Chief Technology Officer for Gallagher, Steve Bell, explains why physical security matters and the key considerations when designing a robust high security solution.
There can be no concessions when it comes to defending the institutions, people and information that are critical to the protection of our society. In a diverse and complex threat landscape, it is important that high security organisations have systems in place to reduce their vulnerabilities. Threats may include violence against people, criminal damage against property, civil disturbances such as protests and riots, natural disasters, terrorist acts, significant fraud, theft of information and cybersecurity issues.
Physical security is a key component of any business strategy, not just for those organisations operating in a highly secure environment. Robust physical security measures are designed to prevent or reduce threats to people, information and assets and complement security in other areas such as information handling and ICT. Robust physical security benefits every business through keeping people, customers and the public safe, along with preventing unauthorised people from accessing their premises, information, or assets.
Today, high security isn’t just for government agencies. There are several reasons why businesses from all industries should consider trusted solutions that meet the highest security standards.
Understand the risk
Any security design, but especially a high security design, needs to start with a risk assessment. Given every organisation faces different levels of risk, your organisation’s unique context and potential threats determine which security measures you need to implement. A risk-based approach ensures your security measures are right for your organisation.
It’s important for an organisation to identify the people, information and assets they need to protect, so they can assess the security risks (threats and vulnerabilities) and the business impact of loss or harm to those people, information and assets.
Examples of risks could include, ‘a casual attacker’ looking to steal staff property through to ‘a more sophisticated attacker’ looking to breach the perimeter and syphon diesel from the trucks in the yard. It could be a ‘ransomware hacker’ wishing to make money by impacting the operation of the facility, or ‘commercial espionage’ where a criminal wants to steal product secrets. Then, at the very high level, you can have a ‘national state attacker’ looking to gather sensitive data or disrupt the operation of the site.
The risk assessment should also include risks well beyond the boundaries of the facility, e.g., natural disasters and consider the risks that are present within the community e.g., terrorist attack. No matter what industry you operate in, you must understand all potential risks and take the appropriate action to minimise them.
Consider cyber attacks
When measuring security risks, both physical and cyber threats are as equally important and need to be considered. Cyber threats are one of the top risks for businesses worldwide. They are increasingly common and ever-changing. A cyber breach in your security system has the potential to compromise not only your security, but every aspect of your business. Data loss, disruption to operations, asset damage and reputation harm are risks you simply can’t ignore.Unfortunately, cyber-attacks are a very real threat to all organisations, regardless of size or industry, but are particularly consequential for critical sites.
Use cyber secure solutions
Gallagher security solutions are engineered to meet the needs of critical sites with some of today’s highest security requirements. Robust cybersecurity is built-in at every stage. End-to-end encryption and authentication, external and internal vulnerability testing, system hardening and configuration advice, fully trained and certified installers and a built-in security product development philosophy all help to ensure your security system is as cyber secure as possible. Staying up to date is the best way to protect your business against a cyber breach. Gallagher solutions are continually evolving to proactively meet the growing threat of cyber at a software and physical level.
In a conventional system, the input sensor can be susceptible to attack, potentially rendering high-value assets unprotected. The Gallagher HBUS End of Line Module has been designed to fit inside the tamper proofed housing of a sensor input. It protects the sensor at the edge and the cables back to the panel, ensuring that all attack scenarios will generate an alarm.
The Gallagher Personal Identity Verification (PIV) solution, purpose built and approved for the United States, delivers exceptional security with industry leading performance for the federal market. Compliant with the latest Federal Information Processing Standards (FIPS) 201, its simple, effective and efficient end-to-end architecture enforces business policies, identity and credential management for all government employees and contractors.
In the UK, our solution is compliant to the UK CPNI CAPSS standard around cybersecurity for critical national infrastructure. CAPSS is designed to assist security managers in focusing on key areas when it comes to protecting against cyber-attacks.
