DMP: Digital Monitoring Intrusion Detection System Solutions

Loading...

Call or email us for our pricing on this product.
Phone: (508) 485-1176

Your certified DMP dealer, BSA Security Integrators, provides a comprehensive approach in establishing Physical Security In-formation Systems for our customers. Working together with our clients to assess their security concerns, needs, and requirements to then accurately design and implement a customized PSIM to best serve their security requirements.

The Intrusion Detection System is vital to detecting actual or attempted entry by unauthorized personnel into a secure area and triggering the appropriate response.

With BSA Security Integrators's layered security approach, an Industrial Intrusion Detection system begins at the outer perimeter of a facility and is built inwards to best secure the most sensitive areas. The early detection of an event facilitates a methodical response by facility guards to allow sufficient time to assess the situation, determine the validity of the event, and to formulate an effective response plan.

When integrated with other systems such as access control and video surveillance, the effectiveness of the intrusion detection system is greatly enhanced. If and when the intrusion detection system detects an event, the video surveillance cameras are triggered to record at a higher frame rate to produce better quality videos. The threat level on the access control system can also be raised, automatically locking doors that had been scheduled to be unlocked thereby limiting an intruder’s access.

Intrusion detection often serves as the foundation of a basic security system, but can also be integrated into more comprehensive security regimes. Door and window contacts, glass-break sensors, fence detection and motion detectors alert on-site personnel or emergency responders to break-in attempts via local alarms or central station reporting. Such systems can be hard-wired on dedicated low-voltage wiring or may share wired or wireless Ethernet with other security and data communications functions. Fixed-station and wireless personal panic alert buttons can be part of the system and the intrusion detection system can be integrated with the facility’s access control structure.

When it comes to the most important aspects of efficient and effective plant operations, having proper physical security measures in place is still just as critical as the flow of raw materials, efficient process control, a competent workforce, and yes, cybersecurity measures. Like cybersecurity, the core concept of physical security is to detect and prevent an intrusion. Even though it is a different kind of intrusion, consequences of failing to protect can be disastrous. For this reason, it is clear that physical security cannot be placed on the backburner.

What steps, therefore, should plants take and make sure they do not neglect when it comes to having an effective physical security system in place amid the cyber hoopla? The common approach remains “defense in depth.” This is similar to the “layers-of-protection” philosophy used when designing integrated safety systems—i.e., ensuring multiple measures are deployed on top of each other so if one layer is penetrated, another one is there to further safeguard. With this system, no one layer or measure is responsible for being a catch all.

But recent trends in manufacturing (process safety incidents, increasingly tighter budgets, the aging workforce, regulations, and increased demand) are forcing plants to dig a little deeper with the defense-in-depth concept. Specifically, defense in depth means more today than just adding layers of protection—it means ensuring those layers are folded into the core plant controls along with other subsystems.

Why defense in depth?

At all times, plants are charged with protecting their people, assets, and the environment. At its core, physical security helps achieve this objective by keeping the wrong people on the right side of the fence to prevent incidents of vandalism, theft, and malicious acts.

Because protecting people, assets, and profitability demands a holistic point of view, visualizing what physical security at a plant looks like can be difficult, as the concept is fairly abstract. The most obvious ways to protect facilities are physical: fences, barricades, and guards. But these safeguards provide only one layer, and physical security is more than a barbed-wire fence around a facility. It involves tracking and managing people and assets, complying with federal and industry regulations, monitoring premises with video, implementing access control, and establishing perimeters. There is no one-size-fits-all approach when considering how to best implement or strengthen a physical security plan, but there are blueprints from successful implementations that can provide a guide in terms of steps to follow and considerations to take.

An integrated approach must provide protection from their process control room to the perimeter, protecting all assets of a plant. It should include components such as video surveillance, access control, perimeter intrusion detection, and command centers that work together to provide an extensive method of protection for plants.

Having such an integrated physical security solution in place allows plant managers and operators to ensure their top safety priorities—things like stable control of the plant—are secured while concentrating on other components that factor in to the safe, secure operation of a plant. For this reason, the design of an integrated system must be clearly aligned with existing safety and process control systems. This approach allows certain layers of protection to deter incidents in the first place, while others can provide detection and alerting and associated guidance.

Layers can either be automated or require human interaction. Some layers offer easily quantifiable risk-reduction benefits but require the risks all be identified before. Others are less tangible and offer softer benefits.

At the core of the layered architecture is a well-designed and implemented process design that is the embodiment of the business, safety, and production considerations necessary for effective operations. The process must be controlled by a secure process control network that extends across the entire plant and business networks. Managing the plant’s assets ensures the process design continues to function as intended, all while protecting the plant from pending incidents with an early indication of failing assets.

With the correct work practices and technology in place, in the event an abnormal situation does occur disrupt-ing safe operations, an emergency response plan can be executed, controlled, and monitored to minimize the impact of the incident.

Video: A key integration ingredient

When operating under a plant security concept like defense in depth, it is necessary to have technologies available that can integrate with each other to reinforce the layered protection necessary in securing a plant. One of the key ingredients here is video surveillance technology. Much of the ability to integrate video with the control room stems from the installation of a digital video system. Since the key to a successful video system is being able to manage and filter through the vast amounts of video information captured continuously, having a digital video system available offers much greater flexibility.

