Exclusive: Protecting layer by layer

Steve Bell, Chief Technology Officer, Gallagher explains the importance of a layered access control strategy when protecting critical infrastructure sites.

Physical security attacks are increasing across all industries and it is a global concern only heightened by the added stress of supply chain challenges.

For critical infrastructure, security threats present a risk that cannot be ignored. Whether it is supplying the power we use in our homes, treating the water we drink, delivering fuel for our cars or housing the national government representatives that run our countries; critical infrastructure underpins our society and keeps nations running. Any disruption or damage to the operation of these services can have devastating impacts across many aspects of our daily lives.

Because of their importance, a robust physical security solution is required – and an effective way to protect a critical infrastructure site is to use a layered approach. Layered security allows a site to put multiple security levels in place and increase the complexity the closer you get to higher risk assets. By doing this, it reduces the possibility of a security threat being realised through delaying intruders and providing security personnel more time to detect unauthorised entry. No single security solution will stop every attack, so when protecting high-risk sites, a layered approach is key.

More than just credentials

Robust access control measures are a key component to an overall physical security strategy for critical infrastructure and are specifically designed to prevent or reduce the threat to people, information and assets. A high security access control system should protect against unauthorised access, maintain integrity and availability and provide evidence of access.

Access control solutions provide a foundation for creating layered security protection and achieve much more than just allowing access via electronic credentials. Access control technology can provide a complete record of who entered a facility, which areas they accessed and how long they were in that area for.

One example of this is utilising an access control system to manage user privileges and assigning different access permission for employees. Entry control points can be easily established to only allow authorised individuals initial access to a facility or within specific areas. The rule of least privilege ensures that users are given the minimum levels of access or permissions needed to perform their job and can be a fundamental layer in protecting high value assets or data.

High security zones often have a dual authority rule where two authorised people must be authenticated at the same time before access is granted. A no-alone-zone can be used for areas where there must be two people present and if they don’t leave within the allocated grace period an alarm will be generated; in more capable access control systems, that rule can be modified to require at least one person of supervisor status to be present.

A common weakness in access control systems is credential technology and with the growing sophistication of attacks upon credential security, having a robust security layer is vitally important. Secure card technologies like MIFARE DESFire or the US Government PIV card for federal customers are the gold-standard for credential security and help to ensure optimal cybersecurity and customer protection. At the highest levels of security, the keys for reading cards should not be present in the card reader as it makes them vulnerable to physical attack.

Unfortunately, in many cases a credential security attack is a matter of not if, but when, and so for an additional layer of security, Gallagher’s MIFARE DESFire Key Migration enhancement, gives sites the ability to migrate access control key credentials should they become compromised.

Utilise multi-factor authentication

When considering a layered access control approach, multi-factor authentication is a key step to improve security and ensure sensitive sites are protected to the highest security level possible. Multi-factor authentication requires at least two different types of authentications, with the options of: Something you have, such as a cryptographic key for authentication; Something you know, such as a password or PIN number; Something you are, such as a biometric.

A biometric authenticator alone is never going to meet the highest level of security required by critical infrastructure sites as it is inherently down to a reader deciding if the probability of the biometric representing a particular person is sufficient to grant them access. However, a biometric solution as a verifier layer is a different story. This is because it adds a layer of protection to prevent scenarios such as someone obtaining another staff member’s card and accessing an area they otherwise wouldn’t have the privilege to enter. When combined with a secure and intelligent electronic lock or other multi-factor authentication, biometrics can provide robust access control for the prevention of unauthorised entry.

Make use of mobile

Gallagher’s Command Centre Mobile technology enables sites to continue to use government-issued credentials to check people’s identities and user privileges. Busy areas in critical sites such as military bases require secure and streamlined access control to manage traffic flow and safety. The mobile mustering and reader capabilities of Gallagher Command Centre Mobile provides a secure way to manage traffic flow and assign customised actions for certain user privileges such as opening boom gates or unlocking turnstiles.

For an added layer of security, the Spot Check feature within Command Centre Mobile enables users to challenge cardholders at a location and quickly determine if they are authorised. In the event of an unauthorised cardholder attempting access, Command Centre Mobile records the reason for the failure, along with the location details, and disables the card to prevent further use.

Keep cybersecurity front of mind

A crucial layer in every physical access control strategy that is sometimes overlooked is cybersecurity. Unfortunately, cyber-attacks are becoming increasingly prevalent and, as such, are a very real threat to every organisation, although especially consequential for critical sites. When it comes to the protection of your site, cybersecurity is one of the most important things you can invest in.

Gallagher’s security solutions are highly specialised and designed to meet the needs of critical sites with some of today’s highest security requirements. A significant component of this design is having cybersecurity protection built-in at every stage. End-to-end encryption and authentication, external and internal vulnerability testing, system hardening and configuration advice, fully trained and certified installers all help to ensure your security system is as cybersecure as possible.

The Gallagher Personal Identity Verification (PIV) solution is purpose built and approved for use across federal government sites in the United States. As a unique end-to-end solution, it has suitability to any environment that requires high assurance authentication to computer network resources. In addition, in the UK our solution is compliant to the UK CPNI CAPSS standard around cybersecurity for critical national infrastructure. CAPSS is designed to assist security managers in focusing on key areas when it comes to protecting against cyber-attacks.

In a world where security threats are evolving daily, so too must our defence. It is no longer possible to view different security technologies in isolation and as such, a layered access control strategy provides complete protection of sensitive assets and locations.

For more information, visit: security.gallagher.com

This article was originally published in the May edition of ISJ. To read your FREE digital copy, click here