When many people think of perimeter security, they often envision chain-link fences, barbed or razor wire, and padlocks. Mission accomplished, right? However, that is hardly the extent of what is needed to keep unstaffed infrastructure facilities secure (such as cabinet doors for electrical equipment), while still being accessible to those authorized to be on-site.

The term “critical infrastructure” encompasses a wide range of facilities, including water treatment plants, hydroelectric dams, wind farms, electric substations, cell towers, data centers, and other similar facilities, collectively numbering in the hundreds of thousands. For instance, in 2022, the Wireless Infrastructure Association (WIA) published a definitive look at the wireless infrastructure landscape in the U.S. at the time, identifying 142,100 cell towers (those 15 m [50 ft] or taller).

Securing critical infrastructure is a top priority for many industry and government organizations, including the National Electrical Manufacturers Association (NEMA), the Telecommunications Industry Association (TIA), and the Cybersecurity and Infrastructure Security Agency (CISA), among others. While much of their emphasis has been on cybersecurity, which is imperative, physical security is equally important.

The evolution of physical access control

Simply put, robust physical access control is about allowing authorized individuals to enter while preventing unauthorized individuals from gaining entry. It does not refer to stopping Bond-esque supervillains intent on world domination. In most cases, unauthorized physical access stems from theft, vandalism, or simple curiosity—individuals wanting to see what is behind a restricted door. Expensive batteries, fuel, and valuable metals are often stored at unstaffed sites, providing a strong incentive for theft.

In brief, today’s physical security at unstaffed infrastructure sites is far from ideal. There are usually multiple technology service providers with access, fuel contractors for backup generators, and even landscapers in some cases. There may be a series of padlocks on the gate, with each company having its own antiquated lock and key that were developed 50 years ago and are still in use. In some cases, it might be a combination lock. As contractors move between companies, they end up learning each other’s codes. Former employees often still have access to sites, so security is mediocre at best.

However, security is improving. Smart locks with intelligent keys and card access systems are becoming more prominent at infrastructure sites of all sizes. Smart locks and remote access systems reduce the number of keys in circulation, resulting in lower risk for unauthorized access. For those who need access quickly and do not have an intelligent key, remote access can be granted from a centralized management dashboard. This same system gives an audit trail for every individual who has accessed the locking mechanism. While still not ideal, since intelligent keys and access cards can be lost or stolen, they are considerably more secure than older methods.

Table 1

Traditional versus Intelligent Access Control

Case study: Virginia Department of Transportation

The Virginia Department of Transportation (VDOT) maintains thousands of traffic cabinets across the state and has recently conducted a security assessment focusing on cybersecurity, risk compliance, and network resilience. Findings showed that their traffic-related infrastructure was indeed vulnerable to these risks—a very common situation given the rapid rise in technology over the past few years.

State officials needed a way to control access better and improve security without hindering the support and operation of the traffic system. That presented a huge challenge, considering the more than 6,000 traffic cabinets across nine districts and the numerous personnel who routinely work on and support the state’s systems.

After a thorough review of available access control technologies, VDOT management determined that an electronic key-controlled access system was the best solution for the state. The system uses programmable keys that operate with intelligent electronic cylinders, allowing administrators to grant, revoke, and schedule access through web-based management software. The software also generates audit reports. Since power is contained within the key, no hard-wiring is required to the cabinet. The system complies with NEMA TS2 standard for traffic control assemblies, ensuring high network reliability for remote, outdoor enclosures exposed to wide temperature and humidity ranges.

Intelligent locks and keys provide administrators with total visibility and control over employee and contractor access, offering programmable keys and detailed audit reports. VDOT can take comfort knowing its keys cannot be duplicated or purchased online.

Dwayne Cook, regional operations director at VDOT, says, “As a result of the incredible support and collaboration we received from our partners, we are much better equipped to prevent cyberattacks and enjoy traceability for all individuals who access our traffic assets.”

The Evolution of Physical Access Control

Traditional security

∙ Relied on chain-link fences, padlocks, and mechanical keys

∙ Multiple contractors often shared access using old locks and codes

∙ Former employees sometimes retained access, weakening site security

Modern improvements

∙ Smart locks with programmable keys reduce keys in circulation

∙ Remote access can be granted through centralized dashboards

∙ Audit trails record every access event for greater accountability

Future direction

∙ Biometric authentication and radio-frequency identification (RFID) padlocks are emerging

∙ Cloud connectivity allows real-time monitoring and control

∙ Artificial intelligence (AI) may detect anomalies and flag suspicious access activity

Securing the future

Traditional mechanical keys, key fobs, access cards, and any other items that can be easily lost, stolen, or duplicated will be replaced by electronic access control systems that integrate biometric authentication, encrypted credentials, and centralized management platforms. Radio-frequency identification (RFID) padlocks are already in development that will allow contractors to access facilities via their phones. Similarly, facial identification systems are now readily available and affordable for mass deployments, providing both convenience and robust protection against unauthorized access. These systems will also be cloud-connected, enabling real-time monitoring and remote access control. Artificial intelligence (AI) may play a role in detecting access anomalies, automatically flagging or denying suspicious behavior.

Additionally, these technologies will support audit trails and compliance reporting, which are essential for regulated sectors such as energy, water, and transportation. Resilience against cyber threats will also be a key focus, with end-to-end encryption and redundant backups becoming standard.

Overall, the future of door locking solutions for critical infrastructure will be defined by intelligent, adaptive systems that integrate cybersecurity with physical security, ensuring safe and controlled access without compromising operational efficiency.

Author

Guerry Bruner is program manager for Intelligent Transportation Systems (ITS) and Unmanned Infrastructure Solutions at ASSA ABLOY Opening Solutions. He oversees the development and implementation of secure access technologies for critical and remote infrastructure applications across the transportation sector.

Key Takeaways

Securing critical infrastructure requires more than fences and padlocks. With unstaffed sites, such as substations and data centers, vulnerable to theft and tampering, agencies are turning to intelligent access control systems. Electronic keys, programmable cylinders, and cloud-based management platforms offer audit trails, real-time monitoring, and remote access control. The Virginia Department of Transportation’s (VDOT) adoption of such technology underscores the shift toward integrated physical and cybersecurity measures aimed at enhancing safety, accountability, and operational resilience.