A multinational defence company required a physical security review to evaluate the effectiveness and efficiency of the physical measures at a strategically sensitive site.
The site to be reviewed was X-listed, with complicated protocols, restrictions and complex security profile. It was a multi-function site, with nuclear material, armaments, sub-contractors and discreet technologies all present and needing to be accounted for in the review. In addition, there was a broad spectrum of potential adversaries and differing attack vectors on site, making the physical security review more complex.
With multiple national and international laws relating to nuclear security, and international government stakeholders, the review was a necessary and critical undertaking that had far reaching implications.
The team carried out assessments to identify any unknown site vulnerabilities and any technical weaknesses that could be exploited.
We implemented a range of methods aimed at providing indications of insider threats and outdated workplace security cultures, as well as conducting a successful replication of adversarial attack vectors, utilising our security experts with cross-function experience in both technology and real-estate, and cleared for sensitive government work.
Finally, we provided red and blue team expertise, using CPNI products and techniques to assess policies and processes from inside and outside the organisation.
Such a detailed review and comprehensive plan was necessary in order to cover the complex nature of the threats and risks present to the site.
Upon completion of the review, we provided a detailed report and site threat matrix that identified potential site vulnerabilities, providing the basis of an internal review of existing processes and procedures. Alongside the threat matrix, we provided our recommendations on how to best mitigate and manage the risks identified, providing a more robust security solution.
The customer took on board all the considerations from the report and matrix and consequently implemented the recommendations to improve the security systems and behaviours of staff on site, ensuring that their security was as robust and resilient as possible.