Alarm systems are mechanisms that protect physical or digital infrastructure by sending an alert signal when unauthorized access to the infrastructure is detected. The alert signal can lead to the rapid intervention of security guards or law enforcement in order to investigate the situation.
For physical infrastructure, modern alarm systems typically include sensors that detect unauthorized access to an area outside of normal operating hours. Such sensors include infrared motion detectors, sensors that detect the opening of doors, and many other types of sensors[1]. The alert signal can be sent over a wired or wireless connection — low-cost modern systems often send the signal over the cellular network.
For digital infrastructure, intrusion detection systems[2] monitor for any activity that might indicate a hack is in progress. If unauthorized access is detected, an incident response team can be notified to attempt to contain and remediate any compromise.
Used in tactics: Arrest
Mitigations
| Name | Description |
|---|---|
| Attack | Alarm systems — or the communication lines they use to send alert signals — can be destroyed before or during an action. Wireless alert signals can also be jammed with a jamming device. Note however that some alarm systems operate by sending signals periodically or continuously, even when nothing abnormal is detected. In such cases, destroying the alarm system will cause its signal to be interrupted, which may be interpreted as an alert and trigger an intervention. |
| Digital best practices | When carrying out a cyber action, you can use defense evasion techniques[3] to prevent intrusion detection systems from detecting the action. |
| Reconnaissance | Before an action, you can survey the target building or infrastructure to determine the presence of an alarm system, and the type and location of sensors or other alarm devices. |