As manager of the Security and Emergency Management Office at the Massachusetts Institute of Technology (MIT), Thomas Komola benefits from the input of a lot of very smart people.
“I’m fortunate. At MIT, it’s geek central,” Komola quipped. “I’ve got four years of [student] classes that can tell me quite frankly that I’m not the smartest person in the room. And I lean on that.”
Not long ago, some students looked at the power lines for devices that unlock doors in their dormitory. They figured out that they could trigger the lock mechanisms by introducing external power to the supply lines. They avoided detection by simply skinning the wire to gain access to it; they didn’t cut it so no control panel alerted supervisors that something was wrong.
With the external power activated, the doors unlocked, unveiling a big security weakness.
“We went to our integrator and said, come up with a solution, and we now have a product that is standard in all of our control panels to supervise … changes in the influx, the amperage and the voltage on those power supply lines,” Komola said.
Maybe disrupting locks at a dorm isn’t a big deal under some circumstances, but the same vulnerability could have popped up at sensitive laboratories on campus, imperiling projects running in conjunction with the Department of Defense or the Department of Homeland Security. And at MIT, the demand for video and access control technologies has grown considerably since the Boston Marathon bombing in 2013, which involved a manhunt that led to the murder of an MIT police officer.
Komola shared his tale during an education session presented by the Security Industry Association (SIA) at the ASIS International Annual Seminar and Exhibits in Atlanta, Ga., on Sept. 29. Panelists at the session, Retrofit and Migration Strategies for Video and Access Control Systems, agreed it was vital to cast a wide net and talk to as many people as possible about their experiences when setting expectations for a large security integration project.
Phil Lisk, director of information technology at the Bergen County Sheriff’s Office in New Jersey, stressed the importance of due diligence when determining the parameters of a security integration project. Lisk looks at the vendors involved and their past performance, specifically their past performance on similar networks. But then he looks at projects with a bigger scope.
“If I’m doing something with 1,000 cameras, I want to find someone who has done something with 1,500 or 2,000 cameras,” he said.