adam byrne - university of western sydney - electronic security from the ground up

Campus Security & Safety Conference

ADAM BYRNEDirector, Campus Safety & Security

Electronic Security from the Ground Up

U n i v e r s i t y o f W e s t e r n S y d n e y

introduction

We are challenged by:


Introduction

Universities operate in open environments. Even some of our organisations more secure facilities, such as executive spaces and bio-safety laboratories, are mixed-use facilities with open access

in public spaces and closed access in secure areas.



This freedom of movement is important to our academic culture and to the culture of our specific organisation.

On University campuses, an open environment fosters freedom of expression and an open exchange of ideas.

In these environments, crime rates are typically lower than those of surrounding communities.



Additionally, university students typically come from environments that are closely controlled by parents, teachers,

principals, and coaches; for them, living in an open environment for the first time can be as educational as their classroom studies.

Therefore, closing and controlling access to environments such as these would be detrimental to the experience of those who use

them.

Furthermore, making such changes may be unfeasible, both operationally and financially.

However in considering this..


Open environments are not isolated islands where serious criminal activity and abhorrent behaviour does not exist.

Recent events such as the Craigslist killer (Medical Student), the murder of Yale University graduate student Annie Le, the Virginia Tech shootings, death of the University Police Officer Sean Collier

arising from the Boston Bombings are examples of egregious crimes that were committed in open campus type environments.

So what are our options ?


So how do facility managers and security professionals achieve a balance of openness and security?

The answer is the application of a technology focussed solution — that is, having the ability to forensically determine the identity of individuals throughout the entire environment and to control access at levels that are appropriate for the given environment.

Securing the Campus Environment


For instance, in open environments like campus cafeterias, identification can be captured using CCTV cameras strategically

deployed at all access and egress points.

Supplemented then by security personnel deployed in the cafeteria during hours of peak use.

In the event of an incident, facility managers or security personnel can review images from the cameras, deploy staff to

assist and narrow down quickly potential witnesses and suspects.



In campus laboratory environments, multiple layers of security can be deployed and access can be closely controlled using

security personnel, card readers, CCTV cameras, turnstiles and other security devices.

When an incident happens in this environment, investigators have multiple systems and processes to aid their investigation.

At UWS, we use a range of technologies from CCTV – video verification to swipe / prox, biometrics, GPS pendants and even

EPIRBS for remote area personnel



But its more than just layers, its inputs as well.

Electronic security makes our work as security professionals & academics easier. Our access control can manage inputs far

beyond a single room PIR.

Integration of systems is significant and at UWS our access control has more inputs than any BMS system in use.

Managing Access Control - Integration

Why All the Worry ?


why is this important

Applying Technology – Case Study


Boston Bombing

The Boston Marathon bombings were a series of two attacks targeting spectators and attendees of the annual marathon race on April 15, 2013.

Two pressure cooker bombs exploded at approximately 2:49 pm killing 3 people and injuring an estimated 264 others.[The bombs exploded about 13

seconds and 210 yards (190 m) apart, near the finish line on Boylston St

The FBI took over the investigation, and on April 18, released photographs and surveillance video of two suspects.

http://en.wikipedia.org/wiki/Boston_Marathon_bombings#cite_note-globe-number-injured-3



Boston Bombing

Suspects were identified Chechen brothers Dzhokhar & Tamerlan Tsarnaey.

Shortly after the FBI released the images, the suspects drove through Boston to RMIT where they killed a University police officer, carjacked a car

and initiated an exchange of gunfire with the police in Watertown.

During the firefight, another officer as injured but survived . Tamerlan Tsarnaev was shot by police and then run over by his brother and died.

Dzhokhar was injured but later captured.



CCTV used as an investigative tool

Post incident review / scene reconstruction

In a news conference held April 18, the FBI released photographs and surveillance videos showing two suspects—each carrying backpacks and

walking nonchalantly but purposefully and sought the public's help in identifying them.