For instance, connecting the closed-circuit television system with a plant’s control room, operators have wide-spread access and monitoring capabilities that touch all corners of the facility. Operators can perform all view-ing, recording, and archiving and retrieval functions from a single interface.

With digital video able to be easily integrated into one platform, something like monitoring an entirely separate facility hundreds of miles away can now be done in a central control room—this is especially critical today, considering many new sites are smaller and more widely dispersed than the massive facilities that were commonly being built only a few decades ago. A distributed video architecture (DVA) allows security personnel to view video from multiple digital video systems on one virtual platform, whether across a single campus or across the country.

DVA is particularly beneficial for multi-site and critical infrastructure applications because it provides central monitoring and control of all cameras and equipment on the network. Digital video in a distributed architecture is completely scalable, making the extension of a video system much more cost-effective. Integrating digital video systems with the control room also reduces the hit to the wallet that plants face when deploying traditional surveillance measures. With scanning and alerts available 24 hours a day, the speed and accuracy in which operators can respond to abnormal situations is increased. Vital plant events are responded to appropriately, and possibly, costly plant shutdowns are avoided. Video deployment costs are also reduced, with one system able to integrate disparate systems like security, fire and gas, and control. Streamlined video surveil-lance certainly reduces operating costs but also reinforces the oversight and response ability for plant operators.

Finding starting point

To effectively secure a facility, plant managers must take an inside-out approach—they must start with securing the heart of their plants (the process control network) and gradually build layers of protection that extend all the way to the property perimeter.

There are several thorough steps that must be taken to achieve these layers of protection and ensure effective integration, such as:

  • A site vulnerability assessment
  • Understanding available security systems
  • Determining mitigation steps
  • System implementation
  • Reassessment

A site vulnerability assessment determines possible holes in a plant’s overall security system and prioritizes improvement opportunities. When completed, the assessment will have examined the impact of a security breach and the effect it can have on security personnel and process operators and will have examined the gaps that exist in the plant’s physical security application.

After the site vulnerability assessment, a thorough understanding of the latest security technology is necessary to determine threat mitigation steps and how to fill the observed security gaps. Physical security subsets like access control, visitor management, video surveillance, and perimeter and intrusion control all factor in to the effectiveness of plant security, and the understanding of the latest technologies and their advancements is essential to having an effective, holistic approach to security.

Once vulnerabilities are categorized and prioritized, mitigation steps must be identified. Mitigation steps are unique to each site, but practices like strengthening the situational awareness of process operators and security personnel can help integrate process control and security systems. Security personnel are made more aware of non-security incidents, and process personnel are made more aware of security incidents. This type of compromise and awareness creates a more effective, holistic approach to industrial security.

System implementation will create an integrated architecture that will allow plant operations staff to improve collaboration and responsiveness to reduce security risks. As mentioned, a DVA can help integrate security and process systems, and its ability to tie third-party systems together makes it important when making integration a reality. Without a standard such as DVA, it is difficult to achieve effective communication that allows a site to be more aware of a security issue, and awareness allows for increased responsiveness.

Integrated—the new norm

The processing industry is facing real challenges as technology is forever advancing, seasoned industry professionals are retiring, and the business environment of the new global economy pressures managers in different directions. At the same time, moral, regulatory, and insurance requirements must be met in terms of maintaining a safe and secure workplace.

Research has shown abnormal situations cost many millions of dollars. Manufacturers pay dearly for these catastrophes. There are numerous catastrophes that can be cited, but they all indicate the need for focusing on layers of protection to provide a safer work environment, while at the same time increasing process availability and reducing total cost.

When fully executed and online, an integrated approach to plant security helps customers improve their business performance and peace of mind. It includes independent, yet interrelated layers of protection to deter, pre-vent, detect, and mitigate potential threats, while increasing the flexibility, scalability, and cost effectiveness of the entire system.

Implementing technology-driven solutions may provide some relief to the pending safety pressures. However, not until a site considers independent yet interrelated layers of protection to deter, mitigate, and prevent potential threats will there be a satisfactory solution to the physical security problem.

Exterior Perimeter Protection

Perimeter Security Measures

  • Perimeter protection is the first line of defense in providing physical security for a facility. This can be accomplished by installing fences or other physical barriers, outside lighting, lockable gates, intrusion detectors, or a guard force. Perimeter protection also includes walls, lockable doors and windows, bars and grills, and fire escapes.
  • In addition to defining the physical limits of a facility and controlling access, a perimeter barrier also creates a physical and psychological deterrent to unauthorized entry. It delays intrusion into an area, making the possibility of detection and apprehension more likely. It aids security forces in controlling access and assists in directing the flow of persons and vehicles through designated entrances.
  • Every vulnerable point should be protected to deter or prevent unauthorized access to the facility. The roof, basement, and walls of a building may contain vulnerable points of potential entry. A security survey of the perimeter should address manholes and tunnels, gates leading to the basement, elevator shafts, ventilation openings, skylights, and any opening 96 square inches or larger that is within 18 feet of the ground.
  • The extent of perimeter controls will be determined by the senior facility manager, based upon a comprehensive physical security survey (Appendix C). The survey report should recommend perimeter controls to the facility manager.

