An instrument for securing military objects
Between 2005 and 2007, TNO developed an instrument for Defence to design and assess physical protection plans for military objects. The instrument had to support the assessment of existing security plans and ensured that the process of establishing a security plan became traceable.
In the early years of this millennium, a number of times news reports showed shortcomings in the physical object security of the Dutch Armed Forces. Despite the constant attention to physical object security by the Ministry of Defence, shortcomings occurred. Most of them turned out to be related to the enormous reorganisations of the Defence organisation in the 1990s. The most drastic change was the postponement of conscription. As a result, the large contingent of conscripts who were deployed as guards around military objects was not present anymore. A second important reason was that the development of physical security plans, often for historical reasons, differed between the various Armed Forces. For that reason, it was often not possible to determine why certain measures had or had not been taken.
The Defence organisation decided to tackle this problem in a structural way. Security plans for each of the many defence locations had to be easier assessable and decisions made during the development process of a security plan had to be made traceable. Also, as a result of the new Defence organisation and its new management model, it became necessary to reorganise a number of security-related management and supervisory functions, standardise and centralise various processes and resources wherever possible, and to strengthen the supervision of implementation.
To simplify and improve the monitoring of security plans for physical objects, the Defence organisation decided to aks TNO to develop a PC program. That instrument had to function as an interactive methodical access to regulation when designing and assessing physical security plans. The instrument made it possible to establish clear assessment criteria at the central level for the design of physical security plans. In addition, the operational commanders were given an instrument with which they could test their plans themselves before they presented them for assessment to the Defence Audit Service (ADD). The instrument was therefore primarily intended for the ADD to assess the security plans.
In the second instance, the instrument could also be used by the various commanders for developing their security plans. During the development of the instrument, it gradually came to the fore that the instrument also offered solutions to identified shortcomings in the existing security plans. Therefore, the design of unambiguous and verifiable plans became the main goal of the instrument.
In the field of physical security, the instrument had to generate concrete measures based on given threat characteristics and with which a centrally determined level of security could be offered. Moreover, the instrument had to clearly document the background of certain choices or the reason for deviation from the regulations and requirements stated by the central level. The process of establishing a security plan became transparent, which was also a necessary condition for maintenance and updating.
In a number of sessions organised by TNO with the various stakeholders, the specifications for the functionality and user interface of the instrument were subsequently determined:
- The instrument supports the design of a security plan for objects belonging to the top three security categories. The four security categories within the Ministry of Defence with specific security standards are:
- category 1 – acceptance of damage is unacceptable,
- category 2 – damage is in principle not acceptable,
- category 3 – damage should be avoided as much as possible, and
- category 4 – standard precautions are sufficient;
- The instrument supports the execution of an audit on a security plan;
- The instrument can be used by all Armed Forces and can be used at missions abroad;
- The creation of the generated security plan is made traceable;
- The instrument generates clear reports;
- The Defence organisation had to be able to maintain and update the instrument itself.
The instrument contained an unambiguous normative set of structural, electronic and organisational measures for physical protection. These measures were often empirically determined by Defence itself. At the central level, it was determined to which security level the measures in this set offered sufficient protection given the threat level. This level of security corresponded to the category classification (security standard) of the object to be protected. All measures in the set had the intention to generate an alarm or to have a burglary-retarding effect. The numerical values of the retarding effects of structural elements used for this were based on international standards and research carried out by the Ministry of Defence itself. Each security plan had to be built upon the basis of this set of measures. The results thus obtained were, therefore, more comparable and easily verifiable.
The instrument did not pretend to provide every (for example architectural) detail of an object in all situations. For that reason, it could be possible that the operational commander needed to deviate from the measures that the instrument produced. The instrument then offered the opportunity to include this deviation in the security plan. The reason for deviation, however, had to be motivated. Still, the security standard had to be met in a measurable way with the deviating measure(s).
The instrument could also offer alternative solutions from which the commander could make a choice. For example, by placing classified documents elsewhere, adequate security could be realised at lower costs.
Specification and programming of the instrument took place in 2005 and 2006. During the summer of 2006, a first version was tested at a number of physical objects of the Armed Forces. The stepwise operational implementation of the instrument by the Ministry of Defence took place in 2007. The Defence organisation later considered to extend the instrument with or make it suitable for information security.
This page was derived from an earlier article in Dutch by Ir. H.A. van Hoof and Ing. G.P. van Voorthuijsen.