|
FROM outside Lawrence Livermore National Laboratory, the public sees a site protected by chain link fences and guards at entry gates. But this Department of Energy national laboratory, home to a variety of classified research, requires much higher level security measures. Therefore, it is guarded as well by a sophisticated, computerized security system called Argus. Argus was designed, engineered, and installed at Livermore and is continually being upgraded and enhanced. It is also available to other Department of Energy and Department of Defense facilities.
Although named for the hundred-eyed monster of Greek myth, Argus security comprises much more than visual capabilities. A highly interconnected network engineered with comprehensive security features, Argus lives up to such stringent security requirements that DOE's Office of Safeguards and Security has cited it as the standard for physical security systems protecting facilities where the consequences of intrusion are significant. In addition to Lawrence Livermore, the Argus system has been installed at three other DOE sites and at one DOD site to protect top-priority assets or nuclear material.
As it monitors and controls entry into the Laboratory's high-security buildings, Argus is simultaneously monitoring the entire site for security threats and can alert and direct security forces to those threats. Argus security is all-encompassing and omnipresent, but it is surprisingly noninvasive. Employees of Lawrence Livermore enter and move about the Laboratory campus with relative ease. Yet, the Laboratory's Top Secret documents, materials, and facilities are thoroughly protected, intruders can be detected in real time, and intrusions and emergencies get instantaneous response from police and investigative personnel. The Laboratory is provided with maximum security 24 hours a day, 7 days a week.
This security results from a software system that comprises some 1.5 million lines of code, offering a wide range of security features. Extensive features are necessary, because Argus must accommodate many different configurations of security rules within one security complex, and sometimes one complex may have multiple geographical locations (for example, Livermore's Argus system controls the main site and the nearby Site 300 high-explosives testing facility). Moreover, Argus must be reconfigurable at any time. Extensive features also translate into flexibility and simplicity for end users. That's important because every authorized person in a high-security site accesses and interfaces with the Argus system. To ensure that designers, operators, and users understand Argus, DOE's Central Training Academy in Albuquerque, New Mexico, has 14 classes available, ranging from one hour to one week, that cover the complete set of Argus features.
While protecting a security complex, Argus also protects itself. A high degree of redundancy has been incorporated to prevent system failure, and tamper-indicating devices and data encryption have been used throughout to protect surveillance equipment and data from intruders and thieves. Insider threats to weaken the system have been addressed with a comprehensive set of system-enforced and procedural measures, including consistency checking, captive accounts, and a rule prohibiting people from working alone.
How Users Work with Argus
Argus is implemented through four integrated computer subsystems. One subsystem controls access into buildings and areas. Another monitors alarms and sensors installed throughout the site. A third integrates and displays security data so security personnel can assess and control incidents. The fourth provides central computing and data storage to support the overall system configuration and databases. These four elements provide what Greg Davis, the manager of Livermore's Argus program, calls a "God's eye view" of the site. They connect into a real-time, interactive security assessment and response system.
User interactions with the Argus network are made possible through two hardware components: a remote access panel (RAP) and the Argus field processor (AFP).
The RAP (Figure 1) is a microprocessor-based, programmable input-output device connected to an AFP (Figure 2). It is the primary user interface to the Argus system. When Livermore employees are "badged," they are enrolled into the Argus system and can then use RAPs to gain entry into controlled buildings and areas on site. They swipe their badges, which have been coded with a unique identification number and a decryption key. The RAP communicates the badge information to the AFP, another microprocessor-based device, which verifies it against locally stored encrypted access authorization databases.
Argus software allows access based on credentials (determined by a badge), a user's identity (determined by personal identification number and biometrics), clearance level, and privilege. Although access rules can be very restrictive, the access system provides flexibility by being able to make fine distinctions within those rules. Thus, it might allow a person into a high-security building within a classified area but prevent that person from entering an even higher level security vault within that building. The access system also allows changes in user privileges, within rule confines; for example, regular users can be enrolled to escort visitors through high-security areas. The system eliminates the need for labor-intensive badge checking, and it monitors, tracks, and logs all badge usage. |