|Site Access Control is Critical for Emergency Responders|
Issue 14: Site Access Control is Critical for Emergency Responders
By Shayne P. Bates
Secondary dangers following an emergency incident may pose threats to
life and safety beyond an initial event, and it is important to make
decisions early about access control to and from an area, and just how
far such controls around a perimeter should extend. For example, an
event that involves a radiation hazard, chemicals or explosives requires
calculation of a "stand off" distance to ensure that additional
incidents at the scene do not cause unnecessary danger to those people,
assets or facilities at or beyond a perimeter.
Establishing a perimeter is important to keep an open pathway for
responders to do their jobs, and this includes keeping onlookers out or
preventing the perpetrators of the initial incident from disrupting or
escalating events with a secondary security event or explosion. Apart
from the need to validate who is present and enters and leaves a scene
for forensic and medical reasons, it is important to establish who is
qualified to render assistance and to ensure their credentials are
current and valid. Personnel such as paramedics, police, security and
officials must be able to produce valid credentials to be allowed within
certain perimeters. The main challenge is how to accomplish this. Prior
to 9/11, the methodology and procedures were varied and uncoordinated.
The many aspects of communications difficulties experienced during the 9/11 series of events have generated significant changes in procedures. In addition to strengthening communications protocols, the National Institute for Standards and Technology established a technology standard for physical and logical security systems known as FIPS-201.1 This followed presidential mandate HSPD-12.2
One of the capabilities of a FIPS-201 security "system" is the ability to positively identify federal employees using a "Smart Card." These cards are imbedded with chips that interact with other equipment to communicate credentials about the person presenting the card, the associated privileges, qualifications and any other data critical to controlling access that may be appropriate. These are not simply photo IDs nor "flash passes." Although initially envisioned to establish privileges solely for federal employees to access other facilities, the Smart Card capability and versatility has generated other uses as well.
An example would be a situation where medical responders are required at a scene. "Command and control" requires knowing:
This sort of highly granular capability is the future of controlling a scene. It is apparent that "communications" between various entities and their various forms of identification requires interoperability. This necessitates a "bridge" which is known, trusted and capable of authoritatively providing authentic data.
Various manufacturers of security equipment now provide field rugged equipment capable of providing that "bridge," and authenticating credentials from a range of valid sources such as those used by medical personnel or police. Authentication methods may include:
This can be similar to the plastic tokens that are held against a gas pump, which authorizes the purchase and dispensing of gas and automatically bills the corresponding credit card. This type of card, while providing multiple functions, is singular in approach. In the case of Personal Identity Verification (PIV) cards, multiple factors are required to set a high threshold for positive identification, so a borrowed or stolen card is unlikely to be useful. In the case of the 9/11 terrorists, a simple Virginia driver's license was the credential needed and used to pass through security at airports. A PIV or Smart Card would have required additional credentials and thresholds. Multi-factor cards are becoming more and more prevalent in a society concerned with security and identity.
Multi-factor authentication technologies will continue to change the landscape of scene and access "command and control" situations. The standards for such equipment remain vital. The Security Industry Association's "Open Systems Integration and Performance Standard" (OSIPS) is being designed to assist those who develop software and hardware to interoperate. This "bridge" and communications function is critical for site access and emergency responders.
In the case of site access to an emergency, a "First Responder Access
Card" (FRAC) initiative is underway – an initiative that might provide
various classes of responders with positive credentials for site access.
Ease of use and versatility is critical during a crisis, and
possessing a Smart Card would facilitate access to the site. The
initiative is also addressing on-site enrollment and card printing for
those responders whose credentials, while authoritative in their home
environment, may not meet the authorization requirements of the site to
which they respond (e.g. personnel from other states or jurisdictions
responding to a hurricane or disaster area). On-site flexibility and
versatility would become important features as well as mustering to
identify that everybody is accounted for and carrying valid credentials.
Shayne P. Bates is with Koffel Associates, Inc.
1Federal Information Processing Standards 201,
"Personal Identity Verification of Federal Employees and Contractors,"
National Institute of Standards and Technology, Gaithersburg, MD, 2006.
For questions concerning delivery of this e-Newsletter, please contact our Customer Service Department at (216) 931-9934 or magazine.sfpe.org.