security by numbers physical security –the art of ... · physical security –the art of...

Part of the BRE Trust

Protecting People, Property and the Planet

Security by numbersPhysical security – The art of specification

Richard FlintBRE Global Limited, incorporating LPCBJune 2014

© BRE Global Limited, 2014Copyright BRE Global Ltd, 2014Cop

yrigh

t BRE G

lobal

Limite

d, 20

14


Security by numbersThe art of specifying effective physical security

• Who we are

• The Threat

• Basics of effective security

• Physical security standards

• Specifying effective physical security


yrigh

t BRE G

lobal

Limite

d, 20

14


Assurance of critical infrastructure securityThe role of standards, testing & certification

Who we are


yrigh

t BRE G

lobal

Limite

d, 20

14

Introduction to LPCB

• Leading international centre for fire and security product testing and approvals

• Approve >5000 loss prevention products produced in >40 countries

• One of two internationally recognised approvals and listings operated by BRE

Global. The other is


yrigh

t BRE G

lobal

Limite

d, 20

14

Introduction to LPCB

Our heritage

© BRE Global Limited, 2014Copyright BRE Global Ltd, 2014Copyri

ght B

RE Glob

al Lim

ited,

2014

Working with others to protect against terrorists and criminals

GovernmentCabinet Office, Home Office (incl.

OSCT), DCSF, CPNIPlus other National Governments

GovernmentCabinet Office, Home Office (incl.

OSCT), DCSF, CPNIPlus other National Governments

National Counter Terrorism Security Office (NaCTSO)

ArchitectsArchitects

Security consultantsSecurity consultants

ContractorsContractors

ManufacturersManufacturers

Specifiers and end users

Specifiers and end users

Enforcement agenciesEnvironment Agency

Revenue and CustomsPolice Special Branch

Enforcement agenciesEnvironment Agency

Revenue and CustomsPolice Special Branch

Home Office Centre for Applied Science and Technology

(HO CAST)

Home Office Centre for Applied Science and Technology

(HO CAST)

Association of Chief Police Officers (ACPO)


Secured By Design (SBD)Secured By Design (SBD)


Secured By Design (SBD)

Insurers and underwritersAssociation of British Insurers

(ABI)Lloyds Market AssociationAssociation of Insurance

Surveyors (AIS)Risc Authority

Insurers and underwritersAssociation of British Insurers

(ABI)Lloyds Market AssociationAssociation of Insurance

Surveyors (AIS)Risc Authority

Suppliers and distributorsSuppliers and distributors Installers and maintenance companies

Installers and maintenance companies

Testing laboratoriesTesting laboratories

Centre for Protection of National Infrastructure (CPNI)

Centre for Protection of National Infrastructure (CPNI)

National Counter Terrorism Security Office

(NaCTSO)

National Counter Terrorism Security Office

(NaCTSO)


yrigh

t BRE G

lobal

Limite

d, 20

14

Owned by a charitable trust

Who BRE Trust

What Charitable trust

Why To advance knowledge, innovation and communication in all matters concerning the built environment for public benefit

How First class research and education funded by investing profits made by BRE and other subsidiaries in research and education

Over 600 staff within the BRE Trust Group


yrigh

t BRE G

lobal

Limite

d, 20

14


LPCB – The mark of effective security

The basics of effective security

- The context


yrigh

t BRE G

lobal

Limite

d, 20

14

Assuring critical infrastructure securityOur role and responsibilities regarding physical security

*IRA, 1984


yrigh

t BRE G

lobal

Limite

d, 20

14

Assuring critical infrastructure securityOur role and responsibilities regarding physical security


yrigh

t BRE G

lobal

Limite

d, 20

14




- The threat


yrigh

t BRE G

lobal

Limite

d, 20

14


Identify the threat:

• Manual forced entry attack• Plant attack (e.g. diggers)

• Vehicle attack

• Ballistic

• Explosion

• Undetected compromise

• Other• Chemical, pathogen, toxin, radiological or nuclear

• Cyber

• Fire

• Vandalism© BRE Global Limited, 2014

Copyright BRE Global Ltd, 2014Copyri

ght B

RE Glob

al Lim

ited,

2014


Identify the threat:

• Manual forced entry attack• Forced entry (without fear of making noise)• Stealth attacks

• Mob attacks


yrigh

t BRE G

lobal

Limite

d, 20

14




- Preventing forced entry


yrigh

t BRE G

lobal

Limite

d, 20

14

The basics of effective security against forced entry

Effective forced entry protection requires three things to work together:

Delay

Effective security occurs when: Time Delay ≥ Time Detection + TimeResponse


ght B

RE Glob

al Lim

ited,

2014



Late detection will be exploited!

