royal canadian mounted police security systems branch ... .fr

INTRODUCTION. The subject of this guide is large walk-in vaults whose doors are either single or double leaf and whose walls, floors and ceilings are of.
Télécharger le PDF
47KB taille 1 téléchargements 242 vues
commentaire
Report
ROYAL CANADIAN MOUNTED POLICE SECURITY SYSTEMS BRANCH TECHNICAL SECURITY SERVICES PROTECTIVE POLICING DIRECTORATE OTTAWA, ONTARIO K1A 0R2

SECURITY GUIDE SSB/SG-17 VAULTS MARCH, 1985

TABLE OF CONTENTS PAGE 1.

INTRODUCTION .....................................

1

2.

GENERAL REQUIREMENTS FOR VAULTS ..................

1

3.

VAULT CONSTRUCTION ...............................

3

4.

MODULAR VAULTS ...................................

4

5.

ALARMS ...........................................

4

6.

PENETRATION TECHNIQUES ...........................

6

7.

TYPE OF PROTECTION ...............................

6

8.

THE FIRE COMMISSIONER OF CANADA - STANDARDS ......

7

9.

STRUCTURAL ENGINEERING ...........................

8

10.

ACCESS CONTROL ...................................

8

11.

IMPROVEMENTS TO EXISTING VAULTS ..................

9

Any suggestions for revision or other comments concerning this security guide should be directed to the O. i/c Security Systems Branch, Technical Security Services, Protective Policing Directorate, RCMP, 1200 Alta Vista Drive, Ottawa, Ontario K1A OR2.

1 1. INTRODUCTION The subject of this guide is large walk-in vaults whose doors are either single or double leaf and whose walls, floors and ceilings are of heterogeneous construction and are in either monolithic or modular form. The Fire Commissioner of Canada (FCC) has defined a vault for Federal Government use as one which is designed in accordance with the requirements of the National Fire Protection Association (NFPA) Standard 232 "Protection of Records". Unless a vault meets this standard, and no matter what its contents may be, it is considered a record storage room and must be regulated as such by the National Building Code (NBC). The prime purpose of any vault is to provide protection against an anticipated adversary. The adversary may use force attack or fire including the possibility of an accidental fire caused by human error or a so called "Act of God". Vaults can be built to combat one or both. Some vaults are designed solely to protect against fire; regulations governing these vaults are outlined in the Fire Commissioner of Canada Standard 311(M) 1979. Resistance to fire and resistance to force attack are quite different things and should never be confused. Fire-resistant vaults and particularly vault doors may, while giving the appearance of massive physical strength, be mere double-skinned shells filled with a fire resistant powder or block. Indeed, vault walls could be constructed of gypsum board for fire resistance. This construction would produce the required fire resistance but provide virtually no resistance to force attack. This paper deals with vaults designed principally for protection against force attack. 1 2. GENERAL REQUIREMENTS FOR VAULTS Regardless of the type of attack anticipated, the protection afforded by a vault's six sides is measured in terms of time since, given unlimited time, an adequately skilled, determined adversary can penetrate any vault. In attempting to construct a vault which could adequately resist the anticipated attack methods of its adversary, the designer must strike a compromise between cost and protection. A security vault is normally part of a more inclusive security system and the vault's security system must be designed in conjunction with the physical security system of the building in which it exists. In addition to the requisite protection, detection and response elements of any physical security system, vaults must under most circumstances meet some general design requirements. Like all encompassing security barriers, the six sides of a vault and its door should provide approximately equivalent resistance to attack. To obtain maximum benefit from the delay time afforded by the vault, detection (whether it be by electronic means, guard patrols, CCTV, etc.) should be such that it occurs at or before the commencement of an attack on 1

Force attack is defined here as an unauthorized attack to access the contents of a vault by whatever means. Force attack includes attacks which use surreptitious means.

2 the vault. Approach to the vault perimeter should be through a secure area. precludes:

This

1) vault construction against an exterior building wall at grade level or against a common tenant wall in shared facilities, 2) inclusion of the vault walls as part of a public facility (e.g., washrooms, stairwells, lunch/coffee rooms), and 3) inclusion of the vault walls as part of, or adjacent to, building services functions (e.g., ducts, telephone rooms, electrical rooms, sewers). To gain maximum effectiveness, it should be easy for a responsible security officer to inspect the exterior of all six sides. This can be accomplished by developing exclusive inspection spaces on all six sides of a vault except that portion of the front where the door effecting entry and egress during working hours is located. This portion is developed on a porch concept with the inspection space accessible by a pedestrian door which must be locked at all times. The inspection space would be on a 24-hour alarm while the "porch" is on day/night alarm. Figure 1 depicts the relationship of an inspection space and vault.

