Difference between revisions of "Measure type: Access control"

From Securipedia
Jump to navigation Jump to search
 
(33 intermediate revisions by 3 users not shown)
Line 1: Line 1:
'''Access control''' is the [[measure]] of reduction of risk by regulating and controlling the flows of traffic into and out of an area or object.
+
[[Category:Measure]]'''Access control''' is the [[measure]] of reduction of risk by regulating and controlling the flows of traffic into and out of an area or object.
   
 
== Description ==
 
== Description ==
Line 16: Line 16:
   
 
== Effectiveness ==
 
== Effectiveness ==
This measure can be effective to a range of security issues. These are:
+
This measure can be effective to a range of security issues. These are{{#tip-info:these measures are not or less appropriate or effective against <span style="color:silver">greyed-out</span> security issues}}:
   
 
{| class="wikitable" style="text-align: center;"
 
{| class="wikitable" style="text-align: center;"
Line 22: Line 22:
 
! Financial gain !! Boredom or compulsive behaviour !! Impulse !! Conflict in beliefs
 
! Financial gain !! Boredom or compulsive behaviour !! Impulse !! Conflict in beliefs
 
|-
 
|-
| <span style="color:silver">Burglary</span>{{#info:Burglary is the crime of illicitly entering a building with the intent to commit an offence, particularly (but not limited to) theft.}} || <span style="color:silver">Physical assault</span>{{#info:Assault, is a crime which involves causing a victim to fear or to experience any type of violence, except for sexual violence}} || [[Security issue: Destruction by riots|Destruction by riots]]{{#info:Destruction by riots is the act of vandalism of property by organised groups for a shared rational or rationalised reason.}} || [[Security issue: Mass killing|Mass killing]]{{#info:Mass killing is the crime of purposely causing harm or death to a group of (unknown) people in order to make a statement or to influence the public opinion. This threat is exerted out of wilful action by fanatics: terrorists or criminal activists.}}
+
| <span style="color:silver">Burglary</span>{{#tip-info:Burglary is the crime of illicitly entering a building with the intent to commit an offence, particularly (but not limited to) theft.}} || <span style="color:silver">Physical assault</span>{{#tip-info:Assault, is a crime which involves causing a victim to fear or to experience any type of violence, except for sexual violence}} || [[Security issue: Destruction by riots|Destruction by riots]]{{#tip-info:Destruction by riots is the act of vandalism of property by organised groups for a shared rational or rationalised reason.}} || [[Security issue: Mass killing|Mass killing]]{{#tip-info:Mass killing is the crime of purposely causing harm or death to a group of (unknown) people in order to make a statement or to influence the public opinion. This threat is exerted out of wilful action by fanatics: terrorists or criminal activists.}}
 
|-
 
|-
| <span style="color:silver">Ram-raiding</span>{{#info:Ram raid is a particular technique for burglars to gain access to primarily commercial premises, by means of driving -usually stolen- vehicles into locked or closed entrances, exits or windows.}}|| [[Security issue: Sexual assault|Sexual assault]]{{#info:Sexual assault is assault of a sexual nature on another person, or any sexual act committed without consent}} || || [[Security issue: Destruction by fanatics|Destruction of property by fanatics]]{{#info:Destruction by fanatics is the crime of purposely causing damage in order to make a statement or to influence the public opinion.}}
+
| <span style="color:silver">Ram-raiding</span>{{#tip-info:Ram raid is a particular technique for burglars to gain access to primarily commercial premises, by means of driving -usually stolen- vehicles into locked or closed entrances, exits or windows.}}|| [[Security issue: Sexual assault|Sexual assault]]{{#tip-info:Sexual assault is assault of a sexual nature on another person, or any sexual act committed without consent}} || || [[Security issue: Destruction by fanatics|Destruction of property by fanatics]]{{#tip-info:Destruction by fanatics is the crime of purposely causing damage in order to make a statement or to influence the public opinion.}}
 
