building security in current threat scenario

Building Security in Current Threat Scenario

Ameen SharifCTO, ITnIS ConsultingMCS CEH CISA ISMS:LI CISSP CRISC CPTP

About Presenter• Founder & CTO ITnIS Consulting• Over 20 years experience in ICT & Info Sec• Served at Government & Commercial organizations• ICT Expert Panel Member Pakistan Technology Board - MoST• President (ISC)2 Pakistan Islamabad Chapter• Member Executive Council ISOC Pakistan Islamabad Chapter• MCS, MS-IS(CW), CEH CISA ISMS:LI CISSP CRISC CPTP• Recipient Asia Pacific - Information Security Leadership Achievement Award• Recipient Teradata National ICT Excellency Award

Agenda

• Types of Security Threats

• Real World Cases

• Types of Buildings

• Security Considerations

Type of Security Threats

• Terrorist Attack• Riots • Hostage Taking• Ramming

Real World Cases – Terrorist AttackCorinthia Hotel (Libya)

– On January 27, 2015

– Car bomb detonated outside Corinthia Hotel

– 3 militants entered hotel - opened fire before blowing themselves up

– 13 people killed (3 militants), 5 others injured (5 foreigners among dead)

Real World Cases – Terrorist Attack

Army Public School, Peshawar (Pakistan)

– On December 16, 2014

– Militants entered the school from the back

through a cemetery adjacent to the school

– 145 people killed, including 132 school

children and 130 injured

Real World Cases – Terrorist Attack

Marriot Hotel, Islamabad (Pakistan)

– On September 20, 2008

– Attacked by explosive-laiden suicide truck

– 56 people killed, 265 others injured

– Majority of upper-floor rooms destroyed

Real World Cases – Hostage Taking

Porte de Vincennes, Paris

– Hypercacher Food Store

– On January 09, 2015

– 4 people killed and several hostages

– 4 hours 30 minutes

Real World Cases – Hostage Taking

Sydney, Australia

– Lindt Chocolate Cafe

– December 14-15, 2014

– 18 hostages, 2 people killed and 3 injured

including a police officer

– Approx. 17 hours

Real World Cases – Riots

Ferguson, Missouri, USA

– Shooting of Michael Brown on Aug 9 2014.

– First Wave of Riots August 09-25, 2014

– Second Wave of Riots November 24-

December 2, 2014

– Buildings damages worth $4.6 million

Real World Cases – Ramming

Taipei, Taiwan

– January 25, 2014

– Office Building of President of

Republic of China

– 35 ton truck rammed at 72

km/h though four layers of

barriers

Types of Buildings

• Commercial• Residential• Educational• Government• Industrial• Military

High Rise Buildings

• Large amount of living or working space on a small landfootprint.

• Uses land efficiently.

• High-rise buildings are likely to become more common.

• At least 75 feet (23m) tall.

Area Considerations

Fuel tank

Perimeter Considerations

• Defense in depth

• Consider building as a series of concentric layers.

• Apply security measures on each layer.

Barriers

• Planters

• Anti-Ram bollards– Made of ½ inch thick steel pipe – Generally 36 – 52 inches above ground – Buried about 48 inches


• T-rails (Jersey barriers) - pre-cast concrete barriers typically about 3 feet high and 15 feet long


Fences• Use of chain-link fence

– Height – 1050mm


Control perimeter– Security Guards– Hydraulic barriers– Traffic Controls (avoid tailgating)


Parking• Occupant parking near the building• Visitor or public parking located farther away

• Lower deck parking– Near the building so that only small vehicles can fit

• Higher deck parking for large vehicles – Farther away from the building


Building Exits• Emergency exit doors to have:

– Push-bar option – Motion-sensor option– One-way outside opening– CCTV Monitoring

• Evacuation stair cases outside building (Restrictions may apply)


Structural Considerations

• Walls, panels and roof– Precast sandwich – cast-in-place reinforced concrete

• Walls span floor to floor rather than from column to column


• Wrapping types─ Steel belts─ Carbon fiber reinforced polymers (CFRP)


• Windows • Reduce the number and size of

windows

• Laminated glass with transparent polyester anti-shatter film to the inner surface of the glazing

Gas, water, steam installations, electrical

connections, elevators and water storage systems

should be explosion resistant.


