Physical security
Published 2 November 2020
1. Introduction
Physical security is an important consideration when protecting against a range of threats and vulnerabilities, including terrorism.
When planning the introduction of any physical security measures, it’s imperative both safety and emergency responses are considered.
Effective physical security of a crowded place is best achieved by multi-layering a variety of measures. This is what is commonly referred to as ‘defence-in-depth’. The concept is based on the principle that should one line of defence be compromised, the additional layers and measures in place would ensure the threat didn’t slip through.
In order to achieve success, a hostile will attempt to identify and exploit weaknesses within your protective security measures. The CPNI principles of Deter, Detect and Delay, supported by an effective response plan, will help to frustrate and disrupt any potential hostile.
Considering the physical security requirements at the outset of the venue’s planning and design phase, will often result in more effective and cost efficient security. Your risk assessment will determine which measures you should adopt. It is essential that you understand the threats faced by your venue or site; effective security depends on a proportionate response to the threat.
2. Operational requirements
The CPNI Operational Requirements process helps organisations make intelligent investments in security, enabling them to implement measures which are in proportion to the risks they face. By following the process, security managers and practitioners are able to assess, develop and justify the actions their organisation needs to take, and the investments they need to make, to protect their critical assets against security threats.
3. Security awareness
Vigilance by staff and visitors at all crowded places is essential to your protective measures. Staff will know their own work areas well and should be encouraged to be alert to unusual behaviour or items that are out of place. They must have the confidence to report any suspicions, and know that reports, including false alarms will be taken seriously.
3.1 Training
Training is therefore particularly important. Staff should be briefed to look out for packages, bags or other items in odd places, carefully placed (rather than dropped), items in rubbish bins, unusual interest shown by strangers in less accessible places and suspicious behaviour.
Read more about Hostile Reconnaissance
Read more about Personnel Security Training and Good Practice
3.2 Deterrence
Hostiles will not necessarily be automatically deterred from a crowded place simply because it has CCTV, guards or a particular fence or lock. Instead, an organisation needs to use these security measures in an effective manner. Effective security measures with an alert and professional guardforce and staff will require hostiles or criminals to conduct further attack planning and pose an extra risk of detection, which they may be unwilling to accept. If a hostile assesses a site has excellent security measures due to the information available online, on a poster or witnessed in operation, it may be enough to deter them from their target altogether.
Read more about Deterrence Comms
3.3 Patrolling, guarding and security officers
Routine searching and patrolling of premises represents another level of security and may cover both internal and external areas. Ensure patrols are carried out regularly, but at unpredictable times. Staff must have clearly defined roles and responsibilities which are linked to clear policies and procedures for them to follow. Such measures must be underpinned by training, rehearsal and exercising.
Read more about Personnel Security Training and Good Practice
4. Access control
Controlling access into a site or venue may include either people, items or vehicles and is an essential layer of protective security. An efficient entry system creates a smoother flow into a crowded place. Ensure that the boundary between public and private areas of your venue are secure and clearly signed. Ensure there are appropriately trained and briefed security personnel to manage access control points.
Consideration should be given to how vehicle access could be controlled at the point of entry, particularly in relation to the searching or screening of vehicles in response to a specific threat. Larger sites may additionally have ‘crash’ gates which will require a strict security regime to ensure they are not breached. Access points should be kept to a minimum, with any boundary fences or demarcation lines clearly signed.
Read more about Search Planning
Access control systems and locks are designed to control who can go where and when. These systems integrate with physical barriers to provide delay and detection against a multitude of hostiles. Controlling access can be done via:
- Automatic Access Control Systems (AACS) which control a number of doors across a single or multiple site.
- Locks (electronic or mechanical) which control access to a single door.
Consideration should be given to investing in good quality access control systems that are not only physically robust, but also cyber secure.