FIGURE 1 To hinder the use of tools in this inspection space, its width should never exceed 600 mm (24 in.). It is essential that the walls forming the outer dimension of this space be of a weaker standard of construction than the vault wall itself. The purpose of this is to avoid the vault's wall giving way before the inspection space wall gives way if force is applied by presses, explosives or other means. It might be necessary for the outer wall of the inspection space to have a fire rating in order for the vault to comply with the requirements of FCC Standard 311(M). The approval of the government authority having jurisdiction in the location where the vault is being constructed would be required.

3 3. VAULT CONSTRUCTION The concept of the type of protection from attack to be afforded by a vault has altered over the years. Traditionally, vaults, especially those constructed for negotiables, have relied on massive door and wall construction. Because of the weights involved, this kind of vault has generally been constructed at or below grade level. They were frequently constructed of great thicknesses of concrete reinforced with metal for structural need only. For the era in which they were designed, they were practically impregnable and, therefore, generally were not fitted with intrusion detection systems nor required to pass six-sided inspections. As time passed, designers reduced the cost, weight and some other elements of vault construction by introducing metal reinforcing designed to resist torch and tool attack. This technique produced reinforced concrete of lesser thicknesses. Vaults of six-inch and eight-inch thickness were built with apparent success. This in turn led to a further reduction of the wall barrier by use of security reinforced concrete block which was followed by mere structurally reinforced concrete block and in some instances by unreinforced concrete block. In most cases this was adequate for fire protection and provided minimal force attack resistance. Physical attack tests demonstrate, however, that this fragile modern construction offers small impediment to the attack technology of today and is highly vulnerable to hand-held tools and "line" and "shape" charges of explosive. Even relatively thick concrete walls can be breached fairly quickly using this technology. The best defence a vault can offer against force attack is for all six sides to be composed of a heterogeneous assortment of materials which will necessitate an adversary's providing himself with numerous different breaching tools and skills. The more an adversary must carry, the more conspicuous he becomes. Using the different tools and skills further slows the attack. Reinforced concrete is probably the most common material used today to construct a vault. It is comprised of concrete and steel bars. Bars up to 12 mm diameter can be cut with hand-held, manually operated bolt cutters. Larger bars, however, require torches, hydraulic cutters or explosives to penetrate them and the cutting can be more time consuming. Tool and torch resistance steel rods have been developed to replace the standard reinforcing bars used in modern concrete design. These rods are placed at random intervals and angles within the concrete wall. Materials such as plywood, expanded metal mesh, steel plates, aluminum sheeting, fibreglass, ceramics and plastic sheet can all be used to replace or augment traditional materials. Various combinations and varying thicknesses and gauges of material can produce whatever time delays are required by the threat/risk analysis for a particular vault. Vaults and inspection spaces should not contain any type of suspended ceiling. Under no circumstances should any ducts, conduits, pipe chases, etc. pass through a vault. Only supply and exhaust ducts, electrical conduit and sprinkler systems, necessary to service the vault itself are to penetrate the walls. Any such mechanical ducts should be kept to a maximum area of 619

4 cm² with one lateral dimension no greater than 15 cm. It is essential that anyone drawing up specifications for vaults consult security specialists or employ them as consultants. Vault construction should only be entrusted to architects and contractors who are experienced or trained in security design. Their knowledge of reinforcement, particularly in concrete, is more often than not restricted to reinforcement used to counter stresses on the structure and it does not include reinforcement to provide a barrier against the many varied forces a criminal might apply in his desire to achieve penetration. 4. MODULAR VAULTS Modular vaults are gaining in popularity because of their ability to be relocated, their expansibility and the increasing number of high-rise office buildings. These vaults are lighter in weight than the traditional reinforced concrete vault. Tests have shown they can offer as much, or greater, penetration resistance than the reinforced concrete vaults. Various companies offer these demountable vaults which are constructed of materials such as steel, concrete and wood.

