building security in current threat scenario
TRANSCRIPT
Building Security in Current Threat Scenario
Ameen SharifCTO, ITnIS ConsultingMCS CEH CISA ISMS:LI CISSP CRISC CPTP
About Presenter• Founder & CTO ITnIS Consulting• Over 20 years experience in ICT & Info Sec• Served at Government & Commercial organizations• ICT Expert Panel Member Pakistan Technology Board - MoST• President (ISC)2 Pakistan Islamabad Chapter• Member Executive Council ISOC Pakistan Islamabad Chapter• MCS, MS-IS(CW), CEH CISA ISMS:LI CISSP CRISC CPTP• Recipient Asia Pacific - Information Security Leadership Achievement Award• Recipient Teradata National ICT Excellency Award
Agenda
• Types of Security Threats
• Real World Cases
• Types of Buildings
• Security Considerations
Real World Cases – Terrorist AttackCorinthia Hotel (Libya)
– On January 27, 2015
– Car bomb detonated outside Corinthia Hotel
– 3 militants entered hotel - opened fire before blowing themselves up
– 13 people killed (3 militants), 5 others injured (5 foreigners among dead)
Real World Cases – Terrorist Attack
Army Public School, Peshawar (Pakistan)
– On December 16, 2014
– Militants entered the school from the back
through a cemetery adjacent to the school
– 145 people killed, including 132 school
children and 130 injured
Real World Cases – Terrorist Attack
Marriot Hotel, Islamabad (Pakistan)
– On September 20, 2008
– Attacked by explosive-laiden suicide truck
– 56 people killed, 265 others injured
– Majority of upper-floor rooms destroyed
Real World Cases – Hostage Taking
Porte de Vincennes, Paris
– Hypercacher Food Store
– On January 09, 2015
– 4 people killed and several hostages
– 4 hours 30 minutes
Real World Cases – Hostage Taking
Sydney, Australia
– Lindt Chocolate Cafe
– December 14-15, 2014
– 18 hostages, 2 people killed and 3 injured
including a police officer
– Approx. 17 hours
Real World Cases – Riots
Ferguson, Missouri, USA
– Shooting of Michael Brown on Aug 9 2014.
– First Wave of Riots August 09-25, 2014
– Second Wave of Riots November 24-
December 2, 2014
– Buildings damages worth $4.6 million
Real World Cases – Ramming
Taipei, Taiwan
– January 25, 2014
– Office Building of President of
Republic of China
– 35 ton truck rammed at 72
km/h though four layers of
barriers
High Rise Buildings
• Large amount of living or working space on a small landfootprint.
• Uses land efficiently.
• High-rise buildings are likely to become more common.
• At least 75 feet (23m) tall.
Perimeter Considerations
• Defense in depth
• Consider building as a series of concentric layers.
• Apply security measures on each layer.
Barriers
• Planters
• Anti-Ram bollards– Made of ½ inch thick steel pipe – Generally 36 – 52 inches above ground – Buried about 48 inches
Perimeter Considerations
• T-rails (Jersey barriers) - pre-cast concrete barriers typically about 3 feet high and 15 feet long
Perimeter Considerations
Control perimeter– Security Guards– Hydraulic barriers– Traffic Controls (avoid tailgating)
Perimeter Considerations
Parking• Occupant parking near the building• Visitor or public parking located farther away
• Lower deck parking– Near the building so that only small vehicles can fit
• Higher deck parking for large vehicles – Farther away from the building
Perimeter Considerations
Building Exits• Emergency exit doors to have:
– Push-bar option – Motion-sensor option– One-way outside opening– CCTV Monitoring
• Evacuation stair cases outside building (Restrictions may apply)
Perimeter Considerations
Structural Considerations
• Walls, panels and roof– Precast sandwich – cast-in-place reinforced concrete
• Walls span floor to floor rather than from column to column
Structural Considerations
• Windows • Reduce the number and size of
windows
• Laminated glass with transparent polyester anti-shatter film to the inner surface of the glazing
Gas, water, steam installations, electrical
connections, elevators and water storage systems
should be explosion resistant.