Read more about Access Control
4.1 Key management
Read more about Access Control
4.2 Security passes
Read more about Access Control
5. The perimeter
There should be measures in place to ensure that a venue or site can exercise a degree of control over the activities that take place within their property boundaries. Defensible space is created by deciding which areas around a property are public and which areas are private. Simply put, boundaries should clearly define the difference between public and private space. This is particularly important when challenging protests and unlawful activity. There should be measures in place to ensure that an occupier can exercise a degree of control over the activities that take place within their property boundaries.
5.1 Fencing
Fencing is often used as a perimeter, providing a line of demarcation; it is an important security measure, both for deterring criminal activity and enhancing safety. Once installed, it should be regularly checked to ensure that it is in good repair and fit for its intended purpose. Perimeter Intrusion Detection Systems (PIDS) may be used at the perimeter to alert security officers that the perimeter has been breached.
5.2 Hostile Vehicle Mitigation
Your CTSA will be able to advise you.
Read more about Hostile Vehicle Mitigation (HVM)
6. Control Rooms
Security Control Rooms (SCRs) form the hub of a site’s security. The control room’s main function should be security; non-security responsibilities should be discouraged. The set-up of the control room should ideally allow serious incidents and crisis situations to be handled within them, without compromising the ability to deliver normal security functions.
For further information, seek specialist advice and refer to the CPNI website.
7. Strutural framing, walls and floors
Buildings within the UK are commonly constructed using a structural frame, typically steel, concrete or timber, or are built from unframed masonry. There are many different types of walls and floor systems that are used within buildings, but together these elements play an important role in protecting occupants and assets from the effects of blast and other security threats. For many, a primary security concern is for the building to remain standing, or for damage to be limited to defined zones following an attack involving explosives, impact and/or fire.
Designing structural framing, walls and floors for structures so that they incorporate physical security requirements from the outset, will help deliver robust and resilient business operations. Where it is necessary to retrofit or adapt existing structures, physical security needs should form a central part of the project’s ‘Operational Requirement’.
8. External doors and windows
Good quality external doors and windows are essential to ensure building security. Advice on standards are available through the Secured by Design or CPNI websites, or via your local CTSAs. Consideration should also be given to intruder detection systems. Remember that glazed doors are only as strong as their weakest point, which may be the glazing. All accessible windows should have good quality key operated locks.
Many injuries involving explosive devices are caused by flying glass. Glazing protection is an important casualty reduction measure. Extensive research has been carried out on the effects of blast on glass. There are technologies which minimise the shattering effect and therefore reduce the severity of injury. Anti-shatter film, which holds fragmented pieces of glass together, offers a relatively cheap and rapid improvement to existing glazing. If you are installing new windows, consider laminated glass, but before undertaking any improvements, seek specialist advice through your CTSA.
Working from a security threat and risk assessment, it should be determined which of the following types of attack the door and windows need to mitigate against:
- blast
- ballistic – people either trying to shoot at occupants through the door, or to damage the door/door hardware in order to gain entry
- manual forced entry – attackers using tools to try and force entry through the door
- surreptitious entry – an attacker trying to infiltrate through the door leaving no indication of compromise
Contact your local CTSA for advice on standards
Go to the Secured by Design website
8.1 Doors
Doors form an essential part of physical security and are often required to perform several functions, including to:
- control access, permitting access only to authorised personnel
- permit an appropriate flow of people/materials etc.
- work in conjunction with intruder detection systems (IDS), to detect unauthorised access
- provide a barrier to delay the progress of a hostile
- provide protection from specific types of threat, such as blast or ballistic
- provide protection from fire and/or smoke ingress
- provide a means of escape in an emergency
Security doors should also integrate with sensors for intrusion detection and access control systems, ensuring the earliest possible alert to a potential compromise. Whether they are part of the external façade, or form part of the boundary around a space within the building, it is important to define the security requirements for each door.
8.2 Windows
Windows comprise of a number of components and their security resistance is linked to how these components perform as a whole system. Consequently, when specifying the level of protection required of the window, it should relate to the whole system, not just the glass. When identifying glazing, there are various types of glass to select from, each of which has different properties:
- Annealed/float glass – traditional window glass which forms sharp glass shards when broken. It is not recommended for use in any security solution.