Physical Barriers. Physical barriers may be of two general types, natural and structural. Natural barriers include mountains, cliffs, canyons, rivers, or other terrain difficult to traverse. Structural barriers are man-made devices such as fences, walls, floors, roofs, grills, bars, or other structures that deter penetration. If a natural barrier forms one side or any part of the perimeter, it in itself should not automatically be considered an adequate perimeter barrier, since it may be overcome by a determined intruder. Structural barriers should be provided for that portion of the perimeter, if required.

Fencing. Fences are the most common perimeter barrier or control. Two types normally used are chain link and barbed wire. The choice is dependent primarily upon the degree of permanence of the facility and local ordinances. A perimeter fence should be continuous, be kept free of plant growth, and be maintained in good condition.

  • Chain Link. Chain link fencing should be laid out in straight lines to permit unhampered observation. It should be constructed of number 11 gauge or heavier wire mesh (two inch square) and should be not less than seven feet high and have a top guard. It should extend to within two inches of firm ground. It should be taunt and securely fastened to rigid metal posts set in concrete. Anti-erosion measures like surface priming may be necessary. Where the fence traverses culverts, troughs, or other openings larger than 96 square inches in area, the openings should be protected by fencing, iron grills, or other barriers to prevent passage of intruders. Chain link fencing is low in maintenance cost, a minimal safety hazard, and has openings small enough to discourage the passage of pilfered articles.
  • Barbed Wire. Standard barbed wire is twisted, double strand, number 12 gauge wire, with four-point barbs spaced four inches apart. Barbed wire fencing, including gates intended to prevent trespassing, should be no less than seven feet in height plus a top guard, tightly stretched, and should be firmly affixed to posts not more than six feet apart. Distances between strands should not exceed six inches.
  • Top Guard. A top guard is an overhang of barbed wire along the top of a fence, facing outward and up-ward at an angle of 45 degrees. Three or four strands of barbed wire spaced six inches apart are used, but the length of the supporting arms and the number of strands can be increased when required. The sup-porting arms should be affixed to the top of the fence posts and be of sufficient height to increase the overall height of the fence at least one foot. Where a building of less than three stories is used to form a part of the perimeter, a top guard should be used along the outside wall to deter access to the roof.

Gates

  • The purpose of a gate is to provide a break in a perimeter fence or wall to allow entry. Gates are protect-ed by locks, intermittent guard patrols, fixed guard posts, contact alarms, CCTV, or a combination of these. The number of gates and perimeter entrances should be limited to those absolutely necessary, but should be sufficient to accommodate the peak flow of pedestrian and vehicular traffic.
  • Gates should be adequately lighted. They should be locked when not manned and periodically inspected by a roving guard force. Utility openings in a fence that do not serve as gates should be locked, guarded, or otherwise protected.
  • Intrusion detection devices may be desirable when the gate is used intermittently or when a higher level of protection is desired. Alternatives to detection devices include coded card keys, push button combination locks, and CCTV.

Protective Lighting. Protective lighting is a valuable and inexpensive deterrent to crime. It improves visibility for checking badges and people at entrances, inspecting vehicles, preventing illegal entry, and detecting intruders both outside and inside buildings and grounds. Locate protective lighting where it will illuminate shadowed areas and be directed at probable routes of intrusion. Also, overlap lighting to prevent dark areas. If justified, include emergency power for lighting.

Doors.

  • A door is a vulnerable point of the security of any building. A door should be installed so the hinges are on the inside to preclude removal of the screws or the use of chisels or cutting devices. Pins in exterior hinges should be welded, flanged, or otherwise secured, or hinge dowels should be used to preclude the door's removal. The door should be metal or solid wood. Remember that locks, doors, doorframes, and accessory builder's hardware are inseparable when evaluating barrier value. Do not put a sturdy lock on a weak door. The best door is of little value if there are exposed removable hinge pins, breakable vision panels, or other weaknesses that would allow entry. Transoms should be sealed permanently or locked from the inside with a sturdy sliding bolt lock or other similar device or equipped with bars or grills.
  • Overhead roll doors not controlled or locked by electric power should be protected by slide bolts on the bottom bar. Chain link doors should be provided with an iron keeper and pin for securing the hand chain. The shaft on a crank operated door should be secured. A solid overhead, swinging, sliding, or accordion type garage door should be secured with a cylinder lock or padlock. Also, a metal slide bar, bolt, or crossbar should be provided on the inside. Metal accordion grate or grill-type doors should have a se-cured metal guide track at the top and bottom and be secured with a cylinder lock or padlock.

Windows.

  • Windows are another vulnerable point for gaining illegal access to a building. Windows should be se-cured on the inside using a lock, locking bolt, slide bar, or crossbar with a padlock. The window frame must be securely fastened to the building so that it cannot be pried loose. As with glass panels in a door, window glass can be broken or cut so the intruder can reach inside and release the lock.
  • Bars and steel grills can be used to protect a window. They should be at least one half inch in diameter, round, and spaced apart six inches on center. If a grill is used, the material should be number nine gauge two-inch square mesh. Outside hinges on a window should have non-removable pins. The hinge pins should be welded, flanged, or otherwise secured so they cannot be removed. Bars and grills must be securely fastened to the window frame so they cannot be pried loose.

