Go to report table of contents
Table B-1. Effective Practices for Access Control - Transit Agency #1
Table B-2. Effective Practices for Access Control - Transit Agency #2
Table B-3. Effective Practices for Access Control - Transit Agency #3
Table B-4. Effective Practices for Access Control - U.S. Agency
Appendix B. Case Studies of Transit Security Intiatives
The following four case studies illustrate transit security initiatives. Three studies of large transit agencies examine threats, constraints, and issues that impact facility security, in particular access management. One study of a federal government agency examines how state-of-the-art security technology and detailed security procedures can keep unauthorized persons from entering a facility.
Case study researchers interviewed managers at each of the agencies and conducted an extensive literature search; sources are listed in the References appendix.
Case 1 - Transit Agency #1
Transit Agency #1 created a Terrorism/Security Task force shortly after September 11, 2001, made up of five agency managers and led by the head of security. The task force made 122 recommendations.
The agency is currently planning two small pilot programs; one with a company manufacturing chemical detection systems, the other with a research lab that uses technology to track the frequency of particulates present in subway stations. This agency is also working with an engineering firm on a cleanup system that will use electrically charged droplets, consisting of a mixture of bleach and water, for post-incident response after a chemical/biological incident or attack.
Table B-1 summarizes effective practices for access control in the OCC and rail maintenance facilities at Transit Agency #1. One key practice is training employees to be aware of threatening situations. Several community involvement programs have started to observe and report suspicious behavior occurring within the transit system. Surveillance cameras are a supplementary reporting source. In addition, all agency employees and vendors must carry and display identification badges in all agency buildings and facilities.
Another key practice is gate control. Although fences are used around the maintenance yards, there is no gate control. The transit agency police have roving patrols that cover the yard and maintenance facilities. There is also a police patrol at stations that focuses on the main system areas of the system, i.e. subways in the downtown business districts, and K-9 patrols are used throughout the system.
Case 2 - Transit Agency #2
Transit Agency #2 uses a smart card for access control to a number of facilities, including the revenue-processing center and headquarters. The same smart card technology is also used as one form of fare collection.
Table B-2 summarizes effective practices for access control. One key practice is using a dual access control system at the agency's revenue processing facility to transition to the new smart card system. Other key practices include supplementing the smart card access control system with other measures, such as surveillance cameras, intrusion detection, security patrol activity, and employee awareness. Training is an important transit priority, along with emergency preparedness; a key practice is all employees must carry and display identification badges in all buildings and facilities.
The primary access control measure in minimizing risks in the transit paid areas is by training employees to be aware of threatening situations. This is supplemented with the use of surveillance cameras. Using smart fare cards, the movement of riders can be tracked for forensic purposes (at the risk of violating privacy).
Case 3 - Transit Agency #3
Transit Agency #3 uses a smart card for access control to a number of facilities, including their revenue processing center, headquarters, maintenance, and repair yard and training facility. The agency also uses the smart card to access their automatic fare collection (AFC) equipment for service, repair, and security checks. The facilities and AFC application represent different compartmentalized activities. The card systems at these facilities are separate and run independently with their own computer.
Table B-3 summarizes effective access control practices at the facility and for AFC applications. One key practice is using the smart card to provide enhanced security for entering sensitive areas, such as the revenue processing facility, headquarters, and training facility, supplemented with other measures, such as surveillance cameras, barrier gates, elevator control, security patrol activity, and employee awareness. Training and emergency preparedness are also important practices. All employees are required to carry and display identification badges in all buildings and facilities. Background checks are performed on all employees and strict card recovery procedures are in place for employees who leave the agency.
Since transit systems are open systems there is only minimal control of individuals into the paid area including stations, onboard railcars, and on buses. It is these areas where people tend to congregate that a terrorist attack would be most likely. The key practice in addressing this issue is training employees to be aware of threatening situations, supplemented by surveillance cameras to respond to crises and to be used in post-incident examinations (forensics).
Case 4 - United States Governmental Agency
The U.S. agency case study is an example of a highly sensitive facility using state-of-the-art security technology and detailed security procedures to keep unauthorized persons from entering. The current integrated security system combines embedded Wiegand-wire technology identification credentials and readers with various barriers and perimeter security.
Table B-4 summarizes effective practices for access control at the U.S. agency. One key practice is using a layered approach to access management. All automobiles and delivery vehicles must pass through a manned perimeter-screening location. Pop-up or portable barriers are used on the access road to prevent unauthorized vehicles from simply driving past the perimeter screening.
The current access control system at the entrances to the agency's building and to the garage uses embedded Wiegand-wire access credentials. The entrances are laid out so that a person must first display their badge to security personnel for verification then present their credential to the turnstile reader for entrance to the restricted area. Persons in autos must present their credential to security personnel at the parking garage entrance for access. Visitors are first screened outside the facility, signed in by their escort, and again screened in detail by metal detectors and x-ray machines. An authorized person can then escort the visitor through the turnstiles into the secure area. Visitor badges are simple paper badges and require an authorized escort.
The U.S. agency is currently in the process of replacing the Wiegand-wire credential technology with smart card technology and a supporting access control system. The smart cards can be equipped with a microprocessor chip, a fingerprint scan biometric, a variable image, and a picture of the cardholder, and will be color-coded. The smart card will also be used for Public Key Infrastructure and computer logical access using the GSA Smart Card Interoperability Specification. These various identification devices provide redundancy in access control and allow varying levels of authentication. For example, the smart card can be used for entry at turnstiles by simply inserting the card into a reader, but a person's fingerprint will be read at an interior portal to a more sensitive area.
New visitor system badges will be magnetic stripe technology. Future procedures for escorting visitors will link the escort and the visitor in the computer system. The escorts will use their smart cards and the visitors their magnetic cards in tandem at the turnstiles for visitor entry. If readers are installed within the building at various portals, this procedure will show the movement of both the escort and the visitor.
The facility is also equipped with an extensive surveillance system. Numerous cameras observe all entry and exit points as well as the grounds, garage, and building interior. The surveillance system includes an advanced digital video monitoring system that records all video cameras at all times. The state-of-the-art system allows security personnel to control recording at the time of an incident and to review specific video after the incident.
The building is equipped with a command center that is the central point for all access management, surveillance, and intrusion detection systems, including workstations for all security sub-systems. From the command center, the appropriate staff can monitor and respond to security situations.
Another key practice is using an extensive security force at all perimeter access locations, the building entrance, visitor check-in desk, and the turnstiles. Other secured areas within the building requiring card entry may have additional security personnel.
NEWSLETTER
|
Join the GlobalSecurity.org mailing list |
|
|