Intrusion Detection for Public Transportation Facilities Handbook (2003)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Intrusion Detection for Public Transportation Facilities Handbook 85 CHAPTER 4. Steps in Application and Implementation 4.1 OVERVIEW This chapter provides checklists and information for the technical personnel in transit agencies on applying Intrusion Detection Systems (IDS) and Access Control Systems (ACS) technologies for securing their facilities. The first sections describe general application steps, with later sections providing data on IDS technology systems. Some data is repeated from Chapter 3 to enable this chapter to stand alone and also to avoid skipping back and forth in this Handbook to look up specific system information. It is important to note that IDS (and related ACS) is only a part of the implementation of an overall security plan for transit facilities. 4.2 APPLICATION STEPS Listed below are suggested steps to create an effective and optimal Intrusion Detection System for public transit facilities. These sequential steps need to be followed before the effective application and implementation of IDS / ACS security technology. A full description of the following steps is beyond the scope of this document, so only a short description is included. Numerous technical sources and professional support are available to complete these steps. 4.2.1 Steps Prior to Application of IDS and ACS A. Identify a Comprehensive List of Assets This step involves an on-site survey of the proposed security area to compile a list of all system assets. The compiled list of agency critical assets should then be studied to determine the most vulnerable assets, including identifying those that would require protection. B. Identify Threats to the Assets Identification of threats to transit assets is a difficult and complex process. The method includes the collection of data on any and all people or groups that may pose a threat to the transit system’s assets. Threats run the range from inadvertent intrusion, to juvenile pranks, criminal acts and up to terrorist attacks. Sources for threat information normally include law enforcement at all levels of government (include historical data), data on foreign threats, and other intelligence sources. C. Identify Vulnerabilities to Assets Once the assets are identified and the threats summarized, a Vulnerability Assessment can be conducted. During this step, the transit system, in cooperation with others such as law enforcement officials and emergency responders, should determine those assets that are most critical to the agency and that require protection. This assessment produces a

Intrusion Detection for Public Transportation Facilities Handbook 86 document that identifies the list of critical assets that the transit system needs to protect from identified risks. D. Assess the Risk and Consequences The previous three steps are combined into a matrix that summarizes the risk to the Transit Authority. This risk is relative and can change with the introduction of new threats and information. This step also includes consequences of damage or destruction of a facility. E. Determine Priorities Limited resources are a reality for all transit systems. By using Risk Assessment data an ordered list of priorities can be set. This list can be ordered by types (for example tunnels) and by consequence (a parts warehouse vs. a heavily used tunnel or bridge). Normally a matrix is generated that includes the methodology of weighing priorities so that the list can be quickly revised with the introduction of new data. 4.2.2 Steps in Applying IDS and ACS After the completion of the above steps, the process of applying IDS and ACS begins as described below. Details of these technologies are provided in Chapter 3. The implementation of these systems also follows a sequence of steps. The following lists provide a straightforward approach to implementation of IDS and ACS. A. Design Criteria 1. Determine facility significance 2. Determine economic loss from intrusion 3. Determine acceptable economic loss 4. Determine intruder’s capabilities 5. Determine capabilities of response force 6. Determine characteristics of IDS currently installed 7. Determine force response time (aids in determining system design) 8. Determine security requirements from above 9. Determine optimal trade off of security capital costs versus response force versus operational costs B. General Design Points x IDS is installed for two purposes - Deter or delay the entry of unauthorized personnel by barriers - Provide notification to security forces of unauthorized entry by sensor systems x Coordinate the design with security forces - Robustness of barrier design can increase protection and delay entry time - Method of quick alarm assessment must be included

Intrusion Detection for Public Transportation Facilities Handbook 87 - Barrier delay and alarm notification must be coordinated with security response time C. Application Steps x Collect all data from asset identification, threat assessments, vulnerability assessments, risk assessments, and priority settings x Produce/procure maps of the facility to be protected x Conduct an on-site survey (see details below) x Indicate zones and areas of security on the map x Set security zones as unbroken and enclosed x Produce layered approached of multiple zones for the best results x Design from the inside to outside x Utilize and include existing physical characteristics and infrastructure - Existing barriers and fencing - Terrain and ground contours - Civil structures – roads, building, windows, important rooms, etc. - Existing lighting - Existing power - Existing data and communication networks - Existing environmental controls x When possible place barriers inside IDS alarm zone - Provides an alarm before entry into secure area - Minimizes damage to barriers x ACS needs to be coordinated with IDS to suppress nuisance alarms - Authorized access suppression of IDS alarms - Work versus off-shift alarm suppression x Lighting work must be coordinated to provide efficient assessment - Lighting levels for deterrence - Lighting levels for assessment by security workers - Lighting levels for video assessment x A method of alarm assessment must be included - Identification of alarm type (intrusion, false, nuisance, environmental) - Prioritization of alarm response - Ideally a sensor alarm will automatically call up a video image of alarmed area x Interior sensors versus Exterior sensors - Interior sensors are lower in cost - Interior sensors are subject to lower problematic alarms (false and environmental) - Interior sensors are closer to protected asset so response time is less x Barriers must be coordinated with health and safety - Emergency exit by personnel - Emergency response entry into area