The FBI released the photos, in part, to limit the damage by those wrongly targeted by incorrect news reports and social media speculations.

Authorities later said that releasing the suspect's photos "was a turning point in the investigation, no doubt about it."



Clearly depicts both brothers, their clothing & backpacks

Shows how the bombsgot to the detonationSite

Gave investigators anIdea as to the typeof bomb they should be looking for



Boston Bombing

UWS – Case Study


UWS – Case Study


UWS Fire Bombing

1300 seat auditorium

Week prior to graduation of 1000 students per day

Investigative success based on the application of:

CCTVAccess controlFire protection

Police arrested former UWS student

Charged with malicious damage by fire

$6M in damages

What is CCTV ?


CCTV

Closed-circuit television (CCTV) is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. The signal is not

openly transmitted.

Though almost all video cameras fit this definition, the term is most often applied to those used for surveillance in areas that may need monitoring such as banks, casinos, airports, military installations, and convenience

stores.

How does it work?


CCTV

CCTV may operate continuously or only as required.

Current generation uses digital video recorders providing recording for possibly many years, with a variety of quality and performance options and

extra features (such as motion-detection and email alerts).

More recently, IP cameras equipped with megapixel sensors, support recording directly to network storage devices devices, or internal flash for

completely stand-alone operation.

CCTV


what is it

CCTV – Basic design


CCTV


camera type

CCTV – Camera Types


CCTV - Images

CCTV - Images


CCTV Images

Human eye identifies images at about 24 fps

CCTV can capture images at a range of fps, however when the frame rate drops, there is a sacrifice of images being clearly visible.

Trade off is that much like your PC at home, if you have a lower frame rate, more images can be stored.

Most units will store images at 21 – 24 fps dropping the fps rate even lower will increase capacity but at the cost of image quality.

Ideally, a 30 day recording capacity is perfect.

CCTV - University


Crime Prevention

There is strong evidence that CCTV aids in detection and conviction of offenders; indeed police agencies routinely seek CCTV recordings after

crimes.

Moreover CCTV has played a crucial role in tracing the movements of suspects or victims and is widely regarded as a fundamental tool in tracking

criminal suspects.

Large-scale CCTV installations have played a key part of the defences against terrorism since the 1970s & cameras have also been installed on public

transport in the hope of deterring crime.

CCTV – Alternate Uses


In University - Research Monitoring

Analytics integrates CCTV to monitor the actions of workers & research. Every action is recorded as an information block

This helps to track the actions of workers, especially when they are making critical decisions and actions.

Actions monitored by CCTV at UWS include:

Introducing chemicals and HAZMAT;

Input and output of operators entering data;

Deleting operations and modifying existing research;

Moving or changing research, revaluation scrapping and counting;

Access Security


Access Control

The practice of restricting entrance to a property, a building, or a room to authorized persons.

Physical access control can be achieved by a human (a guard, bouncer, or receptionist), through mechanical means such as locks and keys, or through

technological means such as access control systems like an airlock.

Within ta University, key management is often employed as a means of further managing and monitoring access to mechanically keyed areas or

access to certain small assets.

It is a matter of..


Access Control

Access control is a matter of who, where, and when. The system determines who is allowed to enter or exit, where they are allowed to exit

or enter, and when they are allowed to enter or exit.

Historically, accomplished through keys and locks.

Now undertaken via range of technologies.

Differing Applications..


Access Control in University


defence in depth



Defence in Depth

A conventional security strategy would be to place resources at the front door which, if breached by an attacker, would leave the building

vulnerable.

Defence in depth requires that a security manager deploy his access control at and well behind the front door.

Although an offender may find it easier to breach the more weakly defended front entrance, as he advances he continues to meet

resistance. As he penetrates deeper, the offender become vulnerable.


Inis Mor

Ireland

As Applied to a University


Access Control – Types



Benefits

Redefines security : The first and foremost responsibility of access control system is to secure the site where it is being used.

No need to change locks : Access control system ensures that there is no need for changing the locks. If swipe card is lost, a new one can be issued

but still it is indeed sustainable.



