ACCESS CONTROL: ACCESS CONTROL ADVANCES

FROM: "AIRPORT" MAGAZINE [link]

PUBLISHED JULY/AUGUST 2004 ISSUE

By Jim Wallace

Access control is coming out of its holding pattern. Experts cite different reasons why but agree that many U.S. airports that had put off decisions on new systems are moving forward with upgrades and new technology.

Although the terrorist attacks of 2001 highlighted problems in passenger screening rather than internal airport access, it heightened concerns for improved security of all kinds, including access control. But few airports were willing to spend big money upgrading systems until they could be certain of meeting yet-undetermined federal standards.

In recent months, the Transportation Security Administration (TSA) has selected several projects for its congressionally mandated Access Control Pilot Program (see box, p.33). Separately, it awarded $7.8 million for projects at eight airports last December and another $8.2 million for 10 more projects in May, all having to do with improving “terminal” security—which includes access control.

Charles Sander, vice president at Unisys, expects the pilot program to move along much more swiftly with the first phase—testing existing technologies under actual airport operating conditions—completed by year's end. The analysis of that phase's results will determine which technologies would be tested in the second phase. TSA awarded Unisys a 20-month, $17 million contract last October to be the systems integrator for the pilot program.

In May, members of Congress chastised TSA for not moving faster to promote the use of biometrics. Both Republicans and Democrats on the House aviation subcommittee criticized officials from the Department of Homeland Security, which includes TSA, for the “low-tech” credentials provided to airport workers with access to high-security areas.

“Our multibillion dollar screening regime is defenseless against a terrorist who uses a lost, stolen or forged security badge or law enforcement credential to walk right past a screening checkpoint,” Chairman John Mica (R-Florida) said. “Using biometrics is the only way to ensure that the person presenting the law enforcement or other credential is actually entitled to that credential.”

For those airports selected, participation in TSA's pilot program is a spur for improving their systems. But Leonard Wood, manager of aviation services for ADT Security Services, said what's driving most airports to make changes is that their systems are too old not to replace.

Sherry Wallace, director of marketing and communications at Springfield-Branson Regional Airport, credited current developments both to movement by TSA and this increasing need to replace old systems.

“Airports have known we've needed to upgrade security for some time, regardless of what TSA ends up doing,” Wallace said. “We need to be proactive.” Much emphasis in the new systems is on biometrics, simply because biometrics can do more these days. In the past, Sander said, access control focused on either something a person had, such as a card, or something a person knew, such as a password. Biometrics permits greater use of things intrinsic to a person, he said. That generally means fingerprints, hand geometry and iris scans.

TSA's Access Control Pilot Program has chosen several projects to test such systems, as well as other technology, including intelligent video analysis and radio frequency identification.

For example, the Boise Air Terminal is testing biometric and radio frequency identification (RFID) technologies together. Don Larson, information technology manager, said either hand geometry or fingerprints would identify individuals, while RFID would handle vehicles. He welcomed the chance to test technologies, “so we don't have to follow the lead of bigger airports.”

The challenge at Boise is to accommodate the activities of commercial aviation, general aviation and a military base in a high mountain desert climate with extreme ranges in temperature and humidity.

Mark Denari, director of aviation security and public safety at San Diego International Airport, said that, even though TSA's pilot program should lead to technology recommendations, the government will still be limited to issuing performance standards rather than telling airports specifically how to meet those standards.

John Becker, director of airport business for Tyco Fire & Security, said he would “almost guarantee” that TSA's pilot program will result in recommendations for fingerprint, hand geometry and iris scan systems. Facial recognition or voice recognition systems are less likely, he said, because of costs and doubts about functioning in airport environments.

Becker, who formerly handled security and information technology for Chicago’s three airports, said, “The knee-jerk reaction after 9/11 was to look at pie-in-the-sky technology,” but airports are coming back to earth and considering affordable technology, such as adding fingerprint scanners to their systems.

Each system has defenders, but officials from airports with extensive use of hand geometry are especially sold on it. “We love the system,” Mark Fisher, chief of public safety at Toledo Express Airport, said. It was easy to retrofit at 22 access points for a cost of about $150,000, mostly for labor, he said, and he was happy to get away from a worn-out swipe card system. In more than a year, the airport has had no major problems with its hand readers. A user simply types in a personal identification number and presents a hand to a reader for access within a few seconds, Fisher said.

Bill Spence, director of marketing at Recognition Systems Inc., the vendor for the hand geometry systems at several airports, said that San Francisco International Airport began with about 90 hand readers more than a decade ago and has expanded to twice that many. The result is “more than 100 million biometrically verified accesses to the tarmac,” he said.

Denari, who handled security at San Francisco before he moved to San Diego last year, appreciates not only hand geometry's ease of use but also its durability. However, simply using hand geometry for opening a door didn't prevent a second person from going right through, or piggybacking. Denari solved the problem by pairing low technology with high technology. At key portals, he attached vestibules with metal turnstiles, so that only one person could go through at a time.

While some airports like the idea of replacing swipe or proximity cards with biometric systems, the approach at Seattle-Tacoma International Airport has been to combine the two through the use of smart cards. The smart cards carry not only the usual information to identify users but also biometrics, in this case fingerprints, so that it is impossible for unauthorized people to use them.

Fred Lassiter, vice president of information technology at Goddard Technology Corp., one of Sea-Tac's vendors, said that eliminates a key drawback of a card-based system: “If a card can be stolen and used, it actually becomes a liability to the person possessing it.” It addresses TSA’s concerns about preventing terrorists from stealing uniforms and cards that might give them access to a secure area, he said.

Lassiter said smart cards offer such flexibility as allowing someone normally limited to public areas access to a secure area in an emergency if that person possesses emergency medical training. Bill Donahue, Goddard's president, said such flexibility is attracting the attention of many other airports.

Becker said the use of advanced video surveillance systems, such as digital video recorders, to augment access control is growing fast because of improved versatility and ease in installation. Springfield-Branson Regional Airport's TSA grant is to deploy smart video surveillance systems. Airport Marketing Director Wallace called that “an excellent way” to monitor not only access control points but also perimeter activities.

“Even the best perimeter fences at airports are not fortresses,” she said. “This kind of technology will be wonderful, particularly for regional airports.”

Other commercial airports are upgrading their perimeter security in addition to improving internal access control. At general aviation airports, the main concern is perimeter gates, according to Scott Morton, vice president of marketing at Brivo Systems, which provides access control devices only to general aviation airports. “They're asked to do miracles and they don't have a whole lot of money to do it,” he said. So Brivo offers a low-cost Web-based system using wireless technology to connect to access control panels with card or biometric readers. Commercial airports won't touch wireless technology, Morton said, but it has taken off at general aviation airports because it avoids the costs of digging long trenches to run fiber optics out to each gate.

No matter what system an airport chooses, Sander said, proper training of personnel must be considered a key component. “Training should be figured as much as the equipment itself,” he said.

Accordingly, some vendors promote the ease with which their systems can be used. For example, Lassiter said Goddard's smart card system automates many of the decisions that must be made in issuing specific credentials. “We want to create business rules in the technology that the computer system can enforce so that we don't have to train the operators to do it,” he said. But no matter how good technology is, what interests Denari most is “the human component.” The reason he developed vestibules with turnstiles to attach to doors in the most sensitive areas of San Francisco's airport was that tests revealed workers were complying only half the time in making sure that doors closed securely behind them.

“I needed to engineer out the human component,” Denari said. He advises others to do the same.

JIM WALLACE COVERS AVIATION AND HOMELAND SECURITY FOR THE CHARLESTON (WEST VIRGINIA) DAILY MAIL.