Integrated Security Systems Design Integrated Security Systems Design A Complete Reference for Building Enterprise-Wide Digital Security Systems Second Edition Thomas Norman, CPP, PSP, CSC AMSTERDAM (cid:129) BOSTON (cid:129) HEIDELBERG (cid:129) LONDON NEW YORK (cid:129) OXFORD (cid:129) PARIS (cid:129) SAN DIEGO SAN FRANCISCO (cid:129) SYDNEY (cid:129) TOKYO Butterworth-Heinemann is an imprint of Elsevier AcquiringEditor:BrianRomer EditorialProjectManager:KeiraBunn ProductionProjectManager:MohanaNatarajan CoverDesigner:MarkRogers Butterworth-HeinemannisanimprintofElsevier TheBoulevard,LangfordLane,Kidlington,OxfordOX51GB,UK 225WymanStreet,Waltham,MA02451,USA Copyright©2014ElsevierInc.Allrightsreserved. Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyform orbyanymeanselectronic,mechanical,photocopying,recordingorotherwisewithouttheprior writtenpermissionofthepublisher.PermissionsmaybesoughtdirectlyfromElsevier’sScience& TechnologyRightsDepartmentinOxford,UK:phone(+44)(0)1865843830;fax(+44)(0)1865853333; email:permissions@elsevier.com.Alternativelyyoucansubmityourrequestonlinebyvisitingthe Elsevierwebsiteathttp://elsevier.com/locate/permissions,andselectingObtainingpermissionto useElseviermaterial. Notice Noresponsibilityisassumedbythepublisherforanyinjuryand/ordamagetopersonsorpropertyas amatterofproductsliability,negligenceorotherwise,orfromanyuseoroperationofanymethods, products,instructionsorideascontainedinthematerialherein.Becauseofrapidadvancesinthe medicalsciences,inparticular,independentverificationofdiagnosesanddrugdosagesshould bemade. LibraryofCongressCataloging-in-PublicationData Applicationsubmitted BritishLibraryCataloguinginPublicationData AcataloguerecordforthisbookisavailablefromtheBritishLibrary ISBN:978-0-12-800022-9 ForinformationonallButterworth-Heinemann publicationsvisitourwebsiteatstore.elsevier.com ThisbookhasbeenmanufacturedusingPrintOnDemandtechnology.Eachcopyisproducedto orderandislimitedtoblackink.Theonlineversionofthisbookwillshowcolorfigureswhere appropriate. About the Author ThomasL.Norman,CPP,PSP,CSC,isaninternationallyacclaimedsecurityriskmanage- ment and enterprise-class security system design consultant with experience in the United States, the Middle East, Europe, Africa, and Asia. Mr. Norman has experience in securitydesignsforcriticalinfrastructureincludingoilandgasterminals;linesanddistri- butioncenters;masstransitandvehicletransportationsystemssuchasairsecurity,rail, and marine facilities and systems; long-span suspension and truss bridges; and central banking,utility,andfinancialfacilities.Mr.Norman’sextendedexperienceincludeswork- ing with a large number of chemical, petrochemical, banking, government, corporate, hospitality,healthcarevenues and museums. Mr. Norman’s unique processes focus on identifying and securing the underlying causes of building system vulnerabilities—that is, business processes, technologies, and cultures that encourage the development of vulnerabilities to the detriment of the organization. Astheauthoroftheindustryreferencemanualonintegrated securitysys- temdesign,andwithmorethan35yearsofexperienceindesign,constructionmanage- ment,andcommissioning,Mr.Normanisconsideredoneoftheindustry’sleadingdesign consultants,worldwide,havingcontributedmanyindustrydesignfirsts,includingvideo pursuit and REAPs design concepts, among others. Mr.Normanhasdevelopedformulasanddetailedprocessesthatareusedbytheentire securityindustrytocalculatetheeffectivenessofsecurityprogramsandsecurityprogram elements and also overall security program cost effectiveness. Mr. Norman has authored four books: Security Planning and Design—A Guide for Architects andBuilding Owners (Contributing Author – The AmericanInstitute ofArchi- tects); Integrated Security Systems Design (Elsevier); Risk Analysis and Security Counter- measures Selection (CRC Press); and Electronic Access Control (Elsevier). His works have beenquotedandreferencedbyorganizationsandpublicationssuchastheCatoInstitute, NBC, and Security Management. v Dedication LivingandworkingintheMiddleEasthastaughtmethevalueofconsideration,kindness, and respect in furthering human relations between individuals, ethnic groups, political groups, and nations. It has taught me that the secret to personal happiness is gratitude. The difference betweenhappinessandunhappinessisthedifferencebetweengratitudeandentitlement. Itisimpossibletobeunhappyinastateofgratitude.Anditisimpossibletobehappyina state of entitlement. Ithasalsotaughtmethatthesecrettofurtheringthehappinessofothersiscompas- sion.Everyonehasastoryofpersonaltragedy.Thatstoryisoftenplayedoutininterper- sonalconflictwithothers.Bylookingpasttheconflictandbeingconsiderate,respectful, andkindtotheperson,onecanoftenhavearelationshipwithadifficultpersonthatothers did not thinkpossible. May your life be filled with gratitude,kindness, and compassion. Idedicatethisbookto all who