Home > Articles By Issue > Safety and Security > April 2006

Composite image created by Kevin Phelan

The Safe Room

As security threats continue to evolve, safety measures try to keep pace. What do facility managers need to know about the “Next Big Thing?” And how can they keep their people and assets secure?

By Amy Milshtein

Freshman year at college has now been deemed the most dangerous time for students. Weather events bring entire regions to their knees and failed security protocol into the light. With threats coming at facilities from all angles and security measures reaching Orwellian proportions, facility professionals are closely watching the state of the security industry for 2006 and beyond. The current environment is demanding closer scrutiny of facility strategies in this arena.

Chip In Your Shoulder

In Cincinnati, OH, something truly futuristic is happening; radio frequency identification chips (RFIDs) have been embedded into two volunteers. This leads many observers to wonder if an extreme measure like this is the future of security.

“I have my doubts,” says Craig McQuate, director of global security and safety for Waltham, MA-based Modus Link. “It will be a long time before people trust that kind of technology.”

Originally launched as a convenient way to keep pets safe, RFIDs have been implanted in the forearms of two employees from CityWatcher.com. Others have also spotted niches for the pre-WWII era technology. “The military sees RFID applications as a way to store medical records or even to track troops with a GPS,” says Rusty Gibson, general manager, DSX Access Systems of Dallas, TX. “And Mexico is trying it out with some government employees.”

So what does chief executive of CityWatcher.com Sean Darks have to say about the chip in his arm? Despite repeated attempts, he would not return calls, but in an Associated Press article he states, “it’s the same thing as a key card,” and “none of his employees are forced to get the chip to keep their job.”

It’s possible that the next generation of employees will not even be shocked by the perceived invasive nature of technology like RFID. “When you look at Internet sites like MySpace.com and see all of the personal information young people willingly post, you start to think that maybe they wouldn’t bat an eye about this,” says Rob Zivney of Santa Ana, CA-based Hirsch Electronics.

Easing Access

Future generations may embrace this type of technology with open arms, thus paving the way for more effective traditional access control measures. Industry experts feel electronic access control can be a practical means of mitigating serious security problems, and the technology is significantly less intrusive.

Effective access control allows authorized employees and visitors to travel throughout the facility as required by their specific job or function. Access rights can be customized for each individual person: defining which doors they can enter, what days of week they should be there, and the time of day that they can enter. In addition, electronic access control provides an audit trail via detailed entry/exit reports of all access control transactions; providing a valuable management and investigative tool.

Mark C. Peterson, director, iTechnology Design Resource of HID Corporation in Irvine, CA says, “Over the past several years, the focus on the threat of terrorist activities and other Department of Homeland Security-related issues has intensified. Personnel identity verification and access control certainly address these topical concerns. However, facilities are far more likely to be affected by more domestic security problems such as employee theft, industrial espionage, and workplace violence.”

Peterson states that, in an average week in U.S. workplaces, one employee is killed and at least 25 are seriously injured in violent assaults by current or former co-workers. An estimated 40% of business theft involves employees, resulting in losses of approximately $5 to $10 billion per year. And white collar crime and industrial espionage cost businesses about $44 billion per year. “Given those facts, less than 20% of targeted companies augmented security or took other prevention steps,” he explains.

Peterson notes, “The cost associated with mitigation of security risks is a challenge faced by facility managers in all sectors. Cost justification helps present the business case for deploying electronic access control, particularly when an effective access control strategy can also reduce the need for on-site security personnel.”

HID Corporation manufactures high quality, robust, access control cards, readers, and controllers. These essential electronic access control components are the part of the system that interfaces directly with the facilities personnel, as cards are read by readers at controlled door locations. As the visible access control element, cards and readers must work reliably so the business is not adversely affected when personnel cannot move through the building to carry out their job responsibilities.

Today’s smart card access credentials can be used beyond their original control functions for other non-security applications that improve the efficiencies of personnel and processes such as: time and attendance, production control, parking revenue systems, and cashless vending applications.

