Critical Infrastructure.

A critical infrastructure site is rarely a standard building. These facilities often operate around the clock and rely on a constant flow of employees, contractors, service engineers, visitors and security personnel. In many cases, they also contain highly technical, expensive or hazardous equipment that must be protected from unauthorised access.

That makes accountability essential.

Knowing who is on site, where they entered and which areas they are authorised to access helps security teams manage risk more effectively. A credential may confirm identity, but a standard access-controlled door cannot always confirm that only one person has entered. This is where physical entrance security becomes a vital part of the wider security strategy.

Security entrances help close the gap between digital permission and physical passage. They can help prevent, detect or deter unauthorised entry, depending on the level of security required. For high-risk areas, security revolving doors and portals can support one authorised person per credential. For perimeter access, full-height turnstiles can create a strong and reliable boundary. For reception or administration areas, speed gates can combine controlled access with smooth people flow.

The goal is not to make access difficult. The goal is to make access accurate, secure and appropriate for each area of the site.

Critical infrastructure is defined differently around the world. Each country or region may use its own terminology, legislation and sector lists. However, most definitions focus on the same principle: infrastructure is considered critical when disruption could have a serious impact on public safety, health, security, economic stability or the continuity of essential services.

Common critical infrastructure sectors include:

• Energy and utilities
  Power generation, electricity transmission, renewable energy facilities, oil and gas sites, utility control rooms and supporting infrastructure.
• Water and wastewater
  Drinking water treatment plants, wastewater facilities, reservoirs, dams, pumping stations and distribution networks.
• Transport and logistics
  Airports, seaports, railways, freight hubs, public transport networks, road infrastructure and logistics facilities.
• Digital infrastructure and communications
  Data centres, telecommunications networks, internet exchange points, cloud infrastructure, operational technology environments and communication systems.
• Healthcare and public health
  Hospitals, laboratories, pharmaceutical sites, emergency care facilities and medical supply chains.
• Government and public administration
  National, regional and local government buildings, courts, civic infrastructure, public agencies and administrative services.
• Emergency services
  Police, fire, ambulance, emergency coordination centres and disaster response facilities.
• Financial services
  Banks, payment systems, trading infrastructure, insurance operations, financial data environments and other essential financial services.
• Food and agriculture
  Food production, processing, storage, distribution and agricultural supply chains.
• Chemical and hazardous materials
  Chemical production, storage, handling and distribution facilities where safety and controlled access are critical.
• Critical manufacturing
  Manufacturing facilities that produce essential components, equipment or materials for other critical sectors.
• Defence, aerospace and space
  Defence facilities, aerospace sites, satellite infrastructure, space technology environments and high-security research locations.
• Nuclear and high-risk industrial environments
  Nuclear facilities, radiological sites and other high-consequence environments with strict safety and security requirements.

Although the sector names may vary, the need remains the same: essential infrastructure requires reliable control over who enters, where they go and how access is managed.

Critical infrastructure security is increasingly shaped by regional and national legislation. These regulations may address physical protection, cyber resilience, operational continuity, reporting obligations, supply chain risk, incident response or a combination of these topics.

For global organisations, this creates an important challenge. A facility in one country may fall under a different framework than a similar facility elsewhere. A security strategy must therefore be globally consistent, but locally reviewed.

In the European Union, the Critical Entities Resilience Directive, often known as the CER Directive, focuses on improving the resilience of critical entities against non-cyber threats. It works alongside the NIS2 Directive, which focuses on cybersecurity obligations for essential and important entities. The CER Directive is relevant to sectors such as energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, public administration, space and food.

In the United States, the Cybersecurity and Infrastructure Security Agency, CISA, identifies 16 critical infrastructure sectors. These include energy, water and wastewater, transportation, communications, healthcare, financial services, information technology, government facilities, emergency services, critical manufacturing, chemical, dams, nuclear, defence industrial base, food and agriculture, and commercial facilities.

In the United Kingdom, critical national infrastructure protection is supported by guidance from the National Protective Security Authority, NPSA, together with sector-specific requirements and local risk management frameworks.

In Canada, the national approach to critical infrastructure focuses on ten sectors, including energy and utilities, information and communication technology, finance, health, food, water, transportation, safety, government and manufacturing.