try to live inthis simple,humble way. xv Preface ThisbookisaboutIP-network-basedintegratedsecuritysystemsdesign.Itwaswrittento help new designers and designers who are familiar with old-style alarm/access control and analog video and intercom systems adapt to IP-based systems. IwasanearlyadvocateofInformationTechnology(IT)-basedinfrastructurebecauseit offered something that older security system infrastructures could not: true enterprise capability. Ethernet infrastructures permit the distribution of a security system across the organization’s facilities all over the world. That just isn’t possible with older infrastructures. WhileIwasdelightedtoseethesecuritymanufacturingindustryadoptEthernetinfra- structures,Iwasdistressedtoseethattheindustrywasnotseriouslyaddressingtheneed toprovideforthesecurityofthesystemitselfonthenewEthernetinfrastructure.WhenI askedmanufacturerswhytheywerenotaddressingnetworksecurity,Ireceivedanswers suchas“Oh,thatistheITdepartment’sresponsibility”or“Securityintegratorshavetheir hands full just learning how to deal with Ethernet-based systems; we’ll get to network security later.” So, here was an industry that was responsible for securing an entire organization’s assets, and the security system itself was often not secure. The idea that the electronic securitysystemthatwastrustedtoprotectsometimesbillionsofdollarsinassetsshould itselfbeunsecurewasunacceptabletome.So,itwasclearthatitisimportantforsecurity professionalstounderstandITtheoryinordertoefficientlydesignnetworksandpractical networksecurity. Soon thesecurityindustrywillmovetosystemsinwhichtherearenoanalogorpro- prietarywireddevicesatall;alldeviceswillconnectdirectlytotheEthernetinfrastructure. Theknowledgeofhowtodesignefficientnetworksystemsandhowtosecurethosesys- temsisparamounttosuccessfulsecuritysystems.Thisisthefutureofsecuritytechnology. Inthisbook,Ialsobringthereaderinsightintosomeofthemostsophisticateddesign conceptsanywhereinthesecurityindustry.We’llbediscussingdesignconceptsthatare abletomakeordinarysystemsperformextraordinaryfunctions.Thisistheoneandonly book you will need for allsecurity design concepts. xvii 1 Introduction and Organization of the Book Mostintegratedsecuritysystemsinstalledtodayaredesignedtoprotectunknownvulner- abilitiesagainstunknownthreats.Theyoftenusetechniquesandproductsthatworkwell totheadvantageofthevendorbutnotalwayssowelltotheadvantageoftheclient,and they areoftenmoreexpensive than is necessary. Wecan change that. This book is about designing IP-based integrated security systems and enterprise- integrated security systems (which are also IP-based). These are security systems that havethreemajordefining attributes: (cid:129) Integrated security systems comprisenumerous subsystems togetherinto one complete, highly coordinated, high-functioning system. Typical subsystems include alarm, access control,closed-circuitvideo,two-way voice communication,parking control,andotherrelatedsystems.Systemintegrationisthebasicconceptforallthat follows. (cid:129) Systemintegrationinvolvesboththeintegrationofcomponentsandtheintegrationof functions. High-level functions can be obtained by integrating components into a comprehensive working system, insteadofindividual disconnectedsubsystems. (cid:129) Convergence-based integrated security systems are integrated security systems that utilizeTCP/IPEthernetinfrastructureasthebasiccommunicationsmedia.Thisisthe resultofa convergence of industries(thesecurity technology industry and the information technology (IT)industry). Most new integrated security systemsare convergence-based systems. (cid:129) We willalsodiscussenterprise-integrated security systems conceptsin depth. Enterprise-integratedsecurity systems are those security systemsthat have been integrated with other systems, including elevators, privateautomatic branch exchanges, human relations programs, and security video and intercommunications systems, at thecorporate-wide(theenterprise) level to perform a wide variety of automated security-related tasks in amannerconsistent with corporate oragency policies and proceduresand that do so uniformlyacross theentireenterprise. Forexample,when an employee is terminated, theact of pressingOKon the humanresourcessoftwarescreencan cause theemployee to also be terminated from the accesscontrol system and ITsystem and even shut downaccess to hisor her business telephone and voicemail. Such integration canpreventahostile terminatedemployee from gainingoutside access tovaluable data orleavinga forwarding oreven antagonistic message on hisorher voice mail. Virtually all 3 4 INTEGRATED SECURITYSYSTEMS DESIGN buttheveryearliestenterpriseintegratedsecuritysystemsareconvergencebased,and almost allof theearliest systems utilize some convergence concepts. Although you may not need to design enterprise-class integrated security