Protect Critical Infrastructure With Advanced Identity Management Solutions

Protect Critical Infrastructure With Advanced Identity Management Solutions

  • By Daniel W. Krantz
  • Jul 22, 2014

We live in a high-risk world. Our post 9-11 culture has taught us not to be as trusting as we once were. Sadly, our nation's critical infrastructures have increasingly become high-risk terrorist targets. While risks and threats are always out there, a huge component in protecting critical infrastructure in times of crises is properly managing the identities of those who are trying to get in - and out - of secured zones.

It's a daunting task, but building a trusted community in support of secure operations and incident response is possible. In an age when identification cards and credentials can be so easily replicated and duped, real-time verification of individuals’ identity, employment affiliations, background and skills is essential in mitigating the “inside threat” inherent in the construction and operations of our nation’s critical infrastructure.

Protect Critical Infrastructure With Advanced Identity Management SolutionsAs a co-founder of the Secure Worker Access Consortium program, known as SWAC, I can attest to the increased efficiency and effectiveness that results from uniting otherwise disconnected organizations in support of trusted communities of workers - people who stand ready to support critical infrastructure and re-enter a site with the proper identity, clearances and skill sets. The program has been implemented at some of our highest value targets - World Trade Center, the NY/NJ region’s bridges, airports and tunnels. So, how can an identity management solution work for you? How do you go about implementing such a program? Here are some simple steps:

Collect personal information securely, and validate it. It's critical to validate personal information as it’s collected. In running these types of program, we have a responsibility to collect information securely and maintain the integrity of that data so it can be trusted for secure operations. Rule # 1 - Stop the Faxes! Faxing documents that contain sensitive information such as a Social Security Number, date of birth, address and employment history, can very easily compromise highly personal information.

To establish trusted communities, we must collect personal information securely, protect it, and, most importantly, validate identities and backgrounds as being truly authentic. For instance, very simple document authentication equipment can analyze the security features embedded within any government-issued ID to assure that an identity document presented is, in fact, legitimate. It enables you to positively ID that person for entry to facilities.

Organize personnel by active affiliations and skill sets. We must understand individuals’ employment affiliations and skill sets. Simply because someone is who they say they are doesn't mean that he/she is authorized to perform certain tasks, or that they belong at a particular incident scene. Contracted workers often attempt using obsolete credentials to gain access to secure sites.  Once inside they may have access to sensitive facilities and mechanical system, and the opportunity to do harm.  In public safety communities, emergency responders can be tempted by radio traffic from nearby incidents to self-dispatch and inappropriately respond to emergency scenes. That type of unauthorized response results in unnecessary risks, and can prolong the duration of the incident, and the cost associated with response and recovery efforts.

Different people possess unique, specialized skillsets that can keep us safe and minimize risk and liability. These should be tracked to ensure that someone is not only who they say they are, but also that they belong at a site because they were summoned there, and have the proper training and skill sets to perform the job that needs to be done.  This can sometimes involve integrating third parties, such as the training academies, to assure the proper assignment of certifications to individuals. This comprehensive view of a person creates a profile that goes way beyond a mere name on a list, but rather an educated selection of individuals to expedite a response and minimize the impact of that event.

Standards and audit controls. Don't be anxious that you're collecting personal information, and will know who’s affiliated with whom, who does what, and when someone's security clearance or training certification expires. Yes, you're collecting and managing a lot of personal data, but you can protect yourself with standards that are already established, and audit controls that prove compliance with those standards. Many standards have already been put in place, such as Homeland Security Presidential Directives, FIPS data standards, and CFRs related to national infrastructure protection that clearly define, at the federal level, what an individual's profile should look like in order to comply with federal recommendations and mandates.

This allows you to say "We don’t set the criteria. We simply collect information, process it to third parties who are certifying authorities in that particular discipline, and enable the secure need-to-know sharing of that information with public safety officials for the purpose of securing a zone, or allowing only those individuals needed back into a zone for expedited response and minimized impact."

Provide officers with accurate, real-time information. To establish a trusted community, officers and emergency responders must be empowered with accurate, real-time information that’s secure, trusted, and reliable. Data contained on credentials is potentially obsolete in a short period of time. And ID cards can be relatively easily forged.  Today’s fake IDs look authentic. They may not have the security features that are invisible to the eye that a bona-fide Real-ID has, but in a flash and pass program, someone would likely get through nine or more times out of 10!

Protect Critical Infrastructure With Advanced Identity Management SolutionsSWAC’s trusted community empowers security personnel with real-time information that doesn't disclose personal information, but instead, privately says that an individual accessing critical infrastructure meets the criteria to access the location at a specific time. When we consider identities, affiliations, and skill sets as part of the access decision equation, it drastically cuts the chaos at entry points, enabling our public safety officers to more efficiently and effectively control entry to secure locations and critical incident scenes.

Action Plan

Positively identify the community that works for you and track their skill sets if they’re in environments where that’s important. Pinpoint criteria that makes sense for you and authenticate that access, not by issuing an ID card that anybody can fake or defraud, but by authenticating it back to the original data source. Where’s the protected data that we know is valid? That’s the data that should be used for authenticating individuals’ access rights. It's the backbone to building trusted communities for secure operations and incident response.

(Image #1 - SWAC bridge in NY)

(Image #2 - SWAC terminal)

About the Author

Daniel W. Krantz is managing director and CEO of Real-Time Technology Group (RTTG).

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3