|-
 
|-
| <span style="color:silver">Pickpocketing</span>{{#info:Pickpocketing is a form of theft that involves the stealing of valuables from a victim without their noticing the theft at the time. }} || <span style="color:silver">Vandalism</span>{{#info:Vandalism is the act of wilful or malicious destruction, injury, disfigurement, or defacement of property without the consent of the owner or person having custody or control.}} || ||
+
| <span style="color:silver">Pickpocketing</span>{{#tip-info:Pickpocketing is a form of theft that involves the stealing of valuables from a victim without their noticing the theft at the time. }} || <span style="color:silver">Vandalism</span>{{#tip-info:Vandalism is the act of wilful or malicious destruction, injury, disfigurement, or defacement of property without the consent of the owner or person having custody or control.}} || ||
 
|-
 
|-
| <span style="color:silver">Robbery</span>{{#info:Robbery is the crime of taking or attempting to take something of value by force or threat of force or by putting the victim in fear. It is used her exclusively for acts committed to individual persons.}} || <span style="color:silver">Graffiti</span>{{#info:Grafitti is the defacement of property by means of writing or drawings scribbled, scratched, or sprayed on a surface in a public place without the consent of the owner or person having custody or control. }} || ||
+
| <span style="color:silver">Robbery</span>{{#tip-info:Robbery is the crime of taking or attempting to take something of value by force or threat of force or by putting the victim in fear. It is used her exclusively for acts committed to individual persons.}} || <span style="color:silver">Graffiti</span>{{#tip-info:Grafitti is the defacement of property by means of writing or drawings scribbled, scratched, or sprayed on a surface in a public place without the consent of the owner or person having custody or control. }} || ||
 
|-
 
|-
| <span style="color:silver">Raid</span>{{#info:Raid is the crime of taking or attempting to take something of value from a commercial venue by force or threat of force or by putting the victim in fear.}} || <span style="color:silver">Antisocial Behaviour</span>{{#info:Antisocial behaviour is an accumulation category of relatively small crimes that highly influence the security perception of citizens. }} || ||
+
| <span style="color:silver">Raid</span>{{#tip-info:Raid is the crime of taking or attempting to take something of value from a commercial venue by force or threat of force or by putting the victim in fear.}} || <span style="color:silver">Antisocial Behaviour</span>{{#tip-info:Antisocial behaviour is an accumulation category of relatively small crimes that highly influence the security perception of citizens. }} || ||
 
|-
 
|-
| [[Security issue: Vehicle theft|Vehicle theft]]{{#info:Vehicle theft is the crime of theft, or attempt of theft of or from a motor vehicle (automobile, truck, bus, motorcycle, etc.).}} || || ||
+
| [[Security issue: Vehicle theft|Vehicle theft]]{{#tip-info:Vehicle theft is the crime of theft, or attempt of theft of or from a motor vehicle (automobile, truck, bus, motorcycle, etc.).}} || || ||
 
|-
 
|-
 
|}
 
|}
Line 57: Line 57:
 
Protective and resilience-enhancing measures directed at infrastructure, such as access control, can have negative impact on resilience of social infrastructure and societal resilience. For example, visible protection such as access control points makes people to underestimate risks but makes them reluctant to adopt protective measures themselves as well. This could undermine societal resilience and limit the effects of other measures that are not based on technology, such as [[Measure:_Ownership|ownership]].<ref> Dennis S. Mileti/John H. Sorensen: Communication of Emergency Public Warnings. A Social Science Perspective and State-of-the-Art Assessment. Oak Ridge, TN: Oak Ridge National Laboratory, U.S. Department of Energy, 1990.</ref> In addition to this, informing citizens with risks, how to assess risks, and how to prepare for realisation of risks is important.<ref> Dennis S. Mileti/John H. Sorensen: Communication of Emergency Public Warnings. A Social Science Perspective and State-of-the-Art Assessment. Oak Ridge, TN: Oak Ridge National Laboratory, U.S. Department of Energy, 1990.</ref>
 
Protective and resilience-enhancing measures directed at infrastructure, such as access control, can have negative impact on resilience of social infrastructure and societal resilience. For example, visible protection such as access control points makes people to underestimate risks but makes them reluctant to adopt protective measures themselves as well. This could undermine societal resilience and limit the effects of other measures that are not based on technology, such as [[Measure:_Ownership|ownership]].<ref> Dennis S. Mileti/John H. Sorensen: Communication of Emergency Public Warnings. A Social Science Perspective and State-of-the-Art Assessment. Oak Ridge, TN: Oak Ridge National Laboratory, U.S. Department of Energy, 1990.</ref> In addition to this, informing citizens with risks, how to assess risks, and how to prepare for realisation of risks is important.<ref> Dennis S. Mileti/John H. Sorensen: Communication of Emergency Public Warnings. A Social Science Perspective and State-of-the-Art Assessment. Oak Ridge, TN: Oak Ridge National Laboratory, U.S. Department of Energy, 1990.</ref>
   
