Airport security is like a vexing jigsaw puzzle: There are many unique pieces, and all must fit together seamlessly to achieve a cohesive overall design.
Officials at Portland International Airport (PDX) spent years studying the various pieces of their security puzzle before embarking on the largest security upgrade the airport has ever seen.
"This was a very structured project, and they took the time up front to learn what they wanted to do," says Andy Kuchel, vice president of marketing and business development for Quantum Secure, the software company that supplied the access identification system for the $53 million project. "They followed the old carpenter's adage: Measure twice and cut once."
System/Process Improvements: Transitioning from badge-centric software system to identity management system for employee badging; rebadging 9,000 employees
oo often, he adds, airport officials design security systems in a vacuum without considering the many pieces that go into creating the overall security picture. "If the burning issue is the need for a new access control system, they get a new access control system and rejigger it for their environment. Then they realize they need something else and they go do something else," Kuchel says, noting the end result is a disjointed system with pieces that do not function together as well as they should.
PDX officials, however, took time upfront to think the project through, with research beginning in 2009. Staff then moved forward with the Access PDX project in 2012, and the design phase occurred from 2013 to 2015. When the extensive upgrade was completed in January 2017, not a piece of the airport's security system was left untouched.
The project included:
• building a modern security badging office with space for future growth;
• transitioning from a badge-centric software system to an identity management system for employee badging;
• rebadging 9,000 employees;
• installing a fiber optic network to support new card readers and high-definition closed-circuit television (CCTV) cameras inside the terminal and around the airfield perimeter;
• replacing legacy card readers with RFID- and biometrics-enabled readers;
• rebuilding vehicle gates and removing unnecessary vehicle gates from the fence line;
• building permanent stations on the airfield for security officers;
• adding more than 160 cameras to key locations for a new total of 760 cameras; and
• relocating and automating exit lanes (a feature that will be covered in Part II of this article in the May/June issue of Airport Improvement.)
Though numerous, the various elements were designed to work together to create a state-of-the-art system that positions the airport for a secure future. "There are a lot of pieces to this project, and each one of them brings its own benefits from an overall security standpoint," says Scott Shepler, information technology (IT) manager of security and access systems for the Port of Portland, which oversees the operational systems of the joint civil-military airport.
Time for an Upgrade
As with many other technical projects, the need for a security update at PDX was born out of necessity. "We had some really old equipment from an access control standpoint that the manufacturer could no longer support," explains George Seaman, engineering project manager for the Port of Portland. "We couldn't get parts and we couldn't get repairs made; so we had to do a full-scale replacement of our access control system in the terminal."
The airport also replaced 24 gates around the airport because communication to the gates was handled through an antiquated 20-year-old dial-up modem system. "We could not get live updates [to the gates] if there ever was an issue," he says.
As PDX officials explored various options, they realized nothing could change until they finished upgrading the airport's IT infrastructure, including running approximately 30 miles of fiber optics around the airport perimeter.
And, as they considered installing a new access control system, they quickly realized that would be an opportune time to replace the facility's outdated magnetic strip card readers with readers that use contactless smart cards that leverage RFID and biometrics.
"Then, as we looked at upgrading the card technology, we considered our badging software and decided we should also upgrade that to an identity management system," says Shepler. "Like so many projects, by the time we actually defined the scope of the project in its entirety, it ended up being a little bigger than what we started with."
New Badging Office
A key part of the project involved relocating the airport's security badging office to the third floor of the terminal building, across from the TSA office. The 2015 move also combined the security training room with the badging office, which provided badge holders with more hours for security training classes and a one-stop location for all badging activities.
Houston Hickenbottom, badging manager for the Port of Portland, explains that the change also enhanced efficiency for office staff. "Our previous badging office was split into two locations: the badging office was located on one floor and the security training was two floors above that," he notes. "With a staff of only five people, having them go between two floors in the airport to work at different shifts was very inefficient."
