Physical security
Encyclopedia
Physical security describes measures that are designed to deny access to unauthorized personnel (including attackers or even accidental intruders) from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts. Physical security can be as simple as a locked
door or as elaborate as multiple layers of barriers, armed security guard
s and guardhouse
placement.
or costly to an attacker to even attempt an intrusion. However, strong security measures also come at a cost, and there can be no perfect security.
It is up to a security designer to balance security features and a tolerable amount of personnel access against available resources, risks to assets to be protected, and even aesthetics
. There are also life-cycle sustaining costs to consider.
Physical security is not a modern phenomenon. Physical security exists in order to deter or prevent persons from entering a physical facility. Historical examples of physical security include city walls, moats, etc.
The technology used for physical security has changed over time. While in past eras, there was no passive infrared (PIR) based technology, electronic access control systems, or video surveillance system (VSS) cameras, the essential methodology of physical security has not altered over time.
Fundamentally, good physical security is a combination of defensive principles designed to:
... to intrusions into critical physical spaces. The first two actions of deter and delay are considered passive defense, while the remaining are active in nature.
The field of security engineering
has identified the following elements to physical security:
In a well designed system, these features must complement each other. There are at least four layers of physical security:
There may be many choices to consider and there is no "best" solution that will satisfy a broad class of situations. Each situation is unique. What is offered in this article are only proven techniques, but not always required or expected, or satisfactory for the end user.
The initial layer of security for a campus, building, office, or other physical space uses crime prevention through environmental design
to deter threats. Some of the most common examples are also the most basic - warning signs, fences, vehicle barriers, vehicle height-restrictors, restricted access points, site lighting and trenches. However, even passive things like hedgerows may be sufficient in some circumstances.
easily manages large user populations, controlling for user lifecycles times, dates, and individual access points.
For example a user's access rights could allow access from 0700h to 1900h Monday through Friday and expires in 90 days. Another form of access control (procedural) includes the use of policies, processes and procedures to manage the ingress into the restricted area. An example of this is the deployment of security personnel conducting checks for authorized entry at predetermined points of entry. This form of access control is usually supplemented by the earlier forms of access control (i.e. mechanical and electronic access control), or simple devices such as physical passes.
An additional sub-layer of mechanical/electronic access control protection is reached by integrating a key management
system to manage the possession and usage of mechanical keys to locks or property within a building or campus.
In many jurisdictions, law enforcement will not respond to alarms from intrusion detection systems. For example, a motion sensor near a door could trigger on either a person or a squirrel. The sensor itself does not do identification and as far as it is designed, anything moving near that door is unauthorized.
(CCTV) is common, it is quickly becoming outdated as more video systems lose the closed circuit for signal transmission and are instead transmitting on computer networks.
Advances in information technology are transforming video monitoring into video analysis. For instance, once an image is digitized it can become data that sophisticated algorithms can act upon. As the speed and accuracy of automated analysis increases, the video system could move from a monitoring system to an intrusion detection system or access control system. It is not a stretch to imagine a video camera inputting data to a processor that outputs to a door lock. Instead of using some kind of key, whether mechanical or electrical, a person's visage is the key. FST21, an Israeli company that entered the US market this year, markets intelligent buildings that do just that. When actual design and implementation is considered, there are numerous types of security cameras that can be used for many different applications. One must analyze their needs and choose accordingly.
Note that video monitoring does not necessarily guarantee that a human response is made to an intrusion. A human must be monitoring the situation realtime in order to respond in a timely manner. Otherwise, video monitoring is simply a means to gather evidence to be analyzed at a later time - perhaps too late in some cases.
Intertwined in these four layers are people. Guards have a role in all layers, in the first as patrols and at checkpoints. In the second to administer electronic access control. In the third to respond to alarms. The response force must be able to arrive on site in less time than it is expected that the attacker will require to breach the barriers. And in the fourth to monitor and analyze video. Users obviously have a role also by questioning and reporting suspicious people. Aiding in identifying people as known versus unknown are identification systems. Often photo ID badges are used and are frequently coupled to the electronic access control system. Visitors are often required to wear a visitor badge.
