Perimeter Identification is Pertinent

Identify Control Perimeters

The security perimeter is always relevant to the protected assets. The Physical Threat Assessment identified those areas that are of most concern to the company. Establish the security perimeter based on the location of those assets.

There may be several perimeters within a facility. The perimeters are loosely defined as concentric circles around protected assets. During the Vulnerability Survey, it may be determined that there are insufficient barricades or too many openings in the protected perimeter to adequately secure the facility. The System Design recommendations may include additional walls, doors, or fence lines to create new perimeters.

Start with the exterior perimeter, usually the outer boundaries of the company’s property line. Then establish the protected perimeters for each of the internal areas based on the location of the assets protected. For instance, if there are four buildings in the facility, each building is potentially another protected perimeter. Each inner layer will receive progressively higher grades of protection.

There are also circumstances, such as single facility office buildings, where the outer perimeter is the building’s outer walls and the internal perimeters are asset areas within the building. Each inner layer may have higher levels of security to protect highly sensitive assets. An example of such an arrangement would be to provide “building level” access control at the exterior perimeter and more restrictive access for a data processing center within the building. In the data center, there may be highly sensitive information. Access control to those areas will require greater protective measures such as biometric identification devices.

Each progressively smaller circle will provide higher levels of security to protect the more sensitive assets. When creating this design, it is only important to establish the perimeters and the level of security needed within each area. It is not necessary to establish controls for these openings at this time, but it is important to know the location of these openings. For example, in a fence line surrounding a protected perimeter, know where every opening exists in that fence line, even if the opening is seldom used. If the facility does not have a protected fence line, start with the outer walls that encompass the assets requiring protection. Be sure to include windows and other openings that may provide access to the facility. Do not assume that because an opening is rarely used, such as a fire exit, it does not need protection. Consider any break in the perimeter as an opening.

Perimeter Construction

After establishing the control perimeter, determine the types of material used to form these perimeters. Although the Vulnerability Study is primarily concerned with securing the openings to protected areas, it is important to consider the structures used to define perimeter controls. A part of the system recommendation may include “hardening” the perimeter structures to prevent forced entry. An example of this may be to use wall mesh to reinforce drywall construction or improvements to the perimeter fence lines. Verify information about the protected perimeter’s material during the physical survey.

To determine if a perimeter must be hardened, consider the resistance value of the perimeter structure. Assess the degree of difficulty needed to breach the perimeter structure or defeat it in some meaningful way. For example, fence lines can be scaled or cut. If the perceived threat suggests a perpetrator with deliberation and intent may attempt to climb this fence line and, after so doing, pose an immediate threat to a protected asset, additional security measures are required.

Take an extreme view to defeat perceived threats when assets are highly vulnerable and located adjacent to perimeter fence lines. In those situations, a perpetrator with an explosive device may seek to damage the facility by placing that device near the protected asset, thereby causing the desired damage without actually having to defeat the perimeter line. In such cases, it will be necessary to harden that perimeter line with structural reinforcements to protect against those threats.

Consider the resistance value of the barricades used to control the openings. Sometimes it is impractical to reinforce an opening with sufficient resistance to prevent a deliberate attempt to access the perimeter. In addition to the physical security concerns, most businesses are also concerned about the cosmetic impact of security measures. An example of this would be the installation of “burglar bars” on windows. The company may consider this cosmetically unacceptable and, in most cases, it poses a violation to fire code egress rules.

Life safety issues are an important concern when securing a facility; pedestrians use openings to exit a facility as well as enter one. Hardened structures added to a security perimeter may prohibit egress from the facility in an emergency. Therefore, in lieu of hardening these access openings, it is often more acceptable to provide monitoring devices to detect and report specific threats when an unauthorized access to the facility is attempted.

Resistance Values of a Perimeter

When determining the resistance value of a perimeter the first consideration is saving lives. Protection of assets begins with protection of employees, then extends to the security of the physical assets of the facility. The term referred to in most blast resistance studies is the elastic region. The elastic region is the range within which the walls or other perimeter structures will withstand a blast force and then returned to the original shape. A wall with a higher elastic region value will not have permanent structural damage from a blast with a given force. However, a blast resistant design must assume that the structure needs to exceed the elastic region limits.

Proximity of the blast is a factor in blast elasticity. Therefore, an effective resistance to blast is standoff distance. Standoff distance is that distance at which a structure can safely withstand a blast of a given magnitude. In establishing protected outer perimeters, the standoff distance is usually the first consideration in the placement of the perimeter line.

To determine the blast resistance of the structure, first determine the threat a particular facility faces and whether or not blast threats are an important part of their security profile. This information should have been uncovered in the Physical Threat Assessment. Standoff distance is usually the best choice for resisting blast attacks. It is less expensive and easier to employ than attempting to harden the physical perimeter of structures. When in doubt, employ structural engineers to evaluate the integrity of a structure and determine its blast resistance value. Engage the services of a qualified engineering firm to assist in determining the blast elasticity of perimeter walls when the Threat Assessment suggests that blast damage is a threat.

Perimeter Controls

After identifying the protected perimeters, locate all of the openings on the perimeter line of each area. These are usually doors, gates and windows. Some openings may not be used frequently (such as emergency exits) but are a part of the system documentation and Vulnerability Study. During the physical survey, evaluate the types of physical barricades used at these openings. Pay special attention to the types of doors and doorframes used to seal the openings.

Door construction can vary with each facility. The challenge is to understand how that barricade may be threatened and if the barricade is substantial enough to resist that threat. An example of such a comparison is a hollow metal door as compared to a hollow wood door. If the Physical Threat Assessment indicates that the highest concern for security at an opening is ordinary passage by a pedestrian without tools or high motivation, a hollow wood door may be sufficient to deter access.

However, if perpetrators with deliberation and intent to gain access to the protected area threaten the facility and forced entry is expected, a hollow wood door would be of little deterrence. Metal doors with metal frames will provide greater deterrence and would delay the perpetrator longer, allowing early detection and response. In such cases, the system design recommendation will include replacement of doors to provide sufficient delay and deterrence to intruders.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.