Recently introduced in the UK, GovPass, a new functional standard with top end security, was developed by the Cabinet Office to provide access control to government department buildings. GovPass solves the problem of somebody needing to carry multiple access cards to gain access to their own department offices and the offices of other government departments that they need to interact with.
As many government departments start converting to GovPass, Gallagher and our certified network of installers are in a great position to partner and deliver this new access control standard. With a proven pedigree in the delivery of government high security solutions, Gallagher was invited to work with the Cabinet Office in the development and testing of the new standard. Gallagher’s Command Centre software and readers are GovPass compliant, ready to deploy and offer a unique end-to-end solution with the highest level of security.
The Gallagher HBUS End of Line Module, PIV and GovPass are just a few of the many Gallagher security solutions designed to provide an uncompromising degree of cybersecurity and physical access control for your business.
Utilise multi-factor authentication
Any site considered to be high security must deploy true multi-factor authentication security. Authentication is the process to prove that the person or machine that is seeking access, is the same person or machine that was initially granted permission to have that privilege in the first place.
Multi-factor authentication provides the gold standard for best security and a lower chance of a false accept. Multi-factor authentication requires two different types of authentications with the options of: something you have (often a token with a cryptographic key for authentication); something you know (a password or PIN number); and something you are (biometric).
Layer your security
No single security control is going to stop all attack possibilities, so an effective security solution comprises multiple layers that provides protection across all levels and areas of your site. Layering your security helps delay intruders and provides security staff the time they need to detect unauthorised entry and respond before the attacker reaches their goal.
The principle for any high security site is – deter, detect and delay. At your perimeter, you want to deter your intruder from proceeding with the attack. If they do decide to proceed, you want technology that detects this immediately, so you can initiate your security response. Then you’ll need various barriers in place to delay progress as much as possible, so security staff have enough time to stop the attack before significant damage occurs.
Have confidence in your supply chain
Finally, you need to have confidence in the design and quality of your security solution and a thorough understanding of your product’s supply chain. Partnering with a respected manufacturer who provides transparency and assurance on where and how the security system is put together, is a good place to start.
Gallagher’s products are designed and manufactured end-to-end on site at our Head Office in New Zealand, which allows us to deliver the best quality.
Most security solutions today require raw materials or electrical components that are sourced from less trusted countries or locations, making it easier for an attacker to get access to the product before it arrives on site. Additionally, some security products are manufactured by third parties in different countries, meaning a product may transition through one or more factories and generally go through several storage locations before it reaches the customer’s site.
When manufacturers rely on suppliers to deliver raw materials, electrical components, or the security product itself, these suppliers become an extension of the manufacturer and broaden the risks they are exposed to.
Having control over the end-to-end system, from the initial phases of Research and Development, right through to the final stages of the manufacturing process, gives us a true point of difference. We deliver assured products across the globe and it’s our commitment to doing so that enables us to continually achieve government standards, especially across the Five Eyes Nations.
Choose a highly experienced integrator
We partner with the best; our Certified Channel Partners are highly trained and experienced security professionals who undergo extensive Gallagher training and certification to ensure the design, installation and ongoing support you receive is of the highest standard.
We maintain a certification system for our Channel Partners to ensure our products are deployed correctly and we work closely with them to ensure that they deliver the perfect solution.
These Channel Partners not only allow you to choose the installer service that best aligns with your unique requirements, but also provide you contestability of installation and maintenance.
Training in the Gallagher solution is mandatory and is an ongoing requirement of our Channel Partners. As techniques, technology and requirements evolve, so do the skills of our installers.
Trust global high security experts
Gallagher security solutions are engineered to meet the stringent standards that define how high security sites around the world should be protected. Although standards vary by region, legislation and the degree of protection required, they are all met by our unwavering dedication to providing security that is intrinsic: always present, always working.
With both hardware and software systems backed by government agencies across the world, our technology provides security at all levels, from strict visitor control through to defending assets that the loss or damage of would be catastrophic to national security.