Practical addressing of social aspects and aspects of [[security culture]] in security measures such as access control can be best accomplished by appropriately involving citizens, based on a set of introduced methods of [[citizen participation]] as compiled by VITRUV. Ideally, planning for the measure of access control should include usability tests in relevant social contexts. The [[Sociospatial_perspective|sociospatial perspective]] is an example of an approach to do so.
+
Practical addressing of social aspects and aspects of [[security culture]] in security measures such as access control can be best accomplished by appropriately involving citizens, based on a set of introduced methods of [[citizen participation]] as compiled by VITRUV. Ideally, planning for the measure of access control should include usability tests in relevant social context. The [[Sociospatial_perspective|sociospatial perspective]] is an example of an approach to do so.
   
 
=== Economic considerations ===
 
=== Economic considerations ===
  +
Access control mitigates the negative [[Economic impact of security threats|(economic) effects of security threats]]. These economic benefits reach beyond the reduction of material and immaterial damage since security threats also indirectly influence the local/regional and national economies, the so-called [[Economic effects of crime#Secondary economic impact of crime|secondary economic impact (of crime)]]. Riots, for instance, make investors nervous and have a distinct (negative) impact on tourism.
Access control does not only mitigate the negative (economic) effects of security threats, but also requires investments, exacting [[Economic impact|economic costs]]. Together, these benefits and costs of security measures are referred to as [[Economic impact of security measures|economic impact of security measures]]. The costs of access control measures contain the relatively straightforward [[Primary economic impact|direct expenditures]] on capital equipment and operational costs (both temporary and permanent), and in addition generate various types of [[Secondary economic impact|secondary effects]]. Access measures like closed roller shutters or big chain locks in shopping streets are classic examples of measures that create an unwelcome environment, creating these above mentioned secondary/indirect economic effects as a result of a reduction of the perceived security and quality of the environment. On top of that, access control measures can cause negative indirect effects for commercial venues like convenience stores. These negative effects are caused by a decrease in accessibility, reducing the amount of customers and increasing the costs of distribution.
 
   
  +
On the other hand, access control measures require investments such as the relatively straightforward [[Economic effects of anti-crime security measures#Direct (primary) costs of security|direct expenditures]] on capital equipment and operational cost (both temporary and permanent), and various types of [[Economic effects of anti-crime security measures#Indirect (secondary) costs of security|indirect economic effects]] (depending on the type of security measures used). The use of access screening by security guards, for example, may imply longer delivery times and disruption of global supply chains and of finely-tuned just-in-time delivery systems<ref name="ftn44"> Stevens (2004): The emerging Security Economy: An Introduction. Published in: OECD (2004): The Security Economy. ISBN 92-64-10772-X</ref>. And access barriers like roller shutters or big chain locks are illustrative examples of measures that easily create an unwelcome environment, resulting in an 'unwelcome environment' that creates negative indirect economic effects comparable to the criminal events itself. As a final example, access control measures can cause negative indirect effects for commercial venues like convenience stores. These negative effects are caused by a decrease in accessibility, reducing the amount of customers and increasing the cost of distribution.
Whether the costs are making sense from an economic point of view, depends on many factors, and can be answered by two distinct sets of questions (see also the [[Economic tools#Economic assessment step by step|'''flow chart''']] of an economic assessment):
 
  +
# Are the envisioned access control measures cost effective from a socio-economic point of view, or are there better alternatives?
 
