Securing a Campus Environment Through Technology & Assessment

May 1, 2004
The convergence of security technologies with campus data networks presents significant opportunities, dangers and challenges.
Undoubtedly some of the most challenging and complex environments for security and law enforcement professionals are college and university campuses. Each campus attempts to balance security needs with a desire to be physically and intellectually accessible. Highly diverse geographical settings, student body size, religious, state and private affiliations, organizational missions, student activism, medical center relationships, philosophical beliefs, financial capabilities, crime experience, federal regulations and many other factors influence security programming. Compounding these issues is a new awareness of security concerns brought about by local, national, and international events.

Campus security programs cover a wide spectrum of skills and staffing levels, organizational structure, authority, training and technology implementation. There is no single right way to provide campus security services. Often, specific technologies have been installed in response to serious incidents. However, on more and more campuses, security technologies are being viewed as an integral part of the security and crime prevention strategy.

Although security technologies are more readily accepted now than they were just a few years ago, it is important to place these technologies in an appropriate context. Security technology, in and of itself, does not make a campus secure. Technology is only one component, albeit an important component, of the campus' overall security system. This system must also include security-related policies and procedures, appropriate levels of security staffing, professional program management, student, staff and faculty orientation and training, exercises, audits, compliance with the Jeanne Clery Act requirements, and administrative support. Today's campus security programs need to be sufficiently agile to quickly respond to changes in the environment.

Additionally, contemporary campus security programs must be comprehensive. These programs need to focus on prevention, management and recovery from incidents. Although many colleges and universities rely on local police agencies for law enforcement and emergency response, it is essential that internal and collaborative security plans include the mitigation of damage and organizational recovery. Students are the most important assets of every educational institution. Protecting the institution's human resources (students, faculty and staff) and meeting their needs during an emergent situation must be the highest priority.

Assessment
The first step in any security technology enhancement effort is a thorough assessment of needs, an audit of the campus security program. This assessment will include not only the operation and management of the security department, but overall campus operations, security technology implementation, student and staff orientation and training, residence hall administration, the identification of security-sensitive areas, a review of campus-wide policies and procedures and campus-community law enforcement relationships, an assessment of crime and incident statistics, and review of compliance with incident reporting requirements. The addition or enhancement of CCTV, alarm, call-for-assistance phones or access control technologies should be based on the results of this assessment.

Security's Data Highway
A number of innovations in security technology are impacting the ability of many institutions to purchase and install campus-wide, integrated security systems. Key among these innovations are the advanced data networking architectures now available for managing access control, alarm and CCTV equipment.

In the not-too-distant past, most access control systems required dedicated wiring or modems to connect data panels in each building with the head-end computer. Installation of wire through utility tunnels was often an expensive and cost-prohibitive process. Dedicated wiring was usually needed to provide reliable communication. The use of modems to provide communication often meant slow upload and download speeds and limited supervision of communication channels. Failure of the modem may not have been detected until a scheduled communication event. However, for the most common campus application, key replacement, this technology was sufficient.

The key-replacement access control configuration found on many campuses provides an alternative to the use of mechanical keys in residence halls and other controlled locations throughout the campus. Key-replacement installations differ from true access control installations in that they do not monitor the status of the door (open or closed) or the status of the lock (engaged or not engaged). In other words, the key replacement system simply unlocks doors and maintains a record of accepted and rejected transactions.

Residence hall doors could be propped or forced open without signaling a central location to this condition. Since access control authorization data is commonly maintained in memory in the data panel, a communication failure was not a significant problem as long as the panel data was current. Upon a communication failure, the worst-case scenario was that an authorized person might not be allowed to enter, or a cardholder who had recently been deleted from the system might be permitted to enter. When communication was re-established, archived transactions could be uploaded to the head-end. However, as a practical matter, this data was seldom reviewed except after a reported incident.

Key replacement systems are relatively inexpensive to install, but many campuses are beginning to realize that they may not provide the level of security required in today's world. A more effective access control configuration includes the use of devices such as magnetic door contacts, request-to-exit switches and latch position sensors to monitor the status of the door and lock. When a door is propped or forced open, an alarm is sent to a central monitoring location within the building or across the campus to alert appropriate staff to the security breach. Absent a centralized monitoring function, most contemporary systems transmit the alarm to a security officer's cell phone, alphanumeric pager, Blackberry or wireless PDA.

Additionally, contemporary access control systems integrate with CCTV systems to provide camera call-up and pre-positioning. Other features include interfaces with HR and student databases, and campus one-card systems for meal, vending machine and retail transactions. In the near future, we will see more use of smart card readers on computer terminals to provide secure logon across multiple computer systems.

Real-time monitoring adds a significant new dimension to the communication architecture required in a security system. For the first time, the reliability, sustainability, survivability and physical security of the institution's data network and network components becomes a significant issue. Unlike campus e-mail, where downtime is usually just an inconvenience, failure of networks carrying security data can result in a significant security lapse. In order to be effective, security systems must provide the required real-time communication either through primary or secondary communications paths. It will not suffice to simply archive alarms and upload them when communication is restored.

Melding IT and Security
Around the country, we are seeing a new model developing for the selection, purchase and installation of campus-wide security technologies. In the past, the primary decision makers involved in this process have included physical facilities, security or campus police departments, business administration, the campus safety coordinator and campus telecommunications. Most frequently, private security integrators would provide and install the equipment.

