Skip to main content

2.4 Detecting Physical Attacks

Topic 2.4: Detecting Physical Attacks

While preventative controls are designed to stop physical attacks before they happen, detective controls are essential for identifying and responding to security breaches as they occur. These controls provide the necessary monitoring and alerting capabilities to ensure that any unauthorized activity is quickly discovered.

Common detective controls for physical security include:

  • Cameras: Video surveillance cameras provide a visual record of activity in a given area. For maximum effectiveness, the video feed should be actively monitored by security personnel and recorded for later review. These recordings are invaluable during post-incident investigations, helping to identify the adversary and understand the methods they used.
  • Security Guards: On-site security personnel can actively monitor an area, identify suspicious behavior, and respond immediately to security alerts or incidents. Their presence alone can also act as a deterrent.
  • Motion Sensors: These devices detect movement and can trigger an alarm or alert security when they are activated in a restricted or unexpected area.
  • Employees: The people who work in a physical space are often the most effective at detecting unusual or suspicious activity. An observant employee who notices an unfamiliar person in a restricted area and reports it can be the first line of detection.

The effective placement of these controls is critical to their success. When placing cameras, considerations must include the field of view, lighting conditions, and potential for tampering. Cameras are most effective when placed to monitor key points of entry and exit, as well as high-value areas like server rooms. Motion sensors should be installed in areas where there is no expected traffic, such as a secure storage room after hours. Placing them in high-traffic areas will lead to numerous false alarms, which can cause alert fatigue and reduce the likelihood that a real alert will be taken seriously.

Locks and other access control mechanisms like access control vestibules should be placed at all entry points to areas containing sensitive systems or information. For highly critical areas, layering these controls provides stronger protection. Security guards can be deployed in stationary or patrolling roles. A stationary guard at a main entrance can effectively control access, while a patrolling guard covering the building's perimeter is less predictable and can create time pressure on an adversary attempting to breach the facility.

These detection controls are often used in combination to identify physical attacks. For example, a motion detector is most effective when paired with a camera. When the motion sensor triggers an alert, security personnel can use the camera feed to visually verify whether a physical breach has occurred. Modern camera systems can also be integrated with facial recognition software to automatically alert security when an unauthorized individual is detected in a controlled area.

Data from access control systems can also reveal attacks. If employees are required to use an electronic badge to enter a restricted area, the system logs each entry. By analyzing these logs, security teams can detect anomalies, such as a door being held open for an unusually long time, which could indicate a tailgating or piggybacking incident.