  +
In order to decide if the particular use of access control measures make sense from an economic point of view (see the case example below), the urban planner should not just map both the costs and benefits of access control measures for the particular case (both direct and indirect), but also wonder if there exist potential alternative security measures that have a better value for money ([[Social cost-benefit analysis|benefit-cost ratio]])<ref>See also the [[Economic tools#Economic assessment step by step|'''flow chart''']] of an economic assessment.</ref>. On top of that, one should always consider how stakeholders (citizens, suppliers, customers, employees, etc.) are affected by the considered measures, and to which extend. Will customers for instance refrain from a visit to a certain shopping mall due to the severe access control measures? And how will potential criminals/terrorists react? Will they easily find ways to avoid the foreseen security measures, or will the access control measure force them to look for other targets ([[The economics of criminal and terrorist behaviour|the economics of criminal/terrorist behaviour]])? [[Economic tools]] can help decision makers to answer these questions and to prevent wasteful expenditures on security.
# Which specific agents (individuals, companies, sectors, authorities) are affected by the access control measures, and to which extend? How do the envisioned measures alter the behaviour of these agents, and, of course, the [[The economics of criminal and terrorist behaviour|behaviour of criminals/terrorists]]?
 
   
 
''Case example: Examples of cost-effective stand-off security measures against terrorist bomb attacks''
 
''Case example: Examples of cost-effective stand-off security measures against terrorist bomb attacks''
{{quote|One effective way to prevent a terrorist bomb attack is to create (physical) distance between an urban object and a potential detonation location (as addressed with the help of the [[Plan level tools|plan]] and [[Detail level tools|detail]] level tools in [http://www.vitruv-project.eu/ VITRUV]). This could be done with relatively expensive security guards at checkpoints outside the premise of buildings, but also with the help of access control measures that by design create a stand-off zone preventing trucks and cars to come near a building, for instance with the help of some type of (automatic) bollards or natural barriers (e.g. use of water or trees, etc.).}}
+
{{quote|One effective way to prevent a terrorist bomb attack is to create (physical) distance between an urban object and a potential detonation location (as addressed with the help of the [[Plan level tools|plan]] and [[Detail level tools|detail]] level tools in VITRUV). This could be done with relatively expensive security guards at checkpoints outside the premise of buildings, but also with the help of access control measures that by design create a standoff zone preventing trucks and cars to come near a building, for instance with the help of some type of (automatic) bollards or natural barriers (e.g. use of water or trees, etc.).}}
 
[[Economic tools]] can help decision makers to answer these questions and to prevent wasteful expenditures on security (of course in collaboration with insights from criminology, sociology, etc.).
 
   
 
=== Mobility considerations ===
 
=== Mobility considerations ===
Line 86: Line 84:
   
 
=== Legal considerations ===
 
=== Legal considerations ===
  +
Legal considerations when considering access control measures are:
[[Legal aspects|Legal]] considerations related to access control include protection of privacy (e.g. since access control may involve [[Measure:_Surveillance|surveillance]]) and addressing issues such as liability or professional negligence. As noted under [[Measure:_Access_control#Ethics_considerations|ethics considerations]], legislation relevant to prevent or mitigate discrimination-related issues should be carefully explored.
 
  +
* [[legal aspects#Development management standards|Development management standards]] - Access control measures may change connectivity and permeability or site development standards
 
  +
* [[legal aspects#Safety|Safety]] - Access control measures may change for example the emergency evacuation situation
VITRUV offers a [[Legal_aspects#Summary_table_of_legal_aspects_in_urban_planning|summary checklist]] and a [[Determination_of_security_aspects_-_methods_for_urban_planners#Methods_to_determine_legal_aspects_in_planning_of_public_spaces|list of methods]] to assess legal aspects in resilience-enhancing urban planning.
 
  +
* [[legal aspects#Building codes|Building codes / building regulations]] - Access control may change for example accessibility for people with disabilities
  +
* [[legal aspects#Traffic impact requirement|Traffic impact requirement]] / road construction - Access control may influence traffic flows
  +
* [[legal aspects#Appearance|Appearance]] - Putting in access control measures may change the appearance of an object
  +
* [[legal aspects#Cultural heritage preservation|Cultural heritage preservation]] - Access control measures may impose on cultural heritage rules
   
 
{{references}}
 
{{references}}

Latest revision as of 16:08, 9 October 2020

Access control is the measure of reduction of risk by regulating and controlling the flows of traffic into and out of an area or object.

Description

Access control encompasses all modes of traffic. The aim of access control is to determine who can or can't enter a particular area. This discrimination can be done on various characteristics such as whether one possesses a a ticket, has registered in advance, the time of day, the place of entry, the mode of transport, etcetera.

Boom barrier at a parking
Bus trap

This approach involves architectural features, mechanical and electronic devices, and related means for maintaining prerogatives over the ability to gain entry. Both dynamic measures (moving, acting such as boom barriers or guards) and static measures (passive, such as bus traps or heightened curbs) can function as access control mechanisms.

