Tested & Ready
 
Tested & Ready

Oct 1, 2004 12:00 PM
By Don Sturgis

Testing does not stop after acceptance tests are completed and the physical security system is fully online. Instead, testing simply takes on different characteristics after system acceptance. Unlike the tests discussed in previous articles, testing after final acceptance is ongoing and must be performed for the life of the system.

The frequency and extent of ongoing testing will vary depending upon the risk profile of the facility being protected. In all cases, these tests must be performed in concert with the day-to-day operation of a functioning system. A security system cannot be shut down to perform these tests unless compensatory measures are instituted.

The computer-based and network-based nature of today's systems makes ongoing testing more important than ever. The more complex the system, the greater the chance of errors, such as set-up errors, operator errors and component or equipment failures. System tests must be based on both the type of system and the nature of its use. These determine what must be tested, and how often it must be tested. Additionally, the more complex the system, the greater the chance that an intentional sabotage of some aspect of security will go unnoticed ! especially if the change is temporary. Thus, system audits are introduced as an important part of ongoing system testing.

The purpose of ongoing testing is to make sure that security systems are working properly, in support of the larger purpose to make sure that security measures are intact. To fulfill the larger purpose, security inspections are necessary (and are required in a regulatory environment such as airport/nuclear plant, DOE, etc). Security inspections dovetail with system tests and system audits, which together combine to provide verification of physical security measures. Security inspections can extend beyond the systems themselves to take in the complete view of the people, process and technology components of physical security. In this article, the scope of security inspections will be limited to inspections of system physical components.
VENDOR TESTING: PART OF THE MAINTENANCE CONTRACT

Because of component interdependencies, all large system end-users should consider a maintenance contract with the system integrator that includes regular preventive maintenance testing. The alternative, if there is a technically qualified staff, is to train the staff in the repair and maintenance of the systems. Even with a staff trained to perform system testing and maintenance, the maintenance personnel of most system integrators should have experience that significantly enhances their training. An integrator's experienced field technicians can usually diagnose and troubleshoot more quickly, and often have field experience that exceeds that of the manufacturer. However, inexperienced systems integrator technicians can lack something that a company's own trained personnel would have ! familiarity and day-to-day experience with the system. It would be wise to have a staff member observe at least a portion of the integrator's testing program. Alternatively the integrator can complete a component testing form and send it to the organization for review and record keeping.

The system integrator maintenance contract should cover:




  • Routine preventive testing of system components, cleaning camera lenses and panel boxes and visual inspection of all such equipment;


  • replacement of expendable items, such as batteries, that have an estimated life;


  • stocking of replacement parts (circuit boards and end-devices) to guarantee agreed-upon downtime;


  • availability of service personnel after "normal" hours;


  • response time of service personnel;


  • procedures for notifying service personnel of problems; and


  • a reporting system that documents when, where and what services were performed.


Generally, an organization's security staff and vendor maintenance personnel will both have roles in ongoing testing. The scope and schedule of testing to be performed by a company's own staff and by a contracted vendor will depend upon a number of factors, including:




  • environmental and extreme weather conditions (near ocean, extremely hot or cold temperatures);


  • the types of technologies that comprise the overall system;


  • the size and complexity of the systems;


  • how frequently critical alarm and response features are used;


  • the vulnerability of the system components to weather and vandalism;


  • the facility's level of security risk;


  • the role the system plays in an organization's overall security plan;


  • regulatory compliance requirements, such as HIPAA or government agency regulations; and


  • the level and makeup of the facility's security and building engineering staffing.


REPAIRS AND UPGRADES: RETESTING

When a defective system component is replaced, the part of the system affected by that component must be re-tested to make sure the new component is operating properly. A Repair Log must be kept that indicates the model number and serial number of the defective component, the date it was replaced and the reason it was replaced. This Repair Log must be reviewed periodically to check if a particular type or model of component is failing continuously. The vendor of that component should be contacted to see if the component is being misapplied or if the component is eligible for an upgrade or replacement.

