The Fine Art of Security: Protection Regimes for Antiquities

Last year, a single joint operation supported by Interpol witnessed no less than 18,000 cultural artefacts; including coins, paintings, archaeological pieces and sculptures, being recovered and 59 individuals subsequently arrested. Similarly, Italian police arrested an international gang rumoured to have stolen £30 million worth of Sicilian archaeological treasures destined for the black market.

Art and cultural property crime is on a scale comparable with that centred on illegal drugs and gun-running. Ultimately, it can help to fund terrorism, conflicts and other forms of criminal activity. Many would also argue that such crime threatens our very humanity. Cultural heritage shapes our values and our environment, with assets of community value (such as stately homes, museums, galleries, places of worship and ornate gardens) sustaining local economies and creating a sense of belonging. Ultimately, they help in realising a better quality of life for us all.

Protecting our tangible heritage from crime, not to mention myriad environmental threats, is nothing if not a difficult task. Cultural venues and other historic sites contain irreplaceable and coveted assets which draw the attention of sophisticated adversaries, including terrorists and professional criminals. Although often overhyped in the movies, these opponents have the skills and resources at their fingertips to finance, plan and professionally execute devastating raids. They often use extreme force, cause damage and coerce insiders or enter a site legally and hide until closing time. Just as concerning are the activists, vandals and negligent employees who can damage or destroy a priceless artefact in a matter of seconds.

Fortunately, electronic security systems exist to deliver high levels of protection in our heritage properties, although with caveats and some significant architectural and technical challenges attached.

Architectural challenges

The architectural challenges revolve around a given venue's construction. Newer buildings are generally imposing structures with towering atriums and lots of glass designed to create a light, airy and open feel. Older places are often of inherent historical value, built with thick stone walls, high vaulted ceilings and traditional materials using long-established building techniques. All of this imposes restrictions concerning the integrity of the building fabric and its appearance. Even historic buildings which have undergone considerable renovation will often retain the core structure.

In reality, practising security professionals need to expect the unexpected and accept the truism that there will be difficulties with the placement of equipment and installing the cable infrastructure or achieving reliable wireless connectivity. In public spaces, the location of surveillance cameras and other security devices can raise aesthetic concerns and lead to a compromise between creating a positive ambience and providing optimal cover.

By their very nature, historic buildings are often cold and draughty environments with ill-fitting doors and windows leading to potential nuisance alarms. Operational routines, especially so in museums and galleries, present further technical challenges such as the obscuration of detection and camera views due to adapting room layouts for new exhibitions and displays as well as working time profiles.

When buildings are closed, they are physically secured and all security systems fully operational (or at least they should be). During opening hours, physical and technical security is minimal, but there's usually a significant human presence on site including security officers, various employees and volunteers. During times when they are closed to the public, buildings are often open for housekeeping, research, the renovation of artefacts and arranging new shows. The site is going to be particularly vulnerable to the insider threat as third party contractors undertake various tasks. Systems are usually in partial operation at this point, with a low-level employee presence.

Meeting the challenge

That said, there is an array of electronic systems available to meet the challenges and address the risks. Fire alarms and various sensors monitor the environment for unacceptable changes; smoke, temperature, humidity and floodwater, raising an audible and often a visual alarm to summon human intervention in a determined bid to alleviate injury and damage. Intruder alarms, access control solutions, video surveillance (ie CCTV) and communications systems reduce human threats, deliberate actions by an adversary actively trying to hurt an organisation, its people and its assets.

Intruder alarms protect locked-up premises or unoccupied areas within buildings using various sensors to detect and warn of unauthorised entry by initiating a signal to an Alarm Receiving Centre or an on-site Control Room and activating local warning devices. An area often overlooked when deploying intruder detection is a facility's outdoor environment, although this is more complicated due to the uncontrolled operating conditions and weather extremes. Active and passive detectors, both overt and covert, can cover a perimeter boundary to increase security; adding time and distance to give an early warning of unauthorised access.

Restricting access to specific sites and premises has always been essential. Modern access control systems are an efficient method of permitting and monitoring access to and from a facility and limiting movement around the site, as well as providing a wealth of management information by dint of the use of smart cards or biometrics.

For its part, video surveillance technology watches over a facility, duly monitoring a variety of activities both in real-time and in recorded format for post-incident analysis. By introducing Artificial intelligence and smart video processing, cameras are turned into advanced data-gathering devices providing a range of analytics: object removal, facial recognition, cross-line detection, etc. There's going to be more intelligence in targeting exceptions to the norm.

Design considerations

Whatever the environment, when it comes to procuring and designing electronic security systems there are some fundamental considerations if you are going to make the correct choices and implement adequate security.

