p. 1 Security Tailgating (aka Piggybacking) Security, Resiliency & Technology (SRT) Integration Forum Editors: Cisco, Deon Chatterton Carnegie Mellon Silicon Valley, Jeannie Stamberger IntraPoint, Edward Erickson Northland Controls, Paul Thomas Northland Controls, Pierre Trapanese Tulane University, Eric Corzine Contributing Organizations and Individuals: AlliedBarton Security Services, Guy Hassfield American Red Cross, Barb Larkin American Red Cross, Joseph White BAE Systems, Jeffrey Dodson BAE Systems, Karen Duprey Carnegie Mellon Silicon Valley, Jeannie Stamberger Cisco, Deon Chatterton Genentech, Don Wilborn IntraPoint, Edward Erickson John Deere, Jeff Chisholm John Deere, Tim Nestor Johnson & Johnson, Brian DeFelice Northland Controls, Paul Thomas Northland Controls, Pierre Trapanese Tulane University, Ky Luu Tulane University, Charles McMahon UTC, Ewa Pigna About: This report is the first of the STRI forum generated from discussions at AlliedBarton headquarters in Pennsylvania.
15
Embed
Security Tailgating - Allied Universal Tailg… · · 2016-07-06Security Tailgating (aka Piggybacking) Security, ... Retinal or Iris Scan Device that scans retina for entry. ...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
p. 1
Security Tailgating (aka Piggybacking)
Security, Resiliency & Technology (SRT) Integration Forum
Editors: Cisco, Deon Chatterton Carnegie Mellon Silicon Valley, Jeannie Stamberger IntraPoint, Edward Erickson Northland Controls, Paul Thomas Northland Controls, Pierre Trapanese Tulane University, Eric Corzine Contributing Organizations and Individuals: AlliedBarton Security Services, Guy Hassfield American Red Cross, Barb Larkin American Red Cross, Joseph White BAE Systems, Jeffrey Dodson BAE Systems, Karen Duprey Carnegie Mellon Silicon Valley, Jeannie Stamberger Cisco, Deon Chatterton Genentech, Don Wilborn IntraPoint, Edward Erickson John Deere, Jeff Chisholm John Deere, Tim Nestor Johnson & Johnson, Brian DeFelice Northland Controls, Paul Thomas Northland Controls, Pierre Trapanese Tulane University, Ky Luu Tulane University, Charles McMahon UTC, Ewa Pigna
About: This report is the first of the STRI forum generated from discussions at AlliedBarton headquarters in
validation during high traffic hours, or a combination of such measures.
See Table 1 for a range of hardware solutions to tailgating rated for success, aesthetics, costs,
throughput, and experiences with the equipment. See below for a discussion of factors influencing
choice of physical security measures.
Buildings and Building Function – Businesses with periods of high flow through, such as factories,
require solutions that don’t delay traffic flow; like a mantrap would. The implementation of physical
security measures are further complicated with the repurposing of real estate, and leased buildings;
owner approval is required and changes will need to be negotiated. Many commercial buildings are like
a sieve, and many thefts occur in commercial buildings. Many companies also have large campuses with
many different buildings, some with better compliance than others. There are also campuses which
house multiple companies that act independently but report to the same parent company.
Laws - Privacy issues, and different data retention laws by country (e.g., Italian privacy law prohibits the
use of cameras on warehouse doors). Many try to have a standard, but one which is open to country
laws. Social political issues can be different depending on country of origin; the US thinks the Middle
East is high risk, but locals use a different risk filter. This difference of perspective also applies to the
regulatory environment (e.g., working with animals).
Accountability - A general security plan is relatively easy to implement when there is a single site with a
single site executive. Difficulties arise with a campus where there is no single site director responsible,
or there is a campus housing different companies with boards of directors that all report to a single
parent company.
p. 11
Climate- It is also necessary to work within your climate. A very windy environment can require revolving doors to keep them shut because it is windy and others don’t stay closed. This allows them culturally to retrofit buildings with more secure revolving doors. Aesthetics – See the case study for a layered solution in an aesthetically pleasing lobby of a major firm using audible alarms with secondary full stop barriers. Emergency Evacuation - A well-executed access control system can provide useful information in
accounting for employees in an emergency evacuation (muster situation).
Standards
All of the considerations described above lead us to the question of company security standards do they
exist? How are they implemented? These standards may vary; standards may be lower than a landlord’s
and higher than standards in other parts of the world. Generally global standards are sometimes too
low. When acquiring companies around the world, often the biggest problem is not knowing what their
security is. Many times sites need to be assessed on a case-by-case basis in a fairly informal manner
coordinating with the site executive, if there is one.
