Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks). Physical security involves the use of multiple layers of interdependent systems which include CCTV surveillance, security guards, protective barriers, locks, access control protocols, and many other techniques.
- 1 Overview
- 2 Elements and design
- 2.1 Deterrence methods
- 2.2 Intrusion detection and electronic surveillance
- 2.3 Access control
- 2.4 Security personnel
- 3 See also
- 4 References
- deter potential intruders (e.g. warning signs and perimeter markings);
- detect intrusions and monitor/record intruders (e.g. intruder alarms and CCTV systems); and
- trigger appropriate incident responses (e.g. by security guards and police).
It is up to security designers, architects and analysts to balance security controls against risks, taking into account the costs of specifying, developing, testing, implementing, using, managing, monitoring and maintaining the controls, along with broader issues such as aesthetics, human rights, health and safety, and societal norms or conventions. Physical access security measures that are appropriate for a high security prison or a military site may be inappropriate in an office, a home or a vehicle, although the principles are similar.
Elements and design
The goal of deterrence methods is to convince potential attackers that a successful attack is unlikely due to strong defenses.
The initial layer of security for a campus, building, office, or other physical space uses crime prevention through environmental design to deter threats. Some of the most common examples are also the most basic: warning signs or window stickers, fences, vehicle barriers, vehicle height-restrictors, restricted access points, security lighting and trenches.
Physical barriers such as fences, walls, and vehicle barriers act as the outermost layer of security. They serve to prevent, or at least delay, attacks, and also act as a psychological deterrent by defining the perimeter of the facility and making intrusions seem more difficult. Tall fencing, topped with barbed wire, razor wire or metal spikes are often emplaced on the perimeter of a property, generally with some type of signage that warns people not to attempt to enter. However, in some facilities imposing perimeter walls/fencing will not be possible (e.g. an urban office building that is directly adjacent to public sidewalks) or it may be aesthetically unacceptable (e.g. surrounding a shopping center with tall fences topped with razor wire); in this case, the outer security perimeter will be defined as the walls/windows/doors of the structure itself.
Barriers are typically designed to defeat defined threats. This is part of building codes as well as fire codes. Apart from external threats, there are internal threats of fire, smoke migration as well as sabotage. The National Building Code of Canada, as an example, indicates the need to defeat external explosions with the building envelope, where they are possible, such as where large electrical transformers are located close to a building. High-voltage transformer fire barriers can be examples of walls designed to simultaneously defeat fire, ballistics and fragmentation as a result of transformer ruptures, as well as incoming small weapons fire. Similarly, buildings may have internal barriers to defeat weapons as well as fire and heat. An example would be a counter at a police station or embassy, where the public may access a room but talk through security glass to employees in behind. If such a barrier aligns with a fire compartment as part of building code compliance, then multiple threats must be defeated simultaneously, which must be considered in the design.
Another major form of deterrence that can be incorporated into the design of facilities is natural surveillance, whereby architects seek to build spaces that are more open and visible to security personnel and authorized users, so that intruders/attackers are unable to perform unauthorized activity without being seen. An example would be decreasing the amount of dense, tall vegetation in the landscaping so that attackers cannot conceal themselves within it, or placing critical resources in areas where intruders would have to cross over a wide, open space to reach them (making it likely that someone would notice them).
Security lighting is another effective form of deterrence. Intruders are less likely to enter well-lit areas for fear of being seen. Doors, gates, and other entrances, in particular, should be well lit to allow close observation of people entering and exiting. When lighting the grounds of a facility, widely distributed low-intensity lighting is generally superior to small patches of high-intensity lighting, because the latter can have a tendency to create blind spots for security personnel and CCTV cameras. It is important to place lighting in a manner that makes it difficult to tamper with (e.g. suspending lights from tall poles), and to ensure that there is a backup power supply so that security lights will not go out if the electricity is cut off.
