Industrial and Critical Infrastructure--Essential Protection Strategies
The critical infrastructure, industrial and outdoor detection markets are nearly synonymous with each other. Certainly, critical infrastructure has its strict definition from the Department of Homeland Security (DHS): “Critical infrastructure are the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof.”
Wrapped up within this
So it seems from this definition that there are many different types of critical infrastructure that range from a host of different vertical markets and of course to the customer, any down time in business could be a major catastrophe not only to employees but to the public in general. Sure, the DHS has its definitions, but isn’t it any kind of market that your customer or the public depends upon for services—like your other markets, correct? And in your line of contracting work you have to understand the importance to the customer and the criticality of anything that impacts them if there is a breach of security or worst yet, an insider or terrorist attack.
For the record, the definition of critical infrastructure from the government includes: food and agriculture; banking and finance; chemical; commercial facilities; communications; critical manufacturing; dams; defense/industrial base; emergency services; energy; government facilities; healthcare and public health; information technology; national monuments and icons; nuclear reactors, materials and waste; postal and shipping; transportation systems; and water.
The Homeland Security Act of 2002 provides the primary authority for the overall homeland security mission. This act charged the DHS with primary responsibility for developing a comprehensive national plan to secure critical infrastructure and recommend “the measures necessary to protect the key resources and critical infrastructure of the United States.” This comprehensive plan is the National Infrastructure Protection Plan (NIPP), published by the Department in June 2006. The NIPP provides the unifying structure that integrates a wide range of protective security efforts into a single national program.
In addition, Homeland Security Presidential Directive 7 (HSPD-7) established U.S. policy for enhancing critical infrastructure protection by establishing a framework for the Department's partners to “identify, prioritize, and protect the critical infrastructure in their communities from terrorist attacks.” The directive identified the 17 critical infrastructure sectors and, for each sector, designated a federal Sector-Specific Agency (SSA) to lead protection and resilience-building programs and activities. HSPD-7 allows for the Department of Homeland Security to identify gaps in existing critical infrastructure sectors and establish new sectors to fill these gaps. Under this authority, the Department established an 18th sector, the Critical Manufacturing Sector, in March 2008.
In early February 2013, President Barack Obama issued an Executive Order on cyber security and a Presidential Policy Directive on critical infrastructure and resilience. The two actions were designed to strengthen the security of physical assets.
Within that widespread definition it’s easy to see that there is definitely crossover between and among varied vertical markets—including industrial, transportation and even the outdoor infrastructure. And for the systems integrator, that means that a well-defined mission and mantra to provide the best, proactive solution to any and all of these customers is the way to go.
For those systems integrators specifically fulfilling the requirements of the Department of Homeland Security’s Critical Infrastructure, the rules and regulations can be mind-boggling and often times require full-time personnel to be certain these mandates are being met. Personnel for any security need to be trained in best-in-class solutions that can be provided to the end user without breaking the bank—because these customers, like the overall landscape, may have limited funding and are looking for the most effective way to use their money to provide the most comprehensive detection and protection today. They may want to start small or deploy a system they can upgrade easily in the future, or add users simply and effectively. They may want to begin migrating to higher forms of access control beyond magnetic stripe—like proximity or better yet, smart cards for targeted levels of access across the facility or to the network or one-card operations.
So like all types of systems contracting, it circles back to our roots: creating an ongoing partnership and providing a proactive leadership role and giving these customers the tools they need—technology and brain trusts—so they can make the most of what they have and make their facilities safe and secure.
And of course, that protection starts at the outdoor, the perimeter and can cover a wide area—to make the protected premises a layered approach of protection and detection that deters and thwarts intruders and even terrorist attacks so responding authorities get as much lead time as possible and can prevent widespread theft or damage to assets, injury or even death.
Perimeter electrified fencing
Electric Guard Dog, based in Columbia, S.C., has built quite a successful business around perimeter security centering on electrified fences that fortify the customer’s protected premises. According to Chief Executive Officer Jack DeMao, the company’s perimeter electric security fencing is the number one theft deterrent on the market and provides a 90 percent savings over the cost of 24/7 security guard services. “It provides a physical deterrent and is 10 feet tall and deploys a safe but ‘memorable’ shock every 1.3 seconds upon contact, making it virtually impossible to cut or climb,” DeMao said. Customer Old Dominion Freight Line said that it has used the EGD Fence successfully in more than 50 percent of its locations—which include 212 service centers with more than 10,000 employees. “At anytime we will have no less than 1.5 billion dollars worth of freight at our physical location. This freight includes anything from nuts and bolts to consumer electronics and everything in between,” the customer recently wrote to EGD.
“Our system is based on deterrence,” continued DeMao. “Most perimeter security is challenging and has a high false alarm rate. Some technology is subject to abuse or erosion, etc., but you have to start at the perimeter. Outdoor perimeter security gets smarter and smarter,” he said. EGD’s systems can also be combined with cameras, lights and even integrated with access control for further upgraded options for customers.