DelayExploitable security gap


yrigh

t BRE G

lobal

Limite

d, 20

14



Ineffective physical security will be exploited!

Delay

© BRE Global Limited, 2014

Exploitable security gap


ght B

RE Glob

al Lim

ited,

2014


Effective protection requires three things to work together: Unreliable alarm transmission could undermine other measures

Delay

Faulty alarm transmission equipment / paths delay the alarm signals sent to

alert the response

Exploitable security gap


yrigh

t BRE G

lobal

Limite

d, 20

14



No response leads to anarchy!

Delay© BRE Global Limited, 2014Copyright BRE Global Ltd, 2014Cop

yrigh

t BRE G

lobal

Limite

d, 20

14


Delay

How do you determine what physical security products will provide a

suitable delay?


yrigh

t BRE G

lobal

Limite

d, 20

14



The art of specifying effective security

- Selecting an appropriate performance standard to specify


yrigh

t BRE G

lobal

Limite

d, 20

14

How do you specify effective security equipment?

Specify approval to appropriate ‘performance standards’It is important to ensure the standard used to specify security equipment:

• Covers the type of product/system being considered

• Is performance based rather than design based

• Is based on sound principles of terrorism/crime prevention and address terrorist’s/criminal’s entrepreneurial tendencies

• Considers the whole product and not just components

• Determines the product’s resistance to the risks identified


yrigh

t BRE G

lobal

Limite

d, 20

14

Scope of publically available physical security standards

Acc

ess

cove

rs a

nd h

atch

es

Cur

tain

wal

ling

/cla

ddin

g

Doo

rset

s (C

antil

ever

ed)

Doo

rset

s (F

oldi

ng)

Doo

rset

s (H

inge

d)

Doo

rset

s (P

ivot

ing)

Doo

rset

s (R

evol

ving

)

Doo

rset

s (S

lidin

g)

Enc

losu

re

Fenc

es

Par

titio

ning

sys

tem

s

Roo

fing

syst

ems

Roo

f lig

hts

and

skyl

ight

s

Sec

onda

ry g

lazi

ng s

yste

ms

Sec

urity

gril

les

Sec

urity

scr

eens

Sec

urity

shu

tters

Tem

pora

ry b

uild

ings

Gat

es a

nd tu

rnst

iles

Voi

d pr

otec

tion

scre

ens

Win

dow

s

Wal

ls a

nd c

eilin

gs

EN 1627: 2011 ü ü* ü* ü* ü* ü* ü ü* ü ü* ü ü

LPS 1175: Issue 7 ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü

PAS 24: 2012 ü ü ü ü ü ü‡

DOS ST-STD-01.02 ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü

*EN1627 covers pedestrian access and not

vehicle/goods access

‡PAS 24 is restricted to certain configurations only


yrigh

t BRE G

lobal

Limite

d, 20

14

LPS1175 – One standard covering all physical security layers

LPS 1175• Fences• Gates• Vehicle barriers• Enclosures• Entrance doors• Emergency exits• Windows

• Shutters• Rooflights• Roofs• Walls• Enclosures• Vehicles• Cycle racks• Cycle locks• Padlocks

• Glazing


yrigh

t BRE G

lobal

Limite

d, 20

14









yrigh

t BRE G

lobal

Limite

d, 20

14

‘Performance based’ verses ‘design based’ specifications

Type Pro’s: Con’s:

Design • Easy to describe visible attributes (materials and dimensions).