Another driver was space. The airport would need more room when it started rebadging all employees after the new card reader technology was brought online. "Before we could activate new card readers, we had to get new badges into every badge holder's hands," Hickenbottom explains. "The new badging office provided us with the space to be able to rebadge the entire airport population without having to build a temporary satellite badging office just for rebadging purposes."
New Badging Approach
"There's quite a bit of complexity about what a person must go through in order to be issued a badge," says Kuchel. "A person has to be trained, vetted, and his or her documents verified. That employee needs an authorized signer, who represents the company he or she will be working for, to state that he or she needs this badge, and what areas of the airport he or she needs access to. And, the airport has to continuously re-audit and re-vet these individuals."
To meet such challenges, the new badging office needed a system that allowed PDX to efficiently re-badge its entire population of about 9,000 employees.
Early on, officials decided to transition from the airport's existing badge-centric system to an identity management system from Quantum Secure.
With a badge-centric system, a record is created in a database when an employee applies for a badge. Properties are assigned to that badge, such as the person's name, the company he or she works for, specific doors he or she can access, etc. But if that person quits and later comes back, the system creates a new badge record, assigns new properties to that badge, and the airport has two distinctly separate records assigned to the same person. "As you administer that person's background checks, this makes the security vetting process a little more complicated," notes Shepler.
"When you have a badge-centric system, every time someone applies for a badge, you have to vet their identity because you're associating that person's documentation and status to a badge, not a person," he adds.
With an identity management system, a record is not immediately created when an employee applies for a badge. The system first establishes that person's identity and vets the supplied information. A badge is then assigned after the employee completes his or her security training. As staff come and go, their badges no longer work, but the records about them remain in the database.
PDX selected the SAFE for Aviation software system, from Quantum Secure, which puts all airport personnel information in a common policy-based system that is fully aware of the security directives across the airport. As such, the system enforces TSA background check requirements and also simplifies and streamlines the application process of new badge holders, notes Kuchel.
Authorized signatory internet portals allow credentialed employers to access the system and enter information for a new employee, the type of badge needed and the associated access privileges, as opposed to submitting paper forms. After receiving the electronic request, the system ushers the prospective employee through the procedures and prerequisites of getting vetted, trained and badged.
"Airports typically are doing all of this by paper, so there is a lot of duplication and a lot of hand keying," Kuchel comments. "Our system sits as an overlay on top of the access control system and is embedded with the airport's policies and compliance requirements. Users are not plugging people into the door access system, they're putting them into the identity and credential management system, which has all these gates and procedures within it."
The new system ensures that employees have cleared all the necessary steps and obtained all the necessary approvals before allowing them into PDX's access control system, he summarizes.
Hickenbottom reports that the new system has greatly changed the way the badging office operates. Instead of having employees come in with paper applications, their information is already in the database and ready for badging personnel when they arrive. Moreover, it has changed the role of badging staff from data entry to process management and analysis.
Once the new software was in place, PDX began rebadging employees in a phased process-inviting various groups or companies to send their employees to the office during carefully scheduled time blocks. If companies struggled to send people over for badging, the airport supplied buses.
"By having flexibility in our schedules and busing available, it was a lot less painful than companies initially thought it would be," Hickenbottom says.
Beyond the process, the badges that employees use also had to change. Magnetic stripe cards were no longer enough. Though biometrics are not required by the FAA or TSA, airport officials decided to leverage the added technology to prepare for impending regulations and provide more control of badge usage within the airport in the meantime, relates Shepler.
"It positions us for the future, because TSA has been hinting at a biometric requirement for some time," he explains. "When that requirement shows up in the regulation, we will already be that much closer to compliance. And, we get the added security benefits of a biometric that make it harder for employees to share their badges with other people."
In addition, the new contactless smart cards use diversified encryption keys to protect information on the card and reduce the possibility of cloning and impersonation. "This increases the overall security of the credential itself," he adds.
