Volume 38, Issue 6, June 2003

Under Lock and Key
Examining a New Builders' Hardware Standard for 
Resisting Overt and Covert Attacks
by Michael Tierney

Today’s high security cylinders won’t stop bunker-busting bombs, but the best of them are likely to defeat even the most determined intruders, whether they are attempting a direct physical assault or surreptitious entry. A new standard provides guidance to those who specify the cylinder locks on doors and should increase the confidence of the owners and occupants who depend on such locks.

This standard (ANSI/BHMA A156.30-2003 High Security Cylinders) is completely new, rather than a revision of an earlier standard. Security specialists can now assess the various levels of security associated with builders’ hardware products against an industry standard, and thereby analyze objectively door openings in terms of risks and hazards.

Renewed Emphasis on Security
Since 9/11 and the subsequent formation of the Homeland Security Department, the openings of buildings have attracted much attention. Subsequently, publicity about master key duplication also has aggravated concerns about intruders gaining surreptitious access to restricted areas.

Apart from the above chain of events and the present heightened interest in building openings, representatives from member companies of the Builders Hardware Manufacturers Association (BHMA) began working on this new standard well before 9/11. The new standard reflects the steady advances in the technology of high-security cylinders with regard to resisting physical attacks and defeating surreptitious attempts at gaining entry and also advances in the key control.

There is a growing appreciation of the need to apply this technology wisely. This completely new standard is the culmination of a long effort on the part of BHMA member companies. It establishes meaningful tests and performance criteria for high-security cylinder lock 

Since these hardware systems affect security directly, this standard was written for ease of adoption in building codes and security policies for commercial, institutional and industrial buildings. As such, it is of great interest to security specialists and insurance underwriters, as well as specifiers, contractors and building owners.

Resisting Physical Attacks
Today’s high-security cylinders offer unprecedented levels of resistance against forced physical entry. The new standard includes security performance requirements for both mechanical and electrified high-security cylinders and applies to high-security cylinders, including their keys or electronic credentials, their detainers (mechanical pins, levers, discs) or electronic control devices and their cylinder tailpieces or cam or electronic output ports.

Destructive tests include forced separation tests, which attempt to separate the cylinder plug from the body of the cylinder forcibly. For example, the highest-rated cylinders must withstand a pull force of 2,500 pounds. Similar tests involve the application of multiple impacts and torques. Drill resistance is another type of destructive test, which requires the cylinder to resist attacks that combine high-speed drilling followed by attempts to rotate the lock-driving element of the cylinder to the opening position.

Denying Surreptitious Entry
Surreptitious entry can be an even greater security concern than a physical attack. Basic tests of the resistance to surreptitious entry include criteria such as key changes, mechanical-pick resistance and electrical-pick resistance. The highest-rated cylinders must provide for 10 million theoretical key changes. (A theoretical key change is the total number of bitting combinations, usually reduced in practice.)

Recently, master key duplication has received increased attention, in part due to a broadly publicized paper by digital security expert Matt Blaze, who described how the number of theoretical key changes to decode the master key is reduced for a person who possesses a key that belongs to the master key system. The technique described by Blaze has been well-known in the industry. His paper underscores the trade-offs that are made between convenience and security when a master key system is specified. These trade-offs must be well understood by security specialists and hardware specifiers.

Builders’ hardware manufacturers have long been aware that the use of a master key system may begin to compromise the overall security of the system. In reality, master key duplication becomes much more difficult in a well-designed system. When developing a master keying system, the supplier’s recommendations for security should be followed. Breaking large systems into smaller ones is one method to increase security. In addition, most manufacturers offer patented or restricted keyways patterns and novel features to limit access to copies.

Building upon the rigorous requirements for cylinders in ANSI/BHMA A156.5 Auxiliary Locks and Cylinders, ANSI/BHMA A156.30 defines new standards for key control. To obtain the highest rating with regard to key control, key blanks must not be available from a second source and must be protected by law. Only factory-cut keys are provided by the manufacturer and only after authorization. Similar credentialing applies to electronic credentials, in which case the manufacturer provides factory-programmed credentials only after authorization, or the credentials are based on dynamic authorization or biometric technology.

Weighing Risk
In the security industry, as in life, most people are aware that there are trade-offs among cost, convenience and risk. Thus, one leaves a door unlocked—representing an increase in risk—to avoid the inconvenience of having to search for the key. (An increase in risk is equivalent to a decrease in security.) Also, the balance between risk and hazard is important to our decision-making. Thus, one locks his office door when going out for lunch, because the high potential hazard of a stolen laptop makes the unlocked door unacceptable.

Most (if not all) decisions made regarding security are determined by this tug-of-war between the urge to increase risks (or decrease security) based on convenience and costs and the urge to decrease risk (or increase security) based on potential hazards. 

A similar risk-hazard analysis applies in selecting builders’ hardware. It is largely the responsibility of the owners or occupants of a building to characterize the potential hazards at any given facility. Building codes must be enforced even when builders or owners do not realistically estimate the hazards faced by building occupants. Such laws are intended to correct the bias that owners or builders have toward lowering costs while increasing risks. (See table below.


Potential Hazard

Low High
High Security level is high but potential hazard is low. Possibly, resources are being wasted. ACTION REQUIRED!
Need to reduce risk by increasing security level.
Low Security level is low 
and potential hazard is also low.
Potential hazard is high and security level is also high.

The Role of Standards
An array of ANSI/BHMA standards exists to provide assistance to specifiers by defining various functions and performance for building openings for all kinds of hardware combined with cylinders. The new standard for high-security cylinders builds upon ANSI/BHMA A156.5 for Auxiliary Locks and Cylinders to supply an additional level of security (or, equivalently, reduce the risk) for building openings.

There is nothing new about users being aware of and quantifying the hazard level of any door opening and then specifying the hardware accordingly. What is new about the A156.30 standard is that users now have a standard to apply in conjunction with their hazard assessment. The new standard rates different hardware for the risks presented and allows the specification of a high security level where security is at a premium.

The new standard does not eliminate the need to work with reputable suppliers of builders’ hardware to weigh convenience, security and cost.

The purpose of a risk-hazard analysis is to apply the greatest security measures where they are needed the most. Understanding the potential hazards associated with a given building opening provides the first step in making sense of the risk-hazard tug-of-war but it is only half of the equation; for high-security installations, one must also understand the risks associated with the hardware choices. 

For more information or to purchase copies of the ANSI/BHMA A156.30-2003 Standard, please visit BHMA’s web site at www.buildershardware.com. 

Photos courtesy of Baldwin, Dorma, Essex and IR Safety and Security. 

Michael Tierney serves as the standards coordinator for the Builders Hardware Manufacturers Association in New York City.


© Copyright Key Communications Inc. All rights reserved. No reproduction of any type without expressed written permission.