Author

Richard Kibbey

Presented by:

Amna Jalil (04)

CDC 8th National Biosafety Symposium, Atlanta, Georgia, 2004

Overview of the security concepts and thesystems

Need of security expert

One’s own organization Full or part-time contractor

Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset,

such as a person, community, nation, or organization (Biosafety labs)

Consist of equipment, policies and procedures that support

each of the elements of security

Clear Zones

Barriers

Lighting

Shrouds

Locks

Electronic Security Systems

Guard forces

30 feet clear zone --- from the protectableobject or facility

Void of Trash receptablesAshtrays dumpsters

Restrict, deny or channel pedestrian orvehicular traffic

Not necessarily impenetrable – increase theprobability to detect people & vehicles –trying to get illegal access

Significant deterrent – potential intrudersEnhances visibility for routine patrols &

general staffPermanent lightening – adequate

illumination to Entry points Pathways Parking lots

Activated by Sensors – activate the lightswhen penetrated

Can activated by

TimersManually

◊ Often neglected component◊ Support deterrence & delay by providing

concealment from chance and directsurveillance

◊ Purpose – limit visibility from unauthorizedsources

◊ Simple – darkened windows, curtains◊ Complex – walls, coverings even shrubbery

Many shapes and formsSingle hasp lock to very complex systemsInclude: Standard key lock Combination lock Cipher lock Card access control systems including swipe card lock

and biometricCan be tied in electronic security system

• Come in three flavors

Access Control Systems

Security Surveillance

Intrusion Detection Systems (IDS)

ACCESS CONTROL SYSTEMS

Devices designed to limit access --- site,building, room or container

Simple – swipe access system

Complex -- biometrics

SECURITY SURVEILLANCE

Most common – CCTVWhen choosing CCTV

Resolution power and image qualityColor or black & white Zoom capability Transmission mode

INTRUSION DETECTION SYSTEMS (IDS)

Identify unauthorized entryConnected to monitoring system – fall into 3

categories1. Local alarm system – when IDS breached–

sounds an alarm for a local security officer

2. 24-hour central station – usuallycommercially operated – when get alarm,they contact local police

3. Propriety alarm systems – controlled andmonitored within the facility

Response forces

Balance between use of security technology &properly trained security staff

Elements of security systems are the rings –around the resource need to be protected

Each ring supported by security equipmentsand procedures – deter, detect or supportdefeating an adversary by being applied onone or more rings of security

Rings of Security

Deter

Detect

Assess

Delay

Respond

Deny

Prevention of action through a fear ofunacceptable consequences

Psychological statePerception of security system – from outside

lookIf PTE feels fear – move to other place

Let’s keep them away from here

o Determination and transmission that an eventhas occurred

o Use of technology – increases capability

Analysis of an event by a person directlyonsite or via technology

Now-a-days – CCTV systems

Necessary --- determination of the validationof alarm & appropriate response

Ability of physical or psychological barriers torestrict movement

Purpose – allow time for an appropriateresponse – make impossible for intruder tocontinue

Level of reaction required to counter anintrusion

Response forces

Unarmed security guards or staff Local police

High level – dedicated armed forces – nuclearstorage areas

Ability to oppose or negate the effects of anaction

Final chance to defeat an adversary

To avoid the Probable threat element (PTE)

Hypothetical Scenario

Four Field members of some terrorist agencymeet in the Baltimore in December 2002

2 from New york 2 from Fort WorthTheir Mission: Steal biological material---

used in bioterror attack on US food supply

Hypothetical Scenario

March 2003 --- Black Angus restaurantAtlanta – target selection

Pre-selection Operations --- 3 locations• Centers for Disease Control and

Prevention in AtlantaCDC

• U.S. Army Medical Research Instituteof Infectious Diseases in MarylandUSAMRIID

• Plum Island Animal Disease Centerin Long Island, New YorkPlum Island

Identification of weaknesses in security – toexploit

Find a location with Poor lighting Weak CCTV system Inconsistent access control system

Began from April to June 2003Observations were recorded and discoveredNew alarm systems at CDCHigh-tech TV systems– throughout complex Barriers – movement hindrance

AssessmentSecurity components – hindered proposed

operation

Occurred from July to August 2003Problems were similar to CDCMany lights & security structures BarriersAccess control procedures

Assessment

Location was too difficult

August through September 2003Many weaknesses were found Numerous gaps in security Doors left open for ventilation Some windows left open overnight Alarms and door sensors not operational Poor lighting Inadequate and broken CCTV

Assessment

Plum Island was selected as target

◊ From September to December 2003

◊ Found a route of entry – A window – leftunlocked most evenings

◊ Daily operations were observer and targetselection was made

Attack was conducted early in January 20041 person – at vehicle – half a mile away3 persons – entered building from windowGained access – cutting hole in drywallTook several vials of hoof and mouth virus

and exitedWhole operation took 70 minutes