• Risk the design defined will not deliver the performance required

• Restricts use of ingenuity to solve problems

Performance • Links specification directly to the threats identified

• Lack of availability of products meeting desired performance attributes

• Does not describe what the solution looks like so architects can find it hard to visualise the products likely to be offer



yrigh

t BRE G

lobal

Limite

d, 20

14

‘Manual attack testing’ verses ‘mechanical testing’

Type Pro’s: Con’s:Mechanical • Repeatable • Cannot economically cover the

wide scope of modus operandi available to intruders

• Test equipment must be developed for each product type/design and results cannot therefore be accurately compared between product types

Manual attack • Modus operandi can reflect the scope used by intruders

• Tests can be more easily tailored to different types of product

• Results may be inconsistent because they are affected by the testers’ knowledge, skill, stamina and strength




ght B

RE Glob

al Lim

ited,

2014









yrigh

t BRE G

lobal

Limite

d, 20

14

Principles of effective security

The ‘entrepreneurial criminal’

Effective loss prevention standards are based on grading structures that recognise the increased investment criminals (and terrorists) will make to reap greater rewards.

• Investment (tools, time, effort)

• Risks (noise, leaving evidence)

• Reward (value of goods stolen)


yrigh

t BRE G

lobal

Limite

d, 20

14

20 min SR8

15 min

10 min SR4 SR5 SR6 SR7

5 min SR3

3 min SR2

1 min SR1

A B C D D+ E F G

LPS1175 Security RatingsD

elay

ACME

E


ght B

RE Glob

al Lim

ited,

2014









yrigh

t BRE G

lobal

Limite

d, 20

14


Security is only as good as the weakest part!

• EN1627:– Relies on tests conducted on glazing and locks to separate associated

component standards such as EN356, EN1303 and EN12209– The supporting component standards do not use common test methods or

failure criteria– The standard therefore does not result in the assembled products

providing holistic levels of security – many are vulnerable to basic attacks


yrigh

t BRE G

lobal

Limite

d, 20

14


Security is only as good as the weakest part!

• EN1627:– Relies on tests conducted on glazing and locks to separate associated

component standards such as EN356, EN1303 and EN12209– The supporting component standards do not use common test methods or

failure criteria– The standard therefore does not result in the assembled products

providing holistic levels of security – many are vulnerable to basic attacks

• LPS1175:– Considers the whole assembled product to a common classification

system– Is supported by standards for security glazing (LPS1270) and locks

(LPS1242 and LPS1654) sharing common performance requirements– Ensures holistic levels of security are provided by the assembled

product/system– Empowers the development and selection of components that deliver

compatible levels of security performance © BRE Global Limited, 2014Copyright BRE Global Ltd, 2014Cop

yrigh

t BRE G

lobal

Limite

d, 20

14

Principles of effective security – Features of standards

Standards should address the threats identified• The delay required (i.e. working time)

• The number of intruders

- Loan intruder (LPS1175 and EN1627)

- Pair of intruders (DOS - FE5)

- Mob (DOS - FE15 and FE60)

• The attack tools available to the intruders

- Type, number, and the methods by which those tools may be

used

• Level of information about the product available to the intruder

• Whether the intruder is likely to use stealth to achieve their objective

undetected or whether they would be willing to make noise

• Whether the intruder wishes to achieve entry surreptitiously or not © BRE Global Limited, 2014


ght B

RE Glob

al Lim

ited,

2014


Security by numbersThe art of specifying effective physical security

Comparison of publically available physical security standards


yrigh

t BRE G

lobal

Limite

d, 20

14

Comparison of alternative façade security standards

Time and tools

Standard PAS23/24 and

BS7950

LPS1175 EN1627

Rating/ Class Not applicable

SR1 RC1

Working Time 1 minutes No manual attack testing conductedTotal Test Time 10 minutes

Tools


yrigh

t BRE G

lobal

Limite

d, 20

14

Comparison of alternative façade security standardsStandard PAS23/24 and

BS7950LPS1175 EN1627

Rating/ Class Pass SR2 RC2

Working Time 3 minutes

Total Test Time 15 minutes

Tools Glazing removal

Manipulation

Levering


ght B

RE Glob

al Lim

ited,

2014


Time and tools

Standard LPS 1175 EN 1627

Rating/Class SR3 RC3



Tools As earlier, plus: As earlier, plus:


yrigh

t BRE G

lobal

Limite

d, 20

14

Attack methods and tool use not covered by EN1627 RC3



yrigh

t BRE G

lobal

Limite

d, 20

14

EN 1627 – Resistance Class 3 doors attacks (5 minutes)

