Security Innovation Award Campus Project Winner: University of Kentucky Standardizes its Security Footprint

Dec. 11, 2014
With myriad disparate operating systems and outdated legacy technology, UK takes a step into the future with a bold plan

In 2012, the University of Kentucky (UK) reviewed the state of physical security on campus and realized a disparate condition with no real standards in place.

While trying to understand why and how this occurred, it became clear that two issues were a driving force in this fragmentation: different academic colleges and business units had varying value of security on campus; and the security of a facility was an independent responsibility of individual colleges and business units instead of a shared responsibility between the University of Kentucky Police Department (UKPD), the Physical Plant Division (PPD), and the individual business units who reside in those facilities.

UK has invested more than $4.8 million to address this problem with the goal of creating a fully integrated solution that provides a standardized solution across campus.

Central Security System Design

In order to implement an appropriate solution, UKPD contracted with the consulting firm Biagi, Chance, Cummins, London, Titzer, Inc. (BCCLT), to assess the disparate Security Management Systems (SMS) and Video Management Systems (VMS) and the existing UK information technology infrastructure to develop a request for proposal (RFP) that would best articulate the vision for a centralized UK security system.

BCCLT worked with UKPD to list 73 disparate legacy campus security operating systems that were identified across campus. Only a few of the legacy systems were aware of each other, and all lacked central management. The systems were evaluated and legacy system capabilities documented, with the goal being to integrate existing video and access control into the robust platform that would leverage today’s Electronic Safety and Security (ESS) solutions.

Though it was understood that some systems would simply be replaced, the most expansive SMS and VMS systems existed in UK’s hospitals. They were license-based proprietary systems that contained more than 8,000 users. It was determined that, due to the breadth of this system, the RFP must require that the solution must either expand the hospital systems onto campus, replace the existing systems with a new campus solution, or use a Physical Security Management System (PSIM) to bridge the two systems.

In conducting additional research on emerging trends in SMS and VMS, it was determined that event-driven detection was a key component to enhancing safety. This would be accomplished by converging video and access control devices.

The concept was to use analytics to define possible alerts based on actions in the SMS or VMS and create escalating event prioritization to appropriately and effectively respond to the vast number of cameras and access control points. This was developed with both a security and facility perspective in mind. For example, gunshot detection would alert police of a threat that requires an immediate emergency response, while a door prop alarm would notify a building owner of the issue to be corrected when possible. Only those people who need to be made aware of the alert would receive the notification.

BCCLT then assembled a project design team comprised of University of Kentucky Analytics and Technologies (UKAT), Capital Projects Management Division (CPMD), and UKPD officials and invited five manufacturers to present their product lines. Proctored conversations occurred between provider engineers and the project design teams to best understand the requirements and potential deliverables of each system and the impact each system would have on UK.

Based on the this information and through research of best practice, the proposed system design was created. In terms of cameras, multi-megapixel cameras would be favored over more traditional pan-tilt-zoom (PTZ) cameras. This would ensure entire scenes could be captured and eliminate the chance of a PTZ being left outside of a programmed home position. During events, officials could digitally zoom in the relevant areas without losing important elements occurring outside of the zoom area.

To account for system outages, failure and network impact, a distributed system was favored over a centralized system — all commands would stream to and from the data center, but the edge devices in each facility building would be standalone designs to offer greater survivability. Additionally, the system would scale using peer-to-peer technology for simultaneous data and video streams when multi-user events occur.

Identity Management

It became apparent that whatever system was implemented, UK needed to first address identity management on campus. UK uses SAP as its master record for students, faculty, vendors and staff on campus. Some of this information was used to create UK identifications (known as the Wildcard), but this was done sparingly, and in most cases, allowed for direct input for individuals outside of the master record. Additionally, management of the Wildcard operations was a function of Student Affairs. University President Eli Capilouto reviewed the responsibility and determined the Wildcard should be more than a student ID — instead a security device for all people conducting business on campus. Because of this, the responsibility was transferred to UKPD under the control of Chief of Police Joe Monroe.

In order to ensure a seamless transition when the new system was deployed, BCCLT explored a unified card (One Card) that can perform all electronic campus purposes. In order to develop this concept further, other campuses’ designs and technology options were reviewed. The final card selected consisted of a multi-technology card which included iClass Corporate 1000 encryption, Prox II, mag stripe, barcode, memory cells and a high-resolution picture. This implementation would need to issue about 50,000 cards, and its distribution and functions became a requirement of the RFP.

Emergency Notification Systems

At the time the funding was approved for the central security system, UK was in the process of implementing early-warning speakers on campus through a recent grant award. This was seen as an opportunity to integrate the systems. External emergency phone stanchions were strategically placed around the campus and were fitted with high-resolution cameras, voice over IP (VoIP) call stations and broadcast notification speakers. They were connected into the existing campus emergency alert system, which already included voice calls and text messages to those signed up.