Fire alarm systems are increasingly becoming based on Internet Protocol
, thus leading to them being accessible via local
and wide area network
s within organisations. Emergency notification is now a new standard in many industries, as well as physical security information management
(PSIM). A PSIM application integrates all physical security systems in a facility, and provides a single and comprehensive means of managing all of these resources. It consequently saves on time and cost in the effectual management of physical security.
Many installations, serving a myriad of different purposes, have physical obstacles in place to deter intrusion. This can be high walls, barbed wire, glass mounted on top of walls, etc.
The presence of PIR-based motion detectors are common in many places, as a means of noting intrusion into a physical installation. Moreover, VSS/CCTV cameras are becoming increasingly common, as a means of identifying persons who intrude into physical locations.
Businesses use a variety of options for physical security, including security guards, electric security fencing, cameras, motion detectors, and light beams.
ATMs (cash dispensers) are protected, not by making them invulnerable, but by spoiling the money inside when they are attacked. Money tainted with a dye could act as a flag to the money's unlawful acquisition.
Safes are rated in terms of the time in minutes which a skilled, well equipped safe-breaker is expected to require to open the safe. These ratings are developed by highly skilled safe breakers employed by insurance agencies, such as Underwriters Laboratories
. In a properly designed system, either the time between inspections by a patrolling guard should be less than that time, or an alarm response force should be able to reach it in less than that time.
Hiding the resources, or hiding the fact that resources are valuable, is also often a good idea as it will reduce the exposure to opponents and will cause further delays during an attack, but should not be relied upon as a principal means of ensuring security. (See security through obscurity
and inside job
.)
Not all aspects of Physical Security need be high tech. Even something as simple as a thick or thorny bush can add a layer of physical security to some premises, especially in a residential setting.
Lock (device)
A lock is a mechanical or electronic fastening device that is released by a physical object or secret information , or combination of more than one of these....
door or as elaborate as multiple layers of barriers, armed security guard
Security guard
A security guard is a person who is paid to protect property, assets, or people. Security guards are usually privately and formally employed personnel...
s and guardhouse
Guardhouse
A guardhouse is a building used to house personnel and security equipment...
placement.
Overview
Good physical security uses the concept of defense in depth, in appropriate combinations to deter and delay intrusions (passive defense), and detect and respond to intrusions (active defense). Ultimately it should be too difficult, riskyRisk
Risk is the potential that a chosen action or activity will lead to a loss . The notion implies that a choice having an influence on the outcome exists . Potential losses themselves may also be called "risks"...
or costly to an attacker to even attempt an intrusion. However, strong security measures also come at a cost, and there can be no perfect security.
It is up to a security designer to balance security features and a tolerable amount of personnel access against available resources, risks to assets to be protected, and even aesthetics
Aesthetics
Aesthetics is a branch of philosophy dealing with the nature of beauty, art, and taste, and with the creation and appreciation of beauty. It is more scientifically defined as the study of sensory or sensori-emotional values, sometimes called judgments of sentiment and taste...
. There are also life-cycle sustaining costs to consider.
Physical security is not a modern phenomenon. Physical security exists in order to deter or prevent persons from entering a physical facility. Historical examples of physical security include city walls, moats, etc.
The technology used for physical security has changed over time. While in past eras, there was no passive infrared (PIR) based technology, electronic access control systems, or video surveillance system (VSS) cameras, the essential methodology of physical security has not altered over time.
Fundamentally, good physical security is a combination of defensive principles designed to:
- deter
- delay
- detect, and
- respond (and ultimately, deny access)
... to intrusions into critical physical spaces. The first two actions of deter and delay are considered passive defense, while the remaining are active in nature.
Elements and design
Security engineering
Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts...
has identified the following elements to physical security:
- obstacles, to frustrate trivial attackers and delay serious ones; to include:
- explosion protectionExplosion protectionExplosion protection is used to protect all sorts of buildings and civil engineering infrastructure against internal and external explosions or deflagrations. It was widely believed until recently that a building subject to an explosive attack had a chance to remain standing only if it possessed...
