Presentation is loading. Please wait.

Presentation is loading. Please wait.

10. Security and Physical Protection Basic Concepts

Published byEileen Daniels Modified over 7 years ago

Similar presentations

Presentation on theme: "10. Security and Physical Protection Basic Concepts"— Presentation transcript:

1 10. Security and Physical Protection Basic Concepts

2 Physical Protection System
A Physical Protection System (PPS) is the integration of people, procedures, and equipment for the protection of assets or facilities against theft, sabotage, or other malicious human attacks Allan Murray lecture, 29 August 2005

3 PPS Objectives: Prevent Theft and Sabotage
Deter the Adversary Implement a PPS which all adversaries perceive as too difficult to defeat Problem: deterrence cannot be measured Defeat the adversary with PPS PPS functions required: detection, delay, response Actions of response force prevent adversary from accomplishing his goal Allan Murray lecture, 29 August 2005

4 Deterrence By definition is:
“the act or process of discouraging actions or preventing occurrences by instilling fear or doubt or anxiety” Deterrence is one useful security functions in managing the insider threat

5 Components that have a deterrent effect:
Deterrence Components that have a deterrent effect: enforcement and prosecution barriers access control systems signage closed circuit television policy and procedures employee trustworthiness checking information security etc... Allan Murray lecture, 29 August 2005

6 Deterrence

7 Exercise 1 – Module 9 Using a facility that is familiar to you, list as many existing elements that would deter an adversary. In addition list further elements that you believe would further enhance deterrence.

8 Physical Protection System Functions
PPS Functions Detection • Intrusion Sensing • Alarm Communication • Alarm Assessment • Entry Control Delay • Passive Barriers • Active Barriers Response • Interruption: – Communication to Response Force – Deployment of Response Force • Neutralization Allan Murray lecture, 29 August 2005

9 Detection Purpose Provide detection of any attempted unauthorised access to the area or facility where the radioactive source is located. Provide detection of any attempted unauthorised access to the equipment housing the radioactive source.

10 Detection Detection can be typically achieved by one of the following means: Electronic Sensors Human Surveillance Video motion detection via a Closed Circuit Television system (CCTV)

11 Example - Radioactive Source Storage Room
Exterior Windows Source B Adjacent Interior Room Target Room Source A Interior Door Exterior Door Exhaust Vent (near ceiling) Exterior Walls

12 Exercise 2 – Module 9 For the example source storage room on the previous slide, indicate where electronic detection sensors could be installed to detect an unauthorized access attempt.

13 Example Detection Sensor Layout
Passive Infrared Sensor Vibration Sensors Source B Glass Break Sensors Adjacent Interior Room Tamper Switches Source A Balanced Magnetic Reed Switches Passive Infrared Sensor Vibration Sensors Active Infrared Sensor

14 Detection Performance Measures: Probability of Detection
Alarm Activated Alarm Communication Alarm Reported Alarm Assessed Performance Measures: Probability of Detection Time for Communication and Assessment Frequency of Nuisance Alarms Probability of Assessment Another Nuisance? Allan Murray lecture, 29 August 2005

15 Detection - Assessment

16 Purpose: To assess the cause of each reported alarm activation
Assessment Purpose: To assess the cause of each reported alarm activation

17 Assessment Assessment can be typically achieved by one of the following means: Response Force (roving guard patrols, emergency services) Technological means such as an Closed Circuit Television system (CCTV) Human Surveillance

18 Provide Obstacles to Increase Protective Force (Guards)
Delay Delay Provide Obstacles to Increase Adversary Task Time Physical Barriers Protective Force (Guards) Performance Measure: Time to Defeat Obstacles Allan Murray lecture, 29 August 2005

19 Delay Purpose Ideally to provide sufficient delay after the detection and assessment phase, to allow response personnel to interrupt and defeat the adversary.

