Industrial and Critical Infrastructure--Essential Protection Strategies

The critical infrastructure, industrial and outdoor detection markets are nearly synonymous with each other. Certainly, critical infrastructure has its written definition from the Department of Homeland Security (DHS): “Critical infrastructure are the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof.”

From this definition there are many different types of critical infrastructure that may be specific to a host of vertical markets. Of course, to any integrator’s customer any down time in business could be a major catastrophe not only to employees but to the public in general. For systems integrators, the DHS definitions are important, but so are the core values of a professional contracting business, such as starting from the perimeter, building in safeguards to deter intruders and providing a solution, overall, that is specifically tailored to the needs of the facility and what the end user is trying to accomplish.


What’s covered in critical infrastructure?

For the record, the definition of critical infrastructure from the government includes: food and agriculture; banking and finance; chemical; commercial facilities; communications; critical manufacturing; dams; defense/industrial base; emergency services; energy; government facilities; healthcare and public health; information technology; national monuments and icons; nuclear reactors, materials and waste; postal and shipping; transportation systems; and water.

The Homeland Security Act of 2002 provides the primary authority for the overall homeland security mission. This act charged the DHS with primary responsibility for developing a comprehensive national plan to secure critical infrastructure and recommend “the measures necessary to protect the key resources and critical infrastructure of the United States.” This comprehensive plan is the National Infrastructure Protection Plan (NIPP), published by the Department in June 2006. The NIPP provides the unifying structure that integrates a wide range of protective security efforts into a single national program.

In addition, Homeland Security Presidential Directive 7 (HSPD-7) established U.S. policy for enhancing critical infrastructure protection by constructing a framework for the Department’s partners to “identify, prioritize and protect the critical infrastructure in their communities from terrorist attacks.” The directive identified the 17 critical infrastructure sectors and, for each sector, designated a federal Sector-Specific Agency (SSA) to lead protection and resilience-building programs and activities. HSPD-7 allows for the DHS to identify gaps in existing critical infrastructure sectors and establish new sectors to fill these gaps. Under this authority, the Department established an 18th sector, the Critical Manufacturing Sector, in March 2008.

In early February 2013, President Barack Obama issued an Executive Order on cyber security and a Presidential Policy Directive on critical infrastructure and resilience. The two actions were designed to strengthen the security of physical assets.

Within that widespread definition it’s easy to see that there is definitely crossover between and among varied vertical markets—including industrial, transportation and even the outdoor infrastructure. And for the systems integrator, that means that a well-defined mission and mantra to provide the best, proactive solution to any and all of these customers is the way to go.

For those systems integrators specifically fulfilling the requirements of the DHS Critical Infrastructure, the rules and regulations can be mind-boggling and often times require full-time personnel to be certain its mandates are satisfied. Personnel for any security need to be trained in best-in-class solutions that can be provided to the end user without breaking the bank—because these customers, like the overall landscape, may have limited funding and are looking for the most effective way to use their money to provide the most comprehensive detection and protection available. They may want to start small or deploy a system they can upgrade easily in the future, or add users simply and effectively. They may want to begin migrating to higher forms of access control beyond magnetic stripe—like proximity or better yet, smart cards for targeted levels of access across the facility or to the network for one-card privileges.

So like all types of systems contracting, it circles back to our roots: creating an ongoing partnership and providing a proactive leadership role and giving these customers the tools they need—technology and brain trusts—so they can make the most of what they have and make their facilities safe and secure.

And of course, that protection starts at the outside and can cover a wide perimeter—to make the protected premises a layered approach of protection and detection that deters and thwarts intruders and even terrorist attacks so responding authorities get as much lead time as possible and can prevent widespread theft or damage to assets, injury or even death.


Perimeter electrified fencing

Electric Guard Dog, based in Columbia, S.C., has built quite a successful business around perimeter security centering on electrified fences that fortify the customer’s protected premises. According to Chief Executive Officer Jack DeMao, the company’s perimeter electric security fencing is the number one theft deterrent on the market and provides a 90 percent savings over the cost of 24/7 security guard services. “It provides a physical deterrent and is 10 feet tall and deploys a safe but ‘memorable’ shock every 1.3 seconds upon contact, making it virtually impossible to cut or climb,” DeMao said. Customer Old Dominion Freight Line said that it has used the EGD Fence successfully in more than 50 percent of its locations—which include 212 service centers with more than 10,000 employees. “At any time we will have no less than 1.5 billion dollars worth of freight at our physical location. This freight includes everything from nuts and bolts to consumer electronics and everything in between,” the customer recently wrote to EGD.

“Our system is based on deterrence,” continued DeMao. “Most perimeter security is challenging and has a high false alarm rate. Some technology is subject to abuse or erosion, etc., but you have to start at the perimeter. Outdoor perimeter security gets smarter and smarter,” he said. EGD’s systems can also be combined with cameras, lights and even integrated with access control for further upgraded options for customers.

