Control Room Security – Taken Hostage
Shortly after midnight on November 8th, four armed men broke into a nuclear facility, a site where hundreds of kilograms of weapons-grade uranium are stored. According to the Nuclear Energy Corp, these four "technically sophisticated criminals" deactivated several layers of security, including a 10,000-volt electrical fence, suggesting insider knowledge of the system. Though their images were captured on closed-circuit television, they were not detected by security officers because nobody was monitoring the cameras at the time.
So, undetected, the four men spent 45 minutes inside one of the most heavily guarded facilities in the world. Eventually, the attackers broke into the emergency control center in the middle of the facility, stole a computer (which was ultimately left behind) and breached an electronically sealed control room. After a brief struggle, they shot Anton Gerber, an emergency services officer. Although badly injured, Gerber triggered the alarm, setting off sirens and lights and alerting police stationed a few miles away. Nevertheless, the four escaped, leaving the facility the same way they broke in.
Amazingly, at the same time those four men entered from the eastern perimeter, a separate group of intruders failed in an attempt to break in from the west. The timing suggests a coordinated attack against a facility that contains weapons-grade nuclear material. On November 16th, local police arrested three suspects, ranging in age from 17 to 28, in connection with this incident.
In response to the attack, the Nuclear Energy Corp. suspended six security personnel, including the general manager of security, and promised an "internal investigation which will cover culpability, negligence and improvements of Security Systems." It should be noted that the site's security was considered to have been upgraded after a break-in there two years ago.
It is still unclear why the two groups of intruders sought to break into this facility. More important, however, is that had the armed attackers succeeded in penetrating the site's highly enriched uranium storage vault, where the weapons-grade nuclear material is believed to be held, they could have carried away the ingredients for the world's first terrorist nuclear bomb.
The Department of Homeland Security (DHS) issued a manual to provide guidance on how to identify, handle and safeguard information developed by private and public entities under Section 550 of Public Law 109-295 and its implementing regulations, the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR Part 27. Pursuant to CFATS, this information is known as Chemical-terrorism Vulnerability Information, or CVI.
iPads, phones, and other mobile devices have changed the way we work, but we still require workspaces that turn data into information. Data itself stored on servers somewhere, even the cloud, is vulnerable. Just imagine if all your data was turned against you or taken away from you. Security has always been important, and as technology advances, so does paranoia. We understand the importance of having secure data, work environments, and protection against evil intention. For the past 20 years, security gaps have been one of the highest components in the design process. We must consider all possible scenarios from hacking to breaching the control room doors and walls. Just as much thought is put into protecting data as it is for protecting your people. Control rooms of the future are already incorporating high tech retina scanners for security clearance. Security has been and will forever be integrated into the design of every control room. We continue to project the worst-case scenarios and rethink back doors, windows, first floors, server rooms, and blast resistance during every design decision we make.
Ian Nimmo, expert in control room design and operating best practices says:
“Most companies leave security at the gate, inside the gate the control room is vulnerable to whoever gets past or around the security guard. At some sites, security is enhanced by TWIC cards for all employees and contractors, and non-TWIC holders are escorted by a company representative at all times. It’s not good enough. This is like believing our US border is the ultimate protection which has been proved to be false. Most just go around the secure areas. Security is not just a matter of “how” but “when” they get in “what” can they do. They will likely take an operator's family hostage and instruct the operator to remove the safeguards and bypass protection systems, then run the plant into an unsafe state, without this SIS protection really bad things can happen. We try to encourage management to provide a silent alarm in a control room so operators can inform security of a breach. Control rooms should have a plan and procedures in place with training on different scenarios like a hostage situation of a family member. Some sites are taking this more seriously while others will wait for stricter regulations. The nearest we have is the Nuclear industry which is highly regulated by the NRA. We have the Chemical Terrorism regulation, but it is not commonly put into practice and is not observed by sites currently. It looks like it is waiting to be put in place after the first catastrophe.”
Is your site protected against an attack? We offer building security assessments to identify vulnerability, protection plans, and training. For more information contact firstname.lastname@example.org
Simply fill out the form and we will be in contact with you shortly to schedule a phone or web conference to answer questions and discuss how we can help your organization.