Effective physical security of an asset is achieved by multi-layering the different measures, what is commonly referred to as ‘defence-in-depth’. The concept is based on the principle that the security of an asset is not significantly reduced with the loss of any single layer. Each layer of security may be comprised of different elements, including for example:
- Measures to assist in the detection of threat weapons, including for example explosives, knives, firearms, chemical/biological/radiological material etc.
- Measures to assist in the detection, tracking and monitoring of intruders and other threats, such as unmanned aerial vehicles
- Access control and locking systems
- Physical and active barriers to deny or delay the progress of adversaries
- Measures to protect people or assets from the effect of blast or ballistic attack
- Measures to protect against or limit the spread of chemical, biological or radiological material
- Measures to protect sensitive (e.g. classified) material or assets
- Command and control
- The response to an incident
- Security personnel (covered within the Personnel and People Security)
The above measures are interdependent and their effectiveness will be dictated by their ability to support one another. For this and a variety of other reasons, CPNI recommends that all security measures are developed following the Operational Requirements (OR) process.
It is very important that the OR is based upon the correct threat planning assumptions and that exercises (e.g. table top) are conducted to ensure that planned security measures will work together to deliver the intended effect.
Considering the physical security requirements at the outset, as part of the building or facility design, will often result in more effective and lower cost security. For new builds, high level security requirements should be incorporated into the original brief.
Physical security requirements should also be considered during the construction phase of new builds or the modification of existing facilities, as these are likely to be subject to different risks and issues. Consideration should be given to:
- Identification and assessment of existing and new security risks
- Identification of security requirements for both the construction works and any changes to the security of the facility itself (this will depend on whether the construction works are adjacent to or within the facility)
- Determination of the transition of the security measures from ‘construction phase’ into normal operations.
Further guidance on the security measures identified earlier on this page is provided below. These are grouped into topics and themes.
The principles of physical security are described in ‘Protecting My Asset’.