The importance of after-repairs testing should not be underestimated. Field technicians often put a system or part of it into "test mode," or temporarily change settings to facilitate their installation work. Most technicians do not write down such changes, and rely on their memory or their habitual practice to revert the changes. Ideally, there would be a written set of procedures to follow for troubleshooting and for the repair or replacement of system components. The rate of technology change, however, makes that implausible. Therefore, testing the functions of a system related to a changed component ! not just testing the component itself ! is vital to ensure the integrity of the system.

Software upgrades are a routine occurrence and a nightmare to those who want to keep their system isolated from the Internet for obvious security reasons. Procedures must be established to answer the following questions:




  • How does one keep track of all of the upgrades to commercial software packages that are used by the system?


  • Is each of the software upgrades necessary?


  • Does an upgrade provide new enhancements and features that are not required for the system or does the upgrade fix problems that must be downloaded to the system?


  • How is this upgrade to be incorporated into all of the system computers and work stations?


For critical systems that must run at all times, it is appropriate to have what IT professionals call a staging platform ! an identical computer server and at least one workstation ! that is configured exactly like the operational system. Upgrades are installed and the appropriate set of tests is run on the staging platform first. Only if these are successful are the upgrades performed on the operational systems. If the upgrade procedure is lengthy, a staging platform server or workstation can be used to temporarily replace an operational server or workstation while it is being upgraded and tested.
CUSTOMER TESTING: ONGOING DUE DILIGENCE

There are some tests at high-risk facilities that should be performed every day. The duress input device at each location having one (such as a receptionist's desk or any room or station that handles cash on a daily basis) should be tested at every shift change. The system operator should have a checklist with the phone numbers at each "duress" location. At the start of each shift, the operator should call each location and ask the person to initiate a "duress" action. The operator can ascertain that each of these "alarms" appear on the system monitor and note that they are test alarms. This will provide an audit trail for future investigations to show that the system was functioning correctly, will provide a sense of security for those working in a vulnerable location and will ensure that the persons working in those areas know where and how to operate the duress alarm.

Access control door testing should include normal operations (accepts valid ID card, rejects invalid ID card). Testing should also be performed to ensure that an alarm is produced if the door is held open too long, and also if a hard key is used to open the door.

There may be some type of visual and/or audible alarm or signal that the system operator initiates as the result of an incident reported by the system, phone or radio. This signal may be system-wide but is more likely directed to a specific area in a facility. Test signals should be initiated periodically with some agreed-upon way of letting those locations know that "this is a test." As with the duress alarms, the same type of audit trail should be provided for these tests.

Low-risk facilities may check their duress alarms monthly. High-risk facilities must check their duress alarms at least once daily.

Failures of components that are used on a daily basis, such as entry and exit card readers, will usually be reported by facility occupants when the first failure occurs. These do not really need periodic testing; they are tested by constant use. Components that are seldom used can fail without anyone knowing about it. Often guard tours can be used to perform periodic or rotating testing of components in facility areas that are not in frequent use.
SYSTEM READINESS TESTING AND VERIFICATION

Are there procedures in place that allow changes to be made to the system's operation based on information reported by the Homeland Security Advisory System color code system or other threat reporting systems? Some access control systems provide for establishing levels that, as the threat level elevates, will prohibit certain badge holders' access to areas they would normally have access to.

Most sources indicate that every organization should plan some type of emergency disaster/threat drill at least once a year. Internal personnel and outside observers should be stationed at key locations in order to obtain good feedback on how well the drills were performed. Prior to such a drill, the functions of the system that will be used during the drill exercise should be tested. Failure to perform such a test means risking that some portion of the drill will fail or rate poorly because of a system problem. The drill should not be a test of the system, but rather a test of the security procedures and the ability of the personnel to carry them out.

High-risk critical facilities often drill contingency responses that include in their scenarios the failure of one or more systems. For example, what if a card reader quits working, and emergency access must be granted based upon emergency identification procedures? Or what if there is an alarm in an area and the video cameras are disabled? Unless the security drill requires otherwise, such a test should be designed so that it does not require changing the system settings or connections. For example, cardboard could be taped over a camera lens, or someone could hold a card up to block the lens. A blank access card that has never been programmed should be used, rather than programming a new one for the test. This way, reverting system changes and going through an additional round of testing after the drill is not necessary.