5. ALARMS Underwriters' Laboratories of Canada Standard ULC-S302-1974,"Installation and Classification of Mercantile and Bank Burglar Alarm Systems", should be used as a guide to the minimum equipment requirements of any vault alarm system. Vaults must be alarmed in such a way as to allow for maximum response time (ULC-S302-1974, para. 15.2). For example, the inspection space outside a vault should be alarmed to detect an attack on its external wall prior to the commencement of an attack on the vault itself. We recommend that vaults be located only in a guarded area. The April 1984 Security Equipment Catalogue published by Supply and Services Canada defines a guarded area as an area which has a "guard check every two hours or is protected by approved electronic detection devices when unoccupied" (Annex "A", Chart No. 1, p. 35). This definition is not, however, stringent enough for vault protection. We suggest a guarded area should be defined as: "an area continuously occupied by authorized personnel during working hours, and monitored or supervised at all other times by a qualified guard force2 which physically checks the security equipment at designated time intervals3; 2

Qualified Guard Force - a guard force which is capable of detecting a real or suspected intrusion, making an assessment and, if necessary, notifying a response force. 3

Designated Time Interval - the estimated time necessary for the protected information to be accessed by the criminal for the

5 or an area utilizing security equipment whose detection capability allows a response force, even under the worst possible conditions4, to arrive before the unauthorized disclosure, destruction, removal, modification and/or interruption of a classified asset can occur". In order to gain the full advantage of all the protective barriers (not just the vault walls, floor and roof), early detection of attack upon them is mandatory. Alarming of perimeter doors or other potential access points to the building itself and to the floor area around the vault would, therefore, be advisable in addition to alarming the vault itself. With the exception of that portion of the front wall of a vault which contains its door, all inspection spaces of a vault must have space protection. The detection system must have the maximum probability of detection required by the security classification (i.e. top secret, secret or confidential) of the material housed in the vault. The alarm system within the inspection space must be on a 24-hour alarm status. The space in front of the vault door must have alarm sensors which have a day/night status. This system allows people to approach and open the vault during active hours without an alarm being generated. 6. PENETRATION TECHNIQUES There are many ways to penetrate a vault's six sides and its door. Force attacks include drilling, burning, cutting, pounding and the use of explosives. Surreptitious attacks are normally directed at the vault door and the method of attack might be X-rays, manipulation of the lockset or vibration techniques. The possibility of surreptitious attack on the vault's walls, ceiling, roof and floor also exists, but penetration of these would involve a physical attack and the replacement or repair of the attacked area to render the attack virtually undetectable by casual examination. 7. TYPE OF PROTECTION Security vaults designed to resist human attack are commonly divided into two categories: one for the storage of classified materials and the other for negotiables. The general requirements of the two categories are the same; that is to say, both are required to resist the anticipated attack methods for an acceptable length of time. These security requirements, however, can be quite different because of the differences in the attack methods employed by those seeking illicit access to information and those after negotiables; e.g., one would anticipate intelligence operatives mounting surreptitious attacks customarily and not overt (force) attacks. Classified information and negotiables should never be stored together in one

purposes of unauthorized disclosure, destruction, removal, modification and/or interruption; in other words, the penetration time minus the response time under the worst possible conditions, the assumption being that the response time must be less than the penetration time. 4

Worst Possible Conditions - circumstances which would produce the estimated longest time needed by a response force to reach a vault after the activation of its detection system.

6 vault. Each is the object of quite different attack motivations and attack methods. However, it is conceivable that a force attack involving the theft of negotiables could be used to mask the surreptitious duplication of classified information sharing the vault. The intention of an adversary attacking a vault containing negotiables is to gather up and remove the valuables. Since he is generally not concerned about concealing his theft once he has accomplished it, he would likely use the quickest method of opening the vault, usually an overt (force) attack. On the other hand, someone attacking a vault containing classified material may well be remarkably careful that his intrusion not be detected during or after the fact. Part, or sometimes all, of the value of his theft lies in its clandestine nature. If negotiables and classified material are stored together, the latter is automatically compromised by a successful attack, whether the adversary was interested only in the negotiables, only in the information or in both the negotiables and the information. Once the vault is breached, the information must be considered compromised. The principal requirement, then, of a vault housing negotiables is strength to resist force attack. Vaults for this purpose are usually constructed of reinforced concrete with massive, thick (9 cm or more) steel vault doors. Some vaults must be designed to protect classified material of the highest level (i.e. secret and above), against both surreptitious and force attack because some classified material cannot be changed if it is compromised. If classified information is changed on a regular basis as a security measure, it can be put in secure containers designed for surreptitious attack only. For those levels of classified material up to confidential, it might well be appropriate to discount the probability of an overt attack and protect only against a surreptitious attack. Guidance on this will be provided through the policy instructions of the Security Advisory Committee (SAC). Neither classified materials nor negotiables can be protected solely by storing them in appropriately designed and constructed vaults. There are always the problems of internal/external espionage, compromise of trusted employees, complicity to steal, and factors such as bribery, blackmail and internal theft to keep in mind. It is essential that the physical security system provided by vaults and their alarms be complemented by administrative, organizational and personnel security systems.

