In an emergency, most of us turn to our mobile phones first, to contact loved ones, call for help, or assess how a situation is developing. FEMA (the U.S. Federal Emergency Management Agency) notes that in recent years cell phones “have been an invaluable resource for disaster survivors.” They even specifically advise using Twitter in an emergency, both to communicate and stay informed. This highlights just how important private business continuity planning (BCP) is to public safety: The continued operation of a cellphone network or social platform like Twitter doesn’t just have an impact on share-holder value–it has a real life-saving impact for people caught in a disaster.
Private business continuity planning is increasingly meshing with public critical infrastructure protection (CIP) and continuity of operations planning (COOP). TSS CEO Jim Richards has noted that both corporate physical security specialists and planners, as well homeland security planners and other public safety professionals, face the same primary challenge in maintaining critical infrastructure in uncertain times and quickly restoring it after a disaster: Access control.
Thinking of Private Business as Public Infrastructure
The Canadian government has done excellent work in bridging the conceptual gap between public critical infrastructure protection and business continuity planning. As Public Safety Canada’s Guide to Business Continuity Planning explains:
“When considering the type of alternate facility [your business needs to continue operations], consider all factors, including threats and risks, maximum allowable downtime and cost. For security reasons, some organizations employ hardened alternate sites. Hardened sites contain security features that minimize disruptions. Hardened sites may have alternate power supplies; back-up generation capability; high levels of physical security; and protection from electronic surveillance or intrusion.”
TSS CEO Jim Richards–who has spent decades designing, engineering, fabricating, and installing bullet resistant barriers and access control systems for both government agencies and private companies–seconded these suggestions. Jim has found that, although bullet proofing isn’t necessarily a primary concern for many businesses as they plan for disruptions or disasters, access control should be:
“By its nature, any bullet resistant barrier system controls access–and is generally held to a standard that’s a cut above, when it comes to a facility’s physical security. These are robust materials being integrated together to stop a small thing that can move very fast. It doesn’t have much trouble stopping an angry customer, or even an angry mob.”
Where Critical Infrastructure Protection Meets Business Continuity Planning
“We’ve done a fair bit of local and municipal government work over the years,” Jim explained, “and we’ve seen that there are a lot of similarities between how they treat CIP and COOP, and how foreword-thinking businesses are treating BCP. For example, protecting a data center isn’t all that different from protecting a water treatment plant or energy facility.
In the case of utilities, you want workers to come and go freely, keeping everything running smoothly. But you certainly don’t want anyone unauthorized wandering around. When we’ve done data centers, it’s been much the same: You have to protect that data and access to those machines. That starts with securing and hardening the doors and the walls. There’s a lot of ballistic fiberglass to back the drywall, steel doors on the exterior, and wood veneered interior doors that match what’s already in place–a nice clean look, with the added benefit that intruders aren’t tipped off as to which door leads to critical infrastructure and which lead to a broom closet.
When access control is a top priority, physical keys are a huge liability. It’s just too hard to manage all those keys, and too expensive to recover if your keys are compromised. Electric strikes–usually integrated with a building-wide key card system–or pushbutton locks are much easier to manage.”
Although in most cases these CIP/BCP-style access control systems don’t need to worry about having a public-facing aspect, it’s easy to integrate one or more drop-in transaction windows, so that secured staff can continue to manage how the facility interacts with the outside world.
“The entire access control system–the walls, the doors, even the door frames–are usually built to Level 3 bullet resistance. That’s not necessarily forced-entry rated, but can still take a lot of abuse before someone will be able to pass through. And, obviously, such a system has the added benefit of being able to stop quite a few bullets. Our Level 3 steel doors are rated to stop three shots from a .44 Mag, but in practice they’ll take more than 100 rounds without a single penetration. That’s a level of access control that should give you real peace of mind.”