails for incident investigations • Inexpensive to issue or replace

• Prone to piggybacking / tailgating (when more than one individual enters a secure area using one access card or an unauthorized person follows an authorized person into a secure area • Users can share cards with unauthorized persons • Cards can be stolen and used by unauthorized individuals • Systems are more expensive to install than traditional locks • Require power to operate

• Can incorporate a photo ID component • Can be used for both physical and logical access control • Card readers should have battery backup in the event of power failure • Tailgate detection products, video surveillance, analytics and security officers can address tailgating issues • Can integrate with video surveillance, intercoms and intrusion detection systems for

15 | P a g e

Smart Card

• Durable • Convenient • More difficult to compromise than magstripe cards • Less wear and tear issues • Multiple application functionality (access, cashless vending, library cards, events) • Enhanced security through encryption and mutual authentication • Less wear and tear issues

• Not as secure as proximity cards or smart cards • Can be duplicated with relative ease • Subject to wear and tear • Cost more than magstripe cards • Easier to compromise than smart cards • Currently the most expensive card access option on the market

enhanced security • These are the most commonly used access control cards by US campuses and facilities

• Are widely used for access control (although not as widely as magstripe) • Not as widely adopted as magstripe or proximity cards due to cost • Widely adopted in Europe• Can incorporate biometric and additional data such as Photo and ATM

PIN NUMBERS

(Pass codes) • Easy to issue and change • Inexpensive

• Can be forgotten • Difficult to manage when there are many passwords for different systems • Can be given to unauthorized users • Prone to tailgating/ piggybacking

• Should be changed frequently to ensure security • Often used in conjunction with other access control solutions, such as cards or biometrics

DOOR ALARMS • Provide door intrusion, door forced and propped door detection • Reduce false alarms caused by unintentional door propping • Encourage staff and students to maintain access control procedure

• Will not reach hearing impaired without modifications • Will not detect tailgaters • Door bounce can cause false alarms

• Appropriate for any monitored door application, such as emergency exits • Used in conjunction with other access control solutions, such as card readers or keys • Can be integrated with video surveillance for enhanced security

TAILGATE/PIGGYBACK DETECTORS

• Monitor the entry point

into secure areas • Detect tailgate violations

(allow only one person to enter) • Detect when a door is

propped • Mount on the door frame • Easy to install

• Not intended for large

utility cart and equipment passage (which could cause the system to go into false alarm) • Not for outdoor use

• Appropriate for any

monitored door application where a higher degree of security is needed, such as data centers, research laboratories, etc • Used in conjunction

with other access control solutions, such as card readers • Can be integrated

with video surveillance for enhanced security

PUSHBUTTON • Many button options • Anyone can press the • Used to release door

16 | P a g e

CONTROLS available • Normally-open/Normally

closed momentary contacts provide fail-safe manual override • Time delay may be field

adjusted for 1-60 seconds

release button (unless using a keyed button), so button must be positioned in a secure location (for access control, not for life-safety) • Some can be defeated

easily • Can open door to

stranger when approaching from inside

and shunt alarm • Used for emergency

exits when configured to fail-safe • May be used in

conjunction with request to exit (REX) for door alarms and life safety • Still may require

mechanical device exit button to meet life-safety code • With REX, careful

positioning and selection required

MULTI-ZONE ANNUNCIATORS

• Display the status of

doors and/or windows throughout a monitored facility • Alert security when a door

intrusion occurs • Many options available:

zone shunt, zone relay and zone supervision

• 12 VDC only special

order 24 VDC option • Door bounce can cause

false alarms • Requires battery backup

in case of power failure

• Designed to monitor

multiple doors from a single location • May be used in

conjunction with door alarms, tailgate detection systems and optical turnstiles • No annunciation at

the door; only at the monitoring station

FULL HEIGHT TURNSTILES

• Provides a physical

barrier at the entry location • Easy assembly • Easy maintenance • Available in aluminum

and galvanized steel

• Physical design ensures

to a reasonable degree that only one authorized person will enter, but it will not detect tailgaters

• Designed for

indoor/outdoor applications • Used in parking lots,

football fields and along fence lines • Use with a

conventional access control device like a card reader

OPTICAL TURNSTILES

• Appropriate for areas with

a lot of pedestrian traffic • Detects tailgating • Aesthetically pleasing and

can be integrated into architectural designs • Doesn’t require separate

emergency exit • Provides good visual and

audible cues to users

• Can be climbed over • Not for outdoor use

• Used in building

lobby and elevator corridor applications • Use with a

conventional access control device like a card reader • To ensure

compliance, deploy security officers and video surveillance

BARRIER ARM TURNSTILES

(Glass gate or metal arms)

• Appropriate for areas with

a lot of pedestrian traffic • Provides a visual and

psychological barrier while communicating to pedestrians that authorization is required to gain access • Detects tailgating • Reliable

• Units with metal-type

arms can be climbed over or under • Not for outdoor use • Most expensive of the

turnstile options • Requires battery backup

in case of power failure

• Used in building

lobby and elevator corridor applications • Use with a

conventional access control device like a card reader • To ensure

compliance, deploy security officers and video surveillance

17 | P a g e

• Battery backup is

recommended

BIOMETRICS • Difficult to replicate

identity because they rely on unique physical attributes of a person (fingerprint, hand, face or retina) • Users can’t forget, lose or

have stolen their biometric codes • Reduces need for

password and card management

• Generally much more

expensive than locks or card access solutions • If biometric data is

compromised, the issue is very difficult to address

• Except for hand

geometry, facial and finger solutions, biometric technology is often appropriate for high-risk areas requiring enhanced security

