Part Two—Inside Security, Part One Access Control
By Rich Merritt
That nice-looking sales rep in the business suit got through the perimeter security and has arrived at the guard shack, seeking admittance to the plant for an appointment with Paula Process, one of your instrument engineers. The rep could be packing a Heckler & Koch 9mm pistol, be wrapped in explosives under that suit coat or carrying a bomb or an AK 47 in the attache case. Can your security handle this?
I visited a number of chemical and petrochemical plants in the past year with sales reps and realized that I could be carrying all of the above, and only a few of the guards would have detected my armament. I did, however, have to watch some silly videos in guard shacks explaining the plants’ rigid security policies. Clearly, internal plant security is going to have to change—and the Department of Homeland Security is going to force it upon any plants that it deems at risk.
Many plants use a system based on trust; that is, if the guards or someone else at the plant know the sales rep or the consultant, they often let anybody into the plant who is accompanying the trusted person. That’s how I got into the plants—I was with our rep. This method seems to work well, especially at low-risk facilities. However, it’s a tempting weakness in the system for those with less benign intentions. How rigid you must be in screening visitors depends, once again, on your own security assessment and the recommendations of security consultants.
Figure 1: ACCESS CONTROL
Obviously, the simplest answer to a sales rep/terrorist is to have airport-like security at the plant entrance—a metal detector or one of those wands airport security people use to check you over, and inspection of all incoming attache cases. That will find the weapons and bombs, but it doesn’t deal with the problem of having a smart terrorist on the premises who is not so much interested in blowing things up as in messing with your processes and who knows how to sabatoge things electronically. The answer is to control access to vulnerable areas and track where everybody goes.
Honeywell’s Geismar chemical plant in Geismar, La, follows a structured plan that identifies people and assets, controls access to secure areas, and tracks people and assets in the plant at all times (The Inside Job at the end of this article). The plan applies to all key areas of the plant that are vulnerable to damage, such as control rooms, storage tanks, pipelines, shipping areas, laboratories, data centers, offices, etc.
Such security plans are being employed all over the country in all types of plants. Even at Involta’s new data center in peaceful, crime-free Marion, Iowa, 28 security cameras keep an eye on the premises and on visitors. Access to the inner sanctum server farm is controlled by proximity card readers and eye scanners that analyze the iris—the visible colored ring around the pupil—to authenticate authorized individuals.
Figure 2: Watching Via Ethernet
A simple card ID system (Figure 1) can restrict access and track who comes and goes into and out of restricted areas. Other equipment to perform access and tracking functions includes GPS tracking systems, RFID monitoring of people and assets, vendor verification systems, license plate recognition systems, motion sensors and biometric systems, such as facial recognition, palm readers and retinal scanners.
For access to areas of highest security, you may want to follow the Involta data center model and require two forms of access, such as an ID card and a biometric.
A traditional solution involves locked doors everywhere, which requires keys issued to engineers and technicians. But keys present a problem—what do you do when somebody loses a key? When a key is lost, you have to change all the affected locks. This can be a big—and expensive—problem in a large building or in a facility that has remote locations. An integrated video and access control system eliminates the cost and inconvenience of keys.
RFID Tracks People and Assets
RFID badges and tags allow the plant to track the comings and goings of people and assets, even if they don’t pass through access-controlled doors. They also help prevent theft.
One major security problem in industrial plants is the theft of copper, although the same preventive strategies can work with other high-value items. It’s not just intruders jumping over a fence at a remote power station and stripping wires; it’s also employees who help themselves to your stores of copper wire, fittings, pipe and other parts.
Figure 3: BIG BROTHER IS WATCHING YOU
RFID tags hidden in wire bundles or affixed to copper parts can trigger alarms when thieves try to remove them from storage areas or drive through a security gate. RFID tags work on any other assets that are likely to be stolen, moved to another area, or misplaced. Lost the portable flow calibration kit? If it has an RFID tag, asset management software can tell you the last detector it passed by.