Remember• EN 1627 assumes NO NOISE up to RC3 (5 minute attack)!• Above restrictions on tool use also apply at higher resistance classes



yrigh

t BRE G

lobal

Limite

d, 20

14


Time and tools

Standard LPS 1175 EN 1627

Rating/Class SR4 RC4



Tools


yrigh

t BRE G

lobal

Limite

d, 20

14

Comparison of alternative façade security standardsBenchmark(LPS 1175) LPS 1175: Issue 7 EN 1627‡ PAS 24

VERY HIGH RISK

LOW RISK

SR1

SR2

SR3

SR4

SR5

SR6

SR7

SR8

RC

1

RC

2

RC

3

RC

4

RC

5

RC

6 *

RC

1

RC

2

RC

3

RC

4

RC

5 *

RC

6 *

Unglazed

Doorsets◊

Glazed

Doorsets

Window

s◊

All Products Glazed Products† Unglazed Products

SR8

SR7

SR6

SR5

SR4

SR3

SR2

SR1

Unclassified

Level of security

provided by approved products


yrigh

t BRE G

lobal

Limite

d, 20

14



The art of specifying effective security

- The benefits of using third party approved products


yrigh

t BRE G

lobal

Limite

d, 20

14

The basis of effective security

How do you determine what products provide an effective delay?

The best!

Secure! Robust! Unbeatable!

Seriously strong!

Designed to meet…

Complies with …

Tested to …Certified to …

Approved to …

Recognised by …


yrigh

t BRE G

lobal

Limite

d, 20

14

How effective is the product being specified?


yrigh

t BRE G

lobal

Limite

d, 20

14

We test all features until we are certain there is no way past them

Testing - Reasons products fail


ght B

RE Glob

al Lim

ited,

2014

Incompatible locking hardware and glazing

LPCB’s experienced test engineers often exploit incompatible hardware and glazing

• ‘Fishing’ attacks to manipulate internal operating devices (panic hardware, lever handles, thumbturns)

• Targeting access control wiring leading to solenoid or other electronic locks

• Overcoming cylinder protection

• Manipulating other features (e.g. shoot bolt link rods)

• Compromising glazing (e.g. 7.5 mm or 11.3 mmcommonly believed to deliver good levels of attack resistance)

Testing - Reasons we fail so many products


yrigh

t BRE G

lobal

Limite

d, 20

14

Third party approval – Ensuring products are effective

Third party approval helps ensure the products supplied deliver the performance required by ensuring there is effective management of all the factors that affect a product’s performance

Design

UseQuality

Performance


yrigh

t BRE G

lobal

Limite

d, 20

14

The Red Book

Benefits of Red Book listing

Free LPCB does not charge people to receive/view the Red Book

Accessible Available in a range of formats:

– Limited edition softback format– Downloadable PDF on website www.redbooklive.com– Searchable database on website www.redbooklive.com– Apps for Android, Apple and Windows (free from App stores)

Up to date Web versions are updated as soon as certificates are issued, changed or suspended/withdrawn. This provides up-to-date confirmation of a product’s approval status to specifiers and other stakeholders.


yrigh

t BRE G

lobal

Limite

d, 20

14

http://www.redbooklive.com

http://www.redbooklive.com

The Red Book

Benefits of Red Book listing

Scope Red Book covers an increasingly broad selection of proven security solutions

Red Book is becoming a one-stop-shop for specifiers seeking to verify the effectiveness of products they are considering specifying

Widely promoted We exhibit at a large number of fire, security and construction shows around the world

Widely recognised The Red Book is used by specifiers around the world by those who recognise the huge benefits of using LPCB approved products and services.



ght B

RE Glob

al Lim

ited,

2014

Preventing crime and terrorism

Remember

They only have to be lucky some of the time.

You have to be lucky all of the time!


yrigh

t BRE G

lobal

Limite

d, 20

14

Preventing crime and terrorism

Remember

Using security products approved by

recognised third parties to appropriate

standards:

• Ensures the products used provide a

reliable delay

• Helps mitigate the risk of forced entry


yrigh

t BRE G

lobal

Limite

d, 20

14

Thank you for listening

Any questions?Richard Flint

Physical Security Certification Scheme ManagerLoss Prevention Certification Board

Email: [email protected]

The mark of effective security


yrigh

t BRE G

lobal

Limite

d, 20

14

mailto:[email protected]

security by numbers physical security –the art of ... · physical security –the art of...

Documents