adam byrne - university of western sydney - electronic security from the ground up
TRANSCRIPT
Electronic Security from the Ground Up
U n i v e r s i t y o f W e s t e r n S y d n e y
introduction
We are challenged by:
U n i v e r s i t y o f W e s t e r n S y d n e y
Introduction
Universities operate in open environments. Even some of our organisations more secure facilities, such as executive spaces and bio-safety laboratories, are mixed-use facilities with open access
in public spaces and closed access in secure areas.
We are challenged by:
U n i v e r s i t y o f W e s t e r n S y d n e y
This freedom of movement is important to our academic culture and to the culture of our specific organisation.
On University campuses, an open environment fosters freedom of expression and an open exchange of ideas.
In these environments, crime rates are typically lower than those of surrounding communities.
We are challenged by:
U n i v e r s i t y o f W e s t e r n S y d n e y
Additionally, university students typically come from environments that are closely controlled by parents, teachers,
principals, and coaches; for them, living in an open environment for the first time can be as educational as their classroom studies.
Therefore, closing and controlling access to environments such as these would be detrimental to the experience of those who use
them.
Furthermore, making such changes may be unfeasible, both operationally and financially.
However in considering this..
U n i v e r s i t y o f W e s t e r n S y d n e y
Open environments are not isolated islands where serious criminal activity and abhorrent behaviour does not exist.
Recent events such as the Craigslist killer (Medical Student), the murder of Yale University graduate student Annie Le, the Virginia Tech shootings, death of the University Police Officer Sean Collier
arising from the Boston Bombings are examples of egregious crimes that were committed in open campus type environments.
So what are our options ?
U n i v e r s i t y o f W e s t e r n S y d n e y
So how do facility managers and security professionals achieve a balance of openness and security?
The answer is the application of a technology focussed solution — that is, having the ability to forensically determine the identity of individuals throughout the entire environment and to control access at levels that are appropriate for the given environment.
Securing the Campus Environment
U n i v e r s i t y o f W e s t e r n S y d n e y
For instance, in open environments like campus cafeterias, identification can be captured using CCTV cameras strategically
deployed at all access and egress points.
Supplemented then by security personnel deployed in the cafeteria during hours of peak use.
In the event of an incident, facility managers or security personnel can review images from the cameras, deploy staff to
assist and narrow down quickly potential witnesses and suspects.
Securing the Campus Environment
U n i v e r s i t y o f W e s t e r n S y d n e y
In campus laboratory environments, multiple layers of security can be deployed and access can be closely controlled using
security personnel, card readers, CCTV cameras, turnstiles and other security devices.
When an incident happens in this environment, investigators have multiple systems and processes to aid their investigation.
At UWS, we use a range of technologies from CCTV – video verification to swipe / prox, biometrics, GPS pendants and even
EPIRBS for remote area personnel
Securing the Campus Environment
U n i v e r s i t y o f W e s t e r n S y d n e y
But its more than just layers, its inputs as well.
Electronic security makes our work as security professionals & academics easier. Our access control can manage inputs far
beyond a single room PIR.
Integration of systems is significant and at UWS our access control has more inputs than any BMS system in use.
Applying Technology – Case Study
U n i v e r s i t y o f W e s t e r n S y d n e y
Boston Bombing
The Boston Marathon bombings were a series of two attacks targeting spectators and attendees of the annual marathon race on April 15, 2013.
Two pressure cooker bombs exploded at approximately 2:49 pm killing 3 people and injuring an estimated 264 others.[The bombs exploded about 13
seconds and 210 yards (190 m) apart, near the finish line on Boylston St
The FBI took over the investigation, and on April 18, released photographs and surveillance video of two suspects.
Applying Technology – Case Study
U n i v e r s i t y o f W e s t e r n S y d n e y
Boston Bombing
Suspects were identified Chechen brothers Dzhokhar & Tamerlan Tsarnaey.
Shortly after the FBI released the images, the suspects drove through Boston to RMIT where they killed a University police officer, carjacked a car
and initiated an exchange of gunfire with the police in Watertown.
During the firefight, another officer as injured but survived . Tamerlan Tsarnaev was shot by police and then run over by his brother and died.
Dzhokhar was injured but later captured.
Applying Technology – Case Study
U n i v e r s i t y o f W e s t e r n S y d n e y
CCTV used as an investigative tool
Post incident review / scene reconstruction
In a news conference held April 18, the FBI released photographs and surveillance videos showing two suspects—each carrying backpacks and
walking nonchalantly but purposefully and sought the public's help in identifying them.
