Another major layer of critical infrastructure security is access control. Many people view this as the heart of a security solution as it integrates with video, intrusion and other systems such as visitor management and biometrics. Fencing, gates and bollards are all basic forms of access control. But enterprise access control systems offer an incredible array of features and benefits to help protect infrastructure.
Electronic systems have replaced mechanical locks and keys with readers and plastic credentials that authorize approved employees, vendors and contractors to enter a gate or door. Cards can be programmed to allow a person access only to pre-approved entries with additional possible restrictions based on days and times. The system provides an audit trail to show who entered which doors and when.
The access system can also be used to allow only authorized users of computer workstations. For example, if a card has not been used to enter the building, then it cannot be used to access a computer.
Mobile credentials are a growing trend in key access control. Apps can turn a smartphone, tablet or watch into a mobile key, eliminating the need for an access card, This works well in areas where heightened security is required. Cards can be stolen or lent to another person. Mobile keys require a user to possess the device and enter a PIN or biometric to activate it. Also required is the app which is downloaded from an email sent by the system administrator.
Highly secure Transportation Worker Identification Credentials are intended for people requiring unescorted access to ports and maritime transportation systems. There are more than 3 million supply chain, logistics and other transportation workers enrolled in the TWIC program, which falls under the TSA. Each TWIC card includes a person's photo, as well as a biometric template – typically a fingerprint – stored on an embedded integrated circuit chip.
Biometric readers authenticate people's identity by comparing a person's fingerprints, iris patterns or facial features with those stored in the access systems. These biometrics work in tandem with traditional plastic cards to enhance security in highly sensitive or potentially dangerous areas. This article highlights interesting statistics on biometrics being used by security staff based on a Veridum survey.
Critical infrastructure visitors should be required to produce government-issued identification which is scanned through a visitor management system. The ID card's demographic information is compared with federal, state and local terrorist and crime databases.
These blogs are not intended as all-inclusive look at the tools available to protect the thousands of critical infrastructure sites in the U.S. They are meant to show than an effective program requires a highly integrated effort. There is no "one-size-fits-all" answer. But by working with an experienced security system integrator and local (and possibly state and federal) law enforcement, a plan can be developed that will best protect our vital infrastructures from both foreign and domestic terrorists and other criminals.
Please also see Parts ONE and TWO of our short series on Protecting Critical Infrastructure.