Surveillance Considerations

CCTV Cameras• Types of cameras:

– Indoor PTZ– Outdoor PTZ– Box Camera– Fisheye Camera– IP Camera– Dome CCTV Camera


CCTV Cameras• Important locations for positioning security cameras:

– Entrances– Exits– Parking– Customer transaction points – Secluded areas

• Camera placement– Area with minimum sunlight impact (for monitoring

building exterior)– Avoid high angle of view – Night vision with IR Illuminator or thermal imaging


Cameras View – FishEye vs. Dome

FishEye camera view Dome camera view

Cameras View - IR Illumination vs. Thermal Imaging

Thermal Imaging View – Hot BrightIR Illuminated display at 150 meters

Thermal Imaging

Appropriate selection of outer casing of Cameras are important

CCTV Cameras

• 10-15° optimal view angle for facial identification

• Installed at sufficient height to avoid reach of vandals

• High power Laser resistant CCD / CMOS



CCTV Cameras• IP jvsg

– CCTV design software, to design a video surveillance system quickly, easily and professionally

• Built-in Health Monitoring System

Video

and CCTV

surveillance with

analytics



Security Guards – Hiring Criteria

– Minimum High school diploma or equivalent

required.

– Successful completion of background investigation

– Post-offer/pre-employment drug/alcohol test.


Security Guards - Placement criteria– Administer visitor’s access

– Monitor optical turnstile (gate/entrance) breaches

– Supervise vehicular access

Security Guards - Placement criteria

– Manage CCTV control rooms

– Patrol the building premises and respond to emergencies


Perimeter Intrusion Detection

• Detection devices – Motion– Acoustic– Infrared

Personnel Identification Systems

Card Readers:─ Biometrics─ RFID cards─ Iris scans─ Face recognition─ Hand geometry

• Tailgating Policies

CBR Threats

• CBR - Chemical, Biological and Radiological

• Improvised explosive devices (IEDs)

• Liquid explosive devices (LEDs)

• Baggage scanners with:

– X-Ray or Millimeter wave technology

– Raman spectroscopy

– CT Scanning

– LEDS Compliant

Security from CBR Threats

• Higher Air Intakes• Water Sampling

Security from CBR Threats

BMS Hacks

BMS Software

• Defense in Depth• Port Blocking, VPNs, SNMPv3• OEM certificate regarding Security Audit / Secure

Software Development Practice / No Backdoor• Remote troubleshooting port blocked by default• Hardened system

Credits & References

• http://www.popcenter.org/library/crisp/security-tall-buildings.pdf• https://www.appone.com/MainInfoReq.asp?r_id=709125• http://www.axis.com/files/feature_articles/ar_axis_raytec_summary_47904_en_1206_lo.pdf• http://www.bse.polyu.edu.hk/researchCentre/Fire_Engineering/summary_of_output/journal/IJ

EPBFC/V3/p.25-51.pdf• http://theconstructor.org/structural-engg/high-rise-structures/5/• http://global.ctbuh.org/resources/papers/download/881-design-criteria-for-high-rise-buildings-

in-historical-cities-the-case-of-istanbul.pdf• https://en.wikipedia.org/wiki/Tube_(structure)• www.commscope.com/Docs/BAS_Security_Access.pdf• https://en.wikipedia.org/wiki/Thermography#/media/File:Extreme-CCTV-Active-Infrared-Night-

Vision.jpg • http://www.supercircuits.com/resources/tools/infrared-lowlight-comparison-tool

Credits & References• http://www.reliance-foundry.com/blog/select-bollard-security• http://www.reliance-foundry.com/blog/bollards-a-site-wide-approach-to-security• http://www.wbdg.org/resources/env_blast.php• http://www.fema.gov/media-library-data/20130726-1624-20490-0371/430_ch4.pdf• http://www.securitymeshfence.com/chain-link-fence/chain-link-fence.html• http://www.facilitiesnet.com/commercialofficefacilities/article/Safer-High-Rises-Facilities-Management-

Commercial-Office-Facilities-Feature--3742• http://www.slideshare.net/SagarKhaire3/high-rise-building• http://www.deccanherald.com/content/481971/7-killed-fire-mumbai-high.html• http://edition.cnn.com/2015/01/27/middleeast/libya-corinthia-hotel-attack/• http://www.wsj.com/articles/new-zealand-police-deepen-probe-into-ctv-building-collapse-in-earthquake-

1409641900• https://en.wikipedia.org/wiki/Lalita_Park_building_collapse• https://en.wikipedia.org/wiki/Highland_Towers_collapse• http://iwinc.biz/downloads/fisheye5mp%20(2).jpg • http://i00.i.aliimg.com/img/pb/860/688/676/676688860_647.jpg • https://threatpost.com/researchers-hack-google-offices-building-management-system/100298 • Other links mentioned in Notes section

Thank You

building security in current threat scenario

Documents