Another application of access control are environmental zones or low-emission zones (LEZ) with the aim of improving the air quality. Only low-emitting or zero emission vehicles are allowed to a LEZ [[1]].

Examples

Various means of access control are feasible, such as:

  • Electromagnetic doors, openable only by qualified personnel
  • Door guards
  • Barriers, both static and dynamic
  • Partitioning off of selected areas during "downtime" hours
  • Reduced number of building entrances

Effectiveness

This measure can be effective to a range of security issues. These are:

Financial gain Boredom or compulsive behaviour Impulse Conflict in beliefs
Burglary Physical assault Destruction by riots Mass killing
Ram-raiding Sexual assault Destruction of property by fanatics
Pickpocketing Vandalism
Robbery Graffiti
Raid Antisocial Behaviour
Vehicle theft

Considerations

General considerations

For access control to work, one has to make sure that alternative entry routes are made impossible. For example, erecting a control post at a stadium is useless if the entrance next to it is unguarded. This means that for this measure to work, the access control has to be active at all entry points and all other access to the area has to be sufficiently blocked.

In practice this means that this measure usually needs to be accompanied by other measure types, such as target hardening and/or directing traffic flows to prevent uncontrolled or allowing for undesignated entry points.

For access control to be effective in an urban context, the object or area should support a careful consideration of access and exit points, conforming to the use of the object or area. This holds both for the number of accesses and exits and the measures used to enforce it. A football stadium, for instance, can enforce rather imposing access control measures, in some cases extending to screening and the use of violence to enforce it and still requires quick access and exit of multitudes of people. At a service-oriented facility, this type of access control would be out of place and inappropriate and less imposing and more user-friendly measures of access control are required.

Urban planning considerations

Measures to control access to public space should ensure a balance between design for crime prevention and design for the effective use of an environment by legitimate users. Rather than focusing only on organised and mechanical strategies of access control (such as physical barriers), more natural strategies such as territorial reinforcement should be promoted where possible. The clear delineation of spaces (public, private, transitional) serves to reduce ambiguity for users as well as making it easier to identify offenders.

Planning considerations should account for any inconvenience faced by legitimate users, while seeking to design features that will deny offenders access to targets and reduce their possible opportunities of escape. A considered approach will avoid the ‘militarisation’ of spaces in favour of communicating the nature of public, private and transitional areas to users.

Safety/Security considerations

Access control measures tend to be highly visible. This can raise the prominence of an object, which can raise the attractiveness of the object for fanatics.

Social considerations

Access control is a technology-based measure to increase resilience. From the social point of view, any technology-based measure should consider that security mainly refers to the people and society. Material measures to protect should still suggest a sense of welcoming, openness, and inclusiveness.[1] Moreover, in public area's technical solutions are not as effective without the acceptance and participation of the public. This acceptance is, among other things, rooted in security culture.

Protective and resilience-enhancing measures directed at infrastructure, such as access control, can have negative impact on resilience of social infrastructure and societal resilience. For example, visible protection such as access control points makes people to underestimate risks but makes them reluctant to adopt protective measures themselves as well. This could undermine societal resilience and limit the effects of other measures that are not based on technology, such as ownership.[2] In addition to this, informing citizens with risks, how to assess risks, and how to prepare for realisation of risks is important.[3]

Practical addressing of social aspects and aspects of security culture in security measures such as access control can be best accomplished by appropriately involving citizens, based on a set of introduced methods of citizen participation as compiled by VITRUV. Ideally, planning for the measure of access control should include usability tests in relevant social context. The sociospatial perspective is an example of an approach to do so.

Economic considerations

Access control mitigates the negative (economic) effects of security threats. These economic benefits reach beyond the reduction of material and immaterial damage since security threats also indirectly influence the local/regional and national economies, the so-called secondary economic impact (of crime). Riots, for instance, make investors nervous and have a distinct (negative) impact on tourism.