Holding debriefing meetings after the drills will provide answers to questions such as:




  • Did the system perform as expected?


  • What system improvements can be made to provide better information?


  • Are the system operators adequately trained to respond to emergencies?


  • Are emergency responder's (both internal and external) names and phone numbers stored in the system database correct?


  • Were the correct emergency responders notified of the emergency?


  • Were the emergency responders allowed access to the required areas?


TROUBLESHOOTING PERSISTENT PROBLEMS

The Alarm and Operator Response Reports should be reviewed daily. Do persistent alarms from the same sources continue to appear in the reports? The causes of these alarms need to be investigated and mitigated or they will become nuisance alarms and be ignored by the operators.

The Alarm Report should enable the operator to report what actions he/she took in response to an alarm. However, at the end of each shift, there should be a procedure that requires the operator to report any system anomalies or persistent problems observed during his/her shift.
SYSTEM TROUBLE VS.SYSTEM ATTACKS

If the security system is connected to a business network or any other network (including the Internet), network security measures must be used. There are commercial software tools available that provide network vulnerability assessments and intrusion detection.
ONGOING SYSTEM TEST PLAN

The preceding information might make the design of ongoing testing sound complicated ! in practice it usually turns out to be simpler than it sounds. Generally only a few things need to be tested, and the manufacturer's documentation provides a good starting point for the test procedures. The system should be tested against a realistic threat. For example, for doors this would include forcing the door open. For an overhead gate, it would include interference with full closure. For a fence intrusion detection system, threats would include climbing, crawling or cutting the fence. Test plans from earlier acceptance tests can act as lists from which to select items for testing and inspection. Working out how someone might attempt to subvert the system or temporarily change system settings to bypass security can give indications of what to audit.

An ongoing system test plan will include lists of the features or components that need to be tested, inspected, or audited along with how and why to perform the test (see sidebar lists). Often, system and equipment inspections are incorporated in a larger security inspection checklist that includes items such as checking door latches and door frames for signs of attempted forced entry, checking for doors propped open, etc.

For critical inspection items, persons from different parts of the organization should perform parallel independent testing. For example, if nighttime loading dock overhead door security is critical for theft prevention, the doors should be inspected at different times by both security and maintenance personnel, thus reducing the likelihood of false reporting to cover up an inside scheme to bypass security.
EVOLVING TEST PLANS AS SECURITY PLANS EVOLVE

Physical security systems are dynamic ! changes and additions are constantly being made to them. Card readers are incorporated at additional doors. New cameras are added to areas not covered before. New access levels are always being created and old ones modified. A big danger is that these changes are made "on the fly" and not documented or tested with the same detail as the original system.

Security plans and policies are also dynamic ! changes and additions are made to account for changes in business operations and personnel status. Sometimes actions may have consequences beyond those originally intended, decisions may no longer be valid or something may have gone wrong during a plan execution. These are all reasons why periodic audits must be performed on system procedures to ensure that they are adequate and appropriate for today's needs.
A CLOSER LOOK

Things That Need´

TESTING




  • duress inputs


  • emergency alarms


  • incident reporting signals


  • intrusion detection systems


  • card readers and electric door hardware at infrequently visited facilities


  • alarm inputs to camera control preset settings and camera response to alarm inputs


  • input-output linkage schemes


  • IR illuminators


  • cameras should be checked during both day and night times to ensure proper focusing during light and non-light or low-light conditions


  • security UPS systems


  • hardwire and network communication devices and overall system


  • DVRs should be checked each day to ensure they are recording properly


INSPECTING




  • contract and licensing renewal schedules


  • replacement dates on expendable items


  • system documentation ! is it up-to-date?


