In it Together

Partnerships help integrators and end users build integrity into the system

• By Kim Rahfaldt
• Jan 01, 2010

Installing a deeply integrated security solution will provide the best security protection for airports of all sizes. The key to success lies in working with a manufacturer that partners with the security consultant, integrator and airport security manager to meet current and future requirements. A strong partnership between these entities will help ensure the integrity of a system, protecting the investment for years to come.

Finding product support for emerging Transportation Security Administration standards is critical, and complying with TSA security directives in a timely manner is a challenge. Airports using antiquated security systems with limited databases and ID badging capabilities find that keeping up with security directives is challenging and expensive. A quick deadline applies more pressure. However, maintaining an up-to-date and adaptable access control system helps keep costs manageable.

"TSA issues directives and timelines," said Kevin Richmond, a senior system designer at security consulting firm URS Corp. "If an airport has an older access system and TSA wants 40 additional data fields to pull reports on people, the airport is mandated to provide those 40 fields by a certain date. Older canned badging systems don't have those data fields available to create, so the airport is required to comply and, often, the timelines are short."

The government has issued grants through the Airport Improvement Program to assist in meeting TSA standards. Airports are eligible for this funding when they can prove their current security system is at the end of its life and no longer able to receive support and upgrades.

"It is expensive to keep up with the changing TSA regulations, but that's the cost of doing business," said Wes Miller, vice president of administration at Wisconsin Aviation. "It's not an option—we will follow the rules."

Airport operations face a myriad of security challenges on a day-to-day basis with thousands of passengers and employees fl owing through an airport. Airport security and IT managers must research products to determine which one is right for their facility. Often, a security consultant with an airport specialty gets involved to help find the right product integration. The operations staff organizes product demonstrations, analyzes different feature sets, learns how the product works and grows with them as their needs change.

PACS/Video Integration

Airports must work with forward-thinking manufacturers that take government mandates into account when developing product lines. Security systems should be fl exible to accommodate future changes. Airports need a true open-architecture system that includes an access control head end, which can integrate with other best-of-breed products such as video management, mass notification, intrusion detection, building automation and advanced identity management.

"A true open-architecture access control head end creates a more cost-competitive environment, not only during the bidding process, but also in maintaining and expansion of the system after the initial installation," Richmond said.

The use of physical access control systems has become the most secure and cost-effective way for an airport to comply with existing and new regulations and mandates. Controlling access is required by the federal regulations, and airports must develop a security plan that includes access control. The ASP also will indicate the location and use of cameras for video surveillance. However, stand-alone video surveillance and access control don't provide the level of security that can be realized by a deeply integrated solution.

A fl exible PACS that's already integrated with video provides the best security option. When you have a truly integrated access control and digital video solution, the system appears seamless to the airport operations staff. This one system provides a fully functional security management solution with an easy-to-use interface so airport security officers can proactively respond to events as they occur.

"One of our greatest challenges is managing alarms set off by the users of the system who have kept doors open too long or accidently opened the door without presenting an access card," said John McGinley, assistant aviation director of operations and maintenance at Colorado Springs, Colo., airport. "If we didn't have digital video with our access control system, we would have to send an officer every time an alarm sounded. With digital video, we can positively identify the cause of the alarm and resolve the issue over the phone."

Installing one integrated system saves money and headaches for airport operations. Using one system minimizes the number of manufacturers involved in the installation, reducing the risk for costly integration complications. Since manufacturers are responsible for their own products, using one integrated solution from one company eliminates finger pointing if problems occur.

Deeply integrated access control and digital video produces a faster response to alarms, therefore increasing productivity in security officers and maximizing the level of overall security. Any system activity should trigger an automated system response on any of the sub-systems. This is one of the tests of a truly integrated solution. The response might be to lock a set of doors, swing a PTZ camera to a different preset position based on the alarm or tag video and start recording at a higher resolution and frame rate—the options are unlimited.

Airport security officers can view tagged video from an alarm screen, maps, activity lists, history reports or a virtual matrix. Tagging alarms from an intrusion or building management system provides enhanced security while creating a log for incident reports. The operator can immediately see what caused an alarm and actively respond to it.

"Portland International Airport's primary employee access points and TSA security checkpoints are now recorded on video, so we have the opportunity to review the video to determine if there is a violation or security breach," said David Pelkey, president of Entrance Controls.

A deeply integrated system can automatically display video to the operator. Alarms can pop up in a virtual matrix, a new window or on a mobile device like a PDA. Video then becomes a much more proactive tool.