Smarty Cards

Many experts agree that smart cards are gaining acceptance in buildings of all types and sizes. “Smart cards have been ‘just around the corner’ for the last 20 years,” says Zivney. “That corner has been turned and now they are here.”

The biggest driver for this, according to Zivney, is the federal government. In August 2004, President Bush released the Homeland Security Presidential Directive (HSPD) 12.

This directive sets out to establish a mandatory, government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and contractors (including contractor employees). The due date for meeting this standard: October 27, 2006.

Corporations in the U.S. and around the world have been dabbling with smart cards for the last two decades, but along with this directive comes the first official set of standards. “We went from having a dearth to a plethora of standards,” says Zivney. Lined up to employ the technology are individual states, other countries, and private businesses, all waiting for the federal government’s learning curve to flatten out.

The new government Personal Identity Verification card (PIV) will contain a unique card number, a PIN, and the bearer’s photo and fingerprint. “Because it uses the fingerprint, the PIV may push other emerging biometric technologies like hand geometry and iris readers behind,” predicts Zivney.

The card will be responsible for both physical and information security. Simultaneously contact and contactless, the card can be waved by the user under a scanner to gain building access; then it is inserted into a reader to gain computer access.

“Contact smart cards aren’t practical for physical access, because it takes time to insert the card and wait for it to be read. That would create an intolerable bottleneck,” explains Zivney. “It’s not such a big issue when you are sitting at your terminal waiting for your computer to boot up.”

Port In The Storm

More than just grant access, smart cards can also rise to the occasion during a disaster. “These cards can help first responders identify themselves quickly and get them the access and assets they need during an emergency,” says Jack Graves, marketing manager, DSX Access Systems.

The National Capital Region (NCR) leads in identifying first responders with a card that is recognized across all federal, state, and local multi-jurisdictions. “We are excited to launch an effort that will help the country better coordinate its most valuable resources—its people—during an incident,” says Tom Lockwood, director of the Department of Homeland Security’s Office of NCR Coordination. “I encourage state and local governments to adopt interoperable technology to support mutual aide across jurisdictional lines.”

Will sophisticated smart cards grow into the security norm? “Smart cards and security readers will have their place, but I don’t think the average company has the money or resources to use this,” says McQuate. At $3 to $4 a card, some organizations will continue to use their magnetic stripe cards—which come in at 20¢ a pop.

“Some people think mag stripe is going away, but I don’t think that’s the case,” says Jerry Cordasco of Exton, PA-based Compass Technologies. “For instance, large universities with tens of thousands of students will continue to use the inexpensive technology.”

“Magnetic stripe cards are still a great way to keep students safe,” says Bruce Harman, director of public safety for the New Jersey City University located in Jersey City, NJ, “but they require a lot of maintenance. The readers get dirty, and the cards get corrupted.”

In response, many schools are moving to proximity card readers with RFID technology. “These cards can do it all,” says Harman. “They work as student IDs, access control, parking and meal payments, and debit cards.”

Traditional Approaches

During an actual event, however, an organization’s priorities should be getting its people to safety. And when the clock is ticking, facility professionals need to make sure key management isn’t an issue in times of crisis.

Michael Kincaid, general manager and vice president of marketing for Kaba Access Control of Winston Salem, NC, says, “Many facilities still rely on mechanical keys to control access to interior and exterior doors. Even facilities with on-line access control systems usually use keys for interior or remote doors.”

Kincaid stresses that keys are only as secure as a facility manager’s key control system. “To compound the problem,” he adds, “most key ways are very common and can be easily duplicated. When duplicate keys are made, key control is effectively lost.”

His company produces systems with utility patents that prevent the manufacture of duplicate key blanks. It also offers keyless, mechanical, battery free, push button locks for added security.

In situations where key management is under control but evacuation procedures are unclear, traditional alarms serve an important purpose, dictating the difference between life and death. “Alarms, particularly those that tell people exactly what to do, can keep a bad situation from getting worse,” explains Debbie Cohen, manager of marketing communications, Wheelock, Inc., of Long Branch, NJ.

