Get in touch
The layers of physical security are often likened to the layers of an onion or a traditional medieval castle with a moat and a drawbridge. Often referred to as ‘defence-in-depth’, this methodology aims to deter and delay attackers, creating time for response and mitigation. Read more to find out how this works in practice.
Table of contents
- Why is layered physical security important?
- Layered physical security examples
- Physical security threats & vulnerabilities
- Physical security standards
- Site impact
When it comes to physical security measures, a layered approach is often the most effective.
In fact, security provisions for most types of sites and sectors you will find are based on the principle of layered defences.
Think back to medieval castles and the layers of defence lines used to protect the internal asset.
Firstly, a steep hill within an exposed location, a wide moat, thick castle walls and a very heavy main door sealed from attack.
This is a great example of very early physical security. The principles remain the same to this day.
You can liken this approach to the skins of an onion, with each layer delaying or deterring the physical attack strategies used by criminals, terrorists and saboteurs to force entry into areas with critical or valuable assets.
Effective physical security is ultimately an investment in time; that is, procuring engineered protection that will sufficiently delay or deter attempts at physical infiltration by hostile assailants until first responders arrive.
This tried and tested approach of detect, delay, respond, mitigate, and deter is the foundation for implementing effective solutions to protect against attempted security breaches or attacks using force.
When it comes to critical national infrastructure (CNI), security breaches or physical attacks pose the risk of impacting essential services, which could result in casualties or loss of life.
These kinds of attack could also have a significant detrimental effect on national security, defence or the running of the country.
It’s for these reasons that protecting essential public and private sector services from wide-ranging threats is a key part of the National Security Strategy.
Each essential sector, from water and energy through to government and communications will be at greater risk from different threats.
As such it is important to build resilience to these threats by identifying and implementing the right solution for that sector.
For example, in the case of securing a water supply, it’s not just about stopping someone from breaching the perimeter but also securing outdoor assets and access covers so that the supply can’t be tampered with.
Layered Physical Security Examples
Security measures such as perimeter fences, wire rope systems and guard control are important deterrents to the progress of an intruder on an operational site.
It doesn’t end there though, as the right security solution needs to be implemented at each layer, not just the perimeter.
Beyond perimeter fences or bollards, you also need to consider how you’re going to control access points – will this be done with gates, rising arm barriers, road blockers or automatic bollards?
What about external assets or pedestrian walkways? In the case of external assets, you should be looking at cages, kiosks, mesh covers and access hatches. Pedestrian walkways can be protected using fixed bollards.
If building work is being undertaken on-site or permanent security products haven’t yet been installed there may also be a need for temporary security measures, such as concrete and steel barriers. This same approach can also be utilised to protect vacant property on a temporary basis.
The building itself needs to be protected as the physical resistance of doors, enclosures, cages, cabinets, access covers and associated equipment will be the last line of defence of critical equipment from a determined attacker with heavy-duty tools.
Forced entry protection requires security measures that will delay the intruder/s to allow detection and a response to be raised.
If you do not invest sufficiently and with certainty in delay measures, this will increase the ‘exploitable gap’ in site security.
The delay provided by the protection you install, which may comprise a combination of physical deterrents and barriers, will be critical.
Hostile Vehicle Attacks
Hostile vehicle attacks can come in a variety of forms and the type you are trying to mitigate against informs what kind of crash-tested product you require.
When it comes to perimeter protection, hostile vehicles can be used to create a gap with a penetrative attack which can then be exploited to get closer to the asset.
VBIED’s or vehicle-borne improvised explosive devices pose a very real threat to both people and buildings. The Department of Homeland Security lists explosives as a high probability threat in comparison to industrial chemicals, biological or nuclear threats.
In Kabul in 2017 a VBIED hidden in a tanker truck caused untold devastation in the embassy district, tragically killing 150 people and damaging a number of embassies despite blast protection.
One of the most important concepts when it comes to protecting your site against a VBIED threat is the idea of standoff.
Standoff is the distance between the explosive threat (in this case a VBIED) and the asset that needs protection. Increasing the standoff improves a building’s ability to withstand a blast.
This is because there is a significant decrease in the peak pressure per square inch from an explosion as standoff increases.
Vehicle as a Weapon Attacks
Vehicle as a weapon attacks or VAAWs are attacks where the vehicle itself is used as a weapon. Over the last few years, there has been a tragic rise in these kinds of attack as terrorist groups have shifted from utilising VBIEDs to the vehicles themselves.