;
- explosion protection
- detection systems, such as surveillance systems, alarmAlarmAn alarm device or system of alarm devices gives an audible or visual alarm signal about a problem or condition.Alarm devices include:* burglar alarms, designed to warn of burglaries; this is often a silent alarm: the police or guards are warned without indication to the burglar, which increases...
s, security lightingSecurity lightingIn the field of physical security, security lighting is often used as a preventative and corrective measure against intrusions or other criminal activity on a physical piece of property. Security lighting may be provided to aid in the detection of intruders, to deter intruders, or in some cases...
, security guardSecurity guardA security guard is a person who is paid to protect property, assets, or people. Security guards are usually privately and formally employed personnel...
patrols or closed-circuit television cameraClosed-circuit television cameraClosed-circuit television cameras can produce images or recordings for surveillance purposes, and can be either video cameras, or digital stills cameras...
s, to make it likely that attacks will be noticed; and - security response, to repel, catch or frustrate attackers when an attack is detected.
In a well designed system, these features must complement each other. There are at least four layers of physical security:
- Environmental design
- Mechanical, electronic and procedural access controlAccess controlAccess control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
- Intrusion detection (with appropriate response procedures)
- Personnel Identification (authenticationAuthenticationAuthentication is the act of confirming the truth of an attribute of a datum or entity...
)
There may be many choices to consider and there is no "best" solution that will satisfy a broad class of situations. Each situation is unique. What is offered in this article are only proven techniques, but not always required or expected, or satisfactory for the end user.
Deterrence
The goal of physical security is to convince potential attackers that the likely costs of attack exceeds the value of making the attack, e.g. that consequences of a failed attack may well exceed the gain. The combination of layered security features establishes the presence of territoriality.The initial layer of security for a campus, building, office, or other physical space uses crime prevention through environmental design
Crime prevention through environmental design
Crime prevention through environmental design is a multi-disciplinary approach to deterring criminal behavior through environmental design. CPTED strategies rely upon the ability to influence offender decisions that precede criminal acts...
to deter threats. Some of the most common examples are also the most basic - warning signs, fences, vehicle barriers, vehicle height-restrictors, restricted access points, site lighting and trenches. However, even passive things like hedgerows may be sufficient in some circumstances.
Access control
The next layer is mechanical and includes gates, doors, and locks. Key control of the locks becomes a problem with large user populations and any user turnover. Keys quickly become unmanageable, often forcing the adoption of electronic access control. Electronic access controlAccess control
Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
easily manages large user populations, controlling for user lifecycles times, dates, and individual access points.
For example a user's access rights could allow access from 0700h to 1900h Monday through Friday and expires in 90 days. Another form of access control (procedural) includes the use of policies, processes and procedures to manage the ingress into the restricted area. An example of this is the deployment of security personnel conducting checks for authorized entry at predetermined points of entry. This form of access control is usually supplemented by the earlier forms of access control (i.e. mechanical and electronic access control), or simple devices such as physical passes.
An additional sub-layer of mechanical/electronic access control protection is reached by integrating a key management
Key management
Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.Key management concerns...
system to manage the possession and usage of mechanical keys to locks or property within a building or campus.
Detection
The third layer is intrusion detection systems or alarms. Intrusion detection monitors for unauthorized access. It is less a preventative measure and more of a response trigger, although some would argue that it is a deterrent. Intrusion detection has a high incidence of false alarms.In many jurisdictions, law enforcement will not respond to alarms from intrusion detection systems. For example, a motion sensor near a door could trigger on either a person or a squirrel. The sensor itself does not do identification and as far as it is designed, anything moving near that door is unauthorized.
Identification
The last layer is video monitoring systems. Security cameras can be a deterrent in many cases, but their real power comes from incident verification and historical analysis. For example, if alarms are being generated and there is a camera in place, the camera could be viewed to verify the alarms. In instances when an attack has already occurred and a camera is in place at the point of attack, the recorded video can be reviewed. Although the term closed-circuit televisionClosed-circuit television
Closed-circuit television is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors....