Brawn Vs. Brain: Who’s In Charge?

As the price of technology comes down and security awareness ramps up, more institutions may eventually adopt the smart card model. This begs some questions: who will be in charge of security? Will the traditional safety responsibilities be rolled into the IT department? Does IT know anything about traditional physical security? Can these two groups get along?

“It’s not that the IT department and physical security are eventually going to overlap; they already have,” Zivney explains.

So if the security system can run on IT’s network, take up that bandwidth, and sit behind that firewall, it only makes sense for IT to manage and maintain the system. But that doesn’t mean an organization should just hand over all physical security responsibilities to the IT department.

“IT departments tend to think that security is security is security,” says Cordasco. “To some extent that’s true. But you really need someone with a ‘beat cop’ mentality to understand the intricacies of physical security, and that’s where the IT department is lacking.”

As an example, Cordasco points to facility managers’ intimate knowledge of the building, staff, and schedules. They are also trained to read subtle—and not so subtle—security threats.

“What can the IT department do about a disgruntled employee?” Cordasco asks. “Disable their ID card? That might only make matters worse.”

The best solution when planning the system calls for an early marriage of IT and physical security, with end user departments—like facility management and human resources—in attendance. “These two groups don’t know each other’s business, which can result in unproductive ‘turf wars,’” says Graves. “They have to have an early understanding of each other and the purpose of security.”

“There must be a clear protocol of who has access to what and what happens when someone is hired or terminated,” continues Cordasco. “Everyone has to be on board with the decisions and technology. If you leave a department out of the meetings and it ends up misunderstanding the system and its technology, then the whole endeavor is useless.”

Personal Touch

According to Julianna Benedick, group manager of marketing for Secaucus, NJ-based Panasonic System Solutions Company, “The main issue facing professionals involves daily entry/egress activities. Monitoring and tracking who comes and goes within a facility can be a daunting task where traffic flow varies day to day, like in a hotel, retail, or corporate complex.”

To address this issue, Benedick recommends a combination of perimeter physical security and access control. “External video surveillance allows continuous monitoring and recording of activities outside a facility, including parking areas and even remote access routes such as driveways and local roadways. New access control technologies, such as biometric iris readers, provide the most accurate form of identification and authentication attainable in a non-invasive manner that’s fast and easy to implement with existing access control systems. The combined security provided by these two technologies can greatly thwart or completely alleviate potential threats before they even enter a facility.”

Panasonic offers a comprehensive range of products and systems that integrate advanced digital networking systems and advanced analog camera and switching systems to provide users with the precise solution for their facility.

Getting all employees, from the CEO down to the mail room, on board with any security system may be the most important component of all. “Your system is only as strong as its weakest link,” insists Graves. “If you’ve invested big money in a system but there is a stairwell in a garage that anyone can get into or a VIP-type who wants special treatment, it falls apart.”

“Facility managers need to educate all the employees on the importance of security,” says Cordasco. This includes vigilance with cards and the perils of holding a locked door open for other people or “tailgating.” “The staff needs to feel security measures are in place to keep them safe, not to keep watch on them,” he continues.

Successful systems also allow for the idiosyncrasies of human nature. “If there is a door that is always being propped open for smokers, then companies should acknowledge it and maybe put a card reader on that door,” says McQuate. “Companies should also get the staff involved with security. If there is an emergency-only exit in an area, get the people who sit closest to it involved.”

McQuate says a good way to do this is to alarm the door with a loud signal that’s difficult to deactivate. “That’s a way to make sure the door is only breached once,” he says with a laugh.

Sometimes granting special perks are unavoidable. Like a day care center that keeps a door locked with an easy-to-use keypad, hospitals often adopt the same technology.

“We get calls to install keypads in hospital areas for two reasons,” theorizes Gibson of DSX. “Sure, some people feel they are above procedure and don’t want to carry an ID card, but often doctors are in scrubs and leave their IDs in their lockers.”

Continue to rest of article >>