The local tenant has a high impact on adopted standards; some sites have higher security, simply
because the site executive is risk adverse. A company working on classified information also has to
comply with external security standards; however, sometimes these standards are inadequate. Another
consideration is collaborative projects in which a customer may require different levels of security.
Case Study: A solution to the hard problem A Silicon Valley company known for innovation, flexibility and creativity has a culture intended to foster
openness and collaboration. The implementation of strict anti-tailgating measures is a concern. There is
a fear such measures are not only physically ugly and restrictive, but also create an atmosphere of
mistrust as “big brother” is brought in to control and monitor all of your actions.
Unfortunately, the company is a target for retribution from disenfranchised users who have broken the
rules. A small explosive was detonated at one of its campuses.
In addition, high levels of electronic commercial activity create requirements around banking and
privacy regulations.
Greater security is required to provide compliance with banking and privacy regulations, safety for
employees, security for customers and employees with regards to their transactions, identity and
privacy, and to reassure market credibility in the continuity of services.
The company has over 100 locations. However, a primary campus of 6 buildings housing over 1,000
employees was chosen to deploy strict anti-tailgating measures. The measures selected were to
consider company culture, aesthetics, convenience, throughput, cost, and robustness. With as many as 6
p. 12
lobbies, and another 12 perimeter points of “convenience” access, such considerations necessitated a
very mixed approach to the problem. There was not much of an appetite for a bunch of “ugly” security
devices at the perimeter doors. And, as one can imagine, placing a bunch of ugly security devices in a
showcase main lobby was certainly not an option.
Thus, the problem was broken into two primary components, lobbies and perimeter access points; both
of which required solutions appropriate to the physical space as well as to the corporate intentions.
For the 3-story glass main lobby, sufficient measures were already in place. Nonetheless, a combination
of existing measures was reinforced with a revolving door for after-hours use:
I. Main Lobby - business hours: Two layers of physical security technology are reinforced with
officer oversight and intervention.
Free access to the main lobby area.
Lobby desk staffed with security officers trained in greeting guests and checking them in with a
visitor badge using an electronic visitor management system.
All others with a valid badge would pass through electronic turnstiles (no physical barriers for
high through-put rates). During “rush hours”, lobby staff would be reinforced with security
officers monitoring the free flow of individuals through the turnstiles.
o Officers are trained to politely challenge anyone setting off the turnstile alarm, and
request individual to exit and re-enter.
o “Social engineering” occurs after a number of people are asked to re-enter or witness
someone being asked to do so. Thereafter, “alarms” become the exception easily
handled by officers.
After dispersing from lobby area, an additional layer of card access is required to enter specific
employee work areas.
Lobby desk and Security Operations Center (SOC) are provided with a button to disable card
readers at doors leading to interior areas in case of an alarm or an event.
II. Main Lobby - after hours: Third layer of physical security technology is activated, and
reinforced with SOC oversight and roaming patrol intervention.
Perimeter lobby doors are electronically locked.
Aesthetically pleasing (and expensive) physical revolving glass doors are activated. Valid ID
badge is required, and the turnstile permits only one person per authenticated badge through. It
automatically reverses direction if it senses a second person in the “leaf”.
Once through the revolving door, an individual must also pass through the turnstiles and the
interior doors. Note the turnstiles provide no physical deterrent, but should a person pass
through without a valid badge, an alarm is generated with automated video call up at the SOC.
Note: for the Americans with Disabilities Act (ADA), one of the main entrance doors is equipped
with automatic openers and a card reader. Only disabled persons’ badges have been provided
with credentials to activate this door after hours. Whenever such a badge is presented after
p. 13
hours, the SOC is automatically alerted so that officers may provide assistance if needed, and to
ensure tailgating is not occurring.
Perimeter doors – 24/7: Perimeter doors are much more difficult to manage and stop tailgating. Even in
a corporate culture where all employees freely wear and display their ID Badges, common courtesy
often dictates that one opens and holds the door open for their colleagues, and visitors. This courtesy is
so in ingrained in us, that it is very difficult to overcome it in the moment, and to rudely close the door
on someone.
A description of an iterative process to address tailgating at perimeter doors is provided here, along with
the solution selected in this case:
The first consideration usually seems to be to use the perimeter doors for emergency exit only,
and to not give the general population access to those doors; allowing only security personnel
or emergency teams access to perimeter doors. This would force all staff to enter the building
through the lobby entrances.
o This was rejected as being inconvenient to the staff, creating a bottle neck at lobbies,
and resulting in wasted time.