The level of risk defines the protection level for a given facility. This requires a risk analysis to identify possible targets: people, property, information and the probability and impact of an attack. The security survey ensures that all of the pertinent information to design and implement corresponding security systems and measures is obtained.

The Operational Requirement (OR) determines a given system's scope, objectives and needs. For example, is the system designed to deter, prevent, detect or prosecute? What are the areas to be covered, and what degree of coverage is required?

The BS EN 50131 series of standards for security systems (and in particular Section 7: Application Guidelines), as well as the new IEC 62676 standard (Section 4 for Visual Surveillance Systems and IEC 60839-11-1: Alarm and Electronic Security Systems), contain guidance on producing an OR. The OR and relevant Codes of Practice provide the technical framework for the system designer such as depth of protection, number and types of detector, control and warning arrangements, integration between systems and the user interface.

In essence, the designer's responsibility is to turn the OR into a suitable technical specification which matches the risk level and operational needs of the client and stakeholders, among them insurers. In the case of arts and antiquities in the UK, the requirements of the Government Indemnity Scheme must also be taken into full account. That said, be cautious when protecting museums and galleries and securing irreplaceable arts and antiquities. Do not skimp on the depth of protection required. This point is often emphasised by eminent museum security specialist Steve Keller. Intruders in collection areas should not be able to move two steps before being detected.

Finally, in today's interconnected world, no design consideration can be complete without addressing the cyber risks of introducing IP-enabled security system devices to the network. Cameras, access control systems and intruder alarm devices communicating over IP provide a gateway for the potential exploitation of the network's integrity.

Applying technical security solutions

For security reasons, what follows only outlines the application of technical security, which brings me neatly to my first caveat. Electronic security must support structural and physical measures and be layered, providing in-depth protection to create and sustain a safe and secure environment pursuant with business objectives and activities. When it comes to deploying security systems, the basic security principal of Deter, Detect, Delay and Defend must be followed.

Deter

Some criminals might be deterred by the presence of alarm warning devices, cameras, associated signage and security lighting. 

Detect

How can secure professionals procure the best solutions when it comes to detection? Start externally with video surveillance cameras located to monitor all external elevations, particularly so vulnerable areas in the building envelope. Adding video analytics, such as cross-line detection, will increase the level of security by providing an early warning of possible attempted intrusion.

All perimeter doors and other opening or moveable access points (including those on the roof, hatches and roof lights) should be fitted with magnetic reed switches (contacts). Vibration sensors should supplement contacts on weaker perimeter access structures such as glass doors, windows and skylights set to activate on detection of valid vibration or tampering. Although acoustic break glass sensors can cover glazed areas, they can be prone to false activations and be less reliable than other more advanced technologies. 

At non-public visitor and staff entrances, fit access control to detect entry when the alarm is disabled and install an audio-visual entry system to control visitor entry. If the site has an entrance barrier, it should also be access and audio-visually controlled. All perimeter fire exits should be monitored around the clock. Moving into the building exhibition halls and display areas should be flooded with dual technology motion detectors. Detectors should cover the entrance foyer, and all circulation routes, stair and lift lobbies, back of house areas and even loft spaces, and vibration sensors fitted to display cases. All public areas should be under video surveillance and all key internal doors installed with contacts. Again, cameras should use video analytics to detect exceptions to the norm, such as people being close to an object, such that an early warning may be raised.

Delay

Delaying those with criminal intent between detection and an attack on assets can be achieved through the use of access control on internal doors and lifts, etc coupled with local systems and stand-alone technology which protects display plinths or stands, shelves and shelving systems, cabinets, table top displays and wall-hung art, especially so when the intruder alarm system is unset.

Another area to consider is the use of hold-up alarms in locations like the ticket office in order to deter and delay as they provide staff with a discrete method to summon emergency assistance.

Defend

Defend brings me to a further caveat. Defend in security system terms is really about summoning (as early as possible) a rapid and appropriate human response achieved through a good Command and Control system. The Command and Control system needs to be intuitive and user-friendly, providing maps and prompts, DULY bringing together and integrating the disparate security and information systems and correlating and managing the incoming information. Then it's about alerting the operator and providing the intelligence gathered from the various systems and devices needed to make informed decisions and elicit a prompt and appropriate response to incidents.

Museums, galleries and heritage sites are challenging and security in such environments is never absolute. However, it can be highly effective when physical security is fully integrated and deployed in multiple layers. This is known as security in-depth. Here. security is aligned with an accurate risk assessment and works in tandem with the host organisations' mission and goals.

The objective of technical security is to complement the overall security plan to reduce threats (ie the deliberate actions by an adversary actively trying to hurt employees or the organisation and its assets as opposed to hazards that exist in the environment and are non-deliberate actions).

Peter Houlis CSyP FSyI CTSP is an Independent Security Consultant

Sources