The Security Week That Was: A Recap - Feb. 26-March 4, 2005

Last week, we began a weekly column that takes a "wrap-up" look at the week in security. Thank you to all of you who enjoyed the column, and this week we have decided to make it a Friday email.

Like every week in the security industry, there's plenty to talk about, but the story that got us really listening was the news about the Milwaukee verified response policy. Milwaukee Police Chief Nannette Hegerty said that the program is a "success." We have to ask how you can deem a policy a success 1) after just six months, and 2) without having your department provide clear, objective data about burglaries. This is, after all, a policy that, at its core, is about burglaries and burglar alarms; it's not a policy about response times to "serious crimes." However, that wasn't even the part of the story that made us look up from our morning coffee. What jolted us even better was Heggerty's comment that allowing alarm owners to verify their own alarms was just too dangerous and that the city might need to create a new ordinance that would disallow alarm owner verification of their system. Give us a break.

There was also a lot of news this week about the federal government's proposed PIV (personal identity verification) card. This stems from President Bush's directive that there be a unified method for assuring the identity of employees and contractors at government facilities using one card with biometric information for physical and network (aka, "logical) access. To borrow heavily from The Lord of the Rings, let's just call it "One card to rule them all."

The news on the PIV card was that the government is out with the first section of standards that govern how the identification methods work. The second follow-up news was that the Smart Card Alliance has formed a new Physical Access Council that will merge thoughts on how to best implement these standards. SIW applauds the initiatives, and we are well aware, as is the Physical Access Council's chair Bob Merkert, that these standards are going to make their way through the government, then through the contractors, and will also "trickle down" to the corporate world. We predict that these standards will be starting to shape how you control access at your own facilities within a few years.

And for some lighter news: A hacker posted info on how to hack into the admissions departments of Harvard, Stanford and some other top business schools so that eager applicants could learn of their acceptance or rejection early. In the Stanford instance, 41 potential students used the hacker's advice to get into the database, but alas, Stanford had not yet posted their decisions and the hack provided little or no gain to the business school applicants. Our take? These 41 students are more than likely to be the same names you see in 20 years when another Enron-like scandal goes down.

Our most read stories this week included some big CCTV news and some very insightful columns and features from SIW contributors. If you haven't read these yet, check out:

Finally, big kudos to the security staff of the Delaware Park slot machine casino who discovered a young boy, age 3, shivering in a car in the casino's parking lot while the boy's father gambled inside. Temperatures were in the 20s and the boy was not wearing a jacket; this could have been a real tragedy had these security officers not been alert.

Geoff Kohl, editor