Manholes, Grates, and Storm Drains. Many facilities have manholes and tunnels providing service entrance into buildings. Other manholes may provide entrance to tunnels containing pipes for heat, gas, water, and tele-phone. If a tunnel penetrates the interior of a building, the manhole cover should be secured. A chain or padlock can be used to secure a manhole. Steel grates and doors flush with the ground level may provide convenient access. These openings may be designed into the facility as they may provide light and ventilation to the basement levels. If the frame is properly secured, the grates or doors can be welded into place or they can be secured with a chain and padlock. Sewers or storm drains that might provide an entrance should be secured.

Roof Openings. Openings in elevators, penthouses, hatchways, or doors to the roof are often overlooked be-cause of infrequent use. Access to a building’s roof can allow ingress to the building and access to air intakes and building Heating, Ventilating, and Air-Conditioning (HVAC) equipment (e.g., self-contained HVAC units, laboratory or bathroom exhausts) located on the roof. From a physical security perspective, roofs are like other entrances to the building and should be secured appropriately. Roofs with HVAC equipment should be treated like mechanical areas. Fencing or other barriers should restrict access from adjacent roofs. Access to roofs should be strictly controlled through keyed locks, keycards, or similar measures. Skylights are another source of entry from the roof. These openings can be protected like windows - with bars or mesh. Such protection should be installed inside the openings to make it more difficult to remove.

Mechanical Areas.

  • Prevent Public Access to Mechanical Areas. Mechanical areas may exist at one or more locations within a building. Some mechanical areas have access from the perimeter, other mechanical areas may only have access from the interior of a facility. These areas provide access to centralized mechanical systems (HVAC, elevator, water, etc.) including filters, air handling units, and exhaust systems. Such equipment is susceptible to tampering and may subsequently be used in a chemical, biological, or radiological at-tack. Keyed locks, keycards, or similar security measures should strictly control access to mechanical areas. Additional controls for access to keys, keycards, and key codes should be strictly maintained.
  • Restrict Access to Building Operation Systems by Outside Maintenance Personnel. To deter tampering by outside maintenance personnel, a building staff member should escort these individuals throughout their service visit and should visually inspect their work before final acceptance of the service. Alternatively, building owners and managers can ensure the reliability of pre-screened service personnel from a trusted contractor.

Building HVAC Systems. Ventilation shafts, vents, or ducts, and openings in the building to accommodate ventilating fans or the air conditioning system can be used to introduce chemical, biological, and radiological (CBR) agents into a facility. Decisions concerning protective measures should be implemented based on the perceived risk associated with the facility and its tenants, engineering and architectural feasibility, and cost. See USGS 445-2-H, Occupational Safety and Health Program Requirements Handbook, Chapter 36, for detailed guidance. Specific physical security measures to consider for the protection of the building HVAC system are cited below.

  • Prevent Access to Outdoor Air Intakes. One of the most important steps in protecting a building’s indoor environment is the security of the outdoor air intakes. Outdoor air enters the building through these in-takes and is distributed throughout the building by the HVAC system. Introducing CBR agents into the outdoor air intakes allows a terrorist to use the HVAC system as a means of dispersing the agent throughout a building. Publicly accessible outdoor air intakes located at or below ground level are at most risk – due partly to their accessibility (which also makes visual or audible identification easier) and partly because most CBR agent releases near a building will be close to the ground and may remain there. Securing the outdoor air intakes is a critical line of defense in limiting an external CBR attack on a building.
  • Relocate Outdoor Air Intake Vents. Relocating accessible air intakes to a publicly inaccessible location is preferable. Ideally, the intake should be located on a secure roof or high sidewall. The lowest edge of the outdoor air intakes should be placed at the highest feasible level above the ground or above any nearby accessible level (i.e., adjacent retaining walls, loading docks, and handrail). These measures are also beneficial in limiting the inadvertent introduction of other types of contaminants, such as landscaping chemicals, into the building.
  • Extend Outdoor Air Intakes. If relocation of outdoor air intakes is not feasible, intake extensions can be constructed without creating adverse effects on HVAC performance. Depending upon budget, time, or the perceived threat, the intake extensions may be temporary or constructed in a permanent, architecturally compatible design. The goal is to minimize public accessibility. In general, this means the higher the extension, the better – as long as other design constraints (excessive pressure loss, dynamic and static loads on structure) are appropriately considered. An extension height of 12 feet(3.7 m) will place the intake out of reach of individuals without some assistance. Also, the entrance to the intake should be covered with a sloped metal mesh to reduce the threat of objects being tossed into the intake. A mini-mum slope of 45 degrees is generally adequate. Extension height should be increased where existing platforms or building features (i.e., loading docks, retaining walls) might provide access to the outdoor air intakes.
  • Establish A Security Zone Around Outdoor Air Intakes. Physically inaccessible outdoor air intakes are the preferred protection strategy. When outdoor air intakes are publicly accessible and relocation or physical extensions are not viable options, perimeter barriers that prevent public access to outdoor air in-take areas may be an effective alternative. Iron fencing or similar see-through barriers that will not obscure visual detection of terrorist activities or a deposited CBR source are preferred. The restricted area should also include an open buffer zone between the public areas and the intake louvers. Thus, individuals attempting to enter these protective areas will be more conspicuous to security personnel and the public. Monitoring the buffer zone by physical security, CCTV, security lighting, or intrusion detection sensors will enhance this protective approach.
  • Secure Return Air Grilles. Similar to the outdoor-air intake, HVAC return-air grilles that are publicly accessible and not easily observed by security may be vulnerable to targeting for CBR contaminants. Public access facilities may be the most vulnerable to this type of CBR attack. A building-security assessment can help determine, which, if any, protective measures to employ to secure return-air grilles. Take caution that a selected measure does not adversely affect the performance of the building HVAC system. Some return-air grille protective measures include (1) relocating return-air grilles to inaccessible, yet observable locations, (2) increasing security presence (human or CCTV) near vulnerable return-air grilles, (3) directing public access away from return-air grilles, and (4) removing furniture and visual obstructions from areas near return-air grilles.
  • Implement Security Measures, Such As Guards, Alarms, and Cameras To Protect Air Intakes or Other Vulnerable Areas. Difficult-to-reach out-door air intakes and mechanical rooms alone may not stop a sufficiently determined person. Security personnel, barriers that deter loitering, intrusion detection sensors, and observation cameras can further increase protection by quickly alerting personnel to security breaches near the outdoor air intakes or other vulnerable locations.
  • Restrict Access To Building Information. Information on building operations – including mechanical, electrical, vertical transport, fire and life safety, security system plans and schematics, and emergency operations procedures – should be strictly controlled.

