Industry Professional

Metro Proof

Securing the Amsterdam Metro Underground

• By John Moa
• Aug 01, 2017

The Amsterdam Metro is a mixed rapid transit and light rail system in Amsterdam and its surrounding municipalities: Amstelveen, Diemen and Ouder-Amstel in the Netherlands. The network is owned by the city of Amsterdam and operated by the Gemeentelijk Vervoerbedrijf (GVB), the company that also operates trams, ferries and local buses.

Underground Lock System

The lock system of the Amsterdam underground is quite extensive and includes 2,574 cylinders. GVB was able to find and implement a system that solved their key issues as well as environmental issues. We will take a look at the challenge Amsterdam Metro is facing, the CyberLock system, the solution, and finally, how CyberLock’s system benefit Amsterdam Metro. In the Amsterdam underground, a cylinder has a lot to endure.

It must be resistant to burglary attempts, vandalism, manipulation, corrosion and rough handling. Even if it’s strong enough to withstand all of these, the life of a lock can be severely shorted if a vital key gets lost.

“We used to have a mechanical lock system, but we were constantly facing problems with lost keys,” said Frank de Vries, security manager of the Amsterdam underground stations. “Since replacing all cylinders would be a rather costly affair, we only replaced those that the lost key could open. In doing so, we eventually ended up with huge key rings.”

Key-centric Solution

CyberLock is a key-centric access control solution. The power is completely in the key. Each key contains a unique ID that cannot be changed or duplicated. These keys have the ability to store thousands of access events such as lock ID, date and time and event type.

The keys carry access schedules for the specific key holder and retain encrypted access codes that bind the key to a specific system. Each key contains a specific list of authorized locks and a schedule of when they may be accessed. For example, a key can be programmed to allow access to one or several locks from 8 a.m. to 6 p.m. on weekdays and 10 a.m. to 4 p.m. on Saturdays.

If presented outside of this schedule it is denied access. As for key expirations, keys can be assigned a start date and an expiration date which means keys can be issued before they become active, and can be set to expire on a regular basis in the future. Key holders must reauthorize keys before access will be granted again. Setting shortterm expiration dates is an excellent way to minimize risk due to lost or stolen keys.

When a key first makes contact, the key energizes the lock. A split second exchange of information determines if a key is at an approved lock within an authorized time frame. Access is then either granted or denied and that action, along with a date and time stamp, is recorded to the memories of both the key and the lock. These features were crucial in Amsterdam Metro’s need to get rid of the huge key rings the employees were carrying around and with the programmability and expiration date of the keys, re-keying will never be in the Amsterdam Metro vocabulary.

Hardware Interface

Because diversity of communication was necessary for Amsterdam Metro, the devices they selected served as an interface between the hardware and software. Key holders were given access privileges as needed. An audit trail also could be downloaded from the key while simultaneously uploading new schedules, permissions and system information. The system is able to keep track of keep track of remote and on ground employees.

The GVB decided to look for another way to protect its station entrances and restrict access to equipment rooms. Under consideration were various alternatives, including electronic access systems and remote card readers; however, these solutions were not resistant to water, frost or vandalism. GVB felt the diversity of electronic cylinder locks made it easy for GVB to convert all locks by retrofitting all their existing hardware on site. Access privileges are distributed to key holders via communicators. These devices are linked to the software over a local area network or securely over the Internet.

Met with some skepticism from some managers, GVB officials held firm to their decision.

“Initially, this system was received with some skepticism; there were a few complaints from managers who were no longer able to open certain doors—doors they should not have been able to open to begin with,” de Vries said. “Within a month, all cylinders had been replaced, including those in doors with very uncommon profiles. We have not had to adjust a single lock, and the installation of the cylinders was easily done by our own locksmith.”

Since re-keying was a costly option, and CyberLock’s electronic cylinders were installed without wiring, Amsterdam Metro was able to stay in budget, as the price for a lock is one-tenth the cost for a hardwired system. Since the implementation of CyberLock at the GVB, de Vries has received visits from colleagues of nearly all Dutch transport companies wanting to learn more about the system that has been such a huge success for Amsterdam Metro.

This article originally appeared in the August 2017 issue of Security Today.