In Australia, the Security of Critical Infrastructure Act regulates critical infrastructure assets across 11 key industries, including communications, data storage or processing, financial services and markets, energy, food and grocery, healthcare and medical, higher education and research, transport, water and sewerage, space technology and defence industry.

These examples show why entrance security should be considered as part of a wider resilience programme. Physical access control is not separate from operational continuity. It is one of the ways an organisation can reduce exposure, support compliance and protect essential services.

Not every entrance on a critical infrastructure site needs the same level of security. A perimeter gate, a staff entrance, a control room, a visitor reception and a server room all have different requirements. This is why Boon Edam supports a layered approach.

The right entrance should match the risk, the user flow and the purpose of the area.

• Perimeter protection
  Full-height turnstiles can support secure pedestrian access at fence lines, industrial campuses, utilities, transport sites and other large open facilities. They create a visible and robust boundary while helping to manage authorised entry.
• Staff and contractor access
  Tripod turnstiles, full-height turnstiles or speed gates can help manage frequent authorised access for employees and contractors. When integrated with access control, they support a smoother and more accountable flow of people.
• Reception and administrative areas
  Speed gates can help separate public, visitor and staff movement while maintaining a professional entrance experience. These solutions are ideal where security, design and throughput all matter.
• High-security zones
  Security revolving doors and security portals are designed for areas where the highest level of control is required. They can help prevent tailgating and piggybacking by allowing only authorised users to pass through the entrance.
• Accessible and wider access routes
  Access gates can provide a controlled route for wheelchair users, visitors with mobility needs, trolleys, deliveries or escorted access. They help ensure that security and accessibility work together.
• Service and emergency considerations
  A critical infrastructure entrance strategy must also consider evacuation, emergency access, fire safety, local building codes and business continuity. The entrance must protect the site without disrupting safe and efficient movement.

Access control is a vital part of any critical infrastructure security strategy. Card readers, mobile credentials, PIN codes, biometrics and visitor management systems all help decide who is allowed to enter. But access control alone cannot always control the physical act of entering.

When a user presents a valid credential at a standard door, more than one person may still pass through. This creates opportunities for tailgating, piggybacking, passback or unauthorised entry.

By integrating access control with a physical security entrance, organisations can better align permission with passage. High-security portals, security revolving doors, turnstiles and speed gates can all be configured to work with existing access control technologies, depending on the site requirements.

For critical infrastructure environments, this integration can support:

• More accurate entry control.
• Stronger accountability.
• Reduced reliance on manual supervision.
• Better visibility of exceptions and alarms.
• More consistent enforcement of access policies.
• A smoother experience for authorised users.
• A layered approach from perimeter to restricted areas.

A secure entrance should not stand alone. It should form part of the wider security ecosystem.

Tailgating and piggybacking are two of the most common physical security risks at controlled entrances.

Tailgating occurs when an unauthorised person follows an authorised person through an entrance, often without the authorised person’s knowledge. Piggybacking involves two people intentionally entering together using one authorised credential.

Both situations create a gap between who the access control system believes has entered and who has actually entered.

In critical infrastructure, this gap can be serious. A person who enters without authorisation may gain access to equipment, operational areas, sensitive information or safety-critical zones. Security entrances help address this risk at the point of entry, before the incident moves further into the facility.

Depending on the chosen solution, Boon Edam entrances can help deter, detect or prevent tailgating and piggybacking. For the most sensitive areas, security doors and portals provide a high level of physical control. For areas where throughput and visibility are priorities, speed gates and turnstiles can support efficient access management while making exceptions easier to identify.

Boon Edam has been creating entrance solutions for generations. Today, our revolving doors, high-security doors, portals, turnstiles, speed gates and access gates are used by organisations around the world to manage how people move into, through and out of their buildings.

For critical infrastructure, our role is to help you create the right entry experience for each part of your site. That may mean robust outdoor perimeter control. It may mean high-security access into a control room. It may mean efficient staff flow at shift change. Or it may mean a complete layered entrance strategy across multiple locations.

Our Entry Experts can help you consider:

• The level of security required per entrance.
• The difference between deterrence, detection and prevention.
• People flow at peak times, including shift changes.
• Contractor, visitor and service access.
• Integration with access control and biometric systems.
• Accessibility and inclusive access.
• Emergency egress and safety requirements.
• Service, maintenance and long-term performance.
• A consistent approach across multiple sites or countries.

With Boon Edam, you do not have to choose between security and efficiency. The right entrance solution can support both.