systems, understandingtheirdesignconceptswillmakeyouabetterdesignerofanyconvergence- basedintegratedsecuritysystem,soitisworthwhiletobeattentivetotheenterprise-class conceptswhentheyarediscussedherein. Who Should Read This Book Thisbookisdesignedfornewandexperiencedsystemdesignconsultants,designers,and projectmanagerswhobuildthesecomplexsystemsandforthebuildingowners,security directors,andfacilitiesdirectorswhooperatethem.Eachwillbenefitfromtheexpansive array of issues covered. Many of these subjects have only rarely or perhaps have never been discussed before in any book to my knowledge. These include such aspects as how to make your security system virtually disappear on the IT system infrastructure, as though it were not there at all to anyone but the system administrator (Chapter 17); a complete discussion on how to use security technology to delay, confound, and take down aggressors in very high-security environments (Chapter 4); and secrets on system implementation that help ensure a stable, reliable, and high-functioning system (Chapters 9 and 18). There is some discussion about pitfalls out of which the potential for lawsuits has arisen for well-meaning but unsuspecting project participants. My goal istohelpyougaincommandofeveryaspectoftheprocessnecessarytoensureyoursuc- cess, thesuccessof theprojectteam, and especially thesuccessof yourclient. Designing enterprise integrated security systems seems daunting to most who have onlydesignedsystemsforsinglebuildingsorforsmallcampusenvironments.Thechal- lenge has become ever more important with the advent of terrorism and the move toward using electronic security systems to augment homeland security. The challenge of helping to protect our nation’s transportation, economic, and cultural infrastructure raises the importance of designing what used to be esoteric systems. Today, these sys- tems are becoming more commonplace. However, many of them are being designed usingoldskillsetsandoutdated techniques,resultinginoutmodedandthereforeunsui- table results. A Brief Background WhenIwrotethefirsteditionofthisbook,thesecuritytechnologyindustryhadonlyjust recentlycrestedahill.Behindus,intherearviewmirror,isyesterday’stechnology.Ahead ofustowardthehorizonisthetechnologyoftomorrow.Itisdifferentfromthepast.ItisIT based.Manyinthesecurityindustryareafraidofit.Theywillresistthechange.Theywill lose. Those who resist IP-based security systems will condemn themselves to security industryirrelevance. Chapter 1 (cid:129) Introduction and Organization of theBook 5 Inthe1990s,largecorporateandgovernmentclientsbegantounderstandthattheyare better served by enterprise-class security systems. Enterprise systems differ from older approaches in that they permit the uniform application of security policies and proce- duresacrosstheentireorganization.Theypermitcentralizedmonitoringofsecurity,busi- nessprocesses, andadherencetopolicy.Theyreduceliabilityandoperating costs.They permitauserfromonefacilitytofreelyaccessanyotherifhisorheraccesslevelpermits. At the time the first edition of this book was written, nearly every manufacturer had embraced the enterprise security concept, but many werestill trying to make it work in thecontextofoldersystemarchitectures.Increasingly,atthetimeofthesecondedition, thesearegraduallybeingreplacedbysystemswithpureITinfrastructures.Byreadingthis book,youwillbeaheadofthegameandbeabletomakedesigndecisionsthatwillsave you and yourclients tens of thousands ofdollars and many headaches. These large-scale enterprise-level integration projects raise the bar, and we must all train well enough to jump over it. This book presents everything you will need to know to achieve success on these complex projects. A Framework for Understanding the Design Process I frequently receive calls from designers who are challenged with projects beyond their experience, asking how to approach the task. I tell them the first question is not how, butwhy?Now,donotmisunderstandme:IdonotmeanwhyshouldIbother?Imeanthat theprocess shouldbeginwith a clear and complete understanding ofthe following: (cid:129) What assetsarewe trying to protect? (cid:129) Fromwhomarewe protecting them? (cid:129) And against what kinds ofattackor misuse? (cid:129) Howcan Iuse integration to improve theoperations ofmy client and disruptthe operations of criminals and terrorists? Onlyafterthesequestionsareunderstoodandansweredcanwebegintoconsiderwhat todesignandhowtoapproachit.Thisbookwillhelpyoulearnhowtodesignlargeinte- grated security systems, beginning with how to approach the project with the question, Why? Goals of the Book After finishing this book, you will havea new command ofthe following: (cid:129) Strategic issues The importance ofintegrating electronics and physicalsecurity with asolid foundation ofgoodsecurity management. Howtoworkwith theclient’s best interestsinmind. Howto know when to integrate systemsand whenit does not benefit the client.