INTERCOMS • Allow personnel to

communicate with and identify visitors before allowing them to enter a facility • Can be used for

emergency and non-emergency communications • IP solutions today offer

powerful communications and backup systems with integration

• Will not reach hearing

impaired without modifications • Not appropriate for

entrances requiring throughput of many people in a small amount of time

• Appropriate for visitor

management, afterhours visits, loading docks, stairwells, etc. • Use with conventional

access control solutions, such as keys or access cards • Video surveillance

solutions can provide visual verification of a visitor

18 | P a g e

Sample

Site Survey for Access Control Systems

Date Customer Name

Contact Name Email Address

Street City

State Zip Phone

DVR Y/N Elevator Control Y/N Photo Badging Y/N Time and Attendance

Y/N

Access Control

Number of Locations

Communications Method Encryption Y/N

Number of Reader Controlled Doors

Number of Controlled Doors without Readers

Number of Monitored only Doors

Number of Egress Devices

Type of Readers

Type of Cards

Type of Egress Devices

Number of Outputs for other use

Number of Inputs for other use

Number of PCs

Elevator Control

Number of Elevators Cabs to be controlled

Number of Floors to be controlled in each Cab

Photo ID Badging

Number of Badging workstations

Type of Image Gathering File Import / Live Video Capture

Number and Type of Printers

Time and Attendance

Number of Clock in Out Readers

Number of Time Display Modules

Digital Video Recorder Integration

Type of Video System to Integrate with

19 | P a g e

20 | P a g e

Physical Security Data or Key Facility Assessment Checklist

1. Site

2. Architectural

3. Structural Systems

4. Building Envelope

5. Utility Systems

6. Mechanical Systems

7. Plumbing and Gas Systems

8. Electrical Systems

9. Fire Alarm Systems

10. Communications and Information Technology Systems

11. Equipment Operations and Maintenance

12. Security Systems

13. Security Master Plan

21 | P a g e

ITEM

Assessment Question Assessment Guidance Assessment Comment

1 The Site

1.1 What major structures surround the facility?

1.2 What are the site access points to the facility?

1.3 What are the existing types of anti-ram devices for the facility?

1.4 What is the anti-ram buffer zone standoff distance from a building to unscreened vehicles or parking?

Anti-ram protection may be provided by adequately designed: bollards, street furniture, sculpture, landscaping, walls and fences.

1.5 Are perimeter barriers capable of stopping vehicles?

If the recommended distance is not available consider structural hardening, perimeter barriers and parking restrictions; relocation of vulnerable functions within or away from the building; operational procedures, acceptance of higher risk.

1.6 Does site circulation prevent high-speed approaches by vehicles?

1.7 Are there offsetting vehicle entrances from the direction of a vehicle’s approach to force a reduction of speed?

1.8 Is there space for inspection at the curb line or outside the protected perimeter? What is the minimum distance from the inspection location to the building?

Design features for the vehicular inspection point include: vehicle arrest devices that prevent vehicles from leaving the vehicular inspection area and prevent tailgating. If screening space cannot be provided, other design features such as: hardening and alternative space for inspection.

1.9 In dense, urban areas, does curb lane parking place uncontrolled parked vehicles unacceptably close to a facility in public rights-of-way?

Where distance from the building to the nearest curb provides insufficient setback, restrict parking in the curb lane. For typical city streets this may require negotiating to close the curb lane.

1.10 Is there a minimum setback distance between the building and parked vehicles?

Adjacent public parking should be directed to more distant or better-protected areas, segregated from employee parking and away from the facility.

1.11

Does adjacent surface parking maintain a minimum standoff distance?

Parking within ______feet of the building shall be restricted to authorized vehicles.

22 | P a g e

ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT

1.12 Do stand-alone, above ground parking facilities provide adequate visibility across as well as into and out of the parking facility?

Pedestrian paths should be planned to concentrate activity to the extent possible. Limiting vehicular entry/exits to a minimum number of locations is beneficial. Stair tower and elevator lobby design shall be as open as code permits. Stair and/or elevator waiting area should be as open to the exterior and/or the parking areas as possible. Potential hiding places below stairs should be closed off; nooks and crannies should be avoided. Elevator lobbies should be well-lighted and visible to both patrons in the parking areas and the public out on the street.

1.13

Are garages or service area entrances for government controlled or employee permitted vehicles that are not otherwise protected by site perimeter barriers protected by devices capable of arresting a vehicle of the designated threat size at the designated speed?

1.14 Does site landscaping provide hiding places? It is desirable to hold planting

away from the facility to permit observation of intruders.

1.15 Is the site lighting adequate from a security perspective in roadway access and parking areas?

Security protection can be successfully addressed through adequate lighting. The type and design of lighting including illumination levels is critical. IESNA guidelines can be used.

1.16 Is a perimeter fence or other types of barrier controls in place?

1.17 Do signs provide control of vehicles and people?

23 | P a g e


2 Architectural

2.1 Does the site planning and architectural design incorporate strategies from crime prevention through environmental design (CPTED) perspective?

