Protecting airports from themselves
May 1, 1998 12:00 PM, DON GARBERA
Some security threats come from internal sources. The United States has close to 300 airports. All are considered high security risks. Airports located in major cities experience the majority of aviation-related crime and terrorism in this country.
Not all incidents come from external sources. Some are committed internally by disgruntled or terminated employees. In the late 1980s, one of the worst aviation disasters in recent history was brought on by a terminated employee who breached security with his identification card and smuggled a revolver onto an airliner. Thirty-eight passengers and the cockpit crew were killed.
The incident precipitated the Federal Aviation Administration's promulgation of Regulation 107.14, which states that electronic systems and procedures be put in place at airports to ensure that access by airport personnel is monitored and controlled.
Three of the 18 highest risk airports are John F. Kennedy International Airport, Newark International Airport and LaGuardia Airport. All three are owned by The Port Authority of New York and New Jersey.
A revenue control card access system that was installed because of Regulation 107.14 protects the more than 90 million people that enter the employee parking lots at the three airports annually. A computer-assisted access control system mandated by Regulation 107.14 controls unescorted access to the air operations areas at the three major airports.
The system employs Mosler remote processing controllers, Nynex computer services software, an Opcom fiber network and Dorado card readers. Doors linked to the computer are controlled by the Mosler remote controllers. There are 69 remote processing units around the airport, and hundreds of entry points such as doors and vehicle gates.
The processors maintain a record of all personnel authorized to enter. A person seeking entry swipes a card and enters a four-digit PIN. If the system finds the person is not on the local database, it will check the main database to ensure there have been no changes. If the wrong PIN has been entered three times, the system will cancel the user's card. There are 24,000 active cards at John F. Kennedy Airport alone.
JFK has 35,500 employees. Not all are authorized to receive access control cards - "only those who must have access to the airfield and restricted aeronautical areas," says Andrew Kreek Jr., manager of airport security.
According to Kreek, there are different levels of access authority granted to card users, and differently configured cards allow different types of access for driving onto the airfield, and to other restricted areas. For example, different colored lights are used at entry points that tell a guard at a particular entry station whether the person attempting entry is exercising correct access. "If the person is carrying passengers in his car, but is not authorized to do so," says Kreek, "specific colored lights located near the card swipe station will not flash, indicating to the guard that the person is trying to gain unauthorized access."
Access cards are unique to the airport they are used at. Because of this, all personnel involved in card-use receive Security Identification Display Area training mandated by the Federal Aviation Administration.
The airport's card system is linked with all individual airline passenger terminals that are tenants of the airport. "The link incorporates a tenant-revoke feature, which immediately notifies the system when an employee is terminated at one of the tenant locations," explains Kreek.
Upgrading for the year 2000 Currently, there are two upgrades in progress. "The first is a series of routine improvements that includes installation of software to make the system faster and more user-friendly. The second is a larger upgrade that will allow the use of biometrics in the future, and make the system Year 2000 compliant," says Steve Schramm, systems administrator. The application system is currently Year 2000 compliant, but the operating system and the hardware are not.
Each of the three airports handles more than 30 million people a year and an average 20,000 card swipes a day. The new upgrades will allow for increases in these numbers.
What will the new operating system be like? "That will be determined by what the four vendors that have won the right to bid on the project have to offer. We want an off-the-shelf system, so that we know it will work from day one," says Schramm.
According to Schramm, the new system will employ a two-man rule, which means that in some extremely high-security areas such as Customs one-person entry would be denied. "This will help prevent incidents by employees who could become tempted by being in the presence of valuables," comments Kreek.
Airport employees must wear their ID badges at all times. To encourage people to challenge others out on the airfield who are not wearing their badges, airport security has set up a "Bogus Bob and Babs" program. Anyone who turns a fellow employee in for not wearing an ID badge receives $25.
A security audit team has also been put in place that tries to intentionally breach security by attempting to get out onto the airfield without swiping an access card, or walking around without an ID badge to see if they are challenged. The team also watches the tenant airlines to ensure proper security procedures are followed, and checks fence lines for any possible holes. If a fence problem is spotted, a team member stays there until a crew is dispatched to repair it.
All stairwells are monitored by Cohu CCTV cameras, as are the airfield and parking lots. Certain access points also use motion detectors with 3- to 5-beam coverage. Tenant airlines incorporate their own CCTV capabilities. The security force is a combination of proprietary guards and armed Port Authority police.
Commercial flights first flew out of JFK in 1948 when it was called New York International Airport. With the advent of modern-day technology, airport security today is a far cry from what it was then.
Unauthorized media at the gate JFK, like LaGuardia and Newark International, takes breach of security very seriously. Recently, security guards at two different vehicular access points refused entry to a van driven by an airport tenant because of unauthorized persons accompanying him. Upon investigation, it was determined that the unauthorized people in the vehicle were actually representatives of the media trying to breach security as a media event.
The individual driving the van was a tenant who provided services on the airfield. Based on his actions, he and his company were banned from conducting their business on the ramp for 45 days.
"It hit them right where it hurts most. They lost a lot of money," points out Andrew Kreek Jr., manager of airport security.
Want to use this article? Click here for options!
© 2014 Penton Media Inc.
Today's New Product
In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.