Fire Escapes and Building Walls.

  • Normally, outside fire escapes do not provide an entrance directly into the building. However, they can provide easy access to the roof or openings high above the ground level. Windows or other openings off the fire escape should be capable of being opened only from the inside. The exterior fire escape should not extend all the way to the ground.
  • Walls are not normally considered possible points of entry because of their usual solid construction. However, they cannot be disregarded because intruders may be able to break through them to gain entrance. Reinforcement at critical points may be necessary to deter forced entry.

Facilities in Remote Locations. Large facilities located in sparsely inhabited areas have an inherent form of protection by virtue of their isolation. Constructing a fence around the perimeter usually will provide an adequate deterrent to entry. Occasional observation by a roving guard force may be necessary depending on the sensitivity of the facility. Warning signs or notices should be posed to deter trespass-ing on government property. CCTV systems also can be especially helpful if guard forces are available to monitor them.

INTERIOR PROTECTION

Interior Security Controls.

  • After exterior perimeter controls, the second line of defense is interior controls. When an intruder is able to penetrate the perimeter controls and the building exterior, the effectiveness of interior controls is test-ed. There are few facilities where every employee has access to every area in the facility. Accordingly, access to some areas is necessarily controlled. For example, interior controls are necessary to protect classified information from unauthorized disclosure, to prevent damage to the area or equipment, to pre-vent interference with operations, for safety purposes, or for a combination of these and other reasons.
  • Usually, interior controls are applied to specific rooms or physical spaces within a building. The senior facility or office manager is responsible for determining whether interior controls are necessary. Office area controls include key accountability systems, locking devices, and access control systems such as sign-in registers and identifying credentials.
  • Determine the extent of interior controls by considering the monetary value and mission criticality of the items or areas to be protected, the vulnerability of the facility, and the cost of the controls. Normally, the cost of security controls should not exceed the value of the item or areas to be protected.

Area Designations. The decision to designate areas as either a "Controlled Area" or a "Restricted Area" should be made in conjunction with a decision to close the property or a portion thereof to the public as established in Chapter 8, Paragraph 5.

Controlled Area. A controlled area is defined as a room, office, building or other form of facility to which access is monitored, limited, or controlled. Admittance to a controlled area is limited to persons who have official business within the area. Responsible managers are authorized to designate an area as a controlled area after adequate security measures are in place. The following areas should be designated as controlled areas:

  • An area where classified information or highly sensitive information is handled, processed, or stored. A mailroom is considered such an area.
  • An area that houses equipment that is significantly valuable or critical to the continued operations or provision of services.
  • An area where uncontrolled access would interfere with or disrupt personnel assigned to the area in carrying out their official duties.
  • An area where equipment or operations constitute a potential safety hazard.
  • An area that is particularly sensitive as determined by the responsible manager.

Restricted Area. A restricted area is a room, office, building, or other form of facility to which access is strictly controlled. Admittance to a restricted area is limited to personnel assigned to the area and persons who have been specifically authorized access to the area. Visitors to a restricted area and uncleared personnel must be escorted by personnel assigned to the area and all classified information must be protected from observation, dis-closure, or removal. The responsible manager is authorized to designate an area as a restricted area after adequate security measures are in place. The following areas should be designated as restricted areas:

  • An area approved by the USGS Security Manager for the open storage of Secret or Confidential classified information. This includes areas where classified information is normally or frequently displayed, such as charts, maps, drawings, photographs, equipment, or conference rooms where classified information is being discussed. This does not include an office in which classified information is sporadically discussed or displayed and action can be taken by occupants to prevent disclosure.

