Tamper detection requires dedication

Roger Johnston's magic sword Excalibur II unlocks the secrets of a successful seal installation

Revenue protection and loss prevention are hot topics nowadays in the utility industry. Tamper-indicating seals are often used to help detect theft and diversion, as well as meter tampering. Unlike locks, seals are not meant to physically impede unauthorised access or entry – they are meant to record that it took place.

The good news about seals is that they can be very effective at detecting tampering if used correctly. The bad news is that using them correctly can take a lot of work. You can’t mindlessly slap seals on a meter and expect them to solve all your theft and tampering problems.

THE BAD NEWS

The first piece of bad news is that you can’t use seals effectively in a vacuum. Effective tamper detection requires a thorough understanding of the specific goals of your security programme, your likely adversaries (know thine enemy!) the personnel and resources you are willing to devote to the task, the consequences of security failure, and what you will do when you find evidence of tampering. These issues need to be reviewed on a regular basis.

Choosing an appropriate seal is complicated. In my experience, most seal users (commercial or government) choose seals based on the following criteria, in order of decreasing priority:

  1. Unit cost
  2. Familiarity/tradition
  3. Environmental durability
  4. Ease of use
  5. Gossip – a colleague (or the salesman) says something nice about the seal, or something bad about a competing seal.

Attributes such as vulnerability to attack and tamper-detection reliability often don’t even make the list! This is probably because they are much harder to evaluate.

In extreme (but all too common) cases, users become so obsessed with the unit cost of a seal that they ignore everything else. This encourages seal manufacturers and developers to concentrate on making cheap seals, at the expense of good security. The unit cost is one of the least important economic factors. Costs associated with effective seal procurement, installation, inspection, record keeping, disposal, and training can be far larger – not to mention the costs of undetected theft!

VULNERABILITIES

Unhappily, seal choice is further complicated by the fact that there is no such thing as a ‘tamper-proof’ or ‘impossible to defeat’ seal. 

To ‘defeat’ a seal means to open it, gain access to what it is protecting, and then reseal it (or else replace it with a counterfeit) – all without being detected. To ‘attack’ a seal means to try to defeat it.

The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory has studied 120 different seals in detail. Most are in widespread use. They include both expensive and inexpensive products, and commercial as well as government-developed seals. The VAT has shown how all 120 seals can be defeated quickly and easily using low-tech methods and tools available to almost anyone. Ironically, high-tech seals are sometimes easier to defeat than simple low-tech mechanical seals!

The findings of easy-to-exploit seal vulnerabilities are not unique to the VAT. Others have made similar observations over the years. The work of the VAT differs only in its breadth.

PERSONNEL PLAY A ROLE

And yet more bad news! Your tamper-detection programme is no better than the people you put out in the field. If you pay minimum wages to a demoralised, poorly trained crew of seal installers and inspectors who take no personal interest in your loss problems, you will not be effective at detecting tampering.

So if seals are full of bad news, why bother? The answer is that seals (unlike locks) can actually detect tampering quite well, but only if you are willing to do some hard work. 

To use seals effectively, you must think about why you are using them. You need to pick them intelligently. You have to keep accurate records and follow careful procedures. You should understand the vulnerabilities associated with the specific seals you are using and look for the most likely attacks. (If you do that, most seal vulnerabilities either go away, or are greatly reduced.) You must train and motivate your personnel.

The best advice for optimising a tamper detection programme depends on the application, the seal user and his goals, and the seal being used. There are, however, some general suggestions that apply whether your seal installers and inspectors are employees or contract personnel. Most seal users would probably benefit from at least a renewed emphasis on some of the following.

  • Tell seal manufacturers and vendors that you are interested in seal security, not just cost. (And mean it!) Encourage them to develop new seals designed specifically for your application. Better seals are possible!
  • Many seal manufacturers claim to protect seal logos and serial numbers from unauthorised purchasers. Test this yourself – it’s not always true.
  • Only a small number of personnel within the utility should be authorised to order, store, check out and dispose of security seals.
  • Show your seal installers and inspectors examples of attacked seals. Inspectors should be familiar with the most likely attack scenarios associated with the seal they are using, and look out or test for them. Vague instructions to “look for signs of tampering” are not satisfactory.
  • Encourage your personnel to think about how to attack your seals and tamper detection programme. Whether the attacks they devise are practical is less important than getting them to think like an adversary.
  • As far as possible, seek to engage your seal installers and inspectors intellectually and emotionally in the task of ‘catching the bad guys’. Explain the importance of revenue protection and loss prevention. Explain the reasons for the various seal procedures. Hold contests and demon-strations of prowess.
  • Treat your seal installers and inspectors well. Disgruntled security personnel mean failed security programmes.
  • Reward seal installers and inspectors who find legitimate problems generously and immediately. Employees who save the utility from theft and loss of revenue are heroes and should be hailed as such in the company newsletter, or even the local newspaper.
  • Test your seal installers and inspectors (and your tamper detection programme) on a frequent, unannounced basis by inserting damaged or tampered seals, or leaving a small decal or token, or tampering with the meter. Give an immediate cash reward when the anomaly is reported.
  • Test whether your seal installers and inspectors can be bribed.
  • Seals that are inspected visually should be examined with an identical, unused seal held right alongside. People are not good at remembering details of colour, size, font, logos, surface texture, gloss and patterns, but they are fairly proficient at visual side-by-side comparisons. Counterfeits can more reliably be spotted in this way.
  • Bear in mind that tampering may involve bypassing the seal entirely. Seal installers and inspectors need to take a more holistic view.
  • Most seal users are careful about protecting their seals prior to use. After use, however, seals must be archived or completely destroyed. Cutting a seal or punching a hole in it is not sufficient. Discarded seals, even if partially destroyed, provide adversaries with a useful source of information, practice samples, and counterfeit parts.
  • Seal data, such as serial numbers, must be well protected. The data for a seal, of course, must never be stored inside a container being protected by that seal.
  • If you can’t afford outside experts to review your seals and tamper-detection programme, at least seek the input of intelligent internal employees unaffiliated to the security department. It is remarkable how often smart people can detect problems in a security programme that are overlooked by security personnel caught up in the day to day details of the job. Using internal employees can also increase security awareness throughout your organisation.
  • Security managers sometimes report that there has been no undetected tampering. That’s fine if there are reliable, independent methods for detecting loss. Such a conclusion, however, is meaningless if it is based solely on seal inspections. By definition, defeated seals are never detected.

IN SUMMARY

While seals can provide good security, the unfortunate reality is that they aren’t magic. They require a lot of hard work. Effective security has always required vigilance, thoroughness, and an understanding of your organisation, your weaknesses, and the threats you face. This was true even in Camelot.