The idea is to deter, detect and/or delay perpetrators and that seems to stay top of mind if intruders do attempt to compromise the fencing system, according to DeMao.
It bodes well for the contracting company to come to the customer or prospected as a trusted partner who has painstakingly worked to assess the threat of the protected premises and responded properly. According to Jeff Fields, general manager of Dowley Security Systems Inc., headquartered in Houston, the approach to the critical infrastructure is never about the sale or marketing a specific product—but rather about the needs of the customer and what they are trying to accomplish.
“Understanding critical infrastructure at its core is strategic in nature and tactical in delivery,” said Fields. “Each industry has within itself a critical component, process, product, function or deliverable that without it, disables it from operating. The best question that a security consultant can ask is: ‘What makes your operation successful and if posed with a complete failure, will it shut down your operations completely?’ For example, critical to healthcare is physical plant operations and information technology; additionally, a wider approach to critical infrastructure is what the healthcare facility requires to make them both work.” (Dowley Security Systems received the 2013 Gold Medal winner from Security Technology Executive magazine’s Innovation Awards for its Devon Tower installation in Oklahoma City, Okla., www.securityinfowatch.com/10840051)
Tailor the solution
Fields says the initial consultation is an important component in obtaining the right directives for the critical infrastructure customer. “Our approach is to begin to understand the nomenclature of what the customer operationally needs to protect and why. Cookie cutter or canned approaches to design and development of technology needs in this arena will not work.”
Cookie cutter is also an approach that Compass Tech Systems steers clear of for all its customers, critical infrastructure and otherwise. For Compass Tech Systems, based in Jacksonville, Fla., perimeter detection with cameras and fence protection is the way to start to protect the government, critical infrastructure and high-risk industrial customers that the firm specializes in. “You have to be proactive with these customers and of course perimeter fence protection and cameras with analytics are an important component,” said Dave Sims, vice president. Combined, the company’s staff has over 100 years experience in integrated solutions contracting.
“We’re definitely a proponent for outdoor detection and video analytics,” Sims said. “Sophisticated analytics lets you ‘tune out’ environmental disturbances that might cause false alarms, so that’s not as much a problem today. Years ago, we focused on basic motion detection sensors. Whatever you use, you have to allow the customer to be proactive about their security detection so they can prevent an incident from happening,” he said.
Sims said Google Maps or Google Earth assists in tailoring solutions, but there’s nothing that can replace personally visiting the facility. “We always do a site visit, because there are just too many variables that have to be considered, inside and out. We look at the existing property—like the fencing and what kind of condition it’s in, and assess the lighting of the facility as well. We work with the customer like they are a part of our family and tell them what we would do to protect our family and assets. For us, what separates us is service and they fact that our prospects and customers know we will take care of them and provide the best solution,” he said.
Sims said that while newer technology like analytics can often serve the customer and their facility well, older, well-entrenched devices can also be a fit for a facility. For example, sensors and detectors, such as vibration or seismic, magnetic foil tape for windows and balanced magnetic contacts might also be called for and deployed effectively.
“You have to design the system to meet the customer’s needs,” he said. “You have to assess the risk level of the facility throughout and its vulnerabilities. If they don’t have an unlimited budget, it’s the systems integrator’s responsibility to put in a quality base system that they can expand on and is a wise investment for them moving forward.”
For MSA Systems Integration, based in Eatontown, N.J., maintaining a narrow focus on best of class products and people on staff helps them excel in the critical infrastructure and industrial vertical markets. “We feel our best marketing comes from a job well done,” said Brian Brandt, regional director based in Cranberry, Pa. (MSA Systems Integration is also a Honeywell Authorized Security Integrator.)
Brandt said that MSA Systems Integration excels from being able to provide customers compliance training to meet regulatory security and safety requirements. “We do training that’s driven by the customer’s needs—online and in the classroom,” he said.
Brandt said the industry has risen to current security challenges by being able to provide the best solutions to critical infrastructure and other high-risk clients. “For our industry, the real change has been from reactive to being able to achieve real-time, proactive information. Our approach centers on accountability, detection, verification and notification. You can’t impede or interrupt the facility’s operations itself—and that requires a variety of great components working together.”
And again, as the other integrators shared, the cookie-cutter approach literally won’t cut it. “The physical condition of the property, the environmental conditions, lighting or lack thereof, all present challenges for perimeter detection. To effectively protect the perimeter you might need six to eight different types of technology to create a strong barrier. Every aspect of the facility and every challenge has to be addressed—like vehicle or pedestrian entrances, for example. You have to understand the specifics of the facility and their challenges suggest new ideas when appropriate and work in partnership with the customer,” he said.