All Points Secure
Fort Stewart and the nearby Hunter Army Airfield (HAAF), both located near Savannah, Ga., serve as leading U.S. Army mobilization stations for Operation Iraqi Freedom. The base and airfield facilities house multimillion-dollar aircraft, complex communications equipment and an abundance of sensitive data. Security personnel at the facilities faced a challenge of managing the access of authorized personnel in a reliable and functional manner while promptly refusing the entry of unauthorized users.
A central concern of Fort Stewart and HAAF officials was the amount of sensitive information contained on facility machines. Information such as flight plans, unit arrival and departure times and air traffic control logs meant to be viewed only by select military personnel could have easily be seen by an intruder who wrongfully gained access through an insecure door.
“A high level of security is particularly necessary in our communications rooms and air traffic control tower,” explains David Loiacono, information management office/network administrator for Hunter Army Airfield and Fort Stewart. “We have classified and unclassified sections of our network, and there is highly sensitive information flowing throughout these buildings.” Because of the risk involved should sensitive information fall into the wrong hands, a basic lock-and-key or card-based system did not provide a desired level of security for the facilities.
Hunter Army Airfield had long used standalone fingerprint-recognition access control units from Digitus Biometrics, Savannah, Ga., to secure access to all major airfield buildings. However, when the company released a networked version of its biometric access units, airfield security personnel decided to upgrade in order to reap the benefits of centralized access management through the network.
Each Digitus unit includes two components: a fingerprint reader with keypad for placement outside of a facility door, and a controller located securely behind the locked door. The fingerprint reader uses biometric technology to detect a live fingerprint and communicates with the controller using a proprietary code-hopping encryption protocol developed by the company.
Upon user enrollment, which is completed in under a minute, the Digitus system creates a multi-point schematic of the user’s fingerprint profile and stores it as a 512-byte fingerprint template. The template is matched to the user’s live fingerprint at the time access is requested.
In the networked version, Digitus’ proprietary encryption secures TCP/IP communications between central management software and the units. Each unit functions independently of the central server during its general operation, requiring network connectivity only for administrative tasks such as user enrollment and access reporting.
Chris Marsden, founder and chief technology officer of Digitus Biometrics, says the Digitus system’s physical configuration contributes to its security. “Our system is comprised of two halves: a reader with a biometric sensor, keypad and display that is situated outside the door, and the controller, which is installed inside the protected environment,” he says. The controller provides a wired connection to the fingerprint reader and the door’s electric strike lock. In networked systems, the controller also provides an Ethernet connection for communication with a central server. “Some systems use a single box unit installed outside the door, and in the back of that unit are the wires that connect to the network,” he says. Bypassing the biometric elements of the unit involves merely gaining access to the wiring behind the unit.
While upgrading the HAAF units, security personnel also upgraded standalone units already installed at Fort Stewart. To date, a total of eight buildings located on the base and airfield have been equipped with the networked biometric systems catering to 60 users, with 900 as the maximum.
Loiacono and a physical security officer – the only two people who monitor the system – now have centralized control of security access at multiple locations.
Card-based systems, according to Marsden, can often give a false sense of security because the user may not know for certain who possesses a card that is swiped. “With a biometric system, you can’t pretend to be someone else,” he says.
Loiacono says the system is also useful for time-sensitive access. The Digitus Biometrics system allows Loiacono to set an authorized timeframe for each user. For example, cleaning crews only have access airfield facilities for two hours.