Secure Raceway System for Hardened Carrier PDS Deployments
Information technology professionals in the Department of Defense, other government agencies, corporations, and institutions agree that enhanced physical security of wire and cable management systems is crucial to the overall reliability of hardened carrier Protected Distribution Systems (PDS).
Many PDS raceway systems require the application of epoxy after covers have been installed. This requirement causes the system to lose modularity and scalability. Data-Fence Secure Raceway provides a high level of modularity and scalability. This steel raceway system incorporates a patent-pending structurally interlocking base and cover, as well as a full complement of secure boxes, fittings, and transition channels.
The Wiremold design provides several advantages over other products for PDS applications:
- Increases protection against overt, covert, and surreptitious attacks through structurally locking base and cover design and the permanent connection of all base components and fittings.
- Eliminates distributed locking mechanisms and/or proprietary locks that are not tested for security, performance, or long-term reliability by the DoD Lock Program.
- Allows meaningful access to the PDS system - either legitimate or malicious - only through pull-boxes that are secured by approved padlocks.
- Enhances the ability to visually detect any attempts at penetrating the raceway along the base or cover by locating all seams on the front of the raceway.
- Is significantly less complex so end-user personnel and support contractors are able to design and install the system - and provide quality assurance.
- Uses commercial pathway installation techniques, thus eliminating the need for costly training and/or certified installers.
- Reduces cost of ownership by enabling PDS expansion and/or reclamation.
Secure Design Solutions
Base and cover
Data-Fense Secure Raceway is available in 4-?" x 1-?" two-piece raceway, as well as 1" x 1" and 2" x 2" one-piece channels. Base sections for two-piece raceway are 10-ft. in length and are designed with a 3-in. connector welded on one end. Base sections are interconnected using the welded connector and are then bolted together using ?-in. bolts that pass through a mounting bracket that provides 360 degree access for visual inspection. While most commercial raceway products employ a 3-in. connector to join the two base sections, Data-Fence Secure Raceway uses a 6-in. connector to minimize the potential for an intruder gaining meaningful access to the raceway at the seam between two base sections. Wall attachments at each end of the base section and at one or two mid-span intervals use ?-in. stand-offs and ?-in. bolts.
Raceway covers are 5-ft. in length and are designed to slide along channels at the top and bottom of the base. This feature contrasts with commercial raceway covers that are pressed into place and are intended to be pried off to provide access to the raceway. All cover segments have a welded flange on one end providing a 3-in. overlap between each cover segment. This overlap minimizes the potential for an intruder to gain access to the raceway at a seam between two cover segments, and 'locks' the two cover sections together for added protection.
When installed, the seam between the cover sections does not coincide with the seam between base sections. Instead, cover sections are designed to be field-cut and staggered along the length of the raceway to avoid any points that could be targeted by an intruder. When all covers are slid into place, they provide full coverage of the base with no open seams.
Secure end boxes and mid-span boxes
Central to the design of Data-Fence secure raceway is the inability to remove any covers without first accessing the raceway through an end box or mid-span box. The end box mounts to the raceway on one end and provides an opening for covers to be inserted into the raceway system. End boxes have a solid welded, stainless-steel lock hasp to accommodate a GSA-approved padlock.
During installation the base section end is inserted up to a welded positive stop on the bottom of the end box. The end box is secured by two ?-in. bolts that pass through the base section, the back of the end box, and a spacer before being attached to the wall. The installer inserts covers onto the channels along the top and bottom of the base, slides the covers across the base sections to achieve 100% coverage of the raceway system, and locks the covers in place.
The sliding covers are locked in place on the base by three separate physical locking mechanisms within each access point (End Box, Mid-Span Box, etc.):
- Raceway Clamp: Secured by two bolts, the U-shaped clamp creates a compression lock on the raceway cover - causing it to expand inside of the base, preventing any incidental or intentional cover movement.
- Security Pin: In the center of the raceway clamp there is a pre-drilled opening with a security pin attached. When the last cover is installed, a hole can be drilled so that the pin can be installed through both the clamp and the cover - effectively attaching the raceway cover to the end box assembly.
- Cover Positive Stop: Precisely located and welded on the cover of the end box is a positive stop for the raceway covers. If the end box is closed and locked, the positive stop prevents the raceway cover sections from sliding or from being removed from the base. This provides added protection against potential insider threats and installer negligence that are vulnerabilities with other systems.
The mid-span box is similar in design and functionality to the end box - except that the mid-span box interfaces with the raceway on both sides instead of just one. The mid-span box allows a raceway cover to be inserted or removed so installers do not have to slide covers over a large distance. The Mid-Span Box also provides an excellent pull-point for cable installation - providing more than ample space for an in-line cable pull. The base attachment and cover security mechanism are the same as used in the end box. The base attachment and cover security mechanism are the same as used in the end box.
During visual inspection, personnel will be able to quickly ascertain whether the raceway has been accessed by inspecting the end boxes and mid-span boxes, or by making use of security seals. By locating all seals between the base and cover on the front of the raceway, personnel can quickly and easily detect any intrusion attempts or compromised areas.
90-degree and T fittings
90-degree and T fittings for the primary 4-3/4-in. x 1-3/4-in.raceway are a single-piece design with welded seams. Each end of the fittings has a welded base connector and a cover flange to protect against seam penetration. Fittings are permanently connected to the raceway base by two ?-in. bolts that then pass through a standoff spacer before being attached to the wall. When the raceway covers are in place, they are flush with these fittings.
Drop-out fittings allow cables to securely transition out of the raceway to the end-user workstation. The drop-out fitting is installed by punching an opening and drilling four screw holes on the back of the raceway base. The fitting is attached to the rear of the raceway to allow cables to easily transition out of the raceway. For higher security, an optional metal insert can be installed inside of the raceway base to provide more rigidity and protection if desired. For mid-wall installations and maximum security applications, an optional top flange can be installed to prevent an intruder from gaining access to the seam between the top of the raceway and the drop-out fitting, and providing a loop for optional DoD security seals.
This transition system includes 90-degree and T fittings that allow the channel to be inserted into the fitting on each end and then epoxied in place. These fittings are a two-piece construction to aid in pulling cable. These smaller 90-degree fittings are designed to be "universal," meaning that the same fitting accommodates either an "inside" or "outside" corner. Two sections of Data-Fence Secure Raceway can be joined by inserting each section into the ends of a channel connector and expoxied in place. The channel is attached to the wall with sufficient stand-off for 360-degree inspection.
Wiremold Secure Enclosures
In addition to the Data-Fence system, Wiremold/Legrand also manufacturers a full line of secure enclosures designed for PDS deployments. These enclosures incorporate a raceway adapter, which is factory welded inside the enclosure for enhanced security and quicker visual inspection. .All enclosures are manufactured with solid welded seams, no external hinges, and lock clasps for GSA-approved padlocks.
Wiremold/Legrand has designed the Data-Fence system with feedback from end-users, system security officers, and TEMPEST authorities. This system has been designed to address the current requirements of NSTISSI 7003 while also providing modularity and scalability to minimize the total cost of ownership. Wiremold/Legrand provides an innovative design with enhanced mechanical security features that negate the need for wide-scale application of epoxy after installation and greatly enhances the effectiveness of Periodic Visual Inspections. The lack of a proprietary or distributed locking mechanism eliminates concerns about the continued physical security integrity of the PDS once installed, and long-term reliability of the raceway.
« Back to white papers