Special Access Program Areas

  • Sensitive Compartmented Information (SCI) Facility (SCIF). A SCIF is a room, or a group of rooms, or installations accredited by the CIA where SCI may be stored, used, discussed, and/or electronically processed. The area must meet the rigid physical security standards set forth in Director of Central Intelligence Directive 1/21, Physical Security Standards for Sensitive Compartmented Information Facilities
  • Other Special Access Program Areas. Government agencies outside the intelligence community may have special access programs, which require stringent physical security standards for working and storage areas. The Federal Emergency Management Agency is an example. USGS areas where special-access program information is stored, used, discussed, or processed will be constructed in accordance with standards issued by the sponsoring agency. The USGS Security Manager shall coordinate the approval process with the other agency.

Security Vaults

  • Purpose. A vault is a completely enclosed space with a high degree of protection against forced entry. Vaults are commonly used for storing Top Secret information, special access program information, and extremely valuable materials.
  • Construction. A vault is constructed to meet rigid specifications. The wall, floor, and ceiling construction shall be in accordance with nationally recognized standards of construction practice. An approved vault door and frame unit shall be used. Miscellaneous openings, where ducts, pipes, registers, sewer, and tunnels are of such size and shape as to permit unauthorized entry (normally in excess of 96 square inches in area and over six inches in its smallest dimension), shall be secured by 18-gauge expanded metal or wire mesh, or where more practical, by rigid metal bars at least 1/2-inch in diameter extending across their width, with a maximum space of 6 inches between the bars. The rigid metal bars shall be securely fastened at both ends to preclude removal and shall have crossbars to prevent spreading.

Class A Vaults

  • Reinforced Concrete. The wall, floor, and ceiling will be a minimum thickness of eight inches of rein-forced concrete. The concrete mixture will have a comprehensive strength rating of a least 3,000 psi. Reinforcement will be accomplished with steel reinforcing rods, a minimum of 5/8 inches in diameter, positioned centrally and spaced horizontally and vertically 6 inches on center; rods will be tied or welded at the intersections. The reinforcing is to be anchored into the ceiling and floor to a minimum depth of one-half the thickness of the adjoining member.
  • Modular. Modular panel wall, floor, and ceiling components, manufactured of intrusion-resistant mate-rial, intended for assembly at the place of use, and capable of being disassembled and relocated meeting Underwriters Laboratories, Inc. (UL) standards are approved for vault construction.
  • Steel-lined. Vaults may be constructed of steel alloy-type, such as U.S. Steel T-1, having characteristics of high-yield tensile strength or normal structural steel with a minimum thickness of 1/4 inch. The metal plates are to be continuously welded to load-bearing steel members of a thickness equal to that of the plates. If the load-bearing steel members are being placed in a continuous floor and ceiling of reinforced concrete, they must be firmly affixed to a depth of one-half the thickness of the floor and ceiling. If the floor and/or ceiling construction are less than six inches of reinforced concrete, a steel liner is to be constructed the same as the walls to form the floor and ceiling of the vault. Seams where the steel plates meet horizontally and vertically are to be continuously welded together.

Class B Vaults

  • Monolithic Concrete. The wall, floor, and ceiling will be a minimum thickness of four inches of mono-lithic concrete.
  • Masonry Units. The wall will be brick, concrete block, or other masonry units not less than eight inches thick. The wall will extend to the underside of the roof slab above (from the true floor to the true ceil-ing). Hollow masonry units shall be the vertical-cell type (load bearing) filled with concrete and metal reinforcement bars. The floor and ceiling must be of a thickness determined by structural requirements, but not less than four inches of monolithic concrete construction.

Class C Vaults. The floor and ceiling must be of a thickness determined by structural requirements, but not less than four inches of monolithic concrete construction. Walls must be not less than eight inches thick concrete block or hollow-clay tile or other masonry units. The wall will extend to the underside of the roof slab above (from the true floor to the true ceiling).

Vault Doors

  • GSA Approved. The GSA establishes and publishes uniform standards, specifications, and supply schedules for vault doors and associated security devices and equipment suitable for the storage and protection of classified information. Vault door manufacturers and prices of equipment approved by the GSA are listed in Federal Supply Schedule (FSS) catalog (FGC Group 71-Part III). A vault door approved by GSA for storing classified information will bear a black "GSA Approved" label affixed to the exterior of the door and a "Class" label affixed to the interior.
  • Class 5. The class 5 vault door is certified for: 30 man-minutes against surreptitious entry; 20 man-hours against lock manipulation; 20 man-hours against radiological attack; and 10 man-minutes against forced entry.
  • Class 6. The certified class 6 vault door affords the same protection as the Class 5 except there is no certified forced entry protection.

Combination Locks. The Federal specifications and UL ratings for combination locks for vaults are the same as those for safes and storage equipment. The procedures for changing combinations, protecting combinations, recording combinations, and repairing combination locks shall also be followed for vault doors.

Strongrooms

  • Purpose. A strongroom is an enclosed space constructed of solid building materials. Strongrooms are normally used for the storage for classified material or sensitive materials, such as firearms. Protection is normally supplemented by guards or alarm systems. Rooms that have false ceilings and walls construct-ed of fibrous materials, and other modular or lightweight materials, cannot qualify as strongrooms.

Construction Standards.