(CCTV) is common, it is quickly becoming outdated as more video systems lose the closed circuit for signal transmission and are instead transmitting on computer networks.
Advances in information technology are transforming video monitoring into video analysis. For instance, once an image is digitized it can become data that sophisticated algorithms can act upon. As the speed and accuracy of automated analysis increases, the video system could move from a monitoring system to an intrusion detection system or access control system. It is not a stretch to imagine a video camera inputting data to a processor that outputs to a door lock. Instead of using some kind of key, whether mechanical or electrical, a person's visage is the key. FST21, an Israeli company that entered the US market this year, markets intelligent buildings that do just that. When actual design and implementation is considered, there are numerous types of security cameras that can be used for many different applications. One must analyze their needs and choose accordingly.
Note that video monitoring does not necessarily guarantee that a human response is made to an intrusion. A human must be monitoring the situation realtime in order to respond in a timely manner. Otherwise, video monitoring is simply a means to gather evidence to be analyzed at a later time - perhaps too late in some cases.
Human response
Other physical security tools
New developments in information and communications technology, as well as new demands on security managers, have widened the scope of physical security apparatus.Fire alarm systems are increasingly becoming based on Internet Protocol
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
, thus leading to them being accessible via local
Local area network
A local area network is a computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building...
and wide area network
Wide area network
A wide area network is a telecommunication network that covers a broad area . Business and government entities utilize WANs to relay data among employees, clients, buyers, and suppliers from various geographical locations...
s within organisations. Emergency notification is now a new standard in many industries, as well as physical security information management
Physical Security Information Management
Physical security information management is a category of software that provides a platform and applications created by middleware developers, designed to integrate multiple unconnected security applications and devices and control them through one comprehensive user interface...
(PSIM). A PSIM application integrates all physical security systems in a facility, and provides a single and comprehensive means of managing all of these resources. It consequently saves on time and cost in the effectual management of physical security.
Examples
Many installations, serving a myriad of different purposes, have physical obstacles in place to deter intrusion. This can be high walls, barbed wire, glass mounted on top of walls, etc.
The presence of PIR-based motion detectors are common in many places, as a means of noting intrusion into a physical installation. Moreover, VSS/CCTV cameras are becoming increasingly common, as a means of identifying persons who intrude into physical locations.
Businesses use a variety of options for physical security, including security guards, electric security fencing, cameras, motion detectors, and light beams.
ATMs (cash dispensers) are protected, not by making them invulnerable, but by spoiling the money inside when they are attacked. Money tainted with a dye could act as a flag to the money's unlawful acquisition.
Safes are rated in terms of the time in minutes which a skilled, well equipped safe-breaker is expected to require to open the safe. These ratings are developed by highly skilled safe breakers employed by insurance agencies, such as Underwriters Laboratories
Underwriters Laboratories
Underwriters Laboratories Inc. is an independent product safety certification organization. Established in 1894, the company has its headquarters in Northbrook, Illinois. UL develops standards and test procedures for products, materials, components, assemblies, tools and equipment, chiefly dealing...
. In a properly designed system, either the time between inspections by a patrolling guard should be less than that time, or an alarm response force should be able to reach it in less than that time.
Hiding the resources, or hiding the fact that resources are valuable, is also often a good idea as it will reduce the exposure to opponents and will cause further delays during an attack, but should not be relied upon as a principal means of ensuring security. (See security through obscurity
Security through obscurity
Security through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security...
and inside job
Inside job
Inside job refers to a crime committed by a person with a position of trust, such as insider trading.Inside job may also refer to:* Inside Job , a 2005 novella by Connie Willis* Inside Job , a 2000 studio album by Don Henley...
.)
Not all aspects of Physical Security need be high tech. Even something as simple as a thick or thorny bush can add a layer of physical security to some premises, especially in a residential setting.
