3-layer access control strategy for critical infrastructure


As you move from the perimeter line to the core areas of the facility, the security strategy must become more thoughtful and effective.


Critical infrastructure is the circulatory system that provides the vital needs of the population and business - electricity, water, fuel and communications. Any failure of critical infrastructure facilities will inevitably affect the well-being of households, businesses, schools, government agencies and other areas of society.



Iis precisely because of its extreme importance that critical infrastructure is subject to strict compliance regulations. Such regulations include, among other things, the existence of a strong physical security strategy that limits access to the facility to outsiders. This, in turn, requires the protection of critical infrastructure facilities by access control systems, the availability of tools for checking the effectiveness of access control systems, as well as the creation of mechanisms for analyzing the effectiveness of such tools. At the same time, fines and other sanctions may be imposed on organizations that are unable to comply with the relevant requirements.


The task of access control systems (ACS) is to restrict access to the territory of the facility for unauthorized persons who do not have access rights. However, basic perimeter access control systems often are not enough to meet industry compliance requirements.


The best strategy for securing the entire facility in this case is to create a multi-level protection system that becomes more complex as you move from the perimeter to the most significant parts of the facility.


The ideal solution to this problem is to create secure entry points, each of which belongs to one of three levels of protection against unauthorized entry. These can be deterrence tools requiring only a basic level of protection, detection tools requiring a medium level of security, and full prevention tools requiring the highest level of security.

There are many options that can help to achieve that goal – highly secured entrances, revolving doors, full-height, optical and classic turnstiles.


A brief overview of each layer of security for entrances:


1. Detterence


The outer layer of defense is usually the outer perimeter line. To prevent unauthorized access and deter violators, the ideal solutions are following systems:


  • Video surveillance with a highly effective video analytics system that allows you to identify and classify threats on time;
  • Visible and thermal spectrum multi-sensors that allow you to identify a potential threat several kilometers away in any weather conditions and take effective measures accordingly;
  • Active perimeter protection systems with fences equipped with various types of sensors that prevent intrusion;
  • Full-height turnstiles at the entrance groups, protecting against sudden entry. Due to their size, intruders will not be able to simply jump over the turnstile. At the same time, such turnstiles allow you to separate flows and allow access to only one person at a time.


2. Detection



The second layer of security is detection systems. At this stage, intruders or outsiders can still find a way to bypass access control systems, however, such attempts will certainly be detected by various:


  • Intrusion, tampering sensors;
  • Smart sound sensors (scream, shot, explosion, perforator operation, etc.);
  • Cameras with built-in analytics and threat classification,
  • Facial recognition systems using CCTV cameras to track the presence of unauthorized personnel in unauthorized areas;
  • Lidars for building three-dimensional maps and determining suspicious visitor behaviours.


Responsible persons will be notified of an intrusion attempt by an alarm, email, SMS, notification to a mobile device, etc.


Almost every critical infrastructure facility has a reception hall or lobby. Solutions of the second level are recommended for such passage zones. Here, optical turnstiles are most often used, which provide access to authorized visitors and detect unauthorized access attempts.


3. Prevention


The third layer of security works to protect key areas, such as storage, warehouses, power substations, server rooms, data centers, etc. In such places, lock cabins can be used for passage, which reliably prevent unauthorized access attempts and do not require supervision by security personnel.



It is recommended to provide folowing functionality for such checkpoints:


  • Biometric access using fingerprint recognition technology, face recognition, palm vein recognition, iris recognition.
  • Using the two-person rule to grant access. Access to the zone will only be allowed if two employees with access rights present valid IDs.
  • Installation of a man-trap system that cuts off a critical space from the rest of the territory using a man-trap corridor. While one of the gateway doors is open, the other cannot be opened even if a valid access ID is presented.
  • Use of two-, three-factor authentication for personnel verification: Card + PIN code, Card + Fingerprint, Face + Fingerprint, etc.


Well-secured entry points prevent any unauthorized access attempts and determine the identity of the person attempting to enter.


It must be remembered that despite their significant cost, 3-level systems for protecting critical infrastructure objects seem to be a reasonable investment, given the possible losses from emergencies at these facilities.