Intrusion detection and electronic surveillance
Alarm systems and sensors
Alarm systems can be installed to alert security personnel when unauthorized access is attempted. Alarm systems work in tandem with physical barriers, mechanical systems, and security guards, serving to trigger a response when these other forms of security have been breached. They consist of sensors including motion sensors, contact sensors, and glass break detectors.
However, alarms are only useful if there is a prompt response when they are triggered. In the reconnaissance phase prior to an actual attack, some intruders will test the response time of security personnel to a deliberately tripped alarm system. By measuring the length of time it takes for a security team to arrive (if they arrive at all), the attacker can determine if an attack could succeed before authorities arrive to neutralize the threat. Loud audible alarms can also act as a psychological deterrent, by notifying intruders that their presence has been detected. In some jurisdictions, law enforcement will not respond to alarms from intrusion detection systems unless the activation has been verified by an eyewitness or video. Policies like this one have been created to combat the 94–99 percent rate of false alarm activation in the United States.
Surveillance cameras can be a deterrent when placed in highly visible locations, and are also useful for incident verification and historical analysis. For example, if alarms are being generated and there is a camera in place, the camera could be viewed to verify the alarms. In instances when an attack has already occurred and a camera is in place at the point of attack, the recorded video can be reviewed. Although the term closed-circuit television (CCTV) is common, it is quickly becoming outdated as more video systems lose the closed circuit for signal transmission and are instead transmitting on IP camera networks.
Video monitoring does not necessarily guarantee that a human response is made to an intrusion. A human must be monitoring the situation in real time in order to respond in a timely manner. Otherwise, video monitoring is simply a means to gather evidence to be analyzed at a later time. However, advances in information technology are reducing the amount of work required for video monitoring, through automated video analytics.
Access control methods are used to monitor and control traffic through specific access points and areas of the secure facility. This is done using a variety of systems including CCTV surveillance, identification cards, security guards, and electronic/mechanical control systems such as locks, doors, turnstiles and gates.
Mechanical access control systems
Mechanical access control systems include turnstiles, gates, doors, and locks. Key control of the locks becomes a problem with large user populations and any user turnover. Keys quickly become unmanageable, often forcing the adoption of electronic access control.
Electronic access control systems
Electronic access control manages large user populations, controlling for user lifecycles times, dates, and individual access points. For example, a user's access rights could allow access from 0700h to 1900h Monday through Friday and expires in 90 days. These access control systems are often interfaced with turnstiles for entry control in buildings to prevent unauthorized access. The use of turnstiles also reduces the need for additional security personnel to monitor each individual entering the building allowing faster throughput.
An additional sub-layer of mechanical/electronic access control protection is reached by integrating a key management system to manage the possession and usage of mechanical keys to locks or property within a building or campus.
Identification systems and access policies
Another form of access control (procedural) includes the use of policies, processes and procedures to manage the ingress into the restricted area. An example of this is the deployment of security personnel conducting checks for authorized entry at predetermined points of entry. This form of access control is usually supplemented by the earlier forms of access control (i.e. mechanical and electronic access control), or simple devices such as physical passes.
Security personnel play a central role in all layers of security. All of the technological systems that are employed to enhance physical security are useless without a security force that is trained in their use and maintenance, and which knows how to properly respond to breaches in security. Security personnel perform many functions: as patrols and at checkpoints, to administer electronic access control, to respond to alarms, and to monitor and analyze video.
- Alarm management
- Artificial intelligence for video surveillance
- Biometric device
- Boundaries of Security Report
- Computer security
- Door security
- Executive protection
- Guard tour patrol system
- Information security
- Logical security
- Physical Security Professional
- Security alarm
- Security company
- Security engineering
- High-voltage transformer fire barriers
- "Chapter 1: Physical Security Challenges". Field Manual 3-19.30: Physical Security. Headquarters, United States Department of Army. 2001. Archived from the original on 2013-03-13.