See also
:Category:Security companies
|
Fence A fence is a freestanding structure designed to restrict or prevent movement across a boundary. It is generally distinguished from a wall by the lightness of its construction: a wall is usually restricted to such barriers made from solid brick or concrete, blocking vision as well as passage .Fences... Fortification Fortifications are military constructions and buildings designed for defence in warfare and military bases. Humans have constructed defensive works for many thousands of years, in a variety of increasingly complex designs... Guard tour patrol system A Guard tour patrol system is a system for logging the rounds of employees in a variety of situations such as Security guards patrolling property, technicians monitoring climate-controlled environments, and correctional officers checking prisoner living areas... Key (lock) A key is an instrument that is used to operate a lock. A typical key consists of two parts: the blade, which slides into the keyway of the lock and distinguishes between different keys, and the bow, which is left protruding so that torque can be applied by the user. The blade is usually intended to... Key (cryptography) In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa... Locksmithing Locksmithing began as the science and art of making and defeating locks. A lock is a mechanism that secures buildings, rooms, cabinets, objects, or other storage facilities. A key is often used to open a lock... Lock picking Lock picking is the art of unlocking a lock by analyzing and manipulating the components of the lock device, without the original key. Although lock picking can be associated with criminal intent, it is an essential skill for a locksmith... Logical security Logical Security consists of software safeguards for an organization’s systems, including user identification and password access, authentication, access rights and authority levels. These measures are to ensure that only authorized users are able to perform actions or access information in a... Magnetic stripe card A magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card... Optical turnstile An optical turnstile is a physical security device designed to restrict or control access to a building or secure area. Optical turnstiles are usually a part of an access control system, which also consists of software, card readers, and controllers... Photo identification Photo identification is generally used to define any form of identity document that includes a photograph of the holder.Some countries use a government issued card as a proof of age or citizenship.Types of photo ID cards include:*Passports... Physical Security Professional A Physical Security Professional is a certification process for individuals involved in the physical security of organizations. This certification process is offered by ASIS International... |
Prison A prison is a place in which people are physically confined and, usually, deprived of a range of personal freedoms. Imprisonment or incarceration is a legal penalty that may be imposed by the state for the commission of a crime... Proximity card Proximity card is a generic name for contactless integrated circuit devices used for security access or payment systems. The standard can refer to the older 125 kHz devices or the newer 13.56 MHz contactless RFID cards, most commonly known as contactless smartcards.Modern proximity cards... Razor wire Barbed tape or razor wire is a mesh of metal strips with sharp edges whose purpose is to prevent passage by humans. The term "razor wire", through long usage, has generally been used to describe barbed tape products... Safe A safe is a secure lockable box used for securing valuable objects against theft or damage. A safe is usually a hollow cuboid or cylinder, with one face removable or hinged to form a door. The body and door may be cast from metal or formed out of plastic through blow molding... Safe-cracking Safe-cracking is the process of opening a safe without either the combination or key. It may also refer to a computer hacker's attempts to break into a secured computer system, in which case it may be shortened to "cracking" or black hat hacking.... Security Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection... Security engineering Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts... Security lighting In the field of physical security, security lighting is often used as a preventative and corrective measure against intrusions or other criminal activity on a physical piece of property. Security lighting may be provided to aid in the detection of intruders, to deter intruders, or in some cases... Security Operations Center A Security Operations Center is a centralized unit in an organization that deals with security issues, on an organizational and technical level. An SOC within a building or facility is a central location from where staff supervises the site, using data processing technology... Security policy Security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls... Security seal Security seals are mechanisms used to seal containers in a way that provides tamper evidence and some level of security. Such seals can help to detect theft or contamination, either accidental and deliberate. Security seals are commonly used to secure vehicles, chemical drums, airline duty free... Smart card A smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile... Surveillance Surveillance is the monitoring of the behavior, activities, or other changing information, usually of people. It is sometimes done in a surreptitious manner... Wiegand effect The Wiegand effect is a nonlinear magnetic effect, named after its discoverer John R. Wiegand, produced in specially annealed and hardened wire called Wiegand wire.... |