The FBI released the photos, in part, to limit the damage by those wrongly targeted by incorrect news reports and social media speculations.
Authorities later said that releasing the suspect's photos "was a turning point in the investigation, no doubt about it."
Applying Technology – Case Study
U n i v e r s i t y o f W e s t e r n S y d n e y
Clearly depicts both brothers, their clothing & backpacks
Shows how the bombsgot to the detonationSite
Gave investigators anIdea as to the typeof bomb they should be looking for
UWS – Case Study
U n i v e r s i t y o f W e s t e r n S y d n e y
UWS Fire Bombing
1300 seat auditorium
Week prior to graduation of 1000 students per day
Investigative success based on the application of:
CCTVAccess controlFire protection
Police arrested former UWS student
Charged with malicious damage by fire
$6M in damages
What is CCTV ?
U n i v e r s i t y o f W e s t e r n S y d n e y
CCTV
Closed-circuit television (CCTV) is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. The signal is not
openly transmitted.
Though almost all video cameras fit this definition, the term is most often applied to those used for surveillance in areas that may need monitoring such as banks, casinos, airports, military installations, and convenience
stores.
How does it work?
U n i v e r s i t y o f W e s t e r n S y d n e y
CCTV
CCTV may operate continuously or only as required.
Current generation uses digital video recorders providing recording for possibly many years, with a variety of quality and performance options and
extra features (such as motion-detection and email alerts).
More recently, IP cameras equipped with megapixel sensors, support recording directly to network storage devices devices, or internal flash for
completely stand-alone operation.
CCTV - Images
U n i v e r s i t y o f W e s t e r n S y d n e y
CCTV Images
Human eye identifies images at about 24 fps
CCTV can capture images at a range of fps, however when the frame rate drops, there is a sacrifice of images being clearly visible.
Trade off is that much like your PC at home, if you have a lower frame rate, more images can be stored.
Most units will store images at 21 – 24 fps dropping the fps rate even lower will increase capacity but at the cost of image quality.
Ideally, a 30 day recording capacity is perfect.
CCTV - University
U n i v e r s i t y o f W e s t e r n S y d n e y
Crime Prevention
There is strong evidence that CCTV aids in detection and conviction of offenders; indeed police agencies routinely seek CCTV recordings after
crimes.
Moreover CCTV has played a crucial role in tracing the movements of suspects or victims and is widely regarded as a fundamental tool in tracking
criminal suspects.
Large-scale CCTV installations have played a key part of the defences against terrorism since the 1970s & cameras have also been installed on public
transport in the hope of deterring crime.
CCTV – Alternate Uses
U n i v e r s i t y o f W e s t e r n S y d n e y
In University - Research Monitoring
Analytics integrates CCTV to monitor the actions of workers & research. Every action is recorded as an information block
This helps to track the actions of workers, especially when they are making critical decisions and actions.
Actions monitored by CCTV at UWS include:
Introducing chemicals and HAZMAT;
Input and output of operators entering data;
Deleting operations and modifying existing research;
Moving or changing research, revaluation scrapping and counting;
Access Security
U n i v e r s i t y o f W e s t e r n S y d n e y
Access Control
The practice of restricting entrance to a property, a building, or a room to authorized persons.
Physical access control can be achieved by a human (a guard, bouncer, or receptionist), through mechanical means such as locks and keys, or through
technological means such as access control systems like an airlock.
Within ta University, key management is often employed as a means of further managing and monitoring access to mechanically keyed areas or
access to certain small assets.
It is a matter of..
U n i v e r s i t y o f W e s t e r n S y d n e y
Access Control
Access control is a matter of who, where, and when. The system determines who is allowed to enter or exit, where they are allowed to exit
or enter, and when they are allowed to enter or exit.
Historically, accomplished through keys and locks.
Now undertaken via range of technologies.
Access Control in University
U n i v e r s i t y o f W e s t e r n S y d n e y
Defence in Depth
A conventional security strategy would be to place resources at the front door which, if breached by an attacker, would leave the building
vulnerable.
Defence in depth requires that a security manager deploy his access control at and well behind the front door.
Although an offender may find it easier to breach the more weakly defended front entrance, as he advances he continues to meet
resistance. As he penetrates deeper, the offender become vulnerable.
Access Control in University
U n i v e r s i t y o f W e s t e r n S y d n e y
Benefits
Redefines security : The first and foremost responsibility of access control system is to secure the site where it is being used.
No need to change locks : Access control system ensures that there is no need for changing the locks. If swipe card is lost, a new one can be issued
but still it is indeed sustainable.