The focus of CPTED is on creating defensible space by employing natural access controls, natural surveillance and territorial reinforcement to prevent crime and influence positive behavior, while enhancing the intended uses of space. Examples of CPTED attributes include spatial definition of space to control vehicle and pedestrian circulation patterns, placement of windows to reinforce surveillance, defining public space from private/restricted space through design of lobbies, corridors, door placement, pathway and roadway placements, walls, barriers, signage, lighting, landscaping, separation and access control of employee/ visitor parking areas, etc.

2.2 Is it a mixed-tenant facility? High-risk tenants should not be housed with low-risk tenants. High-risk tenants should be separated from publicly accessible areas. Mixed uses may be accommodated through such means as separating entryways, controlling access, and hardening shared partitions, as well as through special security operational counter-measures.

2.3 Are public toilets, service spaces or access to vertical circulation systems located in any non-secure areas, including the queuing area before screening at the public entrance?

2.4 Are areas of refuge identified, with special consideration given to egress?

2.5 Are loading docks and receiving and shipping areas separated in any direction from utility rooms, utility mains, and service entrances including electrical, telephone/data, fire detection/ alarm systems, fire suppression water mains, cooling and heating mains, etc.?

Loading docks should be located so that vehicles will not be driven into or parked under the building. If loading docks are in close proximity to critical equipment, the service shall be hardened for blast.

24 | P a g e

ITEM

ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT

2.6 Are mailrooms located away from facility main entrances, areas containing critical services, utilities, distribution systems, and important assets? Does the mailroom have adequate space for explosive disposal containers? Is the mailroom located near the loading dock?

The mailroom should be located at the perimeter of the building with an outside wall or window designed for pressure relief.

2.7

Is space available for equipment to examine incoming packages and for special containers?

Off-site screening stations may be cost effective, particularly if several buildings may share one mailroom.

2.8 Are critical building components located close to any main entrance, vehicle circulation, parking, maintenance area, loading dock, interior parking?

Critical building components include: Emergency generator including fuel systems, day tank, fire sprinkler, and water supply; Normal fuel storage; Main switchgear; Telephone distribution and main switchgear; Fire pumps; Building control centers; UPS systems controlling critical functions; Main refrigeration systems if critical to building operation; Elevator machinery and controls; Shafts for stairs, elevators, and utilities; Critical distribution feeders for emergency power. Evacuation and rescue require emergency systems to remain operational during a disaster and they should be located away from attack locations. Primary and back-up systems should not be collocated.

2.9 Do doors and walls along the line of security screening meet requirements of UL752 “Standard for Safety: Bullet-Resisting Equipment”?

2.10 Do entrances avoid significant queuing?

If queuing will occur within the building footprint, the area should be enclosed in blast-resistant construction. If queuing is expected outside the building, a rain cover should be provided.

2.11

Do public and employee entrances include space for possible future installation of access control and screening equipment?

These include walk-through metal detectors and x-ray devices, ID check, electronic access card, and turnstiles.

25 | P a g e

ITEM


2.12 Are there trash receptacles and

mailboxes in close proximity to the facility that can be used to hide explosive devices?

The size of the trash receptacles and mailbox openings should be restricted to prohibit insertion of packages.

2.13 Is roof access limited to autho-rized personnel by means of locking mechanisms?

2.14 Are stairwells required for emergency egress located as remotely as possible from high-risk areas where blast events might occur?

Stairs should not discharge into lobbies, parking, or loading areas.

2.15

Are enclosures for emergency egress hardened to limit the extent of debris that might otherwise impede safe passage and reduce the flow of evacuees?

2.16 Is access control provided through main entrance points for employees and visitors (e.g. by lobby receptionist, sign-in, staff escorts, issue of visitor badges, checking forms of personal identification, electronic access control system’s)?

2.17 Is access to private and public space or restricted area space clearly defined through the design of the space, signage, use of electronic security devices, etc.?

2.18 Is access to elevators distin-guished as to those that are designated only for employees, patients and visitors?

2.19 Are high value or critical assets located as far into the interior of the building as possible?

2.20 Is high visitor activity away from assets?

2.21 Are critical assets located in spaces that are occupied 24 hours per day? Are assets located in areas where they are visible to more than one person?

2.22 Is interior glazing near high-threat areas minimized?

26 | P a g e

ITEM


2.23 Do interior barriers differentiate level of security within a facility?

2.24 Do foyers have reinforced concrete walls and offset interior and exterior doors from each other?

2.25 Does the circulation routes have unobstructed views of people approaching controlled access points?

2.26 Are pedestrian paths planned to concentrate activity to aid in detection?

2.27 Are ceiling and lighting systems designed to remain in place during emergencies?

3 Structural Systems

3.1 What type of construction? What type of concrete & reinforcing steel? What type of steel? What type of foundation?

The type of construction provides an indication of the robustness to abnormal loading and load reversals. Reinforced concrete moment resisting frame provides greater ductility and redundancy than a flat-slab or flat-plate construction. The ductility of steel frame with metal deck depends on the connection details and pre-tensioned or post-tensioned construction provides little capacity for abnormal loading patterns and load reversals. The resistance of load-bearing wall structures varies to a great extent, depending on whether the walls are reinforced or unreinforced. A rapid screening process developed by FEMA for assessing structural hazard identifies the following types of construction with a structural score ranging from 1.0 to 8.5. The higher the score indicates a greater capacity to sustain load reversals. Wood buildings of all types - 4.5 to 8.5 Steel moment resisting frames 3.5 to 4.5 Braced steel frames - 2.5 to 3.0 Light metal buildings - 5.5 to 6.5 Steel frames with cast-in-place concrete shear walls - 3.5 to 4.5

27 | P a g e


Concrete moment resisting frames - 2.0 to 4.0 Concrete shear wall buildings 3.0 to 4.0 Concrete frame with unreinforced masonry infill walls - 1.5 to 3.0 Steel frame with unreinforced masonry infill walls - 1.5 to 3.0 Tilt-up buildings - 2.0 to 3.5 Precast concrete frame buildings - 1.5 to 2.5 Reinforced masonry -3.0 to 4.0 Unreinforced masonry - 1.0 to 2.