On many campuses and in other organizations today, we are observing a convergence of physical security and data networks. The key decision maker in network planning and availability is the senior information technologies (IT) or management information systems (MIS) officer. Often this individual is a member of the institution's executive management team and serves as a vice president. Suddenly, physical security technology decisions are being influenced, even directed, by an IT professional. This individual has overall responsibility for

o the management of the network including network security,
o compliance with communication standards,
o network architecture impacting data flow management, including access control, alarm and video,
o development and enforcement of database definitions,
o ensuring that diverse business and security applications use a common data structure,
o balancing the business needs of the institution against competing infrastructure demands,
o predicting future needs,
o allocating bandwidth, and
o disaster recovery and contingency planning.

Unlike legacy systems, where campus security "owned" the communication infrastructure between data panels, contemporary systems often use a shared organizational resource: the campus LAN/WAN.

In order to ensure the highest reliability of these systems, campus security directors are finding that it is essential to develop a solid working relationship with the IT department. This needs to be initiated well in advance of any major capital improvement project.

Campus-wide video is also riding the network technology wave. Due to distance and cabling limitations, many campuses have utilized decentralized video systems. Video from disparate areas of the campus is monitored and recorded only in those areas. This creates the need to staff multiple monitoring rooms and can have a significant impact on personnel costs.

Many campuses have been able to use campus-wide CCTV broadband technology to move video to a centralized monitoring area with the use of broadband encoders/decoders. In some instances, the campus even permits students to view selected cameras on TV sets from their residence hall rooms. Although an effective means of moving video between buildings, this technology has significant limitations and can be very expensive. The preferred means of transmitting video is over dedicated fiber optic cables. However, on most campuses, "dark fiber" is simply not available for this use. When fiber is available, it is usually owned by the IT or telecommunications department.

The idea of using the institution's network backbone for moving high-quality video around the campus is often not well received by IT departments, and rightly so. In many cases, there is inadequate bandwidth between network switches or within buildings to serve current academic or business needs. For example, buildings served by a shared 10BaseT network connection may already be suffering from unacceptable network access delays. Adding video to these circuits is not practical. Adding pan/tilt/zoom (PTZ) functionality to CCTV cameras at these locations would result in unacceptable lag time between the camera operator's actions and camera response. Therefore, collaborative planning for this application is absolutely essential.

There are, in fact, several approaches to the management and movement of video data, even on systems that are near capacity. With each solution there are trade-offs. Bandwidth management, video on-demand, high-compression algorithms and other techniques can often be used to work within available bandwidth. Additionally, technologies such as unshielded twisted pair (UTP) may provide alternative means of transmitting video across campus. However, many institutions have realized that increasing bandwidth to meet current and future needs is the best long-term approach. IT management is typically responsible for addressing these issues and planning for future network demand.

Futuring
Although access control, alarm management and CCTV tend to be the most visible security technology components on many campuses, several related technologies are also rapidly evolving.

Many institutions are implementing wireless IP—WiFi—across their campuses or developing WiFi hotspots in libraries and common areas. Although there are significant security issues that need to be addressed, there are potential security uses for this public infrastructure. Conceivably, an officer patrolling a residence hall area could be automatically alerted to a security breach by the access control system. If there is a CCTV camera viewing this area, an officer using a WiFi-enabled PDA can retrieve pre-alarm video to determine what caused the alarm and be able to see what the individual(s) looked like and their direction of travel.

Other potential IP-enabled devices in WiFi hotspots could include
o call-for-assistance phones using voice over IP (VoIP) to link to campus security,
o intelligent, WiFi-enabled, high-resolution CCTV cameras with on-board hard drives that continuously record activity but transmit video based on specific events or recognized patterns of behavior,
o WiFi communications for patrol vehicles to provide officers with access to crisis and emergency plan data in real-time, and
o officer-initiated digital video that would permit college administrators to view utility problems or conditions from their office or home.

We will even begin to find WiFi-enabled emergency vehicles whose presence at the scene of an incident will provide a wireless access point for use by emergency responders and for back-up communications through the use if VoIP technologies.

Smart Cards for Smart Campuses
Having survived a somewhat shaky start, smart cards are beginning to make their way back into the campus environment. Contact and contactless smart cards, made by a variety of manufacturers, are being used for secure access control transactions, storage of biometric templates, electronic purses and other applications. The storage capacity of these cards is continuing to increase, durability is constantly improving, and costs are coming down.

At the same time, the cost and reliability of standard and advanced proximity cards and readers is falling. Institutions are replacing magnetic stripe readers with proximity readers. Multi-technology cards that include magnetic stripe, bar code, proximity features and a smart chip are used as transitional credentials as the institution migrates to new readers over several budget years.

The convergence of security technologies with campus data networks presents significant opportunities, dangers and challenges. It is a complex process that requires assessment, planning, creativity, communication, commitment and management. As more security technologies become IP enabled, more institutions will consider this topology. It is vitally important to remember that moving time-sensitive alarm and video data onto an administrative network can be rife with danger. Safeguards are required throughout the network architecture to ensure it is reliable, sustainable, survivable and physically secure.

Elliot Boxerbaum, CPP, is board certified in security management and is president of Security/Risk Management Consultants Inc. in Columbus, OH. S/RMC provides security assessment, technology design, project management and management support services to colleges, universities and other facilities throughout the United States. Mr. Boxerbaum has almost 35 years of law enforcement, security and consulting experience. He is a member of ASIS International, serves on the ASIS Healthcare Security Council, and is a member of the International Association of Professional Security Consultants and a board member of Professional Security Consultants—International. Mr. Boxerbaum can be reached at [email protected] or through www.S-RMC.com.