Intrusion Detection for Public Transportation Facilities Handbook 88 D. Design Steps -Site Survey A site survey consists of the confirmation of all available documentation and the collection of actual field data via a survey. This work should be conducted by a team, of at least two people, and extensive images (photo/video) and notes must be taken. x Field notes – with details and observations x Identify mismatches between documentation and field conditions x Note special or unusual conditions x Take digital photo images (a must) x Take a high number of digital photos, two pictures of the same view are better that none x Video tape (optional) x Note picture direction on area map x Indicate in field notes any special reason for image x Interview personnel responsible for operations, management, and security x Note any existing IDS and ACS E. Design Plans The design plan used for the implementation of the IDS, combines all of the following data: x Threats, Vulnerability, Identification, Risk, and Priorities reports x Site Survey Report – generally in this format  Introduction  Purpose  Survey Personnel  Security requirements  Site Description  Existing Systems x Design Criteria x IDS / ACS operational characteristics (Applicable Technologies) The plan includes the follow parts: x Site Plan x Overall System Block Diagram x Command Center locations x IDS Zones x IDS Barriers x IDS Sensor Block Diagram x IDS Sensor Locations x Lighting Block Diagram x Lighting coverage zones and locations x CCTV Block Diagram x CCTV coverage zones and locations x ACS Block Diagram

Intrusion Detection for Public Transportation Facilities Handbook 89 x ACS Locations x Power support for systems x Emergency and UPS power for systems x Communication support for systems x Temperature control for systems (e.g., Command Center AC) F. Other Considerations Environmental influences must be considered in the systems design. Some factors include: x Temperature x Rain/Snow/Sleet/Hail x Frost and Dew Point x Sun angle (for cameras) x Vegetation and Trees (blocking view and contribution to environmental alarms) x Lighting x Water build up and drainage x Bodies of water x Flood x Fire x Hurricanes x Tornadoes x Earthquakes x Tsunamis x High Surf x Sand Storms Other factors must to be considered: x Electromagnetic/Radio Frequency Interference (EMI / RFI) x Material Storage (blocking view) x Overhead power lines x Underground utilities x Ditches, roads, walls, x Construction (particularly trenching) x Power interruption x Communication interruption 4.3 IMPLEMENTATION OF SPECIFIC TECHNOLOGIES Intrusion Detection Systems (hardware, software, methods, management, and procedures) are reviewed in the previous parts of this Handbook and form the core of any effective security solution. These systems range from low (simple) technology to more complex (sophisticated) high-technology systems and directly support the prevention and/or detection of intrusion into secure areas.

Intrusion Detection for Public Transportation Facilities Handbook 90 This section provides specific guidelines to the application of IDS technologies and includes checklists for the actual implementation of these security systems. Once the understanding of security technologies is gained through use of this data, a transit agency will be ready to implement improvements to their intrusion detection systems. Note that there are no established standards that must be followed in every case. The actual order of implementation is often driven by a transit facility's local security architecture, overall security requirements, or direction from higher authority. Sometimes emphasis on a particular security technology area is in response to a specific incident or an identified weakness in that area. Accordingly, the following comments are advisory in nature: Following the steps above, a plan with a defined security area will be generated, showing the physically defined limits of the area to be secured and indicating the level of required security. 4.3.1 General Implementation Order The steps for implementation follow the following general order. A. Define Area and x Implement Fencing Systems x Implement Barrier Systems B. As appropriate, implement the following systems to provide adequate viewing of the secured areas: x Implement Lighting Systems x Implement Video Systems C. Once the area is defined, physically secured, and viewable, the following steps can be applied. The systems identified provide a method to control access to an area by identifying authorized personnel (or vehicles) and allowing movement inside and across secure area boundaries. Sensor systems provide the needed monitoring of this access and movement. x Implement ACS (see below) x Implement Sensor Systems x Implement Identification Systems – proof of identification of authorized personnel 4.3.2 Fencing Systems Application: In general, Fencing Systems come in many types, sizes, colors, and materials. These include standard chain-link; woven wire mesh; welded wire mesh; induced pulse ("electrical"); and ornamental fencing, with several types of "topping" options such as barbed wire, razor wire, and rotating spikes. Materials include vinyl, plastic, aluminum and steel. The various fence systems perform several functions, including: x Provide security perimeters around facilities, buildings or high-value assets x Provide a clear boundary line between "open" and "secure" areas x Serve as clear lines of demarcation for security and property lines x Frequently serve as successful "psychological" barriers to intrusion

