A Few Words About Protecting Your Mission-Critical Facility
Posted on November 8, 2019 by Glenn Bischoff
It’s a crazy world right now, arguably crazier than it’s ever been. Hatred seems to be flowing in the United States like a river, and unrest no longer is something that happens on the poor side of town—look out your window and you might see it happening right across the street. People-induced tragedies seem to happen every week, if not every day, and many are on a mass scale. When they do happen, it no longer seems like news because we have become inured to them—in fact, if the morning newspaper doesn’t report on such an event, it has a “man bites dog” feel to it.
Crazy takes many forms. Right now there’s a lot of chatter in the public-safety sector about protecting emergency communication centers (ECCs) from cyberattacks, and for good reason. The Federal Bureau of Investigation (FBI) advises that it no longer is a question of if, but rather when, any individual public-safety communications network is going to be attacked.
Ransomware is a specific type of malware that hackers use to exploit a system vulnerability and then launch a program that encrypts the organization’s data files, essentially locking them and rendering them unusable. Then the hacker demands a ransom—hence the name—to provide the key that unlocks the files.
Today, ransomware is the biggest threat to the public safety community. The FBI says that it rarely sees anything other than ransomware attacks these days, and the reason is that it has become big business for the hacker community. The cybersecurity firm Bitdefender reported that about $2 billion was paid out in 2017. Since early 2017, more than 200 cyberattacks against public safety agencies have been documented.
Physical Security Is Equally Important
While it is prudent for ECC officials to take a strong cybersecurity posture, it is equally imperative that in doing so that they not lose sight of the need to physically secure their mission-critical facilities. Bad actors are everywhere, and they are smart, clever and motivated. Here’s an example: we know of an instance where a hacker donned the work uniform of a service provider and upon arrival at a law-enforcement facility, announced that he was there to perform maintenance in the server room. An officer then escorted the hacker to the room and allowed him to enter—without first verifying his credentials. This sort of thing happens much more often than one might think.
The following is an excerpt from MCP’s book, “Expert Advice to Guide Your Facility Project,” that expands on this thought.
The number of potential threats to a mission-critical public safety facility is limited only by one’s imagination. For instance, one of our clients wanted to build a consolidated 911 center. The first site it selected was adjacent to a low-income, high-crime residential neighborhood. The agency eventually opted to select another site.
This time it chose a site that was within 20 feet of a freight rail line. The new concern was the potential derailment of a train carrying hazardous materials. Any nearby explosion or release of caustic chemicals or noxious fumes could put the facility and its personnel at risk. To protect against these threats, the agency had to employ various standoff tactics, including those designed to meet the U.S. Department of Homeland Security’s blast-protection standards.
Seemingly benign elements such as an interstate highway or the employee parking lot must be considered during any threat assessment, and relevant standoff tactics must be executed. For instance, what would happen if a 40-vehicle pileup occurred on an adjacent interstate, an accident so severe that is caused one of those vehicles to go airborne and crash into the facility? (One of our clients had to consider that very question. We convinced them to build a giant berm between the facility and the highway.) Or what happens if an employee’s car overheats in the parking lot, catches fire and then explodes?
Many facility managers will think of such events as once-in-a-lifetime occurrences—and the odds are that they are correct. But all it takes is one time to place the facility and potentially dozens, hundreds, or even thousands of lives at risk. For that reason, it is prudent to err on the side of caution when it comes to developing a standoff strategy for such a facility.
A fitting analogy can be found in the seat belts and airbags that are in today’s automobiles. It is highly unlikely that anyone ever will be in an accident that is serious enough for the airbags to deploy—but if it happens, those involved are going to want both the seat belt system and airbags in place and functioning well.
The need to physically protect mission-critical facilities isn’t going away any time soon—if anything, the need is going to continue to expand. The book chapter from which the above excerpt was extracted offers some great advice regarding how to go about physical security. Click here to request a copy.