Creating the Physical Security System
The security of a building can be improved by making it more difficult for would be criminals from getting onto the premises in the first place. In the event that a criminal penetrates the outer security layer, there should be other concentric layers for the criminal to go through before he/she reaches any critical information. This concept of concentric layers of security is called defense in depth. A lengthy planning process goes into building the security system, and should be done by all people who have an interest in the business.
Before building any physical security system, a security master plan must be made. The goals of security master planning are to “prevent loss of life and minimize injury, protect critical assets, prevent loss of operation, deter criminals and terrorists from acting, and to enhance long-terms security for personnel and assets” (Nadel, 2.2). [1] Security master planning first involves making a threat determination, then a facility assessment, perform vulnerability identification, and make security upgrade recommendations, planning team review, design documentation, and finally implement upgrades.
Architects and clients perform the first to tasks of making a threat determination, and facility assessment. These two tasks mainly involve intelligence gathering, learning client/owner requirements, identifying previous incidents, assessing what materials to use, what requirements there are, and the security design. Although, these are tasks expected to be performed by the building designers and owners, it is important that security is involved in all processes of security planning. Ensuring that security is present at all phases of a project will allow for security to recognize milestones, and give input into what is necessary for security. More often than not, security will also have a better idea of what previous incidents exist, what construction materials would be better for security purposes, and any national standards that must be followed for security purposes.
The first task the security management team has is the vulnerability identification, commonly called a risk assessment, which must be performed to “identify potential areas of loss and to develop and install appropriate security countermeasures” (Fischer, Halibozek, and Green, 147). [2] The security management team, along with the client/owner will first identify risks or specific vulnerabilities that the building may have. The physical security planning team will investigate previous incidents, intelligence information, and any standards requirements that may exist.
The next step in building a physical security system is to make security upgrade recommendations. When building or upgrading any security system, it is always important to include multiple layers of defense. A barrier is the most obvious protection from intruders, and can delay an adversary from penetrating the perimeter. In some cases, the perimeter may be the walls of the building itself if it is located in an urban setting. “Walls, fences, and revetments of various kinds have long served as the first line of defense for a specific site” (Demkin, 4). [3] If the building perimeter is going to be some sort of barrier or fence, certain standards are to be applied.
The most common type of barrier is a chain link fence. Fences should be a minimum of 7 feet, with no openings over 96 in2. Standard have been developed by the U.S. Department of Defense for chain link fencing to be fully effective. Fence overhangs may be used to provide additional security. It is important to ensure that the overhang will increase the overall height of the fence by one foot and that the overhang is angled away from the protected property. Also, if at all possible, there should be no vertical features within 10 feet of the fence. [4]
If aesthetics are a concern of the client/owner, walls or natural barriers may be preferred to chain link fencing. Masonry walls have the same requirements of being a minimum of 7 feet high, and having no openings over 96 in2, and three or four strands of barbed wire may be used on top. Natural barriers could be rivers, cliffs, canyons, shrubbery, or any other feature that is difficult to overcome. Structural barriers may be added to these natural barriers to provide additional levels of security. For example, a shrub may be grown around a fence to hide it for aesthetic purposes. It is important to remember that fencing provides mostly a psychological deterrent, and will only delay a determined intruder.
A clear zone should be maintained on both sides of the outer barrier, to maintain visibility, and ensure that any intruders are immediately identifiable. “For the barrier to be most effective in preventing intrusion, it must be patrolled and inspected regularly” (Fischer, Halibozek, and Green, 179). [5] No additional gates other than those absolutely necessary should be in use, and any others should be sealed. All gates should be patrolled regularly, and vehicle barriers, such as hydraulic gates, could be employed to provide additional security at high traffic points.
The second layer of defense in the physical security system is the envelope of the building. “The envelope of a building - comprising walls, roofs, and openings for doors and windows - primarily protects the building and its occupants from the natural elements, precipitation, sun, and wind” (Demkin, 7). [6] In a security context, the building serves the same functions as the outer perimeter fence or barrier. Determining whether the second layer of defense needs to be hardened depends on the ease with which the outer perimeter can be breached, and what the criticalities of the building assets are.
The most important assets in any building are the people. “Protection of assets begins with protection of employees, then extends to the security of the physical assets of the facility” (Khairallah, 65). [7] If a large number of employees or customers will be in the building at any one time, or if the buildings assets are deemed to be high-value, windows, walls, and doors may need to be hardened. Some examples of this include, adding wall mesh to dry wall, using bullet resistant glass, or adding better lighting.
Perimeter lighting is the most cost-effective deterrent to be used in security. Proper lighting in the parking area, around the outside perimeter, and on the building itself can save a company thousands of dollars just by reducing vandalism, and vandalism related costs. It is important to choose the proper lighting as well, for example, high-pressure sodium lighting uses 50 percent less energy than standard streetlights. They’re also five or six times more efficient and produce 106 percent more light.
