A Global Shift
Today, safeguarding a transportation site is more complex than ever
- By Jeffrey Lynn
- Mar 18, 2008
If you don’t think the aftermath of
Sept. 11, 2001, continues to have
strong repercussions throughout the
world, then you haven’t traveled
much in the last six years. Security is still
the word du jour—perhaps even more so as
time goes on. Transportation venues continue
to protect themselves from terrorist
threats. A primary concern, in addition to
getting people where they need to go on
time, is to create a safe, secure and protective
travel environment for passengers, tenants
and employees.
This is not accomplished easily or by
accident. A maze of security and regulatory
issues face every transportation hub. For
instance, in the case of an airport, security
starts with a thorough understanding of
Title 49 CFR Part 1542 of Homeland
Security’s Transportation Department. It
covers a lot—ranging from who must be in
charge, how to become compliant and
parameters for airport tenant security programs
to security of various locations within
the airport, law enforcement and, yes,
access control. The first objective is to
reduce the complexity of this and other
pertinent regulations, along with the security
ramifications.
Next, one needs to determine and resolve
airport security and fire-safety vulnerabilities.
Security could be almost perfect if
everything were locked down and nobody
could come or go. But that’s not feasible.
What needs to be done to ensure that security
is at a high level but that innocent people
can escape when needed? There’s a compromise
typically found within the afore-mentioned
regulations and local codes.
The Transportation Security Pyramid
The levels of security can be best represented
by a pyramid. The integration with
all levels of this pyramid ensures seamless
security and access control.
At the foundation, Level 1 covers
mechanical access and egress. This
includes exterior and interior doors, door
hardware, mechanical locks, keying systems
and portable security.
Level 2 is electronic access control and
key management, which includes electronic
key management systems and standalone
electronic access controlled openings.
Level 3 covers networked access control
and biometrics for the management of
perimeter and controlled public openings
performed by biometrics and electronic
access control systems. Finally, Level 4
covers facility integration, which includes
the management of assets and people, as
well as the integrated facility solution
encompassing access control, time and
attendance, and staff scheduling.
With all this as background, protecting
a transportation hub starts with a comprehensive
site assessment and solution-generating
task to identify the critical access
openings of the facility. Security needs at
all levels must be acknowledged. An access
security breach assessment will spot gaps
between the current state of security and
present and future needs.
An assessment starts with identifying
all the security stakeholders involved. This
will include the security coordinator at the
venue, the Transportation Security
Administration, local fire and law enforcement,
union leaders, tenants and carriers.
All parties need to all be brought in up
front and kept engaged throughout the
process. Otherwise, anyone could throw a
roadblock into an otherwise perfect plan.
Access Control Needs
Needless to say, critical openings must be
identified. Since most people are familiar
with them, let’s use an airport as an example.
When one starts researching, a host of
access means emerge:
• Terminals—public and private areas
• Aircraft operations areas (AOA)—tarmac,
taxiways and jetways
• Employee movement—including outsourced
service
• Catering service
• Air traffic control
• Aircraft—parked and active
• Passengers—screening, ticketing,
metal/explosives detection
• Baggage systems—carry-on, checked
and handlers
• Navigation systems
• Vehicle control—automobile and cargo
• Parking lots—employee and passenger
surveillance
• Cargo facilities
What are the security and safety needs of
each access point? For instance, does security
need to capture and monitor real-time
events with the ability to record if a breach
occurs? For example, there is a big difference
between jarring open a door to get janitorial
supplies and breaking through onto
the tarmac.
Remember needing to identify all stakeholders?
Here’s one example. Does human
resources want to combine with security
and link time and attendance recording to
security to stop buddy punching? Or, how
can passengers who have had background
checks be moved quickly to their boarding
areas while still keeping security high?
Once the security needs of each opening
have been determined, it’s time to perform
physical assessments. In other words, what type of products should be used?
Real-Life Examples
Remember how it’s important to balance
security and life safety? Inchon (Korea),
Jorge Chavev (Peru), Suvarnabhumi
(Bangkok), Dubai, Detroit, Hong Kong and
many other locations do just that with Von
Duprin exit devices, which keep a door
locked from the outside while remaining
unlocked inside.
For example, Charlotte Douglas
International Airport’s solution uses proximity
card technology, monitoring switches
and a Schlage locking mechanism on one
side of the door and a Von Duprin exit
device on the other. The exit device side
upholds the security of the jetway area in
terms of accessibility, and the locking
mechanism ensures access control in its
ability to lock down on demand.
Most transportation centers use Von
Duprin’s Chexit™, a self-contained
delayed exit system that incorporates all
controls, auxiliary locking, local alarm and
remote signaling output. A key cylinder on
the front of the device arms and disarms it.
An LED indicator shows its status. The
system sounds an alarm and delays a person
from exiting through a door for a coderegulated
15 seconds. Not only does this
discourage unauthorized use, but it also
provides an opportunity for a response. For
instance, the security system might trigger
a CCTV camera to capture a visual record
of activity at the door. However, when the
building’s fire alarm or sprinkler system is
activated during an emergency, these
devices automatically disable to allow
immediate egress.
How can someone be stopped from
sneaking onto a tarmac? The person could
simply use someone else’s card or key.
Since 1991, San Francisco International
(SFO), the nation’s fifth busiest airport, has
employed biometric hand geometry readers
to secure its AOA, allowing access to
authorized individuals only.