Intrusion Detection for Public Transportation Facilities Handbook 91 x Inhibit or prevent unauthorized entry into designated areas x Channel or direct the flow of pedestrian or vehicle traffic Basically, the steps for selecting and implementing security fencing are simple and follow common sense: x Determine the area around a facility, building, or high-value asset to be secured x Determine the level of security that is required (low, medium, or high) x Determine whether the system installation will be temporary or permanent x Select an appropriate fence type to meet the requirement (style, height, length, etc.) x Determine whether a fence "topping" is required (barbed wire, razor wire, rotating spikes, etc.) x If so, select the type of fence top option to be utilized x Select a fencing contractor and have the fence installed Checklist: FDoes the fence meet the transit agency's established security requirement? FDoes the fence comply with the local building and safety codes? FIs the fence-line continuous without any breaks or other areas of vulnerability? FIs the fence-line clear of any obstructions inside of 12-feet (minimum) to 30-feet (ideal)? FAlong the outside of the fence-line, do any nearby objects exist (buildings, electrical boxes, telephone booths, trees, etc.) that could help an intruder intent on climbing the fence? FIs the fence properly secured to prevent removal, displacement, modification or theft? FIs the bottom of the fence-line secure to prevent climbing under the fence? FIs there an adequate degree of security lighting along the fence? FIf required, are there adequate signs or placards on the fence? In what language(s)? FIf required, are procedures in place for regular and random security patrols of the fence- line? FAre procedures in place for routine inspection of the fence-line and all installed gates? FAre there adequate spare parts to support emergency replacement of a failed item? FHave the system operators/maintainers/security personnel been consulted or provided input to the selection of this system? FIf applicable, has user training for this system been arranged through the vendor or provider? FIs Point-of-Contact information readily available for the vendor or provider of this system?

Intrusion Detection for Public Transportation Facilities Handbook 92 4.3.3 Barrier Systems Application: In general, Barrier Systems come in many sizes, colors, and materials. Barrier Systems come in two basic types (fixed or deployable) and several styles, including earthen barriers; plain or decorative plastic; metal or concrete "jersey" (K-rail) barriers; concrete or steel bollards; temporary or permanent walls; temporary or permanent "recessed" ramp-style "pop-up" steel barriers; and permanent or quickly deployable portable traffic controllers (steel tire-puncture "teeth"). Barrier Systems perform several functions, including: x Provide security perimeters around facilities, buildings, or high-value assets x Provide a clearly boundary line between "open" and "secure" areas x Serve as clear lines of demarcation for security and property lines x Inhibit or prevent unauthorized entry into designated areas x Channel or direct the flow of pedestrian or vehicle traffic x Provide an impenetrable or crippling barrier to a vehicle attempting to intrude at high- speed Basically, the steps for selecting and implementing security barrier are simple and follow common sense: x Determine the area around a facility, building, or high-value asset to be secured x Determine the level of security that is required (low, medium, or high) x Determine whether the system installation will be temporary or permanent x Select an appropriate barrier type to meet the requirement (style, material, height, length, etc.) x Determine whether a fence "topping" is required (barbed wire, razor wire, rotating spikes, etc.) x If so, select the type of fence top option to be utilized x Select a fencing contractor and have the fence installed Checklist: FDoes the barrier meet the transit agency's established security requirement? FDoes the barrier comply with the local building and safety codes? FIs the barrier clear of any obstructions within 3-feet (minimum) to 10-feet (ideal)? FIs the barrier properly secured to prevent removal, displacement, modification, or theft? FIs there an adequate degree of security lighting around the barrier? FIf required, is there backup power (electrical or hydraulic) to support the barrier's operation?

Intrusion Detection for Public Transportation Facilities Handbook 93 FIf required, are there adequate signs or placards on or near the barrier? In what language(s)? FIf required, are procedures in place for regular and random security patrols of the barrier? FAre procedures in place for routine inspection of the barrier and related operating hardware? FAre there adequate spare parts to support emergency replacement of a failed item? FHave the system operators/maintainers/security personnel been consulted or provided input to this system? FIf applicable, has user training for this system been arranged through the vendor or provider? FIs Point-of-Contact information readily available for the vendor or provider of this system? 4.3.4 Lighting Systems Application: Lighting Systems consist of numerous components, but primarily the "lighting device" is the main component of interest in this Handbook. These devices utilize a wide variety of methods to generate light and subsequently illuminate a given area of concern. Lighting Systems can be fixed, portable, temporary, or permanent depending on the way that they have installed or utilized. Lighting sources can be incandescent, tungsten, halogen, fluorescent, infrared (IR), mercury vapor, metal halide, high-intensity discharge (HID), low- or high-pressure sodium, and/or several other types. In general, Lighting Systems come in many types, sizes, colors, and degrees of illumination rated in "foot candles" or "candlepower". Light "beams" can be wide- area, narrow-beam ("spot-lighting"), or have a focusing feature for variable beam-width lighting requirements. Lighting Systems generally perform several functions, including: x Provide lighting for security perimeters around facilities, buildings, or high-value assets in general wide area lighting, spot-lighting, infrared lighting or a combination of several light types x Provide added element of safety and security by illuminating the workplace x Provide special illumination (infrared) in support of night-time video surveillance cameras x Serve as a psychological deterrent ("too well lit…") to intruders x Inhibit or prevent unauthorized entry into designated areas x Provide security response forces with added measure of safety by illuminating incident areas (there are hand-carried spot-lights with 6-million candlepower, focus range of 0 to 40-degrees, and a "strobe" feature that can be debilitating to an intruder when aimed at the face) x Provide temporary or portable lighting for short-term events or emergencies The steps for selecting and implementing a Lighting System can be complex, but adhering to the following simple steps and using common sense may initially simplify the process:

Intrusion Detection for Public Transportation Facilities Handbook 94 x Determine the type of lighting system and devices to be utilized x Determine the area around a facility, building, or high-value asset to be illuminated x Determine the level of lighting that is required (low, medium, or high) x Ensure that any lighting system design is compatible with existing video camera systems x Determine whether the system installation will be temporary or permanent x Determine the need for portable lighting devices x Establish the required number of each type of lighting device to be used x Determine the location of where each light device will be installed x Ensure adequate electrical service is available to the installation site x Ensure adequate backup electrical power is available to maintain security lighting x Determine which light devices will require connection to "emergency power" sources x Identify an electrical contractor to perform the installation in accordance with local building codes and the National Electrical Code x Install the lighting fixtures and related hardware Checklist: FDoes the lighting system meet the transit agency's established security requirement? FDoes the lighting system comply with the local building and safety codes? FHave lighting effects on neighboring buildings or private homes been considered? FAre sufficient portable lighting devices available? FIs there a need for specialized spotlighting or infrared (IR) lighting? FIf required, is there adequate backup electrical power to support the lighting system? FIs the lighting system clear of any obstructions within 6-feet (minimum) to 20-feet (ideal)? FIs the lighting system properly secured to prevent removal, displacement, modification or theft? FIf required, are there adequate signs or placards on or near the lighting? In what language(s)? FAre procedures in place for routine inspection of the lighting and related operating hardware? FHave the system operators/maintainers/security personnel been consulted or provided input to the selection of this system? FAre there adequate spare parts to support emergency replacement of a failed item? FIs Point-of-Contact information readily available for the vendor or provider of this system? 4.3.5 Video Systems Application:

Intrusion Detection for Public Transportation Facilities Handbook 95 Video Systems come with a wide variety of technical capabilities, and in several varying degrees of image quality. These systems include both hardware and software. These capabilities include black and white (monochrome ‘B&W’), Thermal (Infrared Sensitive) or color video cameras that range from low-resolution/low-cost daytime cameras (<$100) up to high-resolution/high-cost (>$100,000) "night-vision" thermal-imaging cameras. Software features permit manipulation of imagery; the ability to set "alarm zones" within a visual image; and numerous other functions. Application of the Video System is part of the overall design of the Video System, and for new installations, is best done concurrently with the design of the Lighting System. Video System vendors or technical experts can provide additional and equipment-specific application data beyond the guidelines provided here. Video Systems perform several functions, including: x Providing a method for remotely monitoring security areas and thus improving security awareness x Providing a method for initial response and evaluation of observed conditions x Increasing security force efficiency by allowing quick assessment of intrusion alarms x Providing a deterrence to intruders by advertising the viewing of suspicious intrusions or activities x Providing daytime or night-time visual assessment in black and white or color of protected areas around facilities, buildings, fence-lines, or high-value assets x Preventing unauthorized access into these and other designated areas x Providing a means for recording of video signals to aid in post-incident analysis, prosecution, or litigation. x Helping to focus the application of the lighting technologies described above and in Chapter 3 The steps for selecting and implementing an effective video surveillance system can be complex. Adhering to the following basic steps will assist in designing an effective Video System: x Determine the areas that will require video surveillance x Perform a survey of the existing lighting systems to ensure sufficient lighting is available x Determine the number of video systems required for adequate overlapping video coverage x Identify the video system sites around the facility, building, or high-value asset to be monitored x Determine the level of security that is required (low, medium, or high) x Determine whether the system installation will be temporary or permanent x Select an appropriate video system to meet the requirement (B&W, color, daytime, IR, etc.) x Determine whether specific video system options (if any) will be required x Identify a video system and all related hardware and software x Select a video system contractor and install the system Checklist: FDoes the video system meet the transit agency's established security requirement? FDoes the video system comply with the local building and safety codes?