3.2 Do the reinforced concrete structures contain symmetric steel reinforcement (positive and negative faces) in all floor slabs, roof slabs, walls, beams and girders that may be subjected to rebound, uplift and suction pressures? Do the lap splices fully develop the capacity of the reinforcement? Are lap splices and other discontinuities staggered? Do the connections possess ductile details? Does special shear reinforcement, including ties and stirrups, available to allow large post-elastic behavior?

3.3 Are the steel frame connections moment connections? Are the column spacing minimized so that reasonably sized members will resist the design loads and increase the redundancy of the system? What are the floor-to-floor heights?

3.4 Are critical elements vulnerable to failure?

The priority for upgrades should be based on the relative importance of structural or non-structural elements that are essential to mitigating the extent of collapse and minimize injury and damage. Primary Structural Elements provide the essential parts of the building’s resistance

28 | P a g e


Catastrophic blast loads and progressive collapse. These include columns, girders, roof beams, and the main lateral resistance system; Secondary Structural Elements consist of all other load bearing members, such as floor beams, slabs, etc.; Primary Non-Structural Elements consist of elements (including their attachments) which are essential for life safety systems or elements which can cause substantial injury if failure occurs, including ceilings or heavy suspended mechanical units; and Secondary Non-Structural Elements consist of all elements not covered in primary non-structural elements, such as partitions, furniture, and light fixtures.

3.5 Will the structure suffer an unacceptable level of damage resulting from the postulated threat?

The extent of damage to the structure and exterior wall systems from the bomb threat may be related to a protection level: Low and Medium/Low Level Protection - Major damage. The facility or protected space will sustain a high level of damage without progressive collapse. Casualties will occur and assets will be damaged. Building components, including structural members, will require replace-ment, or the building may be completely un-repairable, requiring demolition and replacement. Medium Level Protection Moderate damage, repairable. The facility or protected space will sustain a significant degree of damage, but the structure should be reusable. Some casualties may occur and assets may be damaged. Building elements other than major structural members may require replacement. Higher Level Protection - Minor damage, repairable. The facility or protected space may globally sustain minor damage with some

29 | P a g e

ITEM


local significant damage possible. Occupants may incur some injury, and assets may receive minor damage.

3.6 Is the structure vulnerable to progressive collapse? Is the facility capable of sustaining the removal of a column for one floor above grade at the building perimeter without progressive collapse? In the event of an internal explosion in an uncontrolled public ground floor area (such as lobbies, loading docks and mailrooms) does the design prevent progressive collapse due to the loss of one primary column or does the design preclude such a loss? Do architectural or structural features provide a minimum 6-inch standoff to the internal columns? Are the columns in the unscreened internal spaces designed for an un-braced length equal to two floors, or three floors where there are two levels of parking?

Design to mitigate progressive collapse is an independent analysis to determine a system’s ability to resist structural collapse upon the loss of a major structural element or the system’s ability to resist the loss of a major structural element. Design to mitigate progressive collapse may be based on the methods outlined in ASCE 7-98. Designers may apply static and/ or dynamic methods of analysis to meet this requirement and ultimate load capacities may be assumed in the analyses. Existing buildings should not be retrofitted to prevent progressive collapse unless they are undergoing a structural renovation, such as a seismic upgrade. Existing facilities may be retrofitted to withstand the design level threat or to accept the loss of a column for one floor above grade at the building perimeter without progressive collapse.

3.7 Are there adequate redundant load paths in the structure?

Special consideration should be given to materials which have inherent ductility and which are better able to respond to load reversals such as cast in place reinforced concrete and steel construction. Careful detailing is required for material such as pre-stressed concrete, pre-cast concrete, and masonry to adequately respond to the design loads. Primary vertical load carrying members shall be protected where parking is inside a facility and the building superstructure is supported by the parking structure.

3.8 Will the loading dock design limit damage to adjacent areas and vent explosive force to the exterior of the building?

The floor of the loading dock does not need to be designed for blast resistance if the area below is not occupied and contains no critical utilities.

30 | P a g e

ITEM


3.9 Are mailrooms, where packages are received and opened for inspection, and unscreened retail spaces designed to mitigate the effects of a blast on primary vertical or lateral bracing members?

Where mailrooms and unscreened retail spaces are located in occupied areas or adjacent to critical utilities, walls, ceilings, and floors, they should be blast and fragment resistant. Methods to facilitate the venting of explosive forces and gases from the interior spaces to the outside of the structure may include blow-out panels and window system designs that provide protection from blast pressure applied to the outside but that readily fail and vent if exposed to blast pressure on the inside.

3.10 Are there transfer girders that

are supported by columns within unscreened public spaces or at the exterior of the building?

4 Building Envelope

4.1 To what level are the exterior Walls designed to provide less than a high hazard response? Are the walls capable of withstanding the dynamic reactions from the windows?