Interior notification was also added and took advantage of existing voice annunciation speakers in many of the newer UK facilities. Whatever solution was selected, it was critical that the systems did not conflict and that they aligned with recent changes in National Fire Protection Association’s Fire Alarm and Signaling Code.

RFP Publication and Selection

BCCLT drafted the RFP and the project design team reviewed it for accuracy. It was published according to UK Purchasing guidelines and allowed opportunities for integrators to bid. RFP responses were received and the design team partnered again to create the University Executive Security Committee. The proposals were reviewed and voted on based on a graded matrix until a solution was selected. There were many factors impacting the selection, but UK saw great benefit in nonproprietary, open architecture systems that had limited or no recurring licensing fees.

Upon review of the submitted proposals, UK selected Dallmann Systems Inc. as the integrator of Next Level Security Systems (NLSS) for both the SMS and VMS. This presented a unique, license-free, appliance-based solution that essentially allowed UKPD to provide each college or business unit the opportunity to invest in, expand and manage its own security system that would report centrally to and be monitored by University Police headquarters. This also allowed UK to develop and enforce a minimum level of security at each facility while allowing for expansion as determined by the department heads.

Initial Architecture and Proof of Concept

Prior to deploying this new design, protocol was developed to integrate the SAP master record with the NLSS person database. UKAT partnered with NLSS software engineers to determine the definition of “current” and “active” individuals (students, faculty, staff, and externals) and created a system that automatically allowed for SAP to populate NLSS based on certain criteria. It was important that the ability to be considered “active” and receive access rights in NLSS had to be predicated on a formalized relationship with UK. An action in SAP that discontinued a relationship in turn had to automatically switch the individual from an “active” to “inactive” status and immediately discontinue access privileges without a specific user action in the NLSS interface.

In order to ensure the solution was sound and applicable as advertised, UK required a proof of concept be completed at the Veterinary Diagnostic Laboratory (VDL). This building is unique, as it contains both public spaces and secured biological research areas. It contains a controlled alkaline hydrolysis biological waste decontamination suite — the largest tissue digester in the world. The suite consists of two 10,000-gallon digesters and has the responsibility to the Commonwealth of Kentucky to protect the citizens from outbreak of disease from animals.

The project installed access control, security cameras and various alerts to include motion detection on the digesters, gunshot detection, and basic alert notifications for propped doors, and access granted or denials. This design was presented in a live, real-time demonstration before the joint colleges by BCCLT and UKPD. It was well-received and additional concept implementation discussion began.

Deployment on Campus

Because this project had limited resources, it covered the Proof of Concept facility, the buildings with the highest student population, the conversion of the hospital from its legacy system, a deployment of exterior cameras along the walking paths on campus, University-wide exterior notification, and a proof of concept implementation for interior notification.

An NLSS Gateway reports back to a central campus server system (The Blue Cloud) in each facility. This topology not only allowed the buildings to function standalone if necessary, but kept the majority of video bandwidth inside of each building on the internal Local Area Networks.

In each building, a Building Security Authority (BSA) was identified — a trusted individual with an intimate knowledge of the persons, operations and events in each facility who was responsible for determining the public and non-public areas and operating times of the facility, setting the schedules and access rights, and, in concert with UKPD officials, determining the appropriate alerts based on the security threats in and around the facility. Additionally, the BSA helped identify those who should be able to view and/or review security video footage at and around the facility.

Exterior notification was accomplished with Talk-a-Phone towers with cameras affixed to the top. The VoIP speaker phone not only provided a direct communication to police headquarters, but also served as an event in NLSS that created a high-priority alert in police communications automatically displaying the camera views of the activated tower. This allows the police department to view the urgency of the situation.

Moving Forward

Understanding that it is unlikely the University will be able to fund the full cost of installing this system across campus, UK partnered with BCCLT to publish the UK Security Design Standard, which required that all new security devices on campus integrate with the NLSS system.

This prohibited any expansion of existing legacy systems, required replacement for those systems as they deteriorated, and required that UKPD and UKAT approve all security devices. UK also developed a unit price contract so that individuals could invest in the system as funds became available.

BCCLT and UKPD officials also developed a master plan for security on campus that included Talk-a-Phone and pole-mounted camera locations. This was to not only set goals for future expansion, but also created a requirement that any new construction provide security devices as part of the project. 

About the Authors:
Tom Sorrell is CEO of Biagi, Chance, Cummins, London, Titzer, Inc. (BCCLT); Nathan Brown is a Major with the University of Kentucky Police Department.