Revolving doors were rejected as being too slow for the needed throughput, and expensive to
install.
Mantraps. Even if one were to overcome code issues, “Mantraps” were rejected as they would
be operationally unworkable. Mantraps generally allow one person to be in the vestibule at a
time, with one door locking behind prior to the door unlocking in front. This is further
complicated by two-way traffic in a high-volume environment.
Prevent access on a detected exception, requires all entrants to a perimeter door to present
their badge, but allows for the door to remain open during the reads. In other words, the
“system” would not “reset” each time the door closed to authorize the next entrant, but it
would need to “track” that only one person per valid read were permitted in regardless of
whether the perimeter door closed fully or was even politely held open for the next authorized
person. This would require, an interior perimeter, which is already present.
o Everyone would need to present their badge.
o All badge “reads” would be tracked.
o Each person passing through the perimeter must have had a valid read.
o If an invalid read is registered, or more than one person per valid read is detected,
access through the interior perimeter door would be disabled for all users in the
vestibule.
o Social engineering would be employed to reinforce proper usage of the system. Devices
employed:
Inconvenience of having interior door disabled, and needing to exit perimeter
door and start again.
Strobe light indicating to all users someone has not entered properly.
Audible alarm to mildly annoy users during the security breach.
p. 14
Video image transmitted to manager upon multiple breaches by the same user.
o Option 1 Pilot Test using Video Analytics (“Intelligent Video”):
As cameras are already viewing all entry points, a pilot test employing analytics
is attempted.
The concept would be to integrate valid badge reads with the video scene. If the
system reads one badge, but the camera sees two people come through the
door, the system would automatically disable the interior perimeter door. Such
exceptions would include:
More than one person per valid read.
No badge read, but someone is detected entering when someone is
exiting the door. Invalid Entry upon Exit.
Camera / Video Issues to ensure high success rate.
Needed to switch to a low resolution camera in order to process more
information faster to perform the analytics in a timely manner. Imagine
10 people with valid badge reads walking quickly through the door.
Need to switch flooring cover to create greater contrast for the camera
to better distinguish between persons entering and exiting.
Need to add glazing to window to prevent glare, to enable camera to
perform better.
The pilot is conducted with an officer present to explain / guide users.
Analytics success rate after changing technical and environmental conditions
(cameras, carpets, and glazing) went from 65% to 85%. Unfortunately, 85%
success is a 15% failure rate. With a thousand people moving through the
perimeters in an hour’s time in the morning, this translates to 150 people being
“locked” up per day. Unacceptable.
o Option 2 Pilot Test using photo beam detectors.
Photo beam detectors were suggested prior to analytics, however, a desire (by
the integrator and not the client in this case…go figure) to test and prepare for
the adoption of the latest technologies (analytics), argued for testing analytics
first. Upon an insufficient success rate in analytics, photo beams were
attempted.
Older generation photo beam detectors were neither sufficiently sophisticated
to accurately delineate between people entering nor able to easily integrate
with the access control system. However, improvements in detection and
programming of photo beam detectors enable the Option 1 scenario of one
valid read, one person detected to work with close to 100% success rate.
The system was tested and found highly successful in detecting tailgating as well
as entry upon exit.
Furthermore, with officers standing by at initial deployment combined with the
nuisance of a disabled reader, local audible and strobe light, users adopted the
p. 15
system quickly and “false alarms” as well as inconvenience to users dropped to
negligible amounts. An online training video was later added for new hire
orientation.
How to sell reduction of tailgating to the executive suite? Best practices for selling the reduction of tailgating to the executive suite should include an explanation
of the diverse set of savings to be gained. In particular, when selling tailgating reduction to a CFO,
explain that eliminating tailgating presents a number of opportunities to reduce otherwise inflexible
facility costs. In particular, the ability to identify peak facilities by monitoring building occupancy density
over time may lead to reduced facilities or real estate costs (e.g., lower air conditioning costs, reduce
office space leased when lower density is documented). Reducing tailgating also is a form of risk
mitigation and lowers overall company exposure.
Conclusions Tailgating is a common corporate security problem with high potential tangible and intangible costs.
Solutions for deterring/eliminating tailgating include hardware and social engineering approaches,
which differ in cost, throughput, aesthetics, and other factors. Badge-wearing compliance is a
particularly challenging issue, and many lessons are provided for increasing compliance. Implementation
of solutions must be tailored to the aesthetic and cultural needs of a given scenario; the most
challenging being providing access control in a welcoming, high-throughput, aesthetically pleasing lobby.
The case study illustrates a real-world solution to this challenging scenario, which ultimately uses a