Information which can be obtained without breaching the perimeter/building (e.g. via hostile reconnaissance, online research)
- The area beyond the perimeter where protective security measures can be projected
- Information or assets which are taken off site which require protection
Principles
Deter
- Deny adversaries access to the information and other resources they require to conduct attack planning
- Persuade adversaries from conducting an attack through emphasis of the likelihood of failure and capture
- Project a sufficiently hostile view of the environment to an adversary so as to make an attack difficult or too unachievable to progress
- Amplify the effectiveness of security measures and messaging
Examples
- Messaging on the corporate website about the effectiveness of security measures (including the monitoring of visitors/cookies to enhance the user experience)
- Limiting the information available about the asset forcing a physical reconnaissance visit to the asset (increasing the likelihood of detection)
- Ensuring that the approaches to and areas around the asset are clear, easily monitored and that there is an appropriate challenge by the security officers or staff to unknown individuals e.g. by asking 'can I help you?'
- Messaging for the entire attacker journey, from the website through to the physical approaches to the site, that provide reassuring messages about the security measures in place.
Detect
- To identify threat or attack behaviours at every stage of an attack - planning, reconnaissance, deployment
- Initiate an appropriate response to a threat or attack as early in the attack timeline as possible
- Monitor for the loss of information or assets which have been moved off site
Examples
- Detecting hostile reconnaissance through the monitoring and detection of suspicious activities on the corporate website and visits to the asset
- Implement a CCTV monitoring system covering beyond the site perimeter to identify an attack team approaching
- Use an information/asset logging system to identify patterns of information/assets not being returned or accounted for
Delay
- Maximising the time between the detection of an attack (at any of the stages in the attack timeline) and an attack reaching an assets perimeter
- Limit availability/access to information in order to prevent an adversary developing an optimised attack plan thereby increasing the attack timeline and further increasing the chances of detection
Examples
- Monitor the area beyond the perimeter enabling early detection and maximising delay time for an adversary to transition the ground
- Ensure an adversary requires multiple or extended visits to a site to gather information for an attack plan increasing the risk of detection and extending the attack planning timeline
Mitigate
- Maximise stand-off to any form of attack
- Minimise single points of failure beyond your perimeter
- Understand the potential effects of an attack on the surrounding environment and its impact on your site
Examples
- Use of vehicle security barriers to enforce an appropriate stand-off distance
- Use of resilient power supply, preventing single point of failure
- Locating key servers at the core of the building
- Use of local business/security forums to discuss impacts of attacks on neighbours and potential mitigations that could be used
Response
- Determine what external response is required to the range of threats your site faces and ensure measures are in place to initiate the response
- Where appropriate exercise your plans with external response forces, including communicating with neighbours
Examples
- Establish an out-of-hours system to deliver a nominated keyholder to the site within an appropriate time frame
The following pages provide more information on the protective security measures which can be used to achieve the protective security principles above. Considering the impact a measure has on Deter, Detect and Delay is important to ensure the measures are complementary and all three Ds have been covered. Response to an attack and minimising the consequences of an attack should also be included in both your protective security measures and security planning.