  • alarm reporting procedures


  • backup batteries in field panels (voltage and replacement date check)


  • frames, hinges, door latches and door closers for controlled and monitored doors


  • door position contacts for controlled and monitored doors


AUDITING




  • ongoing test procedures


  • adequacy of training procedures


  • adequacy of systems reports


  • appropriateness of testing intervals


  • accuracy of repair log


  • coherence to access level and door naming rules


  • compare software audit log to access level change request forms


  • appropriateness of operator responses to alarms


  • incorrect or missing system functionality


  • consistent operator performance errors


  • operator comments A Closer Look Ongoing Test List Item


A CLOSER LOOK

Ongoing Test List

ITEM
TEST NAME
TESTER
FREQUENCY
PURPOSE/REASON

Lobby Duress
Lobby Duress Check
Lobby security officer
Daily at building opening
Ensure duress is always working

Executive Entry Path
Executive Entry Path Check
Post commander
Weekly, rotating the day of the week including weekends
CEO's access card seems to fail at one door or another when he comes into town

Doors for rooms storing sensitive data
Data Room Security Test
Security officer on night patrol
Daily using test cards with various levels of employee access
Verify that employee security levels without access to sensitive data areas cannot access them.

Camera control pre-programmed alarm triggers
Video Door Monitoring Test
Roving day security officer
Monthly
Verify that door forced and held open alarms cause the monitoring camera to move to the programmed position.

Walkway night activity lighting
Walkway Night Lighting Test
Security officer on night patrol
Daily during night shift
Verify that card access into parking area and any exit from the building activates walkway night lighting.
A CLOSER LOOK

Ongoing Inspections List

ITEM
INSPECTION NAME
TESTER
FREQUENCY
PURPOSE/REASON

Door latching on all Employee Entrance Doors
Employee Entrance Door Latch Check
Security officer on night patrol
Daily during night shift
Doors have failed to auto-close, which required door adjustment, due to heavy use.

Door position contacts for all monitored doors
Door Contact Check
Assigned facilities maintenance person
Monthly
Ensure that door contacts have not become loose, and are not bypassed.

Loading dock overhead door position contacts
Loading Dock Door Check
Dual independent inspections by security officer on night patrol and assigned facilities maintenance person
Weekly at night
Ensure loading dock doors cannot be pushed up more than 1 inch without generating an alarm. Check for signs of attempted forced entry.

Field panel battery check
Panel Battery Check
Assigned facilities maintenance person
Monthly
Ensure backup batteries are fully charged and are replaced if at replacement date.

Check that reader mounts are not getting loose, especially for parking area
Reader Mounting Inspection
Assigned facilities maintenance person
Monthly
Prevent loss of reader operation due to loose reader mounts.
A CLOSER LOOK

Ongoing Audit List

ITEM
AUDIT ACTION NAME
TESTER
FREQUENCY
PURPOSE/REASON

Access Level Definitions
Access Level Definitions Audit
Security post commander; line of business security liaisons
Monthly on the first business day of the month
Ensure access levels are correct and appropriate per security policies

Access Level Change History
Access Level Change Audit
Security post commander and Assistant Director of Security
Monthly on the first business day of the month
Check for temporary security violations

Run remote login report
Remote Login Check
System administrator
Weekly
Verify that there is no unexpected use of remote logins to the security system

Don Sturgis, CPP, is a senior security consultant for Ray Bernard Consulting Services (RBCS), a firm that provides high-security consulting services for public and private facilities. This article is excerpted material from the upcoming book The Handbook of Physical Security System Testing by Ray Bernard and Don Sturgis, scheduled for publication by Auerbach Publications in the spring of 2005. For more information about Don Sturgis and RBCS, go to www.go-rbcs.com or call 949-831-6788.

 
  • IR Monochrome Video Camera
  • Spy Tech - Sprinkler Head Camera w/ 25ft. Hard Wired Cable
  • Badging effort helps to organize workers after deadly Worcester fire
  • When Trouble Comes To Visit
  • Biometrics comes of age
  • Hidden Camera Video Recorder - with built-in Internal Recording and Front Panel
  • BUMPER TO BUMPER
  • Keeping Customers Safe While Protecting Company Assests
  • Resolution Is In the Eye of the Beholder
  • Stamford Hospital
  • Keeping ATMs in focus
  • Computer security background information