20 Delay Example Security Measures: Fences Cages and walls,
Security containers, Strong rooms with three dimensional containment (floor, walls and ceiling) immobilisation of equipment Securely anchoring the equipment to nearby building structures such as walls, and floors Installing obstacles prohibiting the equipment from being wheeled away

21 Example Hospital Facility
Allan Murray lecture, 29 August 2005

22 Response Performance measures
Communicate to Response Force Deploy Response Force Defeat Adversary Attack Performance measures Probability of communication to response force Time to communicate Probability of deployment to adversary location Time to deploy Response force effectiveness Action by protective forces to prevent adversary success Can’t respond if they don’t know something is going on DEPLOY - deploy means get from where they are to where they are needed to engage the adversary Response force effectiveness generally depends on the numbers, training, and equipment of the response force as compared to the threat. Allan Murray lecture, 29 August 2005

23 Response Practical Implementation
The response time after detection should be designed to be less than the time required to breach the barriers and tasks required to remove or sabotage the radioactive source. The response team should be of sufficient size and capability to defeat the adversary. Plan and response procedures should include the involvement of local law enforcement, and emergency services. The adequacy of the procedures should be defined in consultation with the regulatory authority. Exercised and tested (threat level based).

24 Effective response Interaction with Outside Agencies
Written agreement or understanding Key issues for consideration Role of support agencies Communication with support agencies Off-site operations Joint training exercises The winning combination: Right people and planning Right equipment Right training Allan Murray lecture, 29 August 2005

25 The Principle of Timely Detection
Deter Actions Mitigate Results Begin Action Task Complete Time Adversary Task Time First Alarm Detect Alarm Assessed Respond Adversary Interrupted PPS Time Required Delay Defeat T A T T I C T Allan Murray lecture, 29 August 2005

26 Exercise 3 – Module 9 Determine whether timely detection is possible for following attack scenario Scenario 1: The response force cannot respond in their normal (average) time (e.g., they are responding to a higher competing priority elsewhere in the hospital). It takes the response force twice as long as their normal time to respond.

27 Exercise 3 – Module 9 Determine whether timely detection is possible for following attack scenario Scenario 2: An alarm indicates the entrance door to the research wing was opened, but it cannot be confirmed for a long period of time (e.g., the camera viewing the entrance is out of focus, so the university alarm monitoring station dispatches a security personnel to visually inspect the area and assess the situation). It takes twice as long to assess the alarm.

28 Exercise 3 – Module 9 Determine whether timely detection is possible for following attack scenario Scenario 3: The position sensor on an exterior emergency exit door fails to activate when an intrusion occurs (i.e., the sensor does not work). A second sensor (another position sensor on an interior door) is activated at a point on the diagram which is 2/3 of the way into the first detection, had the first sensor been working. Detection time for the second alarm is the same as the first alarm.

29 Exercise 3 – Module 9

30 Characteristics of an Effective Physical Protection System
Defence-in-depth Series of detectors better than a single one Prefer to use complementary sensors that use different principles Balanced protection Does not create an easy path for adversary Applies to Detection as well as Delay PPS based on threat, and the Graded Approach. Enough Detection, Delay, and Response Meet the “System Effectiveness” criteria One feature can compensate for another's weakness Allan Murray lecture, 29 August 2005

31 Defence in Depth Layer 1 – Physical Security – Perimeter - Lighting, Fences, Guards & Patrols, inspections & checks

32 Exterior & Interior Lighting
Inspections & Checks Perimeter Fences Layer 1 – Physical Security – Perimeter - Lighting, Fences, Guards & Patrols, inspections & checks Guards Patrols

33 Exterior & Interior Lighting Instructions, Orders & Policies
Audit Trails Inspections & Checks Instructions, Orders & Policies Logon & Passwords Perimeter Fences Layer 2 – IT Security – logon and passwords, encryption, audit trails, Orders & Policies Reminder that everything in ASNET is audited – mention the Classified Media Register as part of this Encryption Guards Patrols

