Security experts have been working to spread awareness of the need to improve physical security for critical infrastructure sites. Recently, an executive order was issued from the White House declaring a national emergency to defend the power grid. Locations like power plants, dams, and water treatment plants must be accessed by a range of employees and contractors, meaning that thorough badging procedures for these facilities are crucial to protect their systems and assets. Critical infrastructure security and compliance professionals should ensure that their processes properly authenticate staff and visitors—both at the initial enrollment and at subsequent visits.
Common Vulnerabilities in Badging Practices
To achieve higher security, some standard badging procedures should be reconsidered. A common practice for critical infrastructure sites is to issue badges or access privileges to staff or contractors based on a cursory ID check. This ID check can be performed either directly by the infrastructure operator or by the contracting organization. There are several security vulnerabilities in this scenario.
- ID Inspection
First, if the initial ID check is simply a visual inspection of the staff member’s photo ID, or a scan of the barcode on the back, this fails to meet the threshold for full authentication of the document. Barcodes and photos on ID documents can be forged with relative ease, meaning that a facility with lax ID inspection procedures can unwittingly grant access to a person with a fraudulent ID.
Any additional biometric security enrollment the organization then performs will be rendered pointless, as the person’s face, fingerprint, or retinal scan will be registered in the system with a fake identity.
A more secure process—ID authentication—uses multiple light sources and a global document library to confirm the document’s unique security features, and also confirms that the machine-readable data encoded in the document matches the printed data. By ensuring that they only issue badges to holders of properly authenticated ID documents, critical infrastructure sites can be more certain they are keeping their facilities secure.
- Facial Matching
An additional layer of security can be applied during the enrollment process by using facial matching technology to confirm that the person presenting a photo ID is its rightful holder. Using a genuine ID document of a lookalike person is another common way for fraudsters to gain access where they don’t belong, and security personnel do not always spot the differences between the ID photo and the person in front of them.
Face matching technology puts this decision in the hands of sophisticated software that allows for differences in age, hair style, etc. The technology delivers a reliable “match” or “no-match” result when comparing the ID photo and a live image of the person standing on site.
- Watch List Checks
Finally, critical infrastructure organizations would also be well served by checking the names of people requesting badges against government and regulatory watch lists, as well as any internal watch lists they may keep. This helps ensure that criminals, wanted suspects, foreign agents and former employees are not unknowingly admitted into the system.
Combining these three measures—ID authentication, facial matching, and watch list checks—can go very far towards the goal of ensuring that critical infrastructure sites do not grant access to individuals who don’t belong there. The technology powering these measures can be integrated with a property’s visitor management and badging systems, helping make the enrollment and authentication process extremely efficient even with this heightened level of security.
Maintaining High Security at Remote Locations
Better security can be maintained at substations or remote locations as well, even when security staff are not present to handle access control. The same facial matching technology used at enrollment can be installed at the remote location—implemented with a simple webcam or computer camera—to automatically compare the face of a badge holder with the picture on file in the system.
This prevents stolen or improperly loaned badges from being used to gain access at unstaffed entry points. A “match” result can trigger the system to grant access, while a “no-match” result can be set to trigger customized security alerts.
Infrastructure Protection in Real Time
Critical infrastructure is called “critical” for a reason, so protecting it and preventing improper access is a challenging and essential role. But technology integrations now make it easier for security and compliance professionals to meet these challenges—and be certain in their access control vigilance.
Looking for specific ideas on how you can improve access management at your site? Contact us.
Published: 5/14/2020
