Friday, January 21, 2011

Closely Check Seals

There is an interesting article by Patrick Thibodeau over at that deals with an important physical security problem the possibility of people bypassing tamper evident seals. The article describes a study reported earlier this week at the Black Hat security conference. That report was presented by Jamie Schwettmann and Eric Michaud of i11 Industries.

According to the article the study authors “went through a long list of tamper evident devices at the conference here and explained, step-by-step, how each seal can be circumvented with common items, such as various solvents, hypodermic needles, razors, blow driers, and in more difficult cases with the help of tools such as drills.”

Seals and Chemical Security

Seals have been applied to chemical shipping containers for years to allow a customer to feel comfortable that the materials within the container have not been tampered with enroute. Many companies put these seals on as part of their quality assurance program.

In recent years the emphasis on the use of seals has slowly started to shift to their being a security measure as well as a quality assurance measure. Chemical facilities do not want security personnel opening tank trucks (or railcars or IBCs) at the front gate to ensure that they contain the appropriate chemicals and not weapons being used to attack the facility. So facilities rely on checking seals on the openings to the tank to verify that what their supplier put into the truck is still what is in the truck.

The study points out the basic flaw in this security measure; it is relatively easy to open most of these seals and then put them back together in such a way that a casual observer will not notice the tampering. Unfortunately, most security personnel have gotten so used to checking these devices that that is all the attention that they are receiving; a casual inspection.

Problem Solution

This is a common security problem. You train people to the necessary standards and require that they conform to those standards. But, any check like this that is made on a routine basis without detecting a problem will, because of human nature, be less closely checked as time goes on.

There are a couple of potential solutions to this type of problem. The classic solution is to provide close over-sight of people performing the checks and to take ‘appropriate personnel actions’ when they are not done properly. This certainly works, but it is management intensive (though remotely operated video systems may make that less of a problem) and breeds a certain amount of ‘distance’ or tension between security personnel and their managers.

A more creative way of keeping the checkers more attentive is to get them involved in determining ways that the devices can be bypassed. Simply collect discarded seals when the tank is opened and give them to the security personnel. Give them the assignment of figuring out how to put them back together while avoiding casual detection. Use the employee-doctored devices as periodic challenge tests for the security team.

Damaged Seals

Back in the days when these seals were there strictly for quality purposes the procedure for dealing with a damaged or doctored seal were fairly straight forward. Someone drew a sample from the tank and appropriate tests were done to insure that the material within still met quality standards. In some cases, where quality could not be adequately confirmed on-site and it really counted (say pharmaceutical manufacturing), a truck with a damaged seal was returned without unloading.

Today when it is more likely that security is the main reason for requiring the application of seals to incoming shipment containers, or at least an important co-issue, those earlier solutions have to be reviewed carefully. If the contents have been replaced with explosives to form a vehicle borne IED (VBIED), the dome-lid, where such samples might normally be taken, could very easily be equipped with anti-handling devices.

Additionally, one needs to consider where the trailer is going to be held while the sampling and testing process is undertaken. Leaving it blocking the delivery gate is clearly unacceptable from an operational point of view. Allowing it to enter the security perimeter presents an entirely different set of problems. And conducting sampling of hazardous materials in areas open to the public is liable to give corporate legal folks apoplexy. Probably the best solution is to have a designated area under facility control but outside of the inner security perimeter in which to park vehicles that need additional clearance testing.

It’s just one more thing that the high-risk chemical facility security manager needs to worry about.

1 comment:

Jamie Schwettmann said...

"Simply collect discarded seals when the tank is opened and give them to the security personnel. Give them the assignment of figuring out how to put them back together while avoiding casual detection. "

Unfortunately, seals that have been intentionally "permanently" broken, such as they are in normal use, are generally rather difficult to reassemble. They're designed that way, and when used that way, they work rather well.

*Covert* tampering is the threat we've discussed in our recent research, and detection of it requires a higher scrutiny during inspection than is currently required by any standard.

For most of the common seals we covered in our paper, including the bolt locks, cup seals, and plastic-covered shatter bolts commonly used in shipping hazardous materials and sensitive chemicals, covert tampering requires altering the device before inspection so that the primary breakage-identification mechanism remains intact -- that is, the "seal" part of the seal remains sealed, visibly and with most physical tests (tugging, jarring the seal). A normal broken (sheared) container bolt won't be able to be reassembled without evidence, but a modified bolt that has been carefully sliced off from the wrong end, drilled out and reassembled (again at the wrong end), would pass all too easily.

The good news is that your security team *can* be trained to identify most covertly modified devices, and i11 can offer this training.

/* Use this with templates/template-twocol.html */