  • The perimeter walls, floors, and ceiling will be permanently constructed and attached to each other. All construction must be done in a manner as to provide visual evidence of unauthorized penetration. Heavy-duty builder's hardware shall be used in construction. All screws, nuts, bolts, hasps, clamps, bars hinges, and pins should be securely fastened to preclude surreptitious entry. Hardware accessible from outside the strongroom must be peened, brazed, or spot-welded to preclude removal.
  • Walls and ceiling should be made of plaster, gypsum board, metal, hardboard, wood, plywood, nine-gauge or heavier two-inch wire mesh, or other material of sufficient strength or thickness to deter entry and/or give evidence of unauthorized penetration. Insert-type panels should not be used.
  • Floors should be solidly constructed using concrete, ceramic tile, or wood.
  • Windows, which open and are less than 18 feet from an access point (such as the ground, another win-dow outside the area, roof, ledge, or door) should be fitted with 1/2 inch horizontal bars and cross bars (See paragraph 3.B above). In place of bars, number 9-gauge wire mesh can be fastened by bolts extend-ing through the wall and secured on the inside of the window board. All windows, which might reasonably afford visual observation of classified activities within the facility, shall be made opaque or equipped with blinds, drapes, or other coverings.
  • Where vents, ducts, registers, sewers, tunnels and other miscellaneous openings are of such size and shape (in excess of 96 square inches and over six inches in its smallest dimension) and enter or pass through the area as to permit unauthorized entry, they should be protected with either steel bars, expand-ed-metal wire mesh or grills, commercial metal sound baffles, or an intrusion detection system.
  • Doors shall be substantially constructed of wood, metal, or other solid material. When windows, panels, louvers, or similar openings are used, they should be secured with 18-gauge expanded metal or wire mesh securely fastened on the inside.
  • Entrance doors shall be secured by a GSA approved built-in three-position combination lock. Other (non-entry) doors shall be secured from the inside with deadbolt emergency egress hardware, a deadbolt, or a rigid wood or metal bar which extends across the width of the door.

Intrusion Detection Systems.

  • Purpose. Alarm systems are designed to alert security personnel of an actual or attempted intrusion into an area while also providing deterrence to intrusion. These warning systems detect intrusion or attempts, not prevent them. Any alarm system requires an assessment and a response capability to provide real protection for an area. All systems have weak points by which their functioning can be minimized or even completely interrupted or circumvented. The advantage and limitations of a variety of detection systems are described below.
  • Planning Alarm Installations. Alarms are used to detect approach or intrusion. Some are intended for exterior protection, and some are suitable only for indoor installations. The following should be ad-dressed in determining the need for an alarm system:
  • Sensitivity or criticality of the operation;
  • Facility vulnerability to damage, interruption, alteration or other harm;
  • Sensitivity or value of the information or property stored at the facility;
  • Location of facility and accessibility to intruders;
  • Other forms of protection in place or available; and

Guard or law enforcement response capability

  • Components of an Alarm System. An alarm system is composed of three main parts: one or more sensors to detect the presence or actions of an intruder, a control unit that constantly monitors the sensors and transmits an alarm signal when a sensor detects an intruder, and the alarm annunciator.
  • (1) Perimeter protection alarm systems utilize point protection sensors almost exclusively, while area protection (volumetric) sensors are used primarily in interior alarm circuits to detect an individual within a building. Object protection provides direct security for individual items and is often the final stage of an in-depth protection system with perimeter and area-protection.
  • Alarm systems can be designed so that various parts of a building have separate sensor circuits, or zones, and it is not uncommon to have a separate duress or holdup alarm circuit to enable employees to summon security personnel.
  • The installation of alarm system components is very important. Individual sensors are designed to respond to specific stimuli that indicate the presence of an intruder or attempts to gain entry into a protect-ed area. Similarly, switch sensors must be mounted so that they detect the actual opening of a door or window, but at the same time, the manner of installation should not make them so sensitive to movement that they actuate an alarm from vibrations caused by a truck passing on the street or the wind rattling doors and windows. Care must be exercised in adjusting the sensitivity of the more complex sensors in order to avoid false alarms. Some units can be actuated by a flickering fluorescent light or a tele-phone bell. Electromagnetic interference from a mobile radio or a thunderstorm can trigger some detectors.

Sensors. The three basic types of sensors are perimeter, volumetric, and proximity.