The idea is to deter, detect and/or delay perpetrators and that seems to stay top of mind if intruders do attempt to compromise the fencing system, according to DeMao.

It bodes well for the contracting company to come to the customer or prospected as a trusted partner who has painstakingly worked to assess the threat of the protected premises and responded accordingly. According to Jeff Fields, general manager of Dowley Security Systems Inc., headquartered in Houston, the approach to the critical infrastructure is never about the sale or marketing of a specific product—but rather about the needs of the customer and what they are trying to accomplish.

“Understanding critical infrastructure at its core is strategic in nature and tactical in delivery,” said Fields. “Each industry has within itself a critical component, process, product, function or deliverable that without it, disables it from operating. The best question that a security consultant can ask is: ‘What makes your operation successful and if posed with a complete failure, will it shut down your operations completely?” For example, critical to healthcare is physical plant operations and information technology; additionally, a wider approach to critical infrastructure is what the healthcare facility requires to make them both work.” (Dowley Security Systems received the 2012 Gold Medal from Security Technology Executive magazine’s Innovation Awards for its Devon Tower installation in Oklahoma City, Okla.,

Fields said the initial consultation is an important component in obtaining the right directives for the critical infrastructure customer. “Our approach is to begin to understand the nomenclature of what the customer operationally needs to protect and why. Cookie cutter or canned approaches to design and development of technology needs in this arena will not work.”

Cookie cutter is also an approach that Compass Tech Systems steers clear of for all its customers, critical infrastructure and otherwise. For Compass Tech Systems, based in Jacksonville, Fla., perimeter detection with cameras and fence protection is the way to start to protect the government, critical infrastructure and high-risk industrial customers that the firm specializes in. “You have to be proactive with these customers and of course perimeter fence protection and cameras with analytics are an important component,” said Dave Sims, vice president. Combined, the company’s staff has over 100 years experience in providing integrated solutions contracting.

“We’re definitely a proponent for outdoor detection and video analytics,” Sims said. “Sophisticated analytics lets you ‘tune out’ environmental disturbances that might cause false alarms, so that’s not as much a problem today. Years ago, we focused on basic motion detection sensors. Whatever you use, you have to allow the customer to be proactive about their security detection so they can prevent an incident from happening,” he said.


Assess the site personally

Sims said Google Maps or Google Earth assists in tailoring solutions, but there’s nothing that can replace personally visiting the facility. “We always do a site visit, because there are just too many variables that have to be considered, inside and out. We look at the existing property—like the fencing and what kind of condition it’s in, and assess the lighting of the facility as well. We work with the customer like they are a part of our family and tell them what we would do to protect our family and assets. What separates us is our service and the fact that our prospects and customers know we will take care of them and provide the best solution,” he said.

Sims said that while newer technology like analytics can often serve the customer and their facility well, older, well-entrenched devices can also be a fit for a facility. For example, sensors and detectors, such as vibration or seismic, magnetic foil tape for windows and balanced magnetic contacts might also be called for and deployed effectively.

“You have to design the system to meet the customer’s needs,” he said. “You have to assess the risk level of the facility throughout and its vulnerabilities. If they don’t have an unlimited budget, it’s the systems integrator’s responsibility to put in a quality base system that they can expand on and is a wise investment for them moving forward.”

For MSA Systems Integration, based in Eatontown, N.J., maintaining a narrow focus on best of class products and people on staff helps them excel in the critical infrastructure and industrial vertical markets. “We feel our best marketing comes from a job well done,” said Brian Brandt, regional director based in Cranberry, Pa. (MSA Systems Integration is also a Honeywell Authorized Security Integrator.)

Brandt said that MSA Systems Integration prides itself in being able to provide customers compliance training to meet regulatory security and safety requirements. “We do training that’s driven by the customer’s needs—online and in the classroom,” he said.

Brandt said the industry has risen to current security challenges by being able to provide the best solutions to critical infrastructure and other high-risk clients. “For our industry, the real change has been from reactive to being able to achieve real-time, proactive information. Our approach centers on accountability, detection, verification and notification. You can’t impede or interrupt the facility’s operations itself—and that requires a variety of great components working together.”

And again, as the other integrators shared, the cookie-cutter approach literally won’t cut it. “The physical condition of the property, the environmental conditions, lighting or lack thereof, all present challenges for perimeter detection. To effectively protect the perimeter you might need six to eight different types of technology to create a strong barrier. Every aspect of the facility and every challenge has to be addressed—like vehicle or pedestrian entrances, for example. You have to understand the specifics of the facility, suggest new ideas when appropriate and work in partnership with the customer,” Brandt said.