If a building is the perimeter and has a large glass outer surface, it should definitely have burglary resistant glass. Window glass is the most common area of entry for forced break-ins, and must be viewed as a potential weakness in the building’s defenses. The strength of the window can be improved by using Underwriters Laboratories (UL) approved burglary resistant glass, and as an added justification for the cost, the use of these materials will often reduce the insurance premiums.
The next concern the security management team should look at when making security upgrade recommendations are the doorways. Every doorway must be carefully examined to determine what security measures must be taken. Depending on the value of the assets stored in the areas behind the door, the type of door system used may differ. It is important to remember that doors are generally weaker than the surrounding walls. This is especially the case if glass doors are used. There are many techniques employed to open doors including spreading, in which the door jamb is peeled away from the bolt, and pulling, in which the lock cylinder is ripped from the door and the locking mechanism is opened through the opening.
Materials should be carefully selected when designing the door system. Reinforced doors made of heavy wood or even metal doors with reinforced jambs can prevent many attacks. There are many types of locks that can be used as a delaying device, and they are just a delaying device, depending on the level of expertise it may only take a few minutes to pick a lock or use a key made by impression to bypass the lock. “The best defense against lock picking and making keys by impression is the installation of special pick-resistant, impression-resistant lock cylinders or the use of magnetic cards in place of traditional keys” (Fischer, Halibozek, and Green, 198). [8] When making security upgrade recommendations, these lock cylinders should be used in place of standard cylinders if there are any high-value assets. They are more expensive, but the cost will be worth the added security. Other possible alternatives to standard lock systems are card locks, and biometric systems. These options provide alternatives to standard key systems that can be programmed to function in various ways, lost cards, and no-longer-authorized persons can be removed from the system in a matter of seconds, and they allow for system audits.
Adding CCTV cameras will also be very beneficial to any perimeter security. “The security operator needs to be aware of the validity, severity, and nature of events that trigger alarms” (Demkin, 127). [9] CCTV can provide a way for the security operator to determine what action needs to be taken when an event happens. When drafting the security master plan, it is very important that CCTV be one of the early installments. If they are installed after the walls, it will require tearing out portions of the already finished wall, which would add a lot more to the budget. They also can’t be anywhere near electrical wiring because it would cause complications between the two. These considerations are a major reason why security should be involved in all phases of a project. There are many considerations to be taken into effect when building a CCTV system; such as digital or VHS, passive or monitored, and infrared or standard. Security is the department that has the most experience with CCTV, and would know which type is best for the needs of the building.
Once the security upgrade recommendations have been made by the security management team, a planning team review and the design documentation takes place. “Security measures are less costly to implement when factored into projects during early planning, programming, and schematic design phases, when critical decisions are made” (Nadel, 2.13). [10] It is very important that security be a part of all planning phases because if security is not involved, the costs to upgrade later down the road could become very high. Because of the costs of security, the planning team must review all of the recommendations made by the security management team. Often times, contractors, and those in charge of the budget of a project will downgrade the security measures recommended by the security management team. If this is the case, security management should accept those solutions that are necessary, but still remind the contractors and stake-holders that certain standards must be met. The U.S. General Services Administration and other organizations have made specific design criteria for both the public and private sectors. Whether the project is public or private, security should give their assessment on the cost benefits of mitigation against escalating premiums caused by poor security.
Once the recommendations are complete, and review has been performed, the plans can be documented, this process ensures that all plans are properly implemented and nothing gets left out. Documentation of the project leads directly into implementation. Implementing a plan can take many months and project management should be used to ensure that nothing is forgotten and no mistakes are made. Milestones are important when implementing a project so that things don’t get left out, and nothing needs to be redone. It is important for all people involved with the implementation process to understand that the project management plan is not a rigid document, and because there are many contractors, and things may not arrive or be installed on time, milestones may be moved up or pushed back. The same is true for phase implementation, if there are upgrades planned that will take place over months or years, expect for them to be late or early.
Finally, the physical security system is complete. The physical security system is designed with multiple layers that will delay criminals from trespassing. “Each progressively smaller circle will provide higher levels of security to protect the more sensitive assets” (Khairallah, 640). [11] It is very important to include multiple levels of security when designing the security master plan. If there is only one level of security, when a criminal breaches the perimeter they will be able to access any assets the company has.
When planning the physical security system, the security management team will make a threat determination, facility assessment, and perform a vulnerability identification to determine what security measures are necessary to provide the highest level of security for the company assets. Once this is done, the security management team will make upgrade recommendations which will then be reviewed by the planning team. This review is done to determine what security measures are feasible and will be acceptable to customers and business owners. Lastly, the design will be documented, and the planned upgrades will be implemented, either all at once or through a phase implementation plan. When all these steps are complete, the perimeter physical security system has been created.
Bibliography
Demkin, Joseph A.. Security Planning and Design. Hoboken, NJ: John Wiley & Sons, 2004. Print.
Fischer, Robert J., Edward Halibozek, and Gion Green. Introduction to Security. 8th ed. Oxford: Elsevier, 2008. Print.
Khairallah, Michael. Physical Security Systems Handbook. Oxford: Elsevier, 2006. Print.
Nadel, Barbara A.. Building Security. New York: McGraw-Hill, 2004. Print.