  • Switches. These devices are usually magnetic operated switches affixed to a door or window in such a way that opening the door or window removes the magnetic field causing an alarm. High security switches are normally balanced or biased magnetic switches.
  • Metallic Foil. Metallic-foil window tape is the traditional means for detecting glass breakage. Strips of thin foil are affixed to a glass surface. Breaking the glass also fractures the foil, which interrupts the circuit causing an alarm. Metallic foil deteriorates with time and may require frequent maintenance, especially on glass doors where it can be easily damaged.
  • Screens. Openings such as vents, ducts, skylights, and similar openings can be alarmed by thin wire filaments that signal an alarm if the screen is cut or broken. Often the wire filaments are placed in a frame of wooden rods and require little maintenance.
  • Glass Breakage (Tuned Frequency). Miniature electronic circuits are bonded to the glass surface. They detect a high-frequency sound pattern within the glass when it is broken.
  • Glass Breakage (Inertia). A device attached to window or doorframes protects multiple-pane areas. This device detects the shock wave a substantial impact against the surface makes.
  • Lacing. Lacing can protect walls, doors, and safes against penetration. Lacing is a closely woven pattern of metallic foil or fine brittle wire on the surface of the protected area. An intruder can enter only by breaking the foil or wire. A panel over the lacing protects it from accidental damage.
  • Volumetric. Volumetric-protection sensors are designed to detect the presence or actions of an intruder almost anywhere within an entire room, from floor to ceiling. A variety of volumetric devices are avail-able. Each kind of detector has some advantages and limitations. Therefore, a device must be selected for a specific environment. A major advantage of volumetric devices is that they provide a highly sensitive and invisible means of detection in high-risk areas. The major disadvantage is that an improper application can result in frequent false alarms.
  • Infrared. Passive infrared sensors are part of the motion-detection group. They sense the body heat of an intruder as he or she passes through the protected area. Infrared detectors are relatively free of false alarms and are highly recommended.
  • Ultrasonic. Ultrasonic motion detectors generate a high frequency of sound that is out of the normal range of human hearing. An intruder disrupting the ultrasonic wave pattern initiates the alarm. Ultrasonic devices are prone to false alarms due to excessive air currents or ultrasonic noise from mechanical equipment.
  • Microwave. This kind of motion detector uses high-frequency radio waves, or microwaves, to detect movement. Because microwave penetrates materials such as glass, and metal objects reflect them, they can detect motion outside the protection area causing false alarm problems if not properly installed.
  • Photoelectric. Photoelectric devices transmit a beam across a protected area. When an intruder interrupts this beam, the circuit is disrupted causing an alarm. Today's photoelectric devices use diodes that emit an invisible infrared light and usually pulses rapidly to prevent compromise by substitution. A disadvantage is that they can be defeated relatively easily, the beams are narrow and may be discovered or avoided.

Proximity. Object protection provides direct security for individual items.

  • Capacitance. A capacitance device is used to protect specific objects such as security containers and safes. The capacitance alarm uses the metal construction of the container and causes it to act as a capacitor or condenser. When a change occurs in the electromagnetic field surrounding the metal object, the balance is disturbed and the alarm is activated. The system can only be applied to ungrounded equipment and accidental alarms can occur if the container is carelessly touched when the alarm is activated.
  • Vibration. These seismic sensing devices use a piezoelectric crystal or microphone to detect the sound pattern that a hammer-like impact on a rigid surface would generate. These devices are attached directly to safes and filing cabinets, or to the walls, ceiling, and floor of vaults. False alarms may occur with the-se devices by passing vehicles or falling objects.

Control Unit. All alarm systems incorporate a control unit, which may or may not be a separate component. The control unit is able to regulate the entire system, turn an alarm system on and off, and transmit the alarm signal to an annunciator. The method for controlling the alarm system is usually a key or a digital keypad inside the premises to avoid tampering. The alarm system is delayed briefly to allow the user to gain access to the system without initiating an alarm. With local systems, the user is responsible for turning the alarm on and off. The central station and proprietary systems shift responsibility for verifying that the system is on or off from the user to the central station or proprietary personnel. Alarm supervision falls into three categories: local, central station, and proprietary.

  • Local Alarm System. The local alarm system has circuits within the secured areas that are directly connected to audio or visual signal-producing devices such as electronic annunciators, bells, or sirens. The signaling devices are normally mounted on the exterior of the building, or in large buildings at an interior location, where they will be audible or visible at a reasonable distance. It should be protected against weather or tampering.
  • Central Alarm System. The central-station alarm system is connected to an alarm panel in a centrally located station such as a local police station or guard service that provides monitoring services over tele-phone lines. When an alarm is activated, the monitoring station initiates a response by either calling personnel designated for the area or by dispatching guards and/or police to the location.
  • Proprietary Alarm System. The proprietary alarm system is similar to the central station type, except that the alarm panel is located in a manned guardroom on the protected premises. The guard force monitors the system and responds to all alarms. The alarms can also be wired to a central station or nearby police station via telephone wires for backup response.

Annunciator- An annunciator sounds an alarm by visible or audible signals and usually indicates the location of the protected item or premises. The alarm signal is transmitted to an annunciator panel that is constantly monitored or to a local signaling device. Local annunciators usually employ an audible bell, siren, and/or bright beams of light to deter the intruder and to attract the attention of persons in the immediate area. Annunciators may be combined in a system that announces alarms both locally and remotely.

Line Supervision- The telephone or dedicated lines that transmit the alarm signals from the protected area to the monitoring station must be protected to prevent interruption of the alarm signal. To ensure such integrity, the transmission lines should be electronically supervised. Line supervision refers to the protection various signaling techniques incorporate, such as random tone patterns or data encryption.

  • Hold-Up Switches. The actuating device should be designed to avoid accidental actuation. Double squeeze buttons, triggers in trigger guards, and a variety of other devices can be used.
  • Manual Switches. A hold-up alarm system in which the signal transmission is manually initiated by the person attacked activating the device. These alarms can be wireless.
  • Automatic Switches. A hold-up alarm system that is automatically activated by device such as a money clip in a cash drawer.
  • Foot Rails. A foot rail is an emergency alert alarm securely mounted on the floor and designed to minimize nuisance alarms, yet permit unobtrusive operation.
© 2023 BSA Security Integrators. All Rights Reserved.