The performance of the façade varies to a great extent on the materials. Different construction includes brick or stone with block back-up, steel stud walls, precast panels, curtainwall with glass, stone or metal panel elements. The performance of the glass will similarly depend on the materials. Glazing may be single pane or double pane, monolithic or laminated, annealed, heat strengthened or fully tempered.Shear walls that are essential to the lateral and vertical load bearing system, and that also function as exterior walls, shall be considered primary structures and shall resist the actual blast loads predicted from the threats specified. Where exterior walls are not designed for the full design loads, special consideration shall be given to construction types that reduce the potential for injury. As a minimum goal, the window systems should be designed so that at least __ % of the total glazed areas of the facility meet the specified performance conditions when subjected to the defined threats.

31 | P a g e


4.2 Is there less than 40 % fenestra-tion openings per structural bay? Are the window systems design (glazing, frames, anchorage to supporting walls, etc.) on the exterior facade balanced to mitigate the hazardous effects of flying glazing following an explosive event? Do the glazing systems with a ½inch bite contain an application of structural silicone? Is the glazing Laminated or is it protected with an anti-shatter film? If an anti-shatter film is used, is it a minimum of a 7-mil thick film, or specially manufactured 4-mil thick film?

4.3 Do the walls, anchorage, and window framing fully develop the capacity of the glazing material selected? Will the anchorage remain attached to the walls of the facility during an explosive event without failure? Is the façade connected to backup block or to the structural frame? Are non-bearing masonry walls reinforced?

Government produced and sponsored computer programs coupled with test data and recognized dynamic structural analysis techniques may be used to determine whether the glazing either survives the specified threats or the post damage performance of the glazing protects the occupants. A breakage probability no higher than 750 breaks per 1000 may be used when calculating loads to frames and anchorage.

4.4 Does the facility contain ballistic glazing? Does the ballistic glazing meet the requirements of UL 752 Bullet-Resistant Glazing? Does the facility contain security-glazing? Does the security-glazing meet the requirements of ASTM F1233 or UL 972, Burglary Resistant Glazing Material? Do the Window Assemblies containing Forced Entry resistant glazing (excluding the glazing) meet the requirements of ASTM F 588?

Glass-clad polycarbonate or laminated polycarbonates are two types of acceptable glazing material.

32 | P a g e


4.5 Do non-window openings, such as mechanical vents and exposed plenums, provide the same level of protection required for the exterior wall? Are non-window openings, such as mechanical vents and exposed plenums, designed to the level of protection required for the exterior wall?

In-filling of blast over-pressures must be considered through non-window openings such that structural members and all mechanical system mountings and attachments should resist these interior fill pressures.

4.6 Is interior glazing shatter resistant? Interior glazing should be

minimized where a threat exists and should be avoided in enclosures of critical functions next to high-risk areas.

5 Utility Systems

5.1 What is the source of domestic water?

Critical water supply may be vulnerable. Sources include municipal, wells, storage tank.

5.2 Are there multiple entry points for the water supply? If the facility has only one source

of water entering at one location, the entry points should be secure.

5.3 Is the incoming water supply in a secure location? Access to water supply should

not be open to non-authorized personnel.

5.4 Does the facility have storage capacity for domestic water? How much?

Operational facilities will require reliance on adequate domestic water supply.

5.5 What is the source of water for the fire suppression system? Describe location and number of

service entry points. Is the service reliant on the local utility company?

5.6 Are sewer systems protected? Are they accessible? Sanitary and storm water sewers

should be protected from unauthorized access and possible contamination.

5.7 What fuel supplies do the facility rely on for critical operation? Typically natural gas, propane, or

fuel oil are required for continued operation

5.8 How much fuel is stored on the facility? How is it stored?

Fuel storage protection is essential for continued operation.

33 | P a g e


5.9

Where is the fuel supply obtained? How is it delivered?

The supply of fuel is dependent on the reliability of the supplier.

5.10 Are there alternate sources of

fuel? Can alternate fuels be used?

Critical functions may be served by alternate methods if normal fuel supply is interrupted.

5.11

What is the normal source of electrical service for the facility? Utilities are the general source

unless co-generation or a private energy provider is available.

5.12 Is there a redundant electrical service source? Can the facilities be feed from more than one utility substation?

The utility may have only one source of power from a single substation. There may be only single feeders from the main substation.

5.13

How may service entry points does the facility have for electricity?

Electrical supply at one location creates a vulnerable situation unless alternate source are available.

5.14

What provisions for emergency power exist? Describe the emergency power

system and its location. Can the utility provide backup power if the normal electrical service is interrupted?

5.15 Is the incoming electric service to the building secure? Typically, the service entrance is

a locked room, unaccessible to the public.

5.16 Does the fire alarm system require communication with external sources?

Typically, the local fire department responds to an alarm. Describe how the alarm signal is sent to the responding agency: telephone, radio, etc.

5.17 By what means does the main telephone and data communica-tions interface the facility?

Typically communication ducts or other conducts are available.

5.18 Are there multiple or redundant location for the communication service?

Secure locations of communica-tions wiring entry to the facility are required.

6 Mechanical Systems

6.1 Where are the air intakes and exhaust louvers for the building? Describe location and relation to

public access. Indicate if intakes are low, high or midpoint of building structure.

6.2 Are there multiple air intake locations?

Single air intakes may feed several air handling units. Indicate if the air intakes are localized or separated.