Structural Considerations
Surveillance Considerations
CCTV Cameras• Types of cameras:
– Indoor PTZ– Outdoor PTZ– Box Camera– Fisheye Camera– IP Camera– Dome CCTV Camera
Surveillance Considerations
CCTV Cameras• Important locations for positioning security cameras:
– Entrances– Exits– Parking– Customer transaction points – Secluded areas
• Camera placement– Area with minimum sunlight impact (for monitoring
building exterior)– Avoid high angle of view – Night vision with IR Illuminator or thermal imaging
Surveillance Considerations
Cameras View - IR Illumination vs. Thermal Imaging
Thermal Imaging View – Hot BrightIR Illuminated display at 150 meters
CCTV Cameras
• 10-15° optimal view angle for facial identification
• Installed at sufficient height to avoid reach of vandals
• High power Laser resistant CCD / CMOS
Surveillance Considerations
Surveillance Considerations
CCTV Cameras• IP jvsg
– CCTV design software, to design a video surveillance system quickly, easily and professionally
• Built-in Health Monitoring System
Surveillance Considerations
Security Guards – Hiring Criteria
– Minimum High school diploma or equivalent
required.
– Successful completion of background investigation
– Post-offer/pre-employment drug/alcohol test.
Surveillance Considerations
Security Guards - Placement criteria– Administer visitor’s access
– Monitor optical turnstile (gate/entrance) breaches
– Supervise vehicular access
Security Guards - Placement criteria
– Manage CCTV control rooms
– Patrol the building premises and respond to emergencies
Surveillance Considerations
Personnel Identification Systems
Card Readers:─ Biometrics─ RFID cards─ Iris scans─ Face recognition─ Hand geometry
• Tailgating Policies
CBR Threats
• CBR - Chemical, Biological and Radiological
• Improvised explosive devices (IEDs)
• Liquid explosive devices (LEDs)
• Baggage scanners with:
– X-Ray or Millimeter wave technology
– Raman spectroscopy
– CT Scanning
– LEDS Compliant
Security from CBR Threats
BMS Software
• Defense in Depth• Port Blocking, VPNs, SNMPv3• OEM certificate regarding Security Audit / Secure
Software Development Practice / No Backdoor• Remote troubleshooting port blocked by default• Hardened system
Credits & References
• http://www.popcenter.org/library/crisp/security-tall-buildings.pdf• https://www.appone.com/MainInfoReq.asp?r_id=709125• http://www.axis.com/files/feature_articles/ar_axis_raytec_summary_47904_en_1206_lo.pdf• http://www.bse.polyu.edu.hk/researchCentre/Fire_Engineering/summary_of_output/journal/IJ
EPBFC/V3/p.25-51.pdf• http://theconstructor.org/structural-engg/high-rise-structures/5/• http://global.ctbuh.org/resources/papers/download/881-design-criteria-for-high-rise-buildings-
in-historical-cities-the-case-of-istanbul.pdf• https://en.wikipedia.org/wiki/Tube_(structure)• www.commscope.com/Docs/BAS_Security_Access.pdf• https://en.wikipedia.org/wiki/Thermography#/media/File:Extreme-CCTV-Active-Infrared-Night-
Vision.jpg • http://www.supercircuits.com/resources/tools/infrared-lowlight-comparison-tool
Credits & References• http://www.reliance-foundry.com/blog/select-bollard-security• http://www.reliance-foundry.com/blog/bollards-a-site-wide-approach-to-security• http://www.wbdg.org/resources/env_blast.php• http://www.fema.gov/media-library-data/20130726-1624-20490-0371/430_ch4.pdf• http://www.securitymeshfence.com/chain-link-fence/chain-link-fence.html• http://www.facilitiesnet.com/commercialofficefacilities/article/Safer-High-Rises-Facilities-Management-
Commercial-Office-Facilities-Feature--3742• http://www.slideshare.net/SagarKhaire3/high-rise-building• http://www.deccanherald.com/content/481971/7-killed-fire-mumbai-high.html• http://edition.cnn.com/2015/01/27/middleeast/libya-corinthia-hotel-attack/• http://www.wsj.com/articles/new-zealand-police-deepen-probe-into-ctv-building-collapse-in-earthquake-
1409641900• https://en.wikipedia.org/wiki/Lalita_Park_building_collapse• https://en.wikipedia.org/wiki/Highland_Towers_collapse• http://iwinc.biz/downloads/fisheye5mp%20(2).jpg • http://i00.i.aliimg.com/img/pb/860/688/676/676688860_647.jpg • https://threatpost.com/researchers-hack-google-offices-building-management-system/100298 • Other links mentioned in Notes section