301.519.9237 exdirector@nesaus.org

2.6.20 – SIW  For More Info Visit SIW

Risk-reducing options abound for this often-overlooked security vulnerability

Editor’s note: “Mitigating Mistakes” is a new SecurityInfoWatch.com column series from security consultant and author Paul Timm featuring photos of security vulnerabilities discovered in the field followed by a discussion on the problems they present to a facility’s security posture and how they can be addressed.

Finding: When conducting security assessments, I periodically encounter buildings and grounds features that present the potential for unauthorized roof access. An unanchored picnic table can easily be turned into a makeshift ladder. Someone can climb a tree growing too close to the facility and take advantage of a branch that hangs over the roof. In this “before” photo, utility piping provided an unfortunate means of accessing the roof.

Problem: Unauthorized roof access can result in damage, the introduction of contraband (e.g. tobacco products, alcohol) and/or liability that accompanies injuries from falls. Unauthorized roof access can also turn into facility trespassing, if roof hatches are not properly latched.

Lesson: Address the potential for unauthorized roof access collaboratively. Decisions made in a vacuum often produce regrettable consequences. In this instance, a facilities employee suggested the possibility of thwarting potential climbers by “greasing the pole.” If carried out, that decision could have resulted in risk transfer. Meaning, the security risk he was attempting to address could have been replaced with a safety risk.

Remedy: Pursue collaborative solutions. In this “after” photo, building administrators strategically placed sheet metal over a section of the piping and bolted it tightly to the wall. Later, they added a “No Trespassing” sign and made plans for installing a video surveillance camera in the area. Do you have the potential for unauthorized roof access? A perfect solution may not exist, but risk-reducing options abound.