The airport’s 300 hand readers span the
entire facility, securing more than 180
doors and verifying the identity of more
than 18,000 employees. The use of biometrics
at San Francisco is airport-wide and
fully integrated into the primary access
control system.
In fact, those aren’t the only places they
are deployed. Covenant Aviation Security,
a private company that was awarded a TSA
contract to protect SFO from terrorism, is
using hand readers to verify employee
identities before granting them access to
work areas.
“After Covenant Aviation Security was
awarded the TSA’s private passenger
screening contract at SFO in October 2002,
it was crucial to have a system in place that
accurately and consistently identified our
more than 1,200 employees arriving and
departing work every day,” said Tom Long,
executive vice president of Covenant.
“Since day one, our Schlage HandPunch 4000 has provided us with a quality product
that we will continue to depend on at
San Francisco International Airport.”
At Miami International Airport,
HandPunch terminals take time and attendance
readings for the janitorial services.
The system not only identifies individuals
by who they are, but also prevents employees
from entering work areas during nonworking
hours and monitors their frequency
of service and maintenance.
Almost all major airports and many
smaller airports use hand geometry to
make sure that only those authorized to get
through an opening can do so.
At Yeager Airport in Charleston, W.
Va., hand readers restrict access to the
control tower, which is located in the airport
terminal, and to the HVAC system
and other sensitive equipment. The control
tower doors are opened about every
five minutes around the clock. The hand
readers are all networked to the airport’s
central security system computer. One of
the hand readers is used as the master for
enrollment purposes.
“We feel that hand geometry is the best
and most reliable biometric technology
available,” said Rick Atkinson, Yeager
Airport director. “We have never had any
problems with the hand readers since
installing them in December 2001. They
work fine and are easy to administer."
What can be done to increase passenger
convenience? Tel Aviv’s Ben Gurion
International Airport, the largest airport in
Israel, figured that out several years ago to
accommodate more than 2 million annual
passengers. Of course, Israeli security is
considered second to none and, since 1974,
no flight departing from Ben Gurion has
been blown up or hijacked by a terrorist.
Ben Gurion’s award-winning biometric
system has reduced waiting times at security
checkpoints from hours to seconds. The
program handles 15 percent of Ben Gurion
passengers. Nearly 100,000 Israeli citizens
(2 percent of Israel’s population) have
enrolled in the program, and more than 1
million authentications have been produced
in the first two years of operation.
Travelers go through an extensive background
check to ensure they are low risk.
An annual fee of approximately $20 is
charged to use the system.
To reach the boarding areas, Israeli citizens
use an automated inspection identification
kiosk. The user selects one of his
credit cards. When entered, the credit card
provides an ID number to the system.
Then, upon placing a hand on the hand
reader, the user’s biometric information is
compared to the security database. If the
information matches, the system prints out
a receipt and the traveler proceeds through
a system-controlled gate. If the system
denies passage, it sends an alert message
and the traveler is referred to an immigration
inspector.
The Next Step
Once it’s been decided what to use at each
opening, it is time to identify coverage
gaps and vulnerabilities. For instance,
among other things, to comply with Title
49 CFR Part 1542, the mechanical locks in
Level 1 of the pyramid must be operational
all year. This isn’t a problem in Miami, but it can cause havoc in Detroit.
For Level 2 systems, one requirement is
the ability to rekey and recode locks quickly.
That’s why so many transportation
locales prefer stand-alone computer managed
locks. For instance, SFO uses 280 of
them. Stand-alone, programmable, batterypowered
locks are networked through software
to provide audit-trail capability and
time-based scheduling for restricting access.
New users, access points and access
privileges can be entered into the system in
seconds. The system also provides an audit
trail capability. A CM system can support a
variety of credential types, including PIN
codes, magnetic stripe cards, iButtons,
proximity cards and biometrics. Users and
access points, as well as access privileges,
can quickly and easily be added and deleted
from the system. The system operator
easily can control both users and access
points based on time of day, day of week,
credential needed and/or period of time.
Reports show audit trails retrieved, access
privileges granted and time functions
established by either the user or door.
With a laptop or PDA, the administrator
goes to the opening, plugs in the interface
to the locking system at the door and
quickly uploads new access instructions to
the lock while downloading audits of who
has been through the door and when.
Charlotte Douglas took a different
approach. The airport’s stand-alone system
had grown to 100 doors, and it could take up
to two days to change out all the combinations
when needed. That was just too much
time and not enough security. Officials also
wanted to perform locking control from one
centralized control station and integrate jetway
door locks with the airport’s existing
access control network. Plus, the airport
needed a solution that easily could be retrofitted
into the lock technology in place,
avoiding expensive and time-consuming
wiring and construction.
The airport’s new locking devices have
all the switches built in so they easily integrate
into the airport’s existing Software
House access control system. Instead of
running yards upon yards of conduit,
installers only had to run four wires to each
doorway. With the new locking devices in
place, security can determine, program and
change the access privileges of users and
the locking status of the doors in real-time
and on demand.
Likewise, Levels 3 and 4 also have their
requirements. If there is a gap or vulnerability
in any of these levels, the system
won’t be certified. Lastly, transportation
facility management needs a cost-justification
analysis and project plan.
While nobody will argue that it
is good to plan and test—searching for
the best and most viable solutions to
protect the world’s traveling public—
security professionals put more stock
in what’s been successful. Those venues
already using successful security systems
provide a roadmap to
follow.