34 | P a g e


6.3 What are the types of air filtration? Describe the efficiency and

number of filter modules for each of the main air handling systems.

6.4

Is there space for larger filter assemblies on critical air handling systems?

Air handling units serving critical functions during continued operation may be retrofitted to provide enhanced protection during emergencies.

6.5 How are the air handling systems zoned? Describe the areas and functions

served by each of the primary air handling systems.

6.6 Are there large central air handling units or are there multiple units serving separate zones?

Independent units can continue to operate if damage occurs to limited areas of the facility.

6.7

Are there any redundancies in the air handling system? Describe if critical areas can be

served from other units if a major system is disabled.

6.8 Is the air supply to critical areas compartmentalized? Describe if air flow can occur from

critical to non-critical areas either through building openings, ductwork, or air handling system.

6.9 Are supply and exhaust air systems for laboratories secure?

6.10

What is the method of tempera-ture and humidity control? Is it localized or centralized?

Central systems can range from monitoring only to full control. Local control may be available to override central operation.

6.11 Where are the control centers and cabinets located? Are they in secure areas? How is the control wiring routed?

Access to any component of the building automation and control system could compromise the functioning of the system.

6.12 Are there provisions for air

monitors or sensors for chemical or biological agents?

Duct mounted sensors are found in limited cases generally in laboratory areas.

7 Plumbing and Gas Systems

7.1 What is the method of water distribution? Central shaft locations for piping

are more vulnerable than multiple riser locations.

7.2 What is the method of medical gas distribution?

35 | P a g e


7.3 Is there redundancy to the main piping distribution? Looping of piping and use of

section valves provide redun-dancy in the event sections of the system are damaged.

7.4 What is the method of heating domestic water? What fuel is used?

Single source of hot water with one fuel source is more vulnerable than multiple sources and multiple fuel types.

7.5

Where are the oxygen and nitrous oxide tanks located? How are they piped to the distribution system?

Describe the locations relative to the facility including any blast protection? Indicate if the distribution piping is above or belowground.

7.6 Are there reserve supplies of oxygen and nitrous oxide? Localized gas cylinders could be

available in the event of damage to the central tank system.

8 Electrical Systems

8.1 How are the electrical rooms secured? Describe if all primary electrical

equipment is located in a secured area.

8.2 Are critical electrical systems co-located with other building systems?

Indicate those areas where major electrical equipment is colocated with other systems or is located in areas outside secured electrical areas.

8.3 Are electrical distribution panels secured or in secure locations? Describe the means of access

and location of critical electrical distribution panels serving branch circuits.

8.4 Does emergency backup power exist for all areas within the facility? How is the emergency power distributed?

Is the emergency power system independent from the normal electrical service, particularly in critical care areas?

8.5

How is the primary electrical system wiring distributed? Is there redundancy of distribution to critical areas?

Central utility shafts may be subject to damage. Describe if the distribution is co-located with other major utilities and if there are alternate suppliers.

8.6 What is the extent of the external facility lighting in utility and service areas?

Indicate the amount of exterior lighting particularly in critical areas such as utility and service areas.

8.7 Are there any transformers or switchgears located outside the building or accessible from the building exterior?

Describe how these devices are secured and if they are vulnerable to public access.

36 | P a g e


9 Fire Alarm Systems

9.1 Is the facility fire alarm system centralized or localized? Describe the main components of

the system including methods and extent of annunciation both locally and centrally.

9.2 Where are the fire alarm panels located? Indicate the location and

accessibility of the panels particularly with regard to access by unauthorized personnel.

9.3 Is the fire alarm system stand-alone or integrated with other functions such as security and environmental systems?

Describe what interface the fire alarm system has with other building management systems.

10 Communications and IT Sys

tems

10.1 Where are communication systems wiring closets located? Are they in secure areas?

Describe if communications closets are independent or if they are co-located with other utilities.

10.2

How is communications system wiring distributed? Indicate if wiring systems are in

chases or if distribution is in occupied areas.

10.3

Are there redundant communications systems available?

Critical areas should be supplied with multiple or redundant means of communications.

10.4 Do the IT systems meet require-ments of confidentiality, integrity, and availability?

10.5 Where is the disaster recovery/ mirroring site?

10.6 Where is the back-up tape/file storage site and what is the type of safe environment? (safe, vault, underground) Is there redundant refrigeration in the site?

10.7 Where is the main distribution facility? Where are the secondary and/or intermediate distribution facilities?

10.8 Where are the routers and firewalls located?

37 | P a g e


10.9 What type, power rating, and location of the UPS? (battery, online, filtered)

10.10 What type and where are the

WAN connections?

10.11 What type and where are the

wireless systems (RF, HF, VHG, MW) located?

10.12 What type of LAN (Cat 5, fiber,

Ethernet, Token Ring) is used?

10.13

What type and where are data centers located?

11 Equipment Operations and

Maintenance

11.1

Have critical air systems been rebalanced? If so, when and how often?

Rebalancing may only occur during renovation.

11.2 Is air pressurization monitored regularly? Some areas required positive or

negative pressure to function properly. Pressurization is critical in a hazardous environment or emergency situation.

11.3

Are there composite drawings indicating location and capacities of major systems? Do updated O&M manuals exist?

Describe if there are composite layout drawings of electrical, mechanical and fire protection systems and the status of latest updates.