8. THE FIRE COMMISSIONER OF CANADA'S STANDARDS The responsibilities of the Fire Commissioner of Canada include regulating the construction of vaults as well as the storage and handling of information belonging to the Government of Canada. FCC Standard 311(M) 1979 entitled "Records Storage" outlines the fire protection requirements for the storage and handling of Canadian Government records; it is specific to safes, vaults, record storage rooms and record storage cabinets. This standard concerns only those documents designated as "vital", "important" and "useful" and while some of the aforementioned documents may have a security classification that fact is not the concern or responsibility of the FCC.

7 There is no FCC standard governing the fire protection requirements for the storage and handling of classified documents per se. Classified information is not always judged to require fire protection, but when it does require protection against both fire and human attack, it is given the appropriate double protection. Under most circumstances the FCC requires that a vault, although designed for security purposes, have a fire rating in accordance with the record category of its contents. (See Section 311.3.1 of the Dominion Fire Commissioner's Standard no. 311(M) 1979.) If the vault is designed for the storage of negotiables, the requirements must be identified by the FCC on an individual basis.

fire

The design of any vault, whether modular or non-demountable, whether requiring fire protection or not, should be referred to the FCC for his approval. FCC Standard 12, "Design and Construction" governs this. It states, for example, that every vault or its door must have an emergency escape mechanism. In addition to publishing the FCC standards specifying the fire protection and safety features required for vaults, the FCC has compiled a number of judgements governing special fire-related concerns. He states, for example, that vaults must have fire separations in accordance with ULC standard S101, "Standard Methods of Fire Endurance Test of Building Construction and Material". He stipulates that the structural members supporting each vault must have a fire separation equal to that of the vault itself, and that the number of exits from each vault is dependent on, and can be calculated by knowing, the vault's floor area, the travel distance from inside the vault to the vault door, and the vault's accessibility to corridors. Other special concerns governed by the FCC's rulings are: emergency lighting, sprinkler systems, smoke detectors, hose stations, fire extinguishers and air conditioning systems. 9. STRUCTURAL ENGINEERING The weight of a vault and its contents must not exceed the design load of the building floor on which it rests; and it must be calculated in conjunction with the loading of the floor area surrounding it. Public Works Canada (PWC) demands that the government purchaser or builder of a vault contact the regional PWC engineer prior to purchasing or constructing the vault to ensure that its planned location in the building is allowable. PWC can deal directly with the vault supplier, the architect or the designer, and can give advice on other design features such as the number and height of shelves and the distance between them. 10. ACCESS CONTROL Careful control of access both into the vault and into the vicinity of the vault is necessary to ensure that the information in the vault is accessible only to authorized persons. To facilitate access control, every vault must be located within the interior of a building, never on an exterior wall, and no services of any kind (e.g., washrooms, lunch rooms, photocopy areas) are to be located in the area of the vault. No one should have direct access to the vault except employees who

8 must work in this area. Access control can be implemented using either mechanical or electromechanical means. 11. IMPROVEMENTS TO EXISTING VAULTS Existing vaults and vault doors may not provide the penetration delay time considered necessary for some modern security systems. The balanced design concept discussed in Section 2 above must be followed. One must ensure that all the security system's components are upgraded to equal strength to eliminate the possibility of a weak link. For example, it may not be effective security to improve a vault's structure and not improve its door. Conversely, to replace a three minute door with an expensive bank vault door would certainly improve the penetration resistance of the vault door, but this would not increase the penetration resistance of the overall structure.