This post is also available in:
עברית (Hebrew)
Incorporating Security Technologies in Critical Infrastructure Structural Systems, Public Buildings and Real Estate
Written by Or Shalom
In the construction world, security has become a central issue in the design, operation, and maintenance of modern buildings. This is due to the increase in a variety of threats, including terrorism, breaches, organized crime, and cyberattacks. The need for security is not limited to sensitive buildings, such as embassies, airports, prisons, etc. It also includes critical aspects related to the protection of real estate, office buildings, shopping complexes and hotels. [1] The residents of such properties, whether they are civilians, employees, or guests, are required to have maximum security in both the physical and cyber realms. Therefore, characterizing and carefully designing secure buildings is essential. This includes strengthening physical protections through technology-enabled physical obstacles, access control systems, security cameras, sensors for breach detection, and protection of infrastructure such as electricity, generators, and water. At the same time, as I mentioned, the cyber component is also important. This includes the attackers’ wish to bypass security systems, the importance of cyber protection of structure management systems (in order to ensure proper structural functioning), and preventing risks associated with the personal security of the residents and employees by ensuring that the place is functioning properly in the event of an attack or disaster, in order to prevent economic and image damages.
The Benghazi Incident: A case study of the results of physically protecting buildings against terror attacks, espionage and cyber threats:
On September 11, 2012, the U.S. Embassy in Benghazi was attacked by a group of terrorists, who also set the building on fire and killed four Americans, including U.S. Ambassador Chris Stevens. The attack was coordinated, using gunfire and grenades. The event highlighted the challenges of embassy security, and along with insights related to increasing security forces, intelligence and coordination with locals, there were also insights regarding the physical protections required when constructing an embassy. [2] The incident led to a review of security measures at American embassies and diplomatic facilities, and to new conclusions about the risks and threats embassies in high-risk areas are exposed to. These insights raised the need for improving the structural safety of embassies and diplomatic facilities, so that they would be better protected against modern threats. This, by strengthening buildings with protected walls and fireproof rooms that reduce the risk of physical attacks, creating buffer zones and walls, as well as creating explosive-proof areas and shelters for evacuation and protection in emergency situations. Additionally, creating plans that include integrated security systems, such as installing cameras and conducting 24/7 surveillance, installing protected gates and access control systems, will ensure an immediate response to any threat. [3] Moreover, in recent years, embassies around the world are also exposed to drone threats. [4] Drones can be used to collect intelligence (including for technological and cyber threats), but may also cause direct harm. These threats require embassies to also consider implementing advanced security measures. Beyond the risks of terrorism, embassies are also exposed to threats of espionage and cyber in a way that requires proper pre-planning to prevent the possibility of physical meddling with the computer infrastructure (as I will expand on below).
The Austrian Hotel: A case study of the significance of cyber vulnerabilities in structural systems:
Safeguarding cyber systems in operational buildings (building management systems) is becoming critical in the modern world, where maintenance technology is becoming a key component. [5] Building systems such as HVAC, lighting systems, access control systems, and other services are now all functioning through digital networks, and are exposed to risks and cyberattacks. Failure to protect these systems can lead to a fundamental disruption in the facility’s operation, risking the security of guests and employees, hurting its image and, of course, leading to financial consequences. In 2020, the Austrian luxury hotel Romantik Seehotel Jaegerwirt was cyberattacked by hackers who took over the access control system that managed the hotel’s electronic key systems. The attack resulted in hundreds of guests being locked inside or outside their rooms, disabling hotel management computers, including booking and payment systems. The hackers demanded a ransom payment to stop the attack. These attacks demonstrate the risk of using automated and interconnected systems in modern buildings, especially in the context of room management systems, electronic keys and payment systems. The event also highlights the importance of secure planning for cyber protection (as well as preventing access) to IT and OT systems in buildings, and in particular, the need to implement advanced security measures that prevent hackers from infiltrating, block unauthorized access, and reduce the risk of data loss or disruption of critical services. [6] Of course, as part of the key practical takeaways, automated backup systems, recovery capability, regular upgrades of the security system, and ongoing training of technical teams for cyber events, are also required.
The Attack on Aramco’s Oil Infrastructure: A case study for protecting structures against sabotage and drones
The attack on the Aramco oil infrastructure in Saudi Arabia in 2019 caused significant damage to the oil infrastructure and production capacity, which fell to half the daily amount (the attack caused a halt in production, which usually comprised of 5.7 million oil barrels daily, and affected the global oil markets with a sharp increase in prices). [7] Aramco was able to recover its operation in a short period of time, but the event highlighted the vulnerability of critical infrastructures to UAV threats and the need for better protection of strategic energy facilities from such threats. Therefore, there is a growing need for protected construction accompanied by advanced defense technologies for critical infrastructure. The threats require the physical protection of critical infrastructure facilities, especially for those involved in energy production and processing, and the adaptation of the construction components to emerging threats (including drone and missile threats). Of course, solutions such as advanced radar systems and physical protection of facilities are required in order to prevent the penetration of drones or other technologies. In addition, it is necessary to prepare for a quick response and establish backup infrastructures that will ensure continued operation during difficult times. [8]
The need for protective construction for sensitive facilities such as critical infrastructure, embassies, trade centers, office buildings, and areas with extensive human traffic is critical to ensuring the proper function of residents and guests. These infrastructures are potential targets for terrorist attacks (including cyberattacks), so security measures must be implemented all the way from the planning stage to the operating stage. Physical protection, as well as advanced technological systems, are required to maintain limited access, secure sensitive equipment, and protect systems from damage or sabotage. In addition, the need to protect and create security infrastructures for residential and office buildings is increasing in the modern era, where physical and cyber threats also affect private and business buildings. Residential buildings, especially those located in densely populated or urban areas, require advanced physical safeguards such as secure gates, security cameras, protection technologies against drone threats, and more. All of these require meticulous design and implementation of advanced security technology, combining standard requirements that ensure the full operation and protection of the facility.
The author is a security, cyber and HLS technology expert and consultant to government ministries and defense industries. He holds a master’s degree, as well as civil and national qualifications in the realm of HLS and Cyber Security. He has experience in consultation and business development for security companies and groups in matters of planning and building defense, innovation and security technology, exercises, and training in security and cyber.
- https://i-hls.com/archives/110639
- https://2009-2017.state.gov/r/pa/prs/ps/2014/01/219760.htm, https://2009-2017.state.gov/arbreport/
- https://www.cfm.va.gov/til/PhysicalSecurity/dmPhySecMC-2015.pdf
- https://www.voanews.com/a/yemen-foils-terror-plot/1725068.html
- https://www.youtube.com/watch?v=HpnYrDU0dMA&t=36s
- https://www.gov.il/BlobFolder/generalpage/buildingmng/he/%D7%94%D7%92%D7%A0%D7%94%20%D7%A2%D7%9C%20%D7%9E%D7%91%D7%A0%D7%99%D7%9D%20%D7%97%D7%9B%D7%9E%D7%99%D7%9D%20V1.docx_.pdf
- https://www.youtube.com/watch?v=fnDM60VPqVM
- https://www.cisa.gov/topics/physical-security/bombing-prevention
