×

Beyond the Perimeter

Definition

Beyond the perimeter covers:

  • Information which can be obtained without breaching the perimeter/building (e.g. via hostile reconnaissance, online research)
  • The area beyond the perimeter where protective security measures can be projected
  • Information or assets which are taken off site which require protection

Principles

Deter

  • Deny adversaries access to the information and other resources they require to conduct attack planning
  • Persuade adversaries from conducting an attack through emphasis of the likelihood of failure and capture
  • Project a sufficiently hostile view of the environment to an adversary so as to make an attack difficult or too unachievable to progress
  • Amplify the effectiveness of security measures and messaging

Examples

  • Messaging on the corporate website about the effectiveness of security measures (including the monitoring of visitors/cookies to enhance the user experience)
  • Limiting the information available about the asset forcing a physical reconnaissance visit to the asset (increasing the likelihood of detection)
  • Ensuring that the approaches to and areas around the asset are clear, easily monitored and that there is an appropriate challenge by the security officers or staff to unknown individuals (‘Can I help you’)
  • Messaging for the entire attacker journey, from the website through to the physical approaches to the site, that provide reassuring messages about the security measures in place.

Detect

  • To identify threat or attack behaviours at every stage of an attack – planning, reconnaissance, deployment
  • Initiate an appropriate response to a threat or attack as early in the attack timeline as possible
  • Monitor for the loss of information or assets which have been moved off site

Examples

  • Detecting hostile reconnaissance through the monitoring and detection of suspicious activities on the corporate website and visits to the asset
  • Implement a CCTV monitoring system covering beyond the site perimeter to identify an attack team approaching
  • Use an information/asset logging system to identify patterns of information/assets not being returned or accounted for

Delay

  • Maximising the time between the detection of an attack (at any of the stages in the attack timeline) and an attack reaching an asset’s perimeter
  • Limit availability/access to information in order to prevent an adversary developing an optimised attack plan – thereby increasing the attack timeline and further increasing the chances of detection

Examples

  • Monitor the area beyond the perimeter enabling early detection and maximising delay time for an adversary to transition the ground
  • Ensure an adversary requires multiple or extended visits to a site to gather information for an attack plan – increasing the risk of detection and extending the attack planning timeline

The following pages provide more information on the protective security measures which can be used to achieve the protective security principles above. Considering the impact a measure has on Deter, Detect and Delay is important to ensure the measures are complementary and all three Ds have been covered. Response to an attack and minimising the consequences of an attack should also be included in both your protective security measures and security planning.