Evolving Physical Security

Wednesday, December 16, 2015 @ 11:12 AM gHale

By Heather MacKenzie and Maggie Wu
The top priority of control professionals is making sure automation networks are operating reliably and safely. Security in this context involves using Defense in Depth techniques to protect critical control assets and safety systems — as well as the entire manufacturing, process control or transportation environment.

This broader view of security includes physical security and it is achieved by using a combination of physical barriers and technology systems. New physical security technologies are trending toward IP-based video surveillance and access control systems and can even include things such as biometrics and complex perimeter intrusion measures.

ICS Security Trends
Detection Strategies for Securing Wireless
Securing a Wireless Application
Viewing a System with NMS

With the trends headed toward IP-based technology, then understanding Ethernet switches and which network architectures are best for physical security systems becomes an important part of the discussion, particularly when they are operating outdoors. Understanding the options in this area will help you select or specify surveillance and access control networking equipment that works effectively and efficiently – thereby contributing to high reliability.

Physical security systems may include applications for video surveillance, perimeter monitoring, emergency response, intrusion detection, access control and asset management. They evaluate information received by cameras, sensors, RFIDs and other devices for threats or anomalies and generate alerts.

The hardware and software components connect via a shared infrastructure that includes a distributed industrial Ethernet network.

When it comes to Ethernet switches, users have to identify the requirements needed for high performance in outdoor or uncontrolled environments. Key considerations are:
• Hardened enclosures to prevent incursion from water and dust as well as high humidity
• Wide operational temperature ranges to keep systems running in weather extremes
• Fan-less designs with convection cooling to reduce failure points and improve product lifetime
• Long Mean Time Between Failures (MTBF) characteristics for high reliability and network uptime
• Compact form factors to minimize real estate cost and be flexible to fit with any structure
• Long Distance Fiber links back to a central office or control center
• Power over Ethernet (PoE) ports to power IP-based cameras, reducing installation/maintenance cost and complexity
• High redundancy and reliability via Spanning Tree Protocols, ring topology, redundant power source and other software enabled network capabilities
• Flexible and expandable traits for future expansion needs

Physical Security in Action

The Port of Oakland is the fifth busiest container port in the United States and is an example of a transportation facility that requires a physical security system. Local surveillance cameras and access control systems end up monitored by a local security console and a Global Security Center.

The local network uses an industrial Ethernet switch with configurable combinations of 10/100 copper ports and 100MB fiber ports as well as optional Gb ports. Several of the ports offer PoE, which means that a single industrial Ethernet cable can be used to provide both power and Ethernet communications to devices.

PoE simplifies the installation and commissioning processes by replacing multiple connectors with a single connection. This lowers costs as fewer components are needed and the replacement process is simplified.

The switch they used has a sealed metal case that serves as a heat sink enabling it to operate in the harshest environments and achieve EMI noise immunity. It also has an IP52 rating for dust and water resistance.

The Global Security Center uses a managed Ethernet switch with high, flexible fiber port count capabilities for local connections and long distance traffic. Dual hot-swappable power supplies increase redundancy and reliability.

Switch Criteria
Here are thoughts to keep in mind when specifying or selecting industrial Ethernet switches for security and surveillance systems:
1. Assess the environment the switches will operate in and select industrially hardened switches with the ratings and features to comfortably do the job
2. Select switches with the ports you need now and that will help you expand or adapt in the future
3. Especially for switches that connect to cameras, select switches with PoE ports to minimize costs as well as installation and maintenance efforts
4. Minimize the total cost of ownership and maximize availability by selecting equipment designed to have a long MTBF
5. Ensure reliability and safety by selecting equipment that delivers redundancy via software, standards and topology support
Heather MacKenzie is with Tofino Security, a Belden company. Maggie Wu, the director of product line management for GarrettCom and Tofino Security products. Click here to view Heather’s blog.