Intrusion Detection for Public Transportation Facilities Handbook 96 FIf required, is there adequate backup electrical power to support the video system operation? FHave cameras been mounted at an adequate height to provide good field of view (FOV)? FHas the camera image format size, lens focal length, and zoom settings been considered for FOV? FIf applicable, are "IR illuminator" (IR lighting) required for IR imaging camera(s)? FHas the rising and setting sun been considered when setting the video camera alignment and FOV? FHas a minimum illumination of 2-foot candles throughout the surveillance area been maintained? FHave high contrast ratios been avoided in order to prevent video "blooming"? FIs an external camera housing (possibly with environmental controls) required for local transit facility conditions (weather, icing, dust, dirt, ocean spray, smoke, etc.)? FIs a firm mounting required to prevent motion by wind or the pan & tilt unit movement? This is particularly important to preclude unwanted motion a in higher power camera lens FIs the video system clear of any obstructions within 6-feet (minimum) to 20-feet (ideal)? FIs the video system properly installed to prevent removal, displacement, modification or theft? FIf required, are there adequate signs or placards on or near the video system? In what language(s)? FAre procedures in place for routine inspection of the video system and related operating hardware? FAre there adequate spare parts to support emergency replacement of a failed item? FHave the system operators/maintainers/security personnel been consulted or provided input to the selection of this system? FIf applicable, has user training for this system been arranged through the vendor or provider? FIs Point-of-Contact information readily available for the vendor? 4.3.6 Access Control Systems Application: ACS provides the method to identify personnel and control entry into secure areas. Interfaces between ACS and the Intrusion Detection System are used to inform the systems to suppress an IDS alarm. This process converts a nuisance alarm “intruder” into an authorized person. Effective integration of ACS and IDS dramatically lower nuisance alarm rates, lower response costs, and prevent the “cry wolf” syndrome (where alarms are so frequent that they are soon ignored).

Intrusion Detection for Public Transportation Facilities Handbook 97 Not all the steps in the following table apply to all transit agencies or situations. It is permissible to skip steps or provide decisions on some items at a future date. Note that ACS can provide added benefits to business and workflow and is outlined below. These benefits include, but are not limited to time and attendance and training/safety access lock out (for example, personnel with expired training certificate for hazardous work areas can be denied entry). Table 50 contains the following columns: x Order – Order to answer questions and provide information. Some items must be answered to proceed to follow on step. Others can be skipped. x System Characteristic – A short name for data information item. x Explanation – A short explanation of what the data item is about. x Information Needed – Data on what information is required. Examples include a count, a map, or list.

Intrusion Detection for Public Transportation Facilities Handbook 98 Table 50 - Access Control Systems Information Order System Characteristic Explanation Information Needed 1 Number of Locations Is this system for one physical location or multiple locations? List of locations 2 Network Connectivity If multiple locations, what kind of network connectivity exists between the sites? Example T-1 data line, or via Internet 3 Area of Containment Is area enclosed by security barriers? – Fences, Walls, Building, Gates/Portals Area map with barriers and gates identified for each location 4 System Zones How many security zones? These are areas of limited access (by time, training, need, etc.) Defined zones on map 5 Access Rules Need to determine rules for access to systems zones. A matrix of personnel and business/safety rules that allow access. Example – Chief of Security has full access all the time. Office Janitor has access to public administration building during work hours only. Full list in matrix form 6 Gates/Doors/Portal What are the number of personnel and vehicle portals? (Portal = gate, door, etc.) A count of portals by type 7 Personnel Tracking Is there a need to know if people are either in or out? Or just secure check in is needed? Secure in & out requires ACS readers on both sides of gate / portal Secure in & out or just secure in –by location 8 Material Tracking Is there a need to track vehicles, trucks, computers or other ‘materials’? Yes or no. If yes provide a list. 9 Number of Badges How many people = number of badges. (Badges = Access Cards) Count 10 Number of Trackers If tracking materials is needed, how many? Count by type 11 Hazardous Conditions Area card reader installed in hazardous locations? Limits types of readers 12 Biometrics Are biometrics used, and if so what type? Yes or no. If yes what type? 13 Reader Type What type of reader? Examples – RF Proximity, Biometric Reader Type 14 Badge Type What type of badge is needed? Follow Reader Type 15 Badge Information What information is needed on badge? Name, photo, employee number, etc. Graphic of front & back of badge with ALL data 16 Badge Production Need to determine number & type of badging stations. Input includes number, type, and physical locations Count & location of badging production stations. 17 Tracker Information What information is needed on the material tracker ‘badge’? Full description 18 Traffic How many people use the system on a daily basis? Number of accesses. In & Out = 2 19 History How much data is to be saved. Including badges issued, portals transferred, access changes, period of data retention. Study of traffic to size ACS data storage requirements 20 Data Integration Does the ACS interface with other systems? Examples include HR, time & attendance, etc. Data Integration plan with database mapping 21 Intrusion Detection Is an IDS present? If so what type of integration is required? Yes or no. If yes list interfaces 22 Video Interface Is there an interface between ACS and video systems? Video at portals? Badge photo pop up upon access? 23 Computer OS Is there a preferred Computer Operating System? Influence on chosen ACS 24 Installation Support Is support labor for installation readily available? In house, contract, turnkey? 25 System Support Is support labor for maintenance & repair available? In house or outsource? 26 System Operation Is support labor available for system operation? In house or outsource?

