Issue 14: Site Access Control is Critical for Emergency Responders
By Shayne P. Bates
Secondary dangers following an emergency incident may pose threats to
life and safety beyond an initial event, and it is important to make
decisions early about access control to and from an area, and just how
far such controls around a perimeter should extend. For example, an
event that involves a radiation hazard, chemicals or explosives requires
calculation of a "stand off" distance to ensure that additional
incidents at the scene do not cause unnecessary danger to those people,
assets or facilities at or beyond a perimeter.
Establishing a perimeter is important to keep an open pathway for
responders to do their jobs, and this includes keeping onlookers out or
preventing the perpetrators of the initial incident from disrupting or
escalating events with a secondary security event or explosion. Apart
from the need to validate who is present and enters and leaves a scene
for forensic and medical reasons, it is important to establish who is
qualified to render assistance and to ensure their credentials are
current and valid. Personnel such as paramedics, police, security and
officials must be able to produce valid credentials to be allowed within
certain perimeters. The main challenge is how to accomplish this. Prior
to 9/11, the methodology and procedures were varied and uncoordinated.
The many aspects of communications difficulties experienced during
the 9/11 series of events have generated significant changes in
procedures. In addition to strengthening communications protocols, the
National Institute for Standards and Technology established a technology
standard for physical and logical security systems known as FIPS-201.1 This followed presidential mandate HSPD-12.2
One of the capabilities of a FIPS-201 security "system" is the
ability to positively identify federal employees using a "Smart Card."
These cards are imbedded with chips that interact with other equipment
to communicate credentials about the person presenting the card, the
associated privileges, qualifications and any other data critical to
controlling access that may be appropriate. These are not simply photo
IDs nor "flash passes." Although initially envisioned to establish
privileges solely for federal employees to access other facilities, the
Smart Card capability and versatility has generated other uses as well.
An example would be a situation where medical responders are required at a scene. "Command and control" requires knowing:
Who is qualified to enter a scene;
If they possess the appropriate qualifications; and
If those qualifications are current and secure.
This sort of highly granular capability is the future of controlling a
scene. It is apparent that "communications" between various entities
and their various forms of identification requires interoperability.
This necessitates a "bridge" which is known, trusted and capable of
authoritatively providing authentic data.
Various manufacturers of security equipment now provide field rugged
equipment capable of providing that "bridge," and authenticating
credentials from a range of valid sources such as those used by medical
personnel or police. Authentication methods may include:
Physical characteristics – biometrics such as a fingerprint.
Knowledge – such as a pin number.
A possession – such as a smart identification card "Smart Card."
This can be similar to the plastic tokens that are held against a gas
pump, which authorizes the purchase and dispensing of gas and
automatically bills the corresponding credit card. This type of card,
while providing multiple functions, is singular in approach. In the case
of Personal Identity Verification (PIV) cards, multiple factors are
required to set a high threshold for positive identification, so a
borrowed or stolen card is unlikely to be useful. In the case of the
9/11 terrorists, a simple Virginia driver's license was the credential
needed and used to pass through security at airports. A PIV or Smart
Card would have required additional credentials and thresholds.
Multi-factor cards are becoming more and more prevalent in a society
concerned with security and identity.
Multi-factor authentication technologies will continue to change the
landscape of scene and access "command and control" situations. The
standards for such equipment remain vital. The Security Industry
Association's "Open Systems Integration and Performance Standard"
(OSIPS) is being designed to assist those who develop software and
hardware to interoperate. This "bridge" and communications function is
critical for site access and emergency responders.
In the case of site access to an emergency, a "First Responder Access
Card" (FRAC) initiative is underway – an initiative that might provide
various classes of responders with positive credentials for site access.
Ease of use and versatility is critical during a crisis, and
possessing a Smart Card would facilitate access to the site. The
initiative is also addressing on-site enrollment and card printing for
those responders whose credentials, while authoritative in their home
environment, may not meet the authorization requirements of the site to
which they respond (e.g. personnel from other states or jurisdictions
responding to a hurricane or disaster area). On-site flexibility and
versatility would become important features as well as mustering to
identify that everybody is accounted for and carrying valid credentials.
Shayne P. Bates is with Koffel Associates, Inc.
1Federal Information Processing Standards 201,
"Personal Identity Verification of Federal Employees and Contractors,"
National Institute of Standards and Technology, Gaithersburg, MD, 2006. 2 Homeland Security Presidential Directive 12, Policy for a
Common Identification Standard for Federal Employees and Contractors,
The White House, Washington, DC, 2004.
For questions concerning delivery of this e-Newsletter, please contact our Customer Service Department at (216) 931-9934 or magazine.sfpe.org.