Issue 14: Site Access Control is Critical for Emergency Responders
By Shayne P. Bates
Secondary dangers following an emergency incident may pose threats to life and safety beyond an initial event, and it is important to make decisions early about access control to and from an area, and just how far such controls around a perimeter should extend. For example, an event that involves a radiation hazard, chemicals or explosives requires calculation of a "stand off" distance to ensure that additional incidents at the scene do not cause unnecessary danger to those people, assets or facilities at or beyond a perimeter.
Establishing a perimeter is important to keep an open pathway for responders to do their jobs, and this includes keeping onlookers out or preventing the perpetrators of the initial incident from disrupting or escalating events with a secondary security event or explosion. Apart from the need to validate who is present and enters and leaves a scene for forensic and medical reasons, it is important to establish who is qualified to render assistance and to ensure their credentials are current and valid. Personnel such as paramedics, police, security and officials must be able to produce valid credentials to be allowed within certain perimeters. The main challenge is how to accomplish this. Prior to 9/11, the methodology and procedures were varied and uncoordinated.
The many aspects of communications difficulties experienced during the 9/11 series of events have generated significant changes in procedures. In addition to strengthening communications protocols, the National Institute for Standards and Technology established a technology standard for physical and logical security systems known as FIPS-201.1 This followed presidential mandate HSPD-12.2
One of the capabilities of a FIPS-201 security "system" is the ability to positively identify federal employees using a "Smart Card." These cards are imbedded with chips that interact with other equipment to communicate credentials about the person presenting the card, the associated privileges, qualifications and any other data critical to controlling access that may be appropriate. These are not simply photo IDs nor "flash passes." Although initially envisioned to establish privileges solely for federal employees to access other facilities, the Smart Card capability and versatility has generated other uses as well.
An example would be a situation where medical responders are required at a scene. "Command and control" requires knowing:
- Who is qualified to enter a scene;
- If they possess the appropriate qualifications; and
- If those qualifications are current and secure.
This sort of highly granular capability is the future of controlling a scene. It is apparent that "communications" between various entities and their various forms of identification requires interoperability. This necessitates a "bridge" which is known, trusted and capable of authoritatively providing authentic data.
Various manufacturers of security equipment now provide field rugged equipment capable of providing that "bridge," and authenticating credentials from a range of valid sources such as those used by medical personnel or police. Authentication methods may include:
- Physical characteristics – biometrics such as a fingerprint.
- Knowledge – such as a pin number.
- A possession – such as a smart identification card "Smart Card."
This can be similar to the plastic tokens that are held against a gas pump, which authorizes the purchase and dispensing of gas and automatically bills the corresponding credit card. This type of card, while providing multiple functions, is singular in approach. In the case of Personal Identity Verification (PIV) cards, multiple factors are required to set a high threshold for positive identification, so a borrowed or stolen card is unlikely to be useful. In the case of the 9/11 terrorists, a simple Virginia driver's license was the credential needed and used to pass through security at airports. A PIV or Smart Card would have required additional credentials and thresholds. Multi-factor cards are becoming more and more prevalent in a society concerned with security and identity.
Multi-factor authentication technologies will continue to change the landscape of scene and access "command and control" situations. The standards for such equipment remain vital. The Security Industry Association's "Open Systems Integration and Performance Standard" (OSIPS) is being designed to assist those who develop software and hardware to interoperate. This "bridge" and communications function is critical for site access and emergency responders.
In the case of site access to an emergency, a "First Responder Access Card" (FRAC) initiative is underway – an initiative that might provide various classes of responders with positive credentials for site access.
Ease of use and versatility is critical during a crisis, and possessing a Smart Card would facilitate access to the site. The initiative is also addressing on-site enrollment and card printing for those responders whose credentials, while authoritative in their home environment, may not meet the authorization requirements of the site to which they respond (e.g. personnel from other states or jurisdictions responding to a hurricane or disaster area). On-site flexibility and versatility would become important features as well as mustering to identify that everybody is accounted for and carrying valid credentials.
Shayne P. Bates is with Koffel Associates, Inc.
1Federal Information Processing Standards 201, "Personal Identity Verification of Federal Employees and Contractors," National Institute of Standards and Technology, Gaithersburg, MD, 2006.
2 Homeland Security Presidential Directive 12, Policy for a Common Identification Standard for Federal Employees and Contractors, The White House, Washington, DC, 2004.
For questions concerning delivery of this e-Newsletter, please contact our Customer Service Department at (216) 931-9934 or
magazine.sfpe.org.