Intrusion Detection for Public Transportation Facilities Handbook 99 Checklist: FDoes the ACS system meet the transit agency's established security requirement? FDoes the ACS system comply with the local building and safety codes? FIf required, is there adequate backup electrical power to support the ACS operation? FIs the ACS system properly installed to prevent removal, displacement, modification or theft? FIf required, are there adequate signs or placards on or near the ACS? In what language(s)? FAre procedures in place for routine inspection of the ACS and related operating hardware? FAre there adequate spare parts to support emergency replacement of a failed item? FHave the system operators/maintainers/security personnel been consulted or provided input to the selection of this system? FIf applicable, has user training for this system been arranged through the vendor or provider? FIs Point-of-Contact information readily available for the vendor or provider of this system? 4.3.7 Sensor Systems Application: The choice of sensor system types employed in a particular security solution is largely governed by several related IDS factors listed below: x Type(s) of Barrier Systems and Fencing Systems x Type(s) of Lighting Systems x The field of view (FOV) for the security area of concern x Cost factors x The probability of detection (POD) (shown below) x The probability of environmental alarm (shown below) Table 51 summarizes the estimated probability of detection for different types of intrusion sensors with relative comparison. Use this table along with the type of fence, barrier, or protection zone to help determine the most suitable sensor. Note that some technologies cannot detect certain types of intrusions; for example, a fence sensor normally cannot detect an intruder bridging over the fence. Note that VH (very high) is the best rating indicated in this table.

Intrusion Detection for Public Transportation Facilities Handbook 100 Table 51 - Sensor Systems Estimated Probability of Detection (VH is the best rating in this table) Sensor Systems S lo w W a lk W a lk R u n C ra w l R o ll J u m p T u n n e l T re n c h B ri d g e C u t C li m b L if ti n g Sensor Lists - Estimate Probability of Detection – very low VL, low L, medium M, high H, very high VH, N/A not applicable - - - - - - - - - - - Binary Sensor N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Buried Sensors Balanced Pressure Buried H H H M M M L M L N/A N/A N/A Fiber Optic Cable H VH VH VH VH H M VH L N/A N/A N/A Geophone Buried H VH H M M M L M L N/A N/A N/A Ported Coaxial Buried Line H VH VH VH VH H M VH L N/A N/A N/A Fence Sensor Capacitive Cable VH VH VH H H VH VL L L H H H Electric Field / Electrostatic Field VH VH VH H VH VH VL L L H H H Fiber Optic Cable / Mesh H VH VH VH VH H M VH L VH H H Geophone / Microphone Fence H VH H M M M L M L VH H H Taut Wire / Tension Sensor N/A N/A N/A N/A N/A VH VL VL VL H H H Fix Barrier / Wall Sensor N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Infrared Sensors Infrared Beambreak Detector VH VH VH M/H H H VL L VL N/A N/A N/A Passive Infra-Red Sensor (PIR) / Detector (Heat sensor) VH VH VH M/H H H VL L VL N/A N/A N/A Laser Guard VH VH VH VH H H VL M VL N/A N/A N/A Microwave Sensors Microwave Bistatic H VH H M/H M/H M/H VL L/M L N/A N/A N/A Microwave Monostatic H VH H M/H M/H M/H VL L/M L N/A N/A N/A Other Sensors Dual Technology Passive IR/Microwave VH VH VH M/H H H VL L L N/A N/A N/A Magnetic Anomaly Detection (MAD) H VH H M M M L M L N/A N/A N/A Sound Sensors L M M/H VL L M M M N/A H H M Video Motion Sensors Analog Systems H H H M/H M/H M/H VL L M N/A N/A N/A Digital Systems H VH VH H H H VL L/M M N/A N/A N/A

Intrusion Detection for Public Transportation Facilities Handbook 101 Sensors with a high probability of detection may also have the undesired side effect of a higher environmental or false alarm rate. Table 52 lists relative probabilities of environment alarms from different environmental conditions for various sensor types. The type of sensor, along with environmental conditions, must be taken into account when determining the optimal sensor technology. For example, the medium rate for a PIR (Passive Infra-Red) sensor in snow would not be a concern in Miami or in an indoor area. Note that VL (very low) is best rating indicated in this table.