34 Exterior & Interior Lighting
Audit Trails -employee trustworthiness check Inspections & Checks Instructions, Orders & Policies Laws & Legislation Legislation Logon & Passwords Perimeter Fences Layer 3 – Laws and Legislation – vetting personnel Recruitment Background Checking Encryption Guards Patrols

35 Exterior & Interior Lighting
Audit Trails -employee trustworthiness check -Alarms Inspections & Checks Access Control Instructions, Orders & Policies Laws & Legislation ID Cards Logon & Passwords Perimeter Fences Legislation Level 4 – Physical Access control – ID cards, alarms, detection devices Detection Devices Recruitment Checks Encryption Guards Patrols

36 Exterior & Interior Lighting
Audit Trails -employee trustworthiness check -Alarms Classification Inspections & Checks Access Control Instructions, Orders & Policies Laws & Legislation ID Cards Access Control Locks Perimeter Fences Legislation Logon & Passwords Categorisation Layer 5 – categorisation and classification Detection Devices Recruitment Checks Encryption Guards Patrols

37 Exterior & Interior Lighting
Audit Trails -employee trustworthiness check -Alarms Classification Detection Inspections & Checks Access Control Instructions, Orders & Policies Laws & Legislation ID Cards Access Control Physical Measures Locks Logon & Passwords Perimeter Fences Strong Rooms Legislation Containers Categorisation Layer 6 – secure rooms strongrooms, containers and vaults and vaults So – security is achieved when … Detection Devices Recruitment Checks Encryption Guards Patrols

38 Graded Physical Protection Requirements
The level of protection required for a facility should be commensurate with the potential hazard posed by the facility. Graded concept of security measures based on: Anticipated threat Relative attractiveness Potential consequences of malevolent actions The need for beneficial use of the source Allan Murray lecture, 29 August 2005

39 SUMMARY While we would like to deter the adversary, we must be prepared to defeat him We also must be prepared for failure in our attempt to defeat the adversary because nothing is 100% effective We use Detection, Delay, and Response working together to interrupt the adversary We use the response force to defeat the adversary We are talking mostly about an outsider, but do not forget the insider threat The level of required protection should be commensurate with the potential hazard Allan Murray lecture, 29 August 2005

40 Thank You! Questions?

Download ppt "10. Security and Physical Protection Basic Concepts"

Similar presentations

C-TPAT SECURITY AWARENESS TRAINING

C-TPAT SECURITY AWARENESS TRAINING
INTRUSION ALARM TECHNOLOGY

INTRUSION ALARM TECHNOLOGY
Airport Security – Post 9/11

Airport Security – Post 9/11
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.

Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
Security of Radiation Sources

Security of Radiation Sources
FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.

FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.
Presentation Retail Security Key Holding Mobile Patrols Access Control Systems Manned Security www.expresssecurities.co.uk Receptionist CCTV Monitoring.

Presentation Retail Security Key Holding Mobile Patrols Access Control Systems Manned Security Receptionist CCTV Monitoring.
SAND No. 2010-4653C Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of.

SAND No C Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of.
In-depth look at ISACS 05.20 Stockpile Management: Weapons Photo: MAG.

In-depth look at ISACS Stockpile Management: Weapons Photo: MAG.
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.

Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
Deter Detect Delay Assess Respond Copyright © BES.

Deter Detect Delay Assess Respond Copyright © BES.
Physical Security John Schwertfeger Security Manager Duane Arnold Energy Center.

Physical Security John Schwertfeger Security Manager Duane Arnold Energy Center.
Chapter 5 Enhancing Security Through Physical Controls

Chapter 5 Enhancing Security Through Physical Controls
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
The Islamic University of Gaza

The Islamic University of Gaza
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Information Security Principles and Practices

Information Security Principles and Practices
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.

Similar presentations

Ads by Google