Optimising high performance buildings for maximum efficiency is a key focus for many asset owners and facility managers. Optimisation involves integrating all major building attributes to improve a buildings operational and energy efficiency, durability, and lifecycle performance. To effectively support efficient building operations, occupants need to be able to perform their roles safely and securely. Security plays a key role in creating this operating environment through the appropriate deployment of security treatments, guided by a philosophy and framework of security risk management. Please note that the following is not a panacea for all security ills, it is but one approach (of many) that can be used to assist in the security and ongoing operations of a high-performance building.
Four Pillars to Success - Cyber, physical, electronic, and procedural security: The differences explained
A secure high-performance building can reduce the probability and impact of security incidents. However, different facets of security create a robust and resilient building environment. Generally, these facets are separated into cyber, physical, electronic, and procedural security.
- Cybersecurity is a collection of technologies, procedures, and practices designed for the protection of computer systems from an attack, theft, unauthorised access or damage to hardware, software, electronic data, or network. In high performance buildings, cybersecurity takes center stage when compared to traditional high-rises, particularly due to the increased reliance on integrated services platforms, sensor nets, and sophisticated control systems that could allow a malicious actor unprecedented control and access to a building’s operation;
- Physical security refers to the physical protection of people, tangible assets, and property from circumstances that may result in damage or loss. Typically, this includes the physical layout of a building and the barriers, locks, controls, walls, vaults, and safes allowing access to authorized people and disabling access to unauthorised intruders. Physical security is most effective when integrated into the architecture and has proportionately more architectural and aesthetic impact the later it is considered in a project;
- Within the context of physical security, electronic security is the deployment of security technologies such as closed-circuit television (CCTV), electronic access control and intrusion detection systems, intercoms, and other technologies to enhance the security operations within a building. Security technology such as cameras and access cards are often the first things that come to mind when people think of building security. They are however, just one option and should only be used to enhance the operational security manpower in keeping a building secure; and
- Finally, procedural security describes the measures concerning a process, policy, or an established routine that must be followed (for example, standard operating procedures (SOP's), also known as standing orders) for monitoring and response by building staff. Procedural security is what facilitates effective security manpower deployment and reinforces the responsibilities of non-security staff in security activities. Security officers and facilities staff, such as receptionists, who lack proper training or guidance through a suite of procedures, can lead to inconsistencies and inefficiencies in security operations.
Integrating security approaches
Over the last few years cyber, physical, electronic, and procedural security were traditionally applied as separate components. However, as threats have grown more sophisticated and building owners are expected to respond more rapidly to the constantly changing environment. If an "All In" approach incorporating the above is not at least considered, it will leave gaps in your security plan.
Cyber, physical, electronic, and procedural security all have their parts to play and rely on each other to enhance and maximise their effectiveness. Like many things, with security, the whole solution is more than the sum of its parts. Examples of this interdependence include:
- CCTV cameras being ineffective at supporting a timely response to a security incident without live monitoring by trained security officers;
- Cybersecurity measures such as firewalls, encryption, and cyber intrusion detection become moot if attackers can steal the physical IT hardware storing sensitive data using brute force at their leisure off site. Critical IT equipment must be in a physically secure environment;
- Physical security design, such as a minimisation of building entrances, can reduce the need for expensive electronic security deployment;
- Electronic security such as CCTV and access control systems rely on cybersecurity measures to remain operational in the face of a technical attack. Hackers who can subvert the security systems will enable a much more effective physical intrusion into a building; and
- All the electronic and physical security in the world can eventually be overcome by determined attackers given enough time. At the end of the day, it is the manpower facilitated by procedural security that will bring a resolution to security breaches.
Collaborative design approach
Oftentimes, security is not considered until the architectural or fit out design is already completed. This is often because security is solely seen as a minor building service that is not impacted by the larger building design context.
Through an early engagement in the planning process, security professionals are able to advise and develop strategies to reduce and or manage identified threats as part of a succinct and relevant security risk assessment. When consideration is given to incorporate security principles early in the design of a high performance building it can lead to efficiency benefits over a building’s life cycle by:
- Reducing maintenance costs of security technology;
- Maximising loss prevention throughout the building;
- Increasing the sense of safety and security of building occupants and;
- Minimising manpower requirements.
The assumption that security consists purely of security guards, CCTV, access control cards, or ID badges is generations out-of-date. Modern security solutions and integrations within high performance buildings require a holistic and tailored approach that is best applied through early engagement with specialist security consultants rather than engagement with building services engineers later in the building design process. By doing so, high performance building owners and operators can realise the benefits of a secure environment over a building’s life cycle.