11.4 Does the facility have a policy or procedure for periodic decommissioning of major M/E/P systems?

Recommissioning involves testing and balancing of systems to ascertain their capability to perform as described.

11.5 Is there an adequate operations and maintenance program including training of facilities management staff?

Describe level of maintenance and operation and the extent of training provided at the facility.

11.6 What maintenance and service agreements exist for MEP systems?

12 Security Systems

Perimeter Security

12.1

Are black/white or color CCTV cameras used? Are they analog or digital by design?

38 | P a g e


What are the number of fixed, wireless and pan-tilt-zoom cameras used? Who are the manufacturers of the CCTV cameras? What is the age of the CCTV cameras in use?

Security technology is frequently considered to compliment or supplement security personnel forces and to provide a wider area of coverage. Typically these physical security elements provide the first line of defense in deterring, detecting and responding to threats and vulnerabilities. They must be viewed are an integral component of the overall security program. Their design, engineering, installation, operation and management must be able to meet daily security challenges from a cost effective and efficiency perspective.

12.2 Are the cameras programmed to respond automatically to perimeter building alarm events? Do they have built-in video motion capabilities?

Example, if a perimeter door is opened, the closest camera responds and begins surveillance of the area.

12.3 Are panic/duress alarm sensors used, where are they located and are they hardwired or portable?

12.4 Are intercom call-boxes used in parking areas or along the building perimeter?

12.5 Are the perimeter cameras supported by an uninterrupted power supply source; battery or building emergency power?

12.6 What is the quality of video images both during the day and hours of darkness? Are infrared camera illuminators used?

12.7 What is the transmission media used to transmit camera video signals: fiber, wire line, telephone wire, coaxial, wireless?

12.8 What type of camera housings are used and are they environ-mental in design to protect against exposure to heat and cold weather elements?

39 | P a g e


12.9 Who monitors the CCTV system?

12.10 What type of exterior IDS sensors are used: electromagnetic, fiber optic, active infrared, bistatic microwave, seismic, photoelectric, ground, fence, glass break (vibration/shock), single, double and roll-up door magnetic contacts or switches.

12.11 Is a global positioning satellite system (GPS) used to monitor vehicles and asset movements?

Interior Security

12.12 Are black/white or color CCTV cameras used? Are they monitored and recorded 24 hours/7 days a week? By whom? Are they analog or digital by design? What are the number of fixed, wireless and pan-tilt-zoom cameras used? Who are the manufacturers of the CCTV cameras? What is the age of the CCTV cameras in use?

12.13 Are the cameras programmed to respond automatically to interior building alarm events? Do they have built-in video motion capabilities?

Example, if a perimeter door is opened, the closest camera responds and begins surveillance of the area.

12.14 What are the first costs and maintenance costs associated with the interior cameras?

12.15 Are their panic/duress alarm sensors used, where are they located and are they hardwired or portable?

12.16 Are intercom call-boxes or building intercom system used throughout the facility?

40 | P a g e


12.17 Are the interior cameras supported by an uninterrupted power supply source; battery or building emergency power?

12.18 Is the quality in interior camera video images of good visual and recording quality?

12.19 Are the camera lenses used of the proper specifications, especially distance viewing and clarity?

12.20 What is the transmission media used to transmit camera video signals: fiber, wire line, telephone wire, coaxial, wireless?

12.21 What type of camera housings are used and are they designed to protect against exposure or tampering?

12.22 Are magnetometers (metal detectors) and x-ray equipment used and at what locations within the facility?

12.23 Does a security photo identification badge processing system in place? Does it work in conjunction with the access control system or is it a standalone system?

12.24 What type of interior IDS sensors are used: electromagnetic, fiber optic, active infrared-motion detector, photoelectric, glass break (vibration/shock), single, double and roll-up door magnetic contacts or switches?

12.25 Is there a security system in place to protect against infant/patient abductions?

12.26 Is there a security asset tracking system in place that monitors the movement, control and accountability of assets within and removal from a facility (e.g. electronic tags, bar codes, wire, infrared/black light markings, etched or chemical embedded id number, etc.)?

41 | P a g e


12.27 Is there a holdup-cash register security controls in place that activates upon removal of cash and works in conjunction with other CCTV and related IDS systems?

12.28 What type of security access control systems is used? Are these same devices used for physical security also used (integrated) with providing access control to security computer networks (e.g. in place of or combination with user id’s and system passwords)?

12.29 What types of access control transmission media is used to transmit access control system signals (same as defined for CCTV cameras)?

12.30 What is the backup power supply source for the access control systems; battery backup or some form of other uninterrupted power sources?

12.31

What access control system equipment is used? How old are the systems and what are the related first and maintenance service costs?

12.32 Are mechanical, electrical, medical gas, power supply, radiological material storage, voice/data telecommunication system nodes, security system panels, elevator and critical system panels, and other sensitive rooms continuously locked, under electronic security CCTV camera and intrusion alarm systems surveillance?

12.33 What security safeguards are in place to control the movement, custody, accountability and tracking of facility assets?

12.34 Are their vaults or safes used and are they protected against unauthorized or forced entry? Where are they located?

42 | P a g e


12.35 What security controls are in place to handle the processing of mail and protect against potential biological, explosive or other threatening exposures?

12.36 What type of security key management system is in place? How are keys made, issued and accounted for? Who is responsible for key management and the authorized release of them?