Intrusion Detection for Public Transportation Facilities Handbook 102 Table 52 - Sensor Systems Relative Probabilities of Environment Alarms (VL is the best rating in this table) Sensor Systems W in d R a in S ta n d in g W a te r S n o w F o g S m a ll A n im a ls L a rg e A n im a ls S m a ll B ir d s L a rg e B ir d s L ig h tn in g O H P o w e r L in e s B u ri e d P o w e r L in e s Sensor Lists - Estimate Probability of Environmental Alarm – very low VL, low L, medium M, high H, very high VH, N/A not applicable Binary Sensor N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Buried Sensors Balanced Pressure Buried VL M H L VL VL M VL VL VL VL VL Fiber Optic Cable M L VL L VL L VH L L VL VL VL Geophone Buried M L L L VL L VH VL VL M L M Ported Coaxial Buried Line VL M H L VL VL M VL VL M VL L Fence Sensor Capacitive Cable M M VL M VL M VH L M M L VL Electric Field / Electrostatic Field M L/M VL M VL M VH L M M L VL Fiber Optic Cable / Mesh M L VL L VL L VH L L VL VL VL Geophone / Microphone Fence M L L L VL L VH VL VL L L M Taut Wire / Tension Sensor VL VL VL VL VL VL L VL VL VL VL VL Fixed Barrier / Wall Sensor N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Infrared Sensors Infrared Beambreak Detector L L L M M M VH L M L VL VL Passive Infra-Red Sensor (PIR) / Detector (Heat sensor) L L L M M M VH L M L VL VL Laser Guard L L L M M M VH L M L VL VL Microwave Sensors Microwave Bistatic L L M/H L/M L M/H VH VL M L/M L VL Microwave Monostatic L L M/H L/M L M/H VH VL M L/M L VL Other Sensors Dual Technology PIR/Microwave L L L L/M L M VH L M L VL VL Magnetic Anomaly Detection (MAD) M L L L VL L VH VL VL H M H Sound Sensors H H N/A L VL M H L M VH L VL Video Motion Sensors Analog Systems M L L L M/H L VH VL M L L VL Digital Systems M L L L M/H L VH VL M L L VL

Intrusion Detection for Public Transportation Facilities Handbook 103 Checklist: FDoes the sensor system meet the transit agency's established security requirement? FDoes the sensor system comply with local building and safety codes? FAre the proper types of sensors employed and in adequate numbers? FWhere applicable, have the sensors been calibrated to meet transit specifications? FWhere applicable, have all sensors that contain high voltage or emit radiation or RF energy been properly identified, labeled, or tagged with the correct warning signage? FIf required, are there adequate signs or placards on or near the sensor systems? In what language(s)? FIs the sensor system clear of any obstructions within 3-feet (minimum) to 10-feet (ideal)? FIs the sensor system properly secured to prevent removal, displacement, modification, or theft? FIf applicable, is there an adequate degree of security lighting around the sensor system? FIf required, is there backup electrical power to support the sensor system operation? FAre procedures in place for routine inspection of the sensor systems and related hardware? FAre there adequate spare parts to support emergency replacement of a failed item? FHave the system operators/maintainers/security personnel been consulted or provided input to the selection of this system? FIf applicable, has user training for this system been arranged through the vendor or provider? FIs Point-of-Contact information readily available for the vendor or provider of this system? 4.3.8 Identification Systems Application: Identification technologies are used to create a credential (usually a plastic or laminated badge) that is used by security personnel and electronic ACS to identify the access authorization of a person or vehicle. These badges use colors, pictures, graphics, and text to identify authorized personnel. A typical badge includes name, digital color photograph, graphics to identify the issuing authority, and additional identification such as prior training and safety data. For electronic access control, an identification method is embedded into the card to allow reading of unique data. This data can include magnetically encoded information ("mag-stripe"), user biometrics template, or a RF "proximity" identification number embedded into a badge. The steps for selecting and implementing an effective badge system can be complex. Adhering to the following basic steps will lead to effective Identification System design:

Intrusion Detection for Public Transportation Facilities Handbook 104 x Identify a suitable Identification System type that meets local transit agency requirements x Determine the number of identification badges that will be required x Establish the data fields that will be required on the identification badge x Determine the types of different badge categories (employees, special access, vendors, visitors, escorted, unescorted, one-time entry, multiple entry, etc.) x Design the layout and look of the badge - usually done by the controlling (issuing) authority - Unique and easy to identify - Determine use of colors, text, holograms, etc. - Difficult to counterfeit - Difficult to duplicate x Establish a method to prevent unauthorized badge issue and methods to protect privacy data x Establish secure badge issuing areas for protection of the identification data base - Must be secure physical space - Must have reliable and secure computer-grade electric power - Must have network connectivity to remote badge issuing systems - Must have network connectivity to ACS x Determine the Cost of Implementation – Rough range of installing system x Determine the Cost of Maintenance (yearly operational costs for maintaining the system) x Determine the Cost of Training for issuing personnel (some minimal level of training may also be required for employee-badge or special access users) x Determine the required life expectancy of the identification system (usually in years) x Select a Identification System vendor or expert who can help define transit agencies requirements Checklist: FDoes the identification system meet the transit agency's established security requirement? FDoes the identification system comply with any and all local building and safety codes? FAre all procedures in place (and clearly understood) for issuance of identification badges? FAre badges to be issued to users in multiple locations? FWill these users have access to all of the locations? FWill any of these users have "special access" to specially controlled facilities? FAre the scanners that read identification system badges clear of any obstructions within 3-feet (minimum) to 10-feet (ideal)? FIs the identification system secured to prevent removal, displacement, modification, or theft? FIs there an adequate degree of security lighting around the identification system?

