Wednesday 3 October 2012

Trappery, part six: modern office example

As I mentioned last time, I’d been working on some example situations where traps might conceivably form part of a security strategy. The point here is not to invent traps as such, but to look at where they actually fit in in various settings, with varying cultural and technological backgrounds.

Deloitte Offices Auckland

The Security Chief

Let’s take a real-life example. Jen Erric is head of security at IncCorp, a cutting-edge Newcastle tech company. Life is pretty darned safe here. IncCorp is a substantial commercial organisation with a reasonable budget for security and easy access to guards and non-military tech. They have several security concerns:

  1. opportunistic theft;
  2. planned theft of miscellaneous valuables, like computers or cash;
  3. theft of financial data and other confidential information; and
  4. theft or sabotage of prototypes.

The first two are low-level threats, the last two serious and plausible.

Opportunistic theft relies on unauthorised entry to the IncCorp building, and then getting access to (usually) personal possessions, laptops and so on in offices. Jen wants to make sure only employees and legit visitors get inside the building, which means some form of ID check is needed. This might be a turnstile with a passcode, card reader or biometric scanner; it might also be a security guard. As secondary measures, she’ll want to check for possible alternative entrances, like fire doors and windows; she’ll also want to make sure staff stay alert for strangers.

Planned theft will most likely take place outside working hours, which means forced entry or hacking the ID system. Jen needs to detect intrusion while the building is unoccupied. Once the intruders are detected, she wants firstly to stop any theft or damage, and secondly to catch the intruders if possible. This means trapping the thieves in the building if possible (the more restricted they are, the better) or otherwise recording as much information about them as possible. Because valuables like computer equipment aren’t kept in any particular location, it’s difficult to lock them down on detecting intruders, but she might be able to order a general lockdown of all security doors to minimise the harm they can do by restricting them to a subsection of the building.

Financial data and prototypes are both kept in specific locations, which means they can be protected locally. They might be targeted by external thieves, or by infiltrators, which means internal security measures are also necessary. The simplest option is to restrict access to those areas to people who need it, and to monitor access so any thieves can be easily identified, which will help deter them.

Countermeasures: ID

To solve the first problem, Jen could implement a simple cage trap with two full-height turnstiles and a card scanner. A failed scan locks the barriers to either side of the intruder until a guard comes to check. There’s a lot of employees, a reasonable chance of human error (or a broken card), and the danger is fairly low-level, so nothing very drastic is called for. The door is easy to inspect and there’s no actual danger to the victim, so a fairly low trigger threshold is fine, but the threat isn’t big enough to justify the inconvenience of a very low threshold and all the false positives it’d create. As secondary measures, Jen can add alarms to the fire doors; nobody should use these except in a fire, so it shouldn’t cause much inconvenience. Ground-floor windows can be barred or just not open, and if she’s feeling paranoid she might use wire-grill glass. Mostly Jen’s looking to deter would-be thieves, either before they try anything or as soon as possible afterwards, and so to minimise hassle. The cost of this kind of petty theft is relatively low, so inconvenience is really the major issue. These measures won’t stop determined professionals, but they’re not expected to.

For two reasons, the ID cards should be smart and linked to a central database, rather than having hardcoded permissions that activate the doors. Firstly, this makes it easy to update employees’ access if their contracts are extended, and similarly to keep things working if any doors are replaced or new security doors are added. More importantly, it makes it easy to revoke access for any cards reported missing or stolen, or if employees walk out on the job. This helps prevent unwanted intrusions using cards like this that no longer identify an authorised visitor. Of course, it introduces a weakness if the system is compromised, and any errors in the system could cause serious headaches (I know this from personal experience). However, the control it gives tends to make it more popular with security personnel than hardcoded cards.