Access Control in University
U n i v e r s i t y o f W e s t e r n S y d n e y
Key duplicating prohibited : Duplicating lock’s key has a long history of practice. With an access control system, duplication of keys is
prohibited. Only one way unlocking is entertained by the system.
Remembering singular number of keys : With an Access Control System you have to remember only one key for accessing through it.
Access Control in University
U n i v e r s i t y o f W e s t e r n S y d n e y
Customization of system : The system is customizable as desired. You may not need the same amount of attention for each of the entrants and exiting
people through finalizing user-level access rights.
Access history storing : Access control systems store every single history of accessing through it with details like name, time of entrance and exit,
period of their prevailing etc.
Access Control in University
U n i v e r s i t y o f W e s t e r n S y d n e y
Remote access management : Remote access facilities helps save time & assist in the management of crisis
Reduced costs : The access control system when integrated with building management system, works significantly in cutting down costs.
Data Security : Every single information related to accesses done through the access control system gets saved into the system even if the
computer crashes or software gets locked.
Higher Security Applications
U n i v e r s i t y o f W e s t e r n S y d n e y
When considering access control at University;
When a credential is presented to a reader, the reader sends the information, usually a number, to a control panel. The control panel compares the number to a control list,
grants or denies the presented request, and creates a transaction log.
When access is denied based on the access control list, the door remains locked.
If there is a match between the credential and the list, the control panel operates a relay that in turn unlocks the door.
The control panel also ignores a door open signal to prevent an alarm.
Higher Security Applications
U n i v e r s i t y o f W e s t e r n S y d n e y
There are three types (factors) of authenticating information:
1. something the user knows, e.g. a password, pass-phrase or PIN2. something the user has, such as smart card 3. something the user is, such as fingerprint, verified by biometric
measurement
Biometrics refers to the identification of humans by their characteristics or traits.
Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are often categorized as
physiological versus behavioural characteristics.
How do we further enhance security ?
U n i v e r s i t y o f W e s t e r n S y d n e y
Biometrics
The identification of humans by their characteristics or traits.
Biometrics is used as a form of identification for access control It is also used to identify individuals in groups that are under surveillance.
Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are often categorized as
physiological versus behavioural characteristics.
How do we further enhance security ?
U n i v e r s i t y o f W e s t e r n S y d n e y
Biometrics
Physiological characteristics are related to the shape of the body. Examples include, but are not limited to fingerprint, facial recognition, DNA,
palm print, hand geometry and iris recognition
Patterns of behaviour can also be used including: typing rhythm, gait and voice.
Biometric identifiers are unique to individuals, they are more reliable in verifying identity than token and knowledge-based methods; however,
biometric identifiers raise privacy concerns about the collection, use and storage se of this information.
Higher Security Applications
U n i v e r s i t y o f W e s t e r n S y d n e y
Biometrics
Physiological characteristics are related to the shape of the body. Examples include, but are not limited to fingerprint, facial recognition, DNA, palm
print, hand geometry and iris recognition
Patterns of behaviour can also be used including: typing rhythm, gait and voice
Biometric identifiers are unique to individuals, they are more reliable than token and knowledge-based methods; however, biometric identifiers raise
privacy concerns about the collection, use and storage se of this information.
Conclusion
U n i v e r s i t y o f W e s t e r n S y d n e y
The concern over conflict between the openness and sensitivity of University's is not a new one
There is a need for researchers, professional staff and students to consciously balance the conflicting pressures for transparency - as exemplified by the laudable move towards open access - with the
pressures to properly protect client information disclosed in confidence.
Universities must also concern themselves with the subset of research which constitute valuable and commercially exploitable intellectual
property.
Conclusion
U n i v e r s i t y o f W e s t e r n S y d n e y
Our experience at UWS is that there needs to be a joining up and coordination of activities across various aspects of an academic
organisation, such as Estates, Human Resources, ICT and Security departments.
But measures within any one academic organisation will not be enough.
There is also a need to recognise the integration and dependencies both within and across universities.
Conclusion
U n i v e r s i t y o f W e s t e r n S y d n e y
Importantly, this cannot be achieved in a prescriptive 'one-size-fits-all' manner but rather needs a risk driven consideration on a case-by-case
basis.
Having established what needs to be protected, there is a need to introduce appropriate controls, which cannot be narrowly constrained to the technical measures associated with university security, but need to
be all encompassing, to consider personnel, physical and procedural security as well.
The most expensive is not always the best and what is installed must work.