IP-enabled video cameras have dramatically changed the way physical security can be implemented
Industrial Ethernet is a powerful tool when planning for the deployment of remote security monitoring in any setting that has environmental challenges. Physical security is a concern for most segments of national infrastructure, from public utilities and transportation systems to private industry, local governments and education. The ability to deploy a seamless, highly reliable and redundant, high-bandwidth communications network is paramount. It must convey data, video—at various levels of resolution—and VoIP-based alerts and conversations. Industrial Ethernet, which has been adopted as a global communications standard by prestigious and powerful groups such as the IEC for power utilities (IEC 68150), provides the platform for which numerous manufacturers of security appliances and other industrial equipment can create widely available, well-priced, future-proof equipment. An examination of several case studies where sensitive locations deployed Ethernet- based security monitoring systems can prove instructive.
Protecting National Infrastructure
Power utilities are at the center of a national (and international) effort to create security standards that can protect these national lifelines from intentional or inadvertent security breaches. Given the far-flung nature of the power grid, remote security monitoring enabled by an Ethernet communications network offers the most affordable answer to increased security and surveillance needs.
Nuclear Power Facility Uses Thermal Fence
A nuclear power facility installed a fully integrated perimeter alert system for simultaneous threat detection and assessment capability. The thermal fence incorporates both thermal security cameras and control and management software for the sensors deployed around the perimeter, providing a full virtual fence solution. Hardened managed Ethernet switches integrated the internal control and monitoring activities with the perimeter monitoring and alarm system.
Managed industrial Ethernet switches provide the network transport system “glue” that transfers the information collected in the field to redundant servers in the central monitoring station. Multiple resilient rings ensure high availability in an environment where failure is not an option. The same communications protocol delivers video information to the security hub that manages up to 256 VLANs, providing secure data pipes and keeping various control and monitoring channels separate within the facility.
Managed switches also can reduce traffic through the use of protocols such as Internet Group Management Protocol (IGMP). The primary goal of IGMP is to eliminate unwanted multicast traffic from video feeds. Typically, IGMP requires expensive and complex layer-3 switch/router implementations to manage multicast video streams so that they are sent only to target switches. However, this nuclear facility used a combination of layer 2 switches, implementing IGMP-Snooping (a kind of IGMP-lite) and IGMP-L2, a Belden proprietary protocol developed by its GarrettCom brand. This brand also works with layer 2 switches that provide similar results with less complexity in many applications.
Far-flung Power Gen and Substations Require Flexible Op tions Power utilities have challenges beyond the protection of a single facility. The entire smart grid consists of complex interactions among power generation equipment, substations, transmission and distribution lines and consumers.
Centralized monitoring of operational data is critical for cost-effective operation while new regulatory requirements and good practices dictate increased access security. Connectivity across the smart grid uses the full gamut of technologies available. Some networks use Gigabit fiber backbones that stretch for miles, often configured in redundant rings for resiliency. When it is neither practical nor cost effective to lay dedicated fiber cable, connections may be accomplished with the use of Ethernet over wireless Ethernet or by sending Ethernet over WAN circuits (e.g., DDS, T1/E1) from local telephone providers. A router equipped with a firewall is required at each end of the line to provide an electronic security perimeter to protect sensitive data. Further demonstrating the flexibility of IP, new routers have been developed that send data over a fiber or WAN backbone and also provide a cellular connection as backup. The flexibility of Ethernet transport equipment solves the problem of distance when aggregating security or operational activity data from remote sites for centralized monitoring, data storage and coordinated response when necessary.
No comments:
Post a Comment