Countermeasures: alarms

The second problem calls for some kind of alarm. Guard dogs are a perfectly decent option, as they double as alarm system and active deterrent. However, having dogs pacing around the building could make a mess of the place, and if Jen wants the internal doors closed they won’t be able to protect much of it. The more restrictions are placed on the dogs, the less useful they’d be. Outside they might be useful, but they might cause false alarms if they bark at shadows or wildlife. Human guards are another option, and are able to pass through doors. On the downside, unless she employs an awful lot of them, they can only watch a small part of the building at once, even through patrolling. A better option would be security cameras, which can allow a small number of guards to monitor a wide area, even though they lose some of the guard’s ability to discern problems. Alternatively, she could opt for motion detectors that automatically trigger countermeasures. Note that with guards, Jen might rely entirely on the guards or use additional countermeasures as well; it partly depends whether she sees the guards’ primary job as monitoring for problems or as tackling intruders. The countermeasures themselves are probably twofold at least. Cameras would record activity for later analysis in the event of a crime, either to demonstrate a captive’s guilt or to help police search for them. Any motion or heat detectors would probably trigger an alarm in the security office, or even the local police station. They might also trigger a lockdown, either of all security doors in the building (seriously restricting movement) or just of the high-risk areas where records and prototypes are kept.

Countermeasures: restricted areas

Any security official worth her salt would set up extra security in the high-risk areas, so even if there isn’t CCTV elsewhere in the building it would be crucial here. Doors would require a keycard, and cards would have access restricted to appropriate hours, so thieves can’t just pickpocket someone on the way home and then break in at midnight. That means unless IncCorp allows a lot of overtime, only a handful of people would have access to these areas even in working hours. At night, only security officials and a few specialists would have access, so they could check on alarms or deal with devastating server crashes, or let the fire brigade in in event of a fire. There’s no good reason for high-level managers to have access, especially 24-hour access, since they tend not to work overnight and in most cases don’t actually work on these projects; however, politically Jen will probably have to allow it, even though it creates an extra risk. In this area, triggers would be more sensitive, as there are fewer people coming and going. To prevent damage to the prototypes, the whole area would lock down in response to an alert to restrict access. If the security office don’t respond quickly, the system sends a message to the local police. Both a key and a personal passcode would be needed to shut down the alarms, and only the senior security staff and company executives have these.

Because it’s a commercial enterprise in a safe environment with a lot of potential for collateral damage (and because of British law) Jen isn’t going to be implementing anything remotely dangerous. The worst she could get away with is probably some tear gas, which she might be able to justify having in the high-risk areas if it wouldn’t damage anything, though if the target area is locked down this would probably count as unnecessary cruelty as the victims can’t get away.

Overview

So in short, the security strategy we’re looking at is:

  • Smart ID cards for all employees and legitimate visitors, with permissions updatable on a central database
  • Airlock-style security doors at the main entrances that lock shut if ID checks fail
    • Security on hand to respond to any alerts
  • Fire and intrusion alarms fitted to all fire doors
  • Windows protected from intrusion
    • Wire-reinforced glass on accessible windows
    • Physical window locks on all windows
  • Building zoned, and zones isolatable from security office via lockdown doors
  • Security cameras throughout the building, with motion detectors to highlight suspicious activity if operators are looking elsewhere
  • Small security team to patrol and watch cameras
  • High-security areas on additional security layer
    • These areas only accessible to selected staff
    • Access restricted to specific hours appropriate to their role
    • Security sensitivity very high, so any errors trigger alert
    • Alert causes internal lockdown of high-security area, and alarms in security office
    • If security office does not respond within two minutes, alert sent to local police station
    • Key and passcode required to deactivate alarms, codes are only issued to senior security staff and executives
  • A small number of well-trained guard dogs have runs in key locations around the building, such as around fire escapes or delivery doors
  • Really good IT security to prevent hacking. Security database is isolated from all other computer systems and has backup power source.
  • Finally, the sensible soft precautions of employee screening, monitoring visitors and changing passwords regularly.

Closing thoughts

So where’s the “trap” in this Trappery article? As it happens, the only traps that Jen really has use for are alarms. One type “summons” security officers when intruders “trigger” it by walking through a camera’s field of vision. Another type “captures” intruders if they “trigger” it by not using a valid access card. Either type can also, if mishandled, lead to doors becoming locked throughout the building, and further reinforcements being summoned. A third type sets off a loud alarm when “triggered” by careless opening of fire doors.

In this scenario, traps that actually attack intruders in any way are simply not a realistic option.

Next post I’ll look at a less realistic setting and one with a less civilised approach to things... hope someone enjoys this one. I haven’t actually delved into the adventurer’s-eye-view of these traps and how to interact with them, but if anyone’s interested I can do that.

No comments:

Post a Comment