12.37 What types of locking hardware are used throughout the facility? Are manual and electromagnetic cipher, keypad, pushbutton, panic bar, door strikes and related hardware and software used?

12.38 Are any potentially hazardous chemicals, combustible or toxic materials stored on-site in non-secure and non-monitored areas?

12.39 Is there a designated security control room and console in place to monitor security, fire alarm and possibly other building systems?

12.40 Is the security console and control room adequate in size, provide room for expansion, have adequate environment controls (e.g. a/c, lighting, heating, air circulation, backup power, etc,) and is ergonomically designed?

12.41 Is the location of the security room located in a secure area with limited, controlled and restricted access controls in place?

12.42 What are the means by which facility and security personnel can communicate with one another: portable radio, pager, cell phone, personal data assistants (PDA’s), etc)? What problems have been experienced with these and other electronic security systems?

43 | P a g e


12.43 Is there a computerized security incident reporting system used to prepare reports and track security incident trends and patterns?

12.44 Does the present security force have access to use a computerized guard tour system?

This system allows for the systematic performance of guard patrols with validation indicators built in. The system notes stations/locations checked or missed, dates and times of such patrols and who conducted them on what shifts. Management reports can be produced for record keeping and manpower analysis purposes.

Security System Documents

12.45 Are security system as-built drawings been generated and ready for review?

Critical to the consideration and operation of security technologies its overall design and engineering processes. These historical reference documents outline system specifications and layout security device used, their application, location and connectivity. They are a critical resource tool for troubleshooting system problems, for replacing and adding other security system hardware and software products. Such documents are an integral component to new and retrofit construction projects.

12.46 Have security system design and drawing standards been developed?

12.47 Are security equipment selection criteria defined?

12.48 What contingency plans have been developed or are in place to deal with security control center redundancy and backup operations?

12.49 Have security system construction specification documents been prepared and standardized?

12.50 Are all security system documents to include as-built drawings current?

12.51 Have qualifications been determined in using security consultants, system designers and engineers, installation vendors and contractors?

44 | P a g e


12.52 Are security systems decentralized, centralized, integrated, and operate over existing IT network or standalone method of operation?

12.53 What security systems manuals are available?

12.54 What maintenance or service agreements exist for security systems?

13 Security Master Plan

13.1 Does a written security plan exist for this facility? When was the initial security plan written and last revised? Who is responsible for preparing and reviewing the security plan?

The development and imple-mentation of a security master plan provides a roadmap which outlines the strategic direction and vision, operational, managerial and technological mission, goals and objectives of the organizations security program.

13.2 Has the security plan been communicated and disseminated to key management personnel and departments?

13.3 Has the security plan been benchmarked or compared against related organizations and operational entities?

13.4 Has the security plan ever been tested and evaluated from a cost-benefit and operational efficiency and effectiveness perspective?

13.5 Does it define mission, vision, short-long term security program goals and objectives?

13.6 Are threats, vulnerabilities, risks adequately defined and security countermeasures addressed and prioritized relevant to their criticality and probability of occurrence?

13.7 Has a security implementation schedule been established to address recommended security solutions?

13.8 Have security operating and capital budgets been addressed, approved and established to support the plan?

45 | P a g e


13.9 What regulatory or industry guidelines/standards were followed in the preparation of the security plan?

13.10 Does the security plan address existing security conditions from an administrative, operational, managerial and technical security systems perspective?

13.11 Does the security plan address the protection of people, property, assets and information?

13.12 Does the security plan address the following major components: access control, surveillance, response, building hardening and protection against biological, chemical, radiological and cyber-network attacks?

13.13 Has the level of risk been identified and communicated in the security plan through the performance of a physical security assessment?

13.14

When was the last security assessment performed? Who performed the security risk assessment?

13.15 Were the following areas of security analysis addressed in the security master plan: Asset Analysis: Does the security plan identify and prioritize the assets to be protected in accordance to their location, control, current and replacement value? Threat Analysis: Does the security plan address potential threats; causes of potential harm in the form of death, injury, destruction, disclosure, interruption of operations, or denial of services? Examples include possible criminal acts (documented and review of police/security incident reports) associated with forced entry, bombs, ballistic assault, biochemical and related terrorist tactics, attacks against utility systems infrastructure and buildings.

46 | P a g e

Contact Information

James E. McDonald

C/O American Alarm and Communications, Inc. Central Massachusetts Regional Office 489 Washington Street Auburn, Massachusetts 01501 Direct Phone: (508) 453-2731 Direct Fax: (781) 645-7537 Email: [email protected] American Alarm Website: www.AmericanAlarm.com Blog: www.SecurityTalkingPoints.com Twitter: www.Twitter.com/physectech


Vulnerability Analysis: Does the security plan address other areas and anything else associated with a facility and it’s operations that can be taken advantage of to carry out a threat? Examples include the architectural design and construction of new and existing facilities, technological support systems (e.g. heating, air conditioning, power, lighting and security systems, etc.) and operational procedures, policies and controls. Risk Analysis: Does the security plan address the findings from the asset, threat, and vulnerability analyses to develop, recommend and consider implementation of appropriate security countermeasures?

mailto:[email protected]

http://www.americanalarm.com/

http://www.securitytalkingpoints.com/

http://www.twitter.com/physectech

47 | P a g e

The Physical Security Risk Management Book

BY JAMES McDONALD, PSNA A PROUD MEMBER OF INFRAGARD, IFMA, ASIS & IAHSS

AMERICANALARM