There are a few reasons for this shift in tactic, including the difficulty there is in obtaining the elements required to make a bomb and the ease in obtaining vehicles such as vans or lorries. In the UK the government recently released guidance to the transport industry to help combat vehicle as a weapon attacks.
Terrorists will often look to target soft or vulnerable sites where there is little physical security in place such as bridges or tourist destinations. This has lead towns and cities such as Chester, Canterbury and York to invest in hostile vehicle mitigation, as there is a belief that terrorist organisations will look to sites outside of London due the high level of security in place in the capital.
Following the tragic attack on Westminster Bridge there has also been the development of crash-tested products such as bollards that can be installed in a bridge deck without compromising its structure.
Hand Tool Attacks
Of the various mechanisms of attack – including cyber, bladed weapon, explosives, CBR – hand tools are often viewed as less significant, even though the impacts can still be substantial and devastating.
Attacks on electricity substations, for example, through vandalism or to steal metal, can result in costly damage to property and disruption to the supply network.
Loss of life of the trespasser through electrocution could also occur or even greater human loss and injury; for example, if a stolen cable is left on a railway line leading to a train derailment.
Tool based attacks require limited investment and involve comparatively less risk and tend to command less attention as new threats appear.
But they occur more frequently and are changing in sophistication; increasingly, organised crime involves crews of people mounting attacks.
When it comes to resisting the range of risks of forced entry posed by today’s increasingly sophisticated criminals and terrorists, how can we be sure of the performance of security equipment if attacked?
Would it guarantee the time/delay needed to thwart the severity of the tools and efforts employed by a hostile perpetrator or gang?
When it comes to physical security there are a number of standards for measuring the performance of security products. It is vital that when designing a security scheme, measures being put into place are certified and accredited, proven to withstand simulated attacks.
LPS 1775 covers intruder resistant building components such as fencing, doors, cabinets and other forms of enclosures or free-standing barriers.
LPS 1775 certification involves attack testing a product with different toolsets over a range of durations.
There are eight total ratings ranging from SR1 through to SR8, as the levels go up both the tool kit used and attack duration change.
In the case of SR1 (the lowest level) the product is attacked with a category A toolkit for a max attack time of 1 min, and a max attack duration of 10 minutes.
You may also come across EN 1627 – this is a European standard which is structured in a similar way to LPS 1775.
The main differences you’ll find between the two is that EN 1627 is more focused on protecting against criminals using stealth rather more robust methods covered by LPS 1775.
Also, there are differences in the toolsets – LPS 1775 covers more commonly obtained tools, such as certain hammers and drills as well as stronger tools such as petrol grinders.
Crash Test Standards
In the case of hostile vehicle mitigation bollards, barriers and gates they can be crash tested to the BSI PAS 68 (UK), IWA 14-1 (International) or ASTM F2656 (US) standards.
Crash tests are a form of destructive testing where physical security products are impacted with a vehicle in order to simulate how it would perform in a real-world scenario.
The standards mentioned allow products to be tested using a variety of vehicle sizes at a range of speeds.
When selecting what kind of crash-tested product you need for your site you need to understand what kind of threat vehicle you are trying to mitigate.
This will often be identified through a Vehicle Dynamic Assessment or VDA which is usually conducted by a security consultant or counter-terror security advisor (CTSA).
Security is fundamental and must be considered for all sites where a vulnerability or a threat has been identified. There is a balance to be struck between ensuring that an asset is safe and has adequate protection, the aesthetics of a site and operational methodology.
If a site is industrial in nature and does not have a big focus on pedestrian footfall, the aesthetic objective may be to make it visually secure and for security measures to be highlighted in a bid to deter would-be-attackers.
If the asset you are protecting is within the public realm and needs to remain welcoming to pedestrians and cyclists, security measures may need to be hidden or the impact of measures reduced within the landscape whilst avoiding a compromise on the levels of protection provided.
Measures must enhance a site operationally and not hinder stakeholders. Site traffic, access requirements and a variety of other scenarios must be considered before finalising a security plan to ensure that the end result will work with existing security personnel and procedures which must remain in place and part of day-to-day operation.
If you’re looking to implement a physical security scheme, but don’t know where to start we recommend using our physical security checklist. In it, you’ll find all the advice you need in order to successfully plan a physical security scheme for your site regardless of sector.