Security Rating: To protect critical national infrastructure such as data centres from vehicle borne threats and organised crime, systems procured should be accredited to international recognised, third-party standards. For protection against vehicle borne threats as acts of terrorism, impact test standards are prevalent such as IWA 14-1, BSI PAS 68 & ASTM F2656. The type of standard appropriate depends on the location of the data centre site. If the data centre is located in America or Canada, the obvious standard to use would be the American ASTM F2656 certification due to their use of American vehicles within the test criteria. It is important to match the security product to the most realistic site scenario. When securing sites in Europe and the UK, the IWA 14-1 or BSI PAS 68 impact test standard is more suitable using European vehicles.
It is also important to note the penetration of the tested product being analysed for procurement to make sure that the product will suit the real-life scenario when looking at the distance between the security system and the assets being protected.
Force testing and certifying products against acts of malice or organised crime is carried out by LCPB who issue the LPS 1175 standard.
Operational Methodology: The physical barrier that you see is only part of the solution. Another fundamental part of access security is the control system behind the physical security product. This system can be configured to integrate with existing management systems or can be installed as a stand alone system. Products can be supplied with an ‘emergency fast operation’ function in the event of an emergency and also supplied with power fail cycles to ensure security levels despite a power outage or attack.
Usual system operation when securing an industrial, data centre or military site is a sallyport configuration. This acts as a double barrier, allowing a vehicle through one system and then trapping the vehicle in place, in-between two barriers while authorisation is established and/or the vehicle is searched. Once authorised, the final denial barrier is lowered and the vehicle can move through the system safely.
Visual cues to support systems are fundamental to success to navigate drivers through systems. Traffic lights, signs and sometimes even audio warnings are used to maintain correct system use.
Configurations can include an external perimeter, crash tested gate, followed by a visual deterrent rising arm barrier and with a final denial barrier typically being either a road blocker or a set of automatic bollards.
Access control can be configured to work with card readers, pin codes, ANPR cameras and even facial recognition technology. It is recommended on highly secure sites that two sets of authentication is chosen to work in conjunction to make authorisation more secure. This prevents trojan vehicles being used to gain unauthorised entry for example.
Aesthetics: To secure CNI sites which are industrial or military, owners may want to enforce the secure nature of the site by making security barriers very obvious and by utilising finishes such as black and yellow chevrons to heighten visual awareness for those trying to access the site. Equally, if a data centre site is located on the edge of a town centre or within an inconspicuous site, security measures may want to be more discreet so as not to draw attention to the high profile purpose of the site. This could be achieved by installing a solid fence line around the outer perimeter and an access gate to match with solid in-fills, masking views into the site itself.
When securing CNI, access in and out is vital and often businesses would come to a grinding halt if entrances were blocked due to malfunctioning or unreliable entrance security systems. Just like anything with moving parts, automated systems need regular servicing regimes to keep them in order. Smart monitoring platforms such as remote fault monitoring software can be utilised to monitor system health remotely. By monitoring the performance of various aspects of the product/s (inputs & outputs), it will be possible to see faults developing (service forecasting) before they become critical. This will enable remedial action to be taken before the product goes out of operation because of a fault. Fault monitoring and service information will be able to be gathered remotely facilitating historical system records, creating servicing trends and forecasting which will help to inform rapid detection of faults or remedial work to be scheduled within routine servicing visits. VPN sessions are end-to-end encrypted using SSL/TLS protocol. Communications between the remote user and the remote fault monitoring platform are fully encrypted using the SSL/TLS protocol, thereby ensuring data authenticity, integrity & confidentiality.