This week, I could not help but smile when I saw the trending news that over two million people plan to storm Area 51. What could possibly go wrong with that plan? However, after my initial reaction, I started thinking about the importance of true physical security and protecting our nation’s critical sites.
Over the years, I’ve been privileged to be part of teams at companies that provide federal-level security solutions for some very well-known and some not-so-well-known locations around the world. When I reflect on some of those projects, I think about what might have been done differently to meet those challenges with the technology we have today. There are a few categories that could immediately benefit from a new approach. Critical infrastructure is at the top of the list.
Critical infrastructure enables our nation to provide necessities such as clean water, safe food, and energy. It also includes delivery mechanisms like air travel, highway transportation, and inter-modal cargo shipping – the veins that provide our nation’s lifeblood. And let’s not forget about the power and connectivity for communications such as social media that not only connect us to friends and family, but also provide life-saving information during natural disasters.
Modern Challenges Won’t Be Solved with Legacy Technology
First, let’s examine the challenges. Most critical infrastructure facilities are public-facing. Many are in or near major metropolitan areas. They are old, maxed out or overloaded. When they were originally designed and constructed, we weren’t as concerned with terrorist threats, let alone domestic groups that attack government facilities and law enforcement.
As these systems have struggled to keep up, the threats have only increased.
Originally, these facilities were protected by access control, video surveillance, and perimeter systems that are now outdated. Sadly, many organizations today still rely on these legacy systems to identify and address new threats. Traditional role-based access-control systems work by a basic set of rules that are applied regardless of the situation. Video solutions are improving but still typically evaluated separately from the core control system and operate in a vacuum.
Static and siloed, these systems are unable to dynamically adapt to a changing environment. They also lack intelligence. Without intelligence, it’s difficult to assess risk and provide actionable guidance. As a result, security officers are overloaded with data but lack tools that could enhance situational awareness.
Risk measurement, evaluation, and adaptivity are the fundamental keys to improving security for critical infrastructure.
Keys to Stronger Security: Intelligence and Adaptivity
Today, technology exists that can aggregate information from all key security sub-systems and provide real-time, proactive situational awareness to security operations. As data is aggregated from various sources including access control, video, intrusion, perimeter solutions, entrance control, weather, threat notification systems, and social media, modern security intelligence solutions can characterize, score, and evaluate the data. This makes it possible to identify threats that a human would not likely see before it’s too late.
The ability to identify increasing risk allows the system to adapt and adjust to a growing threat automatically or via human interaction to ensure new levels of life safety and security.
Consider a multi-vector threat situation in a major metropolitan facility. On a typical day, securing the facility is a huge challenge. However, over the past few days, a series of critical threats has greatly increased the level of risk for this facility.
- Weather Threats: Geospatial mapping with connectivity to weather information alerts you that the facility is in the likely path of a hurricane. This kicks off a series of automated security and operations procedures while also increasing the overall threat assessment for the facility. That could involve issuing a mobile alert to send non-essential staff home early, or shutting down a vulnerable section of the facility, while reducing or switching the load elsewhere.
- Insider Threats: Threat source data and social media activity indicate an increasing risk of insider threat to the facility. In response, the security posture of the system adapts, adjusting threat levels and automating precautionary measures. Certain employees may be flagged and more closely scrutinized, and visitor screening may be increased. Perimeter entrance access could be adjusted and additional authorization procedures may also be added.
- Cyberterrorism Threats: Unusual cyber activity is identified, triggering another set of adaptive responses – this time watching for unusual activity or behavior of staff or contractors who might indicate a red flag. As the threats increase, the system posture continues to adapt while alerting security of unusual or abnormal activity. Ultimately, even local law enforcement could be engaged.
This scenario applies to a wide variety of facilities including energy, power distribution, airport and even military.
Identification of risk is quite different than alerting an officer to a policy breach. When policies are breached, the officer is notified post-event and can only respond to the specific rule that was broken.
Making Sense of It All for the Greater Good
The ability to evaluate and aggregate disparate data sources and identify threats in advance turns static data into actionable intelligence that can save lives. Today, there is an AI revolution in physical security that augments human capabilities and helps us see the world differently: AI-powered platforms developed to work across different physical environments. They utilize new advancements in the areas of access control, video analytics, IoT, and others to propel us into a new era of safety and security for protecting our citizens and country.