Key duplicating prohibited : Duplicating lock’s key has a long history of practice. With an access control system, duplication of keys is

prohibited. Only one way unlocking is entertained by the system.

Remembering singular number of keys : With an Access Control System you have to remember only one key for accessing through it.



Customization of system : The system is customizable as desired. You may not need the same amount of attention for each of the entrants and exiting

people through finalizing user-level access rights.

Access history storing : Access control systems store every single history of accessing through it with details like name, time of entrance and exit,

period of their prevailing etc.



Remote access management : Remote access facilities helps save time & assist in the management of crisis

Reduced costs : The access control system when integrated with building management system, works significantly in cutting down costs.

Data Security : Every single information related to accesses done through the access control system gets saved into the system even if the

computer crashes or software gets locked.

Higher Security Applications


When considering access control at University;

When a credential is presented to a reader, the reader sends the information, usually a number, to a control panel. The control panel compares the number to a control list,

grants or denies the presented request, and creates a transaction log.

When access is denied based on the access control list, the door remains locked.

If there is a match between the credential and the list, the control panel operates a relay that in turn unlocks the door.

The control panel also ignores a door open signal to prevent an alarm.



There are three types (factors) of authenticating information:

1. something the user knows, e.g. a password, pass-phrase or PIN2. something the user has, such as smart card 3. something the user is, such as fingerprint, verified by biometric

measurement

Biometrics refers to the identification of humans by their characteristics or traits.

Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are often categorized as

physiological versus behavioural characteristics.

How do we further enhance security ?


Biometrics

The identification of humans by their characteristics or traits.

Biometrics is used as a form of identification for access control It is also used to identify individuals in groups that are under surveillance.

Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are often categorized as

physiological versus behavioural characteristics.

How do we further enhance security ?


Biometrics

Physiological characteristics are related to the shape of the body. Examples include, but are not limited to fingerprint, facial recognition, DNA,

palm print, hand geometry and iris recognition

Patterns of behaviour can also be used including: typing rhythm, gait and voice.

Biometric identifiers are unique to individuals, they are more reliable in verifying identity than token and knowledge-based methods; however,

biometric identifiers raise privacy concerns about the collection, use and storage se of this information.



Biometrics

Physiological characteristics are related to the shape of the body. Examples include, but are not limited to fingerprint, facial recognition, DNA, palm

print, hand geometry and iris recognition

Patterns of behaviour can also be used including: typing rhythm, gait and voice

Biometric identifiers are unique to individuals, they are more reliable than token and knowledge-based methods; however, biometric identifiers raise

privacy concerns about the collection, use and storage se of this information.

Conclusion


The concern over conflict between the openness and sensitivity of University's is not a new one

There is a need for researchers, professional staff and students to consciously balance the conflicting pressures for transparency - as exemplified by the laudable move towards open access - with the

pressures to properly protect client information disclosed in confidence.

Universities must also concern themselves with the subset of research which constitute valuable and commercially exploitable intellectual

property.

Conclusion


Our experience at UWS is that there needs to be a joining up and coordination of activities across various aspects of an academic

organisation, such as Estates, Human Resources, ICT and Security departments.

But measures within any one academic organisation will not be enough.

There is also a need to recognise the integration and dependencies both within and across universities.

Conclusion


Importantly, this cannot be achieved in a prescriptive 'one-size-fits-all' manner but rather needs a risk driven consideration on a case-by-case

basis.

Having established what needs to be protected, there is a need to introduce appropriate controls, which cannot be narrowly constrained to the technical measures associated with university security, but need to

be all encompassing, to consider personnel, physical and procedural security as well.

The most expensive is not always the best and what is installed must work.

Conclusion


Thank you

Adam [email protected]

mailto:[email protected]

adam byrne - university of western sydney - electronic security from the ground up

Business

campus environment u

open access

campus safety security

open campus type environments

security personnel

campus laboratory environments

security professionals

electronic security