- Toughened glass, also known as tempered glass – the production process produces glass that is approximately five times stronger than annealed glass. It will break into small chunks instead of glass shards.
- Heat strengthened glass – this is similar to toughened glass but is only twice the strength of annealed glass.
- Laminated glass sandwiches – an interlayer between layers of glass designed to hold together when the glass shatters.
- Polycarbonate – significantly stronger and lighter than glass and hard to break.
Laminated glass is the preferred option for most security applications. Care should be taken to ensure that the correct type of laminate is specified and used. It is also important to ensure that the rest of the glazing system, e.g. support structure and fixings, are specified and installed correctly.
Anti-shatter film, fitted alongside bomb blast net curtains may be used in conjunction with any of the types of glazing. Additional measures such as bars and grilles may also be incorporated to provide enhanced security. Thought should be given to whether these are placed inside or outside the glazing. Obscuration measures can be used to mitigate both the threat of ballistic attacks and unauthorised observation. In the case of ballistic attacks, such measures will prevent aimed shots but may not stop un-aimed fire. The construction details of glazing therefore needs to be considered to determine whether they will withstand bullets from the selected threats.
Go to the CPNI Website on Windows and Glazed Facades
9. Heating, ventilation and air conditioning systems (HVAC)
In order to maintain a comfortable indoor environment, occupied buildings will feature some form of ventilation and heating or cooling. This may be achieved through natural ventilation, mechanical ventilation (e.g. fans/blowers) or hybrid ventilation systems.
Modern, commercial buildings such as shopping centres, airport terminals and sports venues typically use a distributed (mechanical) heating, ventilation and air-conditioning (HVAC) system. HVAC systems, which can have many points of access, potentially provide a viable, rudimentary means of dispersing chemical or biological agents, and so a consideration of measures to reduce this risk may be required:
- review the design and physical security of your air-handling systems, such as access to intakes and outlets
- improve air filters or upgrade your air-handling systems, as necessary.
Read more about Chemical, Biological and Radiological (CBR) attacks
10. Integrated security systems
Intruder alarms, CCTV and lighting are commonly used to deter crime, detect hostiles and delay their actions. All these systems must be integrated so that they work together in an effective and co-ordinated manner. Intrusion detection technology can play an important role in an integrated security system; it is as much a deterrent as a means of protection.
10.1 Alarms
The National Police Chiefs Council (NPCC) security systems policy (www.securedbydesign.com), sets out the police requirements for alarm systems installed by compliant companies to gain a police response to your premises. Compliant companies can apply for a police Unique Reference Number (URN) which is used to identify your individual security system within the police database to ensure your alarm activation has an immediate response. Ensure that your security system company is police compliant and they can supply a URN.
The NPCC requires security systems companies to be certified by an inspectorate accredited by the United Kingdom Accreditation Services (UKAS) to EN 45011 and to relevant British Standards listed in the NPCC security systems policy. The two inspectorates approved by the NPCC are: National Security Inspectorate (NSI) and Security Systems and Alarms Inspection Board (SSAIB).
Using CCTV can help clarify whether a security alert is real and is often vital in post-incident investigations.
Go to the Secured by Design website
10.2 Lights
External lighting provides an obvious means of deterrence as well as detection, but take into account the impact of additional light pollution on neighbours. If it is carefully designed and used, external lighting will help security staff and improve the capabilities of CCTV systems. Remember however, that CCTV is only effective if it is properly monitored and maintained.
10.3 Designing Out Crime Officers and Counter Terrorism Security Officers
Designing Out Crime Officers (DOCOs) and Counter Terrorism Security Officers (CTSAs) both provide advice and guidance on physical security. DOCOs are the ‘gatekeeper’ to security within the planning system. Their role is vital to the process of identifying, as early as possible, any future development that has, or may have, any counter terrorism concerns. Whilst CTSAs provide advice to counter terrorist threats, DOCOs provide advice and guidance to counter other criminality and they work closely together throughout the UK. Consult the appropriate website for further Information on who best to provide advice for a specific requirement.