route travel plans.
Security teams need to create an emergency plan that includes
procedures for shelter-in-place and evacuations. Regularly conduct- ed drills allow the team to check the operability of communications systems and response times. The results of each exercise should be reviewed and used to make changes to the plan, if necessary.
In case of an attack, a well-trained security team will help shorten the recovery process.
Consider an integrator’s offer to embed an experienced em- ployee or two as part of a site’s security team.
Risk assessments. Before creating a new plan, work with an outside security integrator to help conduct a risk assessment. It’s easy for the in-house security team to overlook deficiencies due to familiarity with the site. An experienced integrator will review legacy systems and suggest where new tactics and solutions are warranted. The assessment helps security directors focus their limited budgets on those areas most in need of improvement.
Plans for new critical infrastructure or renovations of existing sites should include physical security requirements from the out- set. The results are often more effective security at a lower cost.
Cyberattacks. Cybersecurity plays an increasingly important role as virtually all modern physical security systems rely on network connections. Those connections that improve security operations also increase the risk of a successful cyberattack. Se- curity officials must harden their system software with firewalls and anti-malware to reduce the chance of the devices providing hackers a pathway into the network.
To use a site workstation, employees should use Personal Identity Verification (PIV) cards with greater encryption and em-
bedded biometric data authenticated by a separate reader. Also, keep the organization’s laptops and mobile phones locked up when not in use.
Cyber and physical attacks differ in nature, but the results may be the same – a segment of the nation’s critical infrastructure be- ing out of service. And a review of recent cyberattacks on govern- ment, financial and retail organizations shows almost any group is susceptible to dedicated and sophisticated hackers.
These are just a few highlights of all the steps required to se- cure critical infrastructure. Work with an experienced integrator to provide current best practices. And plan on working closely with federal, state and local first responders to improve commu- nication and coordination during an emergency.
The security needs of each critical infrastructure site may vary widely based on its use and location. More than 80 percent of these sites are owned by non-governmental organizations, with their own budgets and views on protecting employees and assets. Any security solution requires multiple layers of integrated sys- tems. There is no one technology capable of meeting all physical and cybersecurity needs.
Also, not all disruptions are due to terrorists. Other causes may include severe weather and other natural disasters, pan- demics and accidents. Security directors must
always plan, prepare, monitor, and, when nec-
essary, react and innovate to harden their facili-
ties against all threats.
John Nemerofsky is the chief operating officer of Kent, Ohio-based Sage Integration.
46
JULY/AUGUST 2020 | SECURITY TODAY
CRITICAL INFRASTRUCTURE
Konstantin Zaykov/Shutterstock.com