On the other hand, access control measures require investments such as the relatively straightforward direct expenditures on capital equipment and operational cost (both temporary and permanent), and various types of indirect economic effects (depending on the type of security measures used). The use of access screening by security guards, for example, may imply longer delivery times and disruption of global supply chains and of finely-tuned just-in-time delivery systems[4]. And access barriers like roller shutters or big chain locks are illustrative examples of measures that easily create an unwelcome environment, resulting in an 'unwelcome environment' that creates negative indirect economic effects comparable to the criminal events itself. As a final example, access control measures can cause negative indirect effects for commercial venues like convenience stores. These negative effects are caused by a decrease in accessibility, reducing the amount of customers and increasing the cost of distribution.

In order to decide if the particular use of access control measures make sense from an economic point of view (see the case example below), the urban planner should not just map both the costs and benefits of access control measures for the particular case (both direct and indirect), but also wonder if there exist potential alternative security measures that have a better value for money (benefit-cost ratio)[5]. On top of that, one should always consider how stakeholders (citizens, suppliers, customers, employees, etc.) are affected by the considered measures, and to which extend. Will customers for instance refrain from a visit to a certain shopping mall due to the severe access control measures? And how will potential criminals/terrorists react? Will they easily find ways to avoid the foreseen security measures, or will the access control measure force them to look for other targets (the economics of criminal/terrorist behaviour)? Economic tools can help decision makers to answer these questions and to prevent wasteful expenditures on security.

Case example: Examples of cost-effective stand-off security measures against terrorist bomb attacks

One effective way to prevent a terrorist bomb attack is to create (physical) distance between an urban object and a potential detonation location (as addressed with the help of the plan and detail level tools in VITRUV). This could be done with relatively expensive security guards at checkpoints outside the premise of buildings, but also with the help of access control measures that by design create a standoff zone preventing trucks and cars to come near a building, for instance with the help of some type of (automatic) bollards or natural barriers (e.g. use of water or trees, etc.).

Mobility considerations

At closed entrances (if only to a particular mode of transport) information should be made available when and where a person/vehicle might gain access.

Access control in the field of mobility is also applied for congestion charging, for example with the aim to improve the air quality. In London this is applied with camera control with license plate recognition at the entrances/exits of the city.

In public transport, access control is sometimes applied with chipcards and automatic gates. The chipcards can be personnal. Access is only given to people with a valid chipcard with sufficient saldo.

At private (company) parkings, acces is often regulated with an automatic barrier and a pole with communication connection to e.g. the reception desk or chipcard (electromagnetic?) control; only people with a company chipcard or people with an appointment to a known employee of the company will get access.

Ethics considerations

Identification of people at access control point can raise ethics issues, such as collection and use of personal data. Another aspect are interactions between built infrastructures and human rights (e.g. rights to access and supply). In this context, it is important to consider that access control can have the unintended consequence of systematically excluding certain types of people from access to certain urban space. Therefore, access control can turn out to by a kind of over-sophisticated measure. To prevent issues, one should make sure to be transparent about the discrimination criteria and make sure these conform to anti-discrimination legislation and customs.

In general, pinpointing specific ethics aspects in resilience-enhancing measures needs to consider, among other things, citizen security culture and citizens' personal concerns. There are no ethics considerations that can be planned or implemented without prior identification and addressing of citizens' perceptions. To support this, VITRUV offers a commented list of methods to determine ethics aspects in relevant urban planning.

Legal considerations

Legal considerations when considering access control measures are:

Footnotes and references

  1. Coaffee, J. (2010): Protecting Vulnerable Cities: The UK's Resilience Response to Defending Everyday Urban Infrastructure. In: International Affairs, Vol. 86, No. 4, 939-954. Retrieved from: http://www.chathamhouse.org/sites/default/files/public/International%20Affairs/2010/86_4coaffee.pdf [last access: 2012-04-13].
  2. Dennis S. Mileti/John H. Sorensen: Communication of Emergency Public Warnings. A Social Science Perspective and State-of-the-Art Assessment. Oak Ridge, TN: Oak Ridge National Laboratory, U.S. Department of Energy, 1990.
  3. Dennis S. Mileti/John H. Sorensen: Communication of Emergency Public Warnings. A Social Science Perspective and State-of-the-Art Assessment. Oak Ridge, TN: Oak Ridge National Laboratory, U.S. Department of Energy, 1990.
  4. Stevens (2004): The emerging Security Economy: An Introduction. Published in: OECD (2004): The Security Economy. ISBN 92-64-10772-X
  5. See also the flow chart of an economic assessment.