"If an airport employee piggybacks behind another employee at a security door, airport security can use recorded footage to determine who is at fault or if there was a violation," Pelkey said. "If a passenger is not screened or breaches the sterile area, recorded footage assists airport security in identifying the individual and tracking their location."

Many airports want to move to IP-based access control and video but are concerned about their available bandwidth or storage. Some system combinations can be configured to save and transmit video only when an incident occurs. Edge-based storage devices can buffer video so only requested video is transmitted across the LAN.

IP-based video is a massive investment for an airport—and more so for all property under the auspices of a port authority. Therefore, by allowing a transition from the existing investment in analog cameras and equipment but also enabling a migration to a digital solution, airports can migrate to a network and IP-based security system as their budget allows.

Maintain Redundancy

To help ensure system reliance in a time of crisis, airports can implement different layers of redundancy. Installing a dual network provides redundancy at the panel level. If one network goes down, the security system is able to communicate over the secondary network so alarms and events are recorded back to the command center.

Head-end redundancy can be implemented by a fault-tolerant server or a clustered server solution. There also are software solutions for data synchronization over large distances to provide remote redundant solutions so airports have a highly available system. By intelligently designing the infrastructure and server components, airports can survive network failures because video servers that have local hard drive storage will continue to record locally. Information will not be lost if the network fails or is interrupted.

"Every computer system eventually crashes," said Steven Eisensmith of Controlled Access LLC. "A redundant server means it will failover and the airport will continue to operate while repairs are made. The airport is still fully operational; the panels are still communicating, still getting alarms and still making changes to the databases to operate."

Failure to implement redundancy may cost airports thousands of dollars in manpower and lost revenue while they work to fully restore the security system.

Managing Emergencies

With the imminent threat of another terrorist attack, the ability to instantly change an airport's security level is critical. In an emergency, airports can implement a security management system in which one click of the mouse can change access rights in one terminal or the entire airport instantly. The security department sets the parameters. The instant change can lock down doors and muster, while allowing the security department to dispatch accordingly. Unauthorized staff can be denied access to sensitive or sterile areas. Roaming guards can view live camera images from anywhere in the facility.

Users can color code their security levels to match the Department of Homeland Security's threat level advisories. In an emergency situation, doors normally requiring a swipe and PIN could be reprogrammed to also require a biometric fingerprint. When the security level is lowered, the security director can change the access level back to just a swipe and PIN.

TWIC/BASIC/ACIS Standards

In 2005, the government created FIPS 201 in response to a presidential directive aimed at providing an interoperable and secure credential to be used governmentwide. Meanwhile, TSA was developing a program for interoperable and secure credentialing of transportation workers at sea ports. TSA decided that the Transportation Workers Identification Credential would be based on FIPS 201.

Richmond said the desire for a common credential and database for airport systems was in discussion prior to the FIPS 201 initiative. Unfortunately, many obstacles must be overcome to implement this initiative. Richmond, however, has been specifying his airport systems must be FIPS 201 and TWIC complaint.

"I am hedging my bets that if a standard is adopted and my airports will have to adopt a new credential, then in all likelihood it will be based on FIPS 201—so the infrastructure at my airports will be ready," Richmond said. "The security system will be compliant."

Airports that are part of a port authority and run a marine facility use a TWIC, which is required for unescorted access to restricted areas of the port. The card is capable of electronic access control. However, the Port of Portland's IT program manager for security and access services, Scott Shepler, does not think it will be standard for all airports. The TWIC application and the way it is issued do not fit with how airports operate, he said.

TSA developed the aviation credential interoperability solution specification, issued in February 2008, that will be used by airports to issue interoperable credentials containing a biometric. TSA has stated in the ACIS specification that biometrics could eventually be mandated in airport access control systems.

Airport officials formed the Biometric Airport Security Identification Consortium to work directly with TSA on implementing biometric-based access control and badging systems in a way that meets TSA's security objectives but does not require onerous federal regulations. The goal of BASIC is to form a standards-based biometric-based procedure for airport badging and access control and avoid a government-run, one-size-fits-all system. BASIC is an industry first as all airports are vying for market space and have been reluctant to share information in the past.

"Biometrics adds an extra layer of security," Shepler said. "Tying the card inherently to the cardholder reduces the likelihood of the card being shared."

Don't Wait for Directives

A deeply integrated access control and digital video system provides many benefits over having several different systems functioning separately in an airport. Airports can choose a system that integrates these two technologies, is FIPS 201 and TWIC compliant, meets TSA standards and is cost effective and easy to use and maintain. Grant money is available for airports to upgrade now. They can update older equipment as money becomes available and know the investment is protected.