- Garcia, Mary Lynn (2007). Design and Evaluation of Physical Protection Systems. Butterworth-Heinemann. pp. 1–11. ISBN 9780080554280. Archived from the original on 2013-09-21.
- "Chapter 2: The Systems Approach". Field Manual 3-19.30: Physical Security. Headquarters, United States Department of Army. 2001. Archived from the original on 2013-09-21.
- Anderson, Ross (2001). Security Engineering. Wiley. ISBN 978-0-471-38922-4.
- For a detailed discussion on natural surveillance and CPTED, see Fennelly, Lawrence J. (2012). Effective Physical Security. Butterworth-Heinemann. pp. 4–6. ISBN 9780124158924. Archived from the original on 2018-01-05.
- Task Committee; Structural Engineering Institute (1999). Structural Design for Physical Security. ASCE. ISBN 978-0-7844-0457-7. Archived from the original on 2018-01-05.
- Baker, Paul R. (2012). "Security Construction Projects". In Baker, Paul R.; Benny, Daniel J. The Complete Guide to Physical Security. CRC Press. ISBN 9781420099638. Archived from the original on 2018-01-05.
- "Chapter 4: Protective Barriers". Field Manual 3-19.30: Physical Security. Headquarters, United States Department of Army. 2001. Archived from the original on 2013-03-13.
- Talbot, Julian & Jakeman, Miles (2011). Security Risk Management Body of Knowledge. John Wiley & Sons. pp. 72–73. ISBN 9781118211267. Archived from the original on 2018-01-05.
- Kovacich, Gerald L. & Halibozek, Edward P. (2003). The Manager's Handbook for Corporate Security: Establishing and Managing a Successful Assets Protection Program. Butterworth-Heinemann. pp. 192–193. ISBN 9780750674874. Archived from the original on 2018-01-05.
- "Chapter 6: Electronic Security Systems". Field Manual 3-19.30: Physical Security. Headquarters, United States Department of Army. 2001. Archived from the original on 2013-03-13.
- Fennelly, Lawrence J. (2012). Effective Physical Security. Butterworth-Heinemann. pp. 345–346. ISBN 9780124158924. Archived from the original on 2013-09-21.
- "Evaluation of alternative policies to combat false emergency calls" (PDF). p. 238. Archived from the original (PDF) on 2012-11-01.
- "Evaluation of alternative policies to combat false emergency calls" (PDF). p. 233. Archived from the original (PDF) on 2012-11-01.
- "Evaluating the Use of Public Surveillance Cameras for Crime Control and Prevention" (PDF). Archived (PDF) from the original on 2012-12-01.
- Crowell, William P.; et al. (2011). "Intelligent Video Analytics". In Cole, Eric. Physical and Logical Security Convergence. Syngress. ISBN 9780080558783. Archived from the original on 2018-01-05.
- Dufour, Jean-Yves (2012). Intelligent Video Surveillance Systems. John Wiley & Sons. ISBN 9781118577868. Archived from the original on 2018-01-05.
- Caputo, Anthony C. (2010). Digital Video Surveillance and Security. Butterworth-Heinemann. ISBN 9780080961699. Archived from the original on 2013-09-29.
- Tyska, Louis A. & Fennelly, Lawrence J. (2000). Physical Security: 150 Things You Should Know. Butterworth-Heinemann. p. 3. ISBN 9780750672559. Archived from the original on 2018-01-05.
- "Chapter 7: Access Control". Field Manual 3-19.30: Physical Security. Headquarters, United States Department of Army. 2001. Archived from the original on 2007-05-10.
- Pearson, Robert (2011). "Chapter 1: Electronic Access Control". Electronic Security Systems: A Manager's Guide to Evaluating and Selecting System Solutions. Butterworth-Heinemann. ISBN 9780080494708. Archived from the original on 2018-01-05.
- Reid, Robert N. (2005). "Guards and guard forces". Facility Manager's Guide to Security: Protecting Your Assets. The Fairmont Press. ISBN 9780881734836. Archived from the original on 2018-01-05.