Intrusion Detection for Public Transportation Facilities Handbook 105 FIf required, is there backup electrical power to support the identification system operation? FAre procedures in place for routine inspection of the identification system and related hardware? FAre there adequate spare parts to support emergency replacement of a failed item? FHave the system operators/maintainers/security personnel been consulted or provided input to the selection of this system? FIf applicable, has user training for this system been arranged through the vendor or provider? FIs Point-of-Contact information readily available for the vendor or provider of this system? 4.3.9 Data Fusion, Display, And Control System Application: The term "Data Fusion, Display, and Control" (DFDCS) applies to an extremely wide variety of systems and software applications from a diverse field of vendors or integrators that cover the complete range of data fusion, display, and control management. Most of these systems or software applications are similar to the types described in Chapter 3. Actual systems and software titles, applications, and vendors number in the hundreds (if not thousands). Therefore, it is recommended that specific research be conducted to identify the specific system, or software application, or providing vendor that best meets the identified needs for data fusion, display, and control. Generally, these systems: x Are utilized within a security operations center or watch station x Are usually coupled with high-resolution color display monitors or "video walls" x Incorporate monitoring of locally tailored and defined security "zones" x Streamline security operations by combining all security area visualization, sensor monitoring, and incident response into one display and control system Checklist: FDoes the DFDCS meet the transit agency's established security requirement? FDoes the DFDCS comply with any and all local building and safety codes? FIs the DFDCS properly secured to prevent removal, displacement, modification, or theft? FIf required, is there backup power (electrical or hydraulic) to support the DFDCS operation? FIf required, are procedures in place for regular and random security patrols of the DFDCS? FAre procedures in place for routine inspection of the DFDCS and all related operating hardware?

Intrusion Detection for Public Transportation Facilities Handbook 106 FAre there adequate spare parts to support emergency replacement of a failed item? FHave the system operators/maintainers/security personnel been consulted or provided input to the selection of this system? FIf applicable, has user training for this system been arranged through the vendor or provider? FIs Point-of-Contact information readily available for the vendor or provider of this system? 4.3.10 Crisis Management Software Application: The term "Crisis Management Software" applies to an extremely wide (and continuing to develop) variety of software applications from a widely diverse field of providing vendors or integrators that cover the complete gamut of crisis management. Most of these software applications fall into one of the six primary crisis management software categories listed below: x Emergency Management Software x Business Continuity Software x Disaster Recovery Software x System Backup (or) Restoration Software x Environmental, Health and Safety (EH&S) Software x Vulnerability Assessment (VA) Software Actual software titles, applications, and vendors number in the hundreds (if not thousands). Therefore, it is recommended that specific research be conducted to identify the specific software application (and providing vendor) that best meets the crisis management requirements of the user. Once selected, the Crisis Management Software is installed in a reliably backed-up mainframe, desktop, laptop, notebook or personal data assistant (PDA) computer. An initial training session upon software installation and startup should be conducted for all appropriate security and/or emergency response personnel, along with regular refresher training sessions conducted for designated personnel. Ideally this training will take place prior to the actual occurrence of any security-related crisis event Checklist: FDoes the software meet the transit agency's established security requirement? FDoes the software comply with any and all local building and safety codes? FIs the software properly installed to prevent removal, displacement, modification, or theft? FIf required, is there backup electrical power to support the software operation?

Intrusion Detection for Public Transportation Facilities Handbook 107 FAre procedures in place for routine inspection of the software and all related operating hardware? FIs there an adequate service contract to support changes or upgrades to the software? FHave the system operators/maintainers/security personnel been consulted or provided input to the selection of this system? FIf applicable, has user training for this software been arranged through the vendor or provider? FIs Point-of-Contact information readily available for the vendor or provider of this software? 4.3.11 Other Systems (Technologies And Systems Not Addressed) As discussed in this Handbook, "other systems" consists of numerous security-related technologies and hardware or software systems that are not specifically addressed in this Handbook, but are listed in Chapter 3. The application strategies for these systems should be acquired from the vendor or provider of the particular technology or system, as well as from other transit systems, consultants, or security experts who have had experience with the technology or system.