AIS FACILITY PHYSICAL PROTECTION

The physical protection of the AIS facility can be thought of as the process of permitting access to the facility by authorized persons, while denying access to others. The physical protection of an AIS facility is not as stringent for an AIS facility that processes unclassified data as it is for an AIS facility that processes classified data. In the following example/discussion, assume the facility processes classified material and provides physical protection in accordance with OPNAVINST 5510.1 and OPNAVINST 5530.14. Pay particular attention to applying physical protection and security policy wherever AIS equipment is used for processing classified information in accordance with OPNAVINST 5239.1.

Ensure plans are developed for the protection, removal, or destruction of classified material in the case of a natural disaster, civil disturbance, or enemy action. The plans should establish detailed procedures and responsibilities for the protection of classified material so that it does not fall into unauthorized hands in the event of an emergency. Also, indicate what material is to be guarded, removed, or destroyed. An adequate emergency plan for classified material should provide for guarding the material, removing the classified material from the area, complete destruction of the classified material on a phased priority basis, or appropriate combinations of these actions.

The emergency plans should also provide for the protection of classified information in a manner that minimizes the risk of loss of life or injury to AIS personnel. The immediate placement of a trained and preinstructed perimeter guard force around the affected area to prevent the removal of classified material is an acceptable means of protecting the classified material. This action reduces the risk of casualties.

Security requirements for the central computer AIS facility area should be commensurate with the highest classified and most restrictive category of information being handled in the AIS. If two or more computer systems are located in the same controlled area, the equipment comprising each system may be located so that direct personnel access, if appropriate, is limited to a specific system.

Boundary Protection

The threat analysis may indicate the need to protect the property boundary of the AIS facility. This may be accomplished by installing fences or other physical barriers, outside lighting, or perimeter intrusion detectors, or by using a patrol force. Often a combination of two or more of these will be sufficient. Fences should be 8 feet high with three strands of barbed wire. Fences provide crowd control, deter casual trespassers, and help in controlling access to the entrances; however, they do not stop the determined intruder.

In situations where manpower shortages exist, the fence can be equipped with penetration sensors that should sound an internal alarm only. This type of

physical protection system uses small sensors mounted at intervals on the fence and at each gate.

Emanations Protection

In evaluating the need for perimeter protection, take into account the possibility that electromagnetic or acoustic emanations from AIS hardware may be intercepted. Tests show that interception and interpretation of such emanations may be possible under the right conditions by technically qualified persons using generally available hardware. As a rule of thumb, interception of electromagnetic emanations beyond 325 yards is very difficult. However, if there is reason to believe that a potential exposure to interception exists, seek technical guidance from upper management and the Chief of Naval Operations.

Measures to control compromising emanations are subject to approval under the provisions of Control of Compromising Emanations, DOD Directive C5200.19, by the cognizant authority of the component approving security features of the AIS system. Application of these measures within industrial AIS systems is only at the direction of the contracting activity concerned under provisions of the Security Requirements for Automated Information Systems (AIS's), DOD Directive 5200.28, and the requirements are to be included in the contract.

Interior Physical Protection

Intrusion detection systems (IDSs) (OPNAVINST 5510.1) provide a means of detecting and announcing proximity or intrusion that endangers or may endanger the security of a command. The use of an IDS in the protective program of a command may be required because of the critical importance of a facility or because of the location or the layout of the command.

Remember, IDSs are designed to detect, not prevent, an attempted intrusion. Thus, a comprehensive security plan must contain appropriate security measures along with procedures for an effective reaction force.

Remote Terminal Areas Protection

The physical and personnel security requirements for the central computer facility area are based upon the overall requirements of the total AIS system. The remote terminal area requirements are based upon the highest classified and most restrictive category and type of material that will be accessed through the terminal under system constraints.

Each remote terminal should be individually identified to ensure required security control and

protection. Identify each terminal as a feature of hardware in combination with the operating system.

Before personnel of a component that is not responsible for the overall AIS operation can use a remote device approved for handling classified material, security measures must be established. These security measures are established by the authority responsible for the security of the overall AIS. They are agreed to and implemented before the remote device is connected to the AIS.

DOD component systems may become part of a larger AIS network. The approval and authority to authorize temporary exceptions to security measures for the component's system in the network requires two components. These include the DOD component operating the AIS system and the DOD component having overall responsibility for the security of the network.

Each remote terminal that is not controlled and protected as required for material accessible through it should be disconnected from the AIS system when the system contains classified information. Disconnect procedures are used to disconnect remote input/output terminals and peripheral devices from the system by a hardware or software method authorized by the designated approving authority of the central computer facility.

Security Survey

An annual security survey of the AIS facility area should be conducted by the AIS technical manager. The first step of the survey is to evaluate all potential threats to the AIS facility as discussed earlier in this chapter. The second step is to define and tabulate areas within the facility for control purposes. Details depend on the specifics of each facility, but the following are common areas to consider:

l Public entrance or lobby;

l Loading dock;

* Spaces occupied by other building tenants;

l AIS facility reception area;

l AIS input/output counter area;

l AIS data conversion area;

l Media library;

l Systems analysis and programming areas;

l Computer room spaces;

l Communications equipment spaces; and

l Air conditioning, UPS, and other mechanical or electrical equipment spaces.

The survey should verify security measures already in place and recommend any improvements to upper management. Obtain a current floor plan on which to depict all areas within the facility. Include all access points and any adjacent areas belonging to the AIS facility, such as parking lots and storage areas. Begin the survey at the perimeter of the AIS facility, considering the following: Table 4-6.-Secunty Measures Checklist l l l l l

Property line. Include fencing, if any, and type. Note the condition, the number of openings according to type and use, and how they are secured. Are there any manned posts at the property line?

Outside parking facilities. Are these areas enclosed, and are there any controls? Are parking lots controlled by manned posts or are devices used?

Perimeter of facility. Note all vehicular and pedestrian entrances and what controls are used, if any. Check all doors-their number, how they are secured, and any controls or devices, such as alarms or key card devices. Check for all ground floor or basement windows and how they are secured, screening or bars, for example, and their vulnerability. Check for other entrances, such as vents and manholes. Are they secured and how? Check for fire escapes-their number and locations and accessibility to the interior of the facility from the fire escape (windows, doors, roof). How are accessways secured?

Internal security. Begin at the top floor or in the basement. Check for fire alarm systems and devices. Note the type, location, and number. Where does the alarm annunciate? Check telephone and electrical closets to see if they are locked. Are mechanical and electrical rooms locked or secured? Note any existing alarms as to type and number. Determine the number and locations of manned posts, hours, and shifts.

Monitoring facility. Know the location, who monitors, who responds, its type, and the number of alarms being monitored.

Table 4-6 is a checklist of other questions that should be asked in the survey.

When the security survey is complete, it provides a picture of the existing alarm systems and the location of each. It also shows the number and location of manned posts, the number of personnel at these posts, and the schedule of each.

With these facts in hand, the AIS technical manager can evaluate existing access controls and protection measures, identify areas where remedial measures are needed, and select specific measures.

Always consider the use of various types of security hardware devices to augment the existing personnel protective force. Through the use of such devices, it may be possible to save on operating cost.