Secure Access for Critical Infrastructure Sites
DDE Technology has partnered with Veridocs, the leading provider of real-time ID authentication solutions that enable companies to vet staff and visitors entering their sites. Veridocs' visitor management solutions are used in many sectors including casinos and hospitality, retail, banks and financial institutions, data centers and critical infrastructure sites.
ID Authentication for Site Enrolment
Security experts have been working to spread awareness of the need to improve physical security for critical infrastructure sites. Recently, an executive order was issued from the White House declaring a national emergency in order to defend the power grid. Facilities such as power plants, dams, water treatment works and manufacturing sites need to be accessed by a range of employees and contractors, meaning that thorough security badging and entry-vetting procedures for these facilities are crucial in order to protect the people, systems, assets and ultimately, operations of these sites.
Critical infrastructure security and compliance professionals are responsible to ensure that their entry processes properly authenticate staff and visitors - both at the initial point of enrolment and for subsequent visits.
Common Vulnerabilities in Badging Practices
To achieve higher security, standard badging procedures need to be reassessed. A common practice at critical infrastructure sites is to issue badges or access privileges to staff or contractors based on a basic ID check. This ID check is typically undertaken directly by operations staff or by a contracting organisation. There are several security vulnerabilities inherent in this scenario:
If the initial ID check is simply a visual inspection of the staff or contractor’s photo ID, or a scan of the barcode on the ID, this fails to meet the threshold for full authentication of the document. Barcodes and photos on ID documents can be forged with relative ease, meaning that a facility with weak ID inspection procedures can unwittingly grant access to a person with a fraudulent ID.
Any additional biometric security enrolment the organisation then performs will be rendered pointless, as the person’s face, fingerprint, or retinal scan will be registered in the system with a fake identity.
A more secure process - ID Authentication - uses multiple light sources and a global document library to confirm the ID document’s unique security features, and also confirms that the machine-readable data encoded in the document matches the printed data. By ensuring that only badges are issued to holders of properly authenticated ID documents, critical infrastructure operators can be more certain they are keeping their facilities secure.
Finally, critical infrastructure organisations will also benefit from the ability to check the names of people requesting badges against government and regulatory watch lists, as well as any internal watch lists they may keep (such as banned contractors, disgruntled former staff, access privilege lists etc.). This helps ensure that criminals, wanted suspects, foreign agents, banned contractors and former employees are not unknowingly admitted into the system.
Combining these three measures - ID authentication, facial matching, and watch list checks facilitate the goal of ensuring that critical infrastructure sites do not grant access to individuals who don’t belong there. The technology powering these measures can be integrated with a property’s visitor management and badging systems, helping make the enrolment and authentication process extremely efficient even with this heightened level of security.
Watch List Checks
Maintaining High Security at Remote Locations
Better security can be maintained at substations and other remote critical locations as well, even when security staff are not present to handle access control. The same facial matching technology used at enrolment can be installed at the remote location - implemented with a simple webcam or computer camera - to automatically compare the face of a badge holder with the picture on file in the system.
This prevents stolen or improperly loaned badges from being used to gain access at unstaffed entry points. A “match” result can trigger the system to grant access, while a “no-match” result can be set to trigger customized security alerts and workflow events. Veridocs' technology is workflow-based which means it can be integrated into a company's alerting and enrolment systems to enhance the security posture for vetting site for staff, contractors and visitors.
An additional layer of security can be applied during the enrolment process by using facial matching technology to confirm that the person presenting a photo ID is its rightful holder. Using a genuine ID document of a “lookalike” person is another common way for bad actors to gain access where they don’t belong, and security personnel do not always spot the differences between the ID photo and the person in front of them.
Infrastructure Protection in Real Time
Critical infrastructure is called “critical” for a reason, so protecting it and preventing improper access is a challenging, yet essential function. However, technology integration as embodied in the Veridocs Critical Infrastructure Security now makes it easier for security and compliance professionals to meet these challenges - and be confident in their access control vigilance.
DDE Technology is a trusted advisor to companies around the world that rely upon critical operational infrastructure. We provide a range of solutions that ensure industry keeps running and that address the threats inherent in an increasingly interconnected world.
COPYRIGHT © 2020, DDE TECHNOLOGY LIMITED. ALL RIGHTS RESERVED.