In order to attack an asset or people, adversaries may either use force or surreptitious methods. Physical barriers can provide resistance to forced entry and include for example: doors, windows, walls, locks and locking systems, fences, containers (e.g. cabinets, safes) etc.
Forced entry may involve:
- Use of distraction techniques in order to confuse security personnel
- Use of layered attacks to overcome different security layers
- Multiple attackers
- Use of weapons to overcome barriers
- Use of manual or powered tools to overcome barriers
Assessing security risks
When assessing security risks it is important to define the type of adversaries of concern and their likely methods of attack. This should include information on how many, their level of skill/experience and what weapons or tools they will use. This requires a good knowledge of the threats and for that reason, it is recommended that advice is sought from your CPNI adviser (for CPNI customers), local police Counter Terrorism Security Adviser or a reputable security consultant.
Protective security around an asset should be based upon a multi-layer approach and be based on the concept of deter, detect, delay etc (see Managing my Asset). When defining the requirements for forced entry resistant barriers, it should be assumed that in most situations, a security barrier will be defeated and its required performance should be defined by its resistance time against:
- the number of adversaries attacking the barrier
- the skill and experience of the adversaries
- the weapons/tools used.
The use of recognised security standards is important when specifying the technical/performance requirements of a physical barrier. Selection of an appropriate standard, which is relevant to your threats, is crucial. Generally, standards that do not explicitly take into account, as part of their testing, weapons/tools used and resistance time, should be treated with caution.
CPNI has developed its own range of security standards and evaluates the performance of products against these. Products deemed suitable for use by UK Government, national infrastructure and other sensitive sites are attributed a CPNI Protection Level of BASE, ENHANCED or HIGH and can use the CPNI trademark.
CPNI has introduced a new standard which focusses on Marauding Terrorist Attack Standard (MTAS) and award sophistication levels are BASIC, LOW, MODERATE, HIGH and EXPERT.
Specifying requirements for measures to protect CNI in these terms will help ensure that appropriate and effective solutions are procured. Further information on these is available directly from CPNI (for CPNI customers), your local police Counter Terrorism Security Adviser or a reputable security consultant.