"We can demonstrate and certify to the TSA that we're not just letting anybody in, anyplace," comments Dan Slauson, aviation security operations manager for the Port of Portland.
Implementing the new system, however, was a challenge, adds Seaman. "We had an existing access control system that was fully functional and had to remain fully functional," he explains. "Basically, we had to build the entire back end, essentially, all at once. Then we started cutting one door over at a time."
Because the airport had to maintain two separate access control systems during the transition, all employees had to be rebadged before the project team activated the first door on the new system. Likewise, new badges had to be able to open old and new doors, so every card had to be equipped with a magnetic strip and an RFID chip. "Once the old system is completely gone, which should be very soon, new employees will receive badges with just an RFID chip; they will no longer need the mag stripe," notes Seaman.
Adding Access Control Tech
While office personnel tackled the rebadging process, work crews replaced the airport's outdated access control systems. In addition to upgrading infrastructure technology to support 600 new card readers, workers rebuilt vehicle gates at 24 gate locations to add faster opening mechanisms and new card readers.
Craig Redlinger, construction manager for the Port of Portland, notes that the previous gates, which communicated via copper, phone lines and modems, had inherent weaknesses. "There was a risk, albeit not a large risk, but a risk, that if you ever lost communications to a gate from the head end, and at that same moment, somebody got their badge pulled for security reasons, the gate might not know that badge had been pulled and let that individual on to the airfield," he explains.
Though small, it was a risk the airport wanted to eliminate. Part of the project updated technology to provide a more consistent connection to the communications center and access control system. With the fiber optic network in place, the airport was also able to install high definition CCTV cameras, so personnel in the communications center can monitor the gates to see who is going through them. And, in an emergency such as a fire on the airfield, the communications center can close gates behind fire trucks, so they don't have to wait as is typically required.
None of these changes would have been possible without upgrading the IT infrastructure, emphasizes Shepler. The new infrastructure enabled the airport to completely rethink how the vehicle gates operate, he explains.
In addition to installing new high-speed vehicle gates, the airport replaced the gate controllers and added access control equipment and cameras to each one. "We changed our method of egress from the airfield to be controlled by card readers," he adds. "Before this project, you had to card swipe to get onto the airfield, but you had a 'free out.' Now, employees have to use their badges to get on and off the airfield."
The addition of CCTV cameras at every gate allows staff in the communications center to see the status of gates absent from the access control system. A wall of monitors allows them to select the camera views they want to monitor. "Key gates are always up there...the exit lanes, the major doors that lead from the public area and into the secure area," Seaman explains.
"They can physically look and see if the gate is open, closed, partially open, partially closed," adds Slauson. "But it also gives you a recording of everyone who has come and gone through that gate. With the high-definition CCTV cameras we installed, you are able to distinguish faces, vehicle license plates, vehicle logos, etc. It gives us a situational awareness around our perimeter that we did not have before."
The changes also enabled the airport to add CCTV cameras in locations the communications center was previously unable to view. "It gives us more information to be more strategic about what's going on the airfield," he says.
Backup power systems were added to ensure that gates are always operational. Previously, gates could get locked in the open position during airfield power outages, unbeknownst to security staff. In such situations, the airport dispatched a police officer or airfield operations supervisor to physically check gates to make sure they were closed. "Now, with the cameras and uninterruptible power supplies, the communications center can quickly view the gates remotely," Seaman says.
The long-term project also equipped doors inside the facility with new card reader technology and cameras to build in an additional layer of security. "If a door goes into an alarm, an alert is sent to our communications center where dispatchers can pull a video to see what happened," Redlinger explains. "Generally speaking, they can see video footage 15 seconds before the alarm went off as well as a live video feed."
Although the airport previously had similar capabilities at select doors, the older-generation cameras provided pixelated images. "We added quite a bit and changed the cameras to high resolution, so you can actually get a better feel for who you're looking at on the screen," he explains.
In short, the new cameras, access control features, badging processes and other improvements are all individual pieces in PDX's ongoing security puzzle.