Networked prints

Army centralizes fingerprint system to secure physical, network access

In a merger of physical security and cybersecurity, the Army has installed a centralized system to control access to buildings and networks at Hunter Army Airfield and Fort Stewart in Georgia.

'Maintaining homeland security is especially important on bases like this, with all the top-secret missions going on,' said David Loiacono, network administrator at Hunter Army Airfield and Fort Stewart.

'When I first came to Hunter, I had recently gotten out of the military, had served in Iraq and saw the threat of terrorism firsthand,' he said.

To improve physical security at the two locations, Loiacono recently networked stand-alone Digitus Biometrics' access control units, and he is expanding the number of buildings that use them.

Fort Stewart and Hunter Army Airfield are home to the 3rd Infantry Division. Together, they have the capability to train and deploy active Army units, Reserve components, and National Guard units and soldiers. The 280,000-acre Fort Stewart is the largest Army base east of the Mississippi.

Hunter, which is 35 miles from Fort Stewart in Savannah, was originally an Air Force base. In 1967, it became the Army Flight Training Center and now hosts the 1st Ranger Battalion, 160th Special Operations Aviation Regiment and other units, including the Coast Guard's largest helicopter unit. Its 11,375-foot runway can accommodate planes of any size, including the C-5 Galaxy, and serves as an alternate landing site for space shuttles.

Seven years ago, officials at Hunter and Fort Stewart deployed stand-alone access control systems from Digitus. They installed 15 fingerprint-based units at Hunter and three at Stewart to restrict access to facilities, such as the airport tower, base operations building and server room.

A user enters an ID number into a device mounted outside a door and then places a finger on the sensor to gain access.

Although that process provided two-factor authentication for access, it did not offer centralized management or automated alerts, which is crucial for maintaining security for an area as wide as Fort Stewart and Hunter.

In February, Digitus released its Access Control System, which enables network control of the individual units, and Army officials quickly adopted it.

'The central management software controls all the units from a central location over an IP network,' said Chris Marsden, Digitus' founder and chief technology officer.

And just like the building access control systems, access to the software relies on biometrics.

'Our management system uses fingerprints to gain entry to the software,' Marsden said. 'There are no master codes or master passwords that can be breached that would let others get into the software.'

The Army didn't wait for the product's public release date. Base officials asked contractors to link the network to the access units, and in December 2007, a Digitus representative installed the software on a PC running Microsoft Windows XP Professional. A Digitus device protects that computer, which is locked in the server room. Loiacono and the base's physical security officer are the only people who have access to both the software and the server room.

Loiacono then pulled all the access data from the individual units into the central database. Installing the application and uploading all the access templates took about two hours.

'It was easier than I thought,' he said. 'I could just pull the template from the units into the software instead of having every user in my section coming up and redoing their fingerprints. That was a big timesaver.'

The new system combines the features of stand-alone and networked access control units. With the old system, users had to register their fingerprints and IDs separately for every unit they used. Now they go to a central location to register, and the administrator authorizes their access to certain facilities based on their duties and security clearances.

'We have a lot of cleaning crews that come through here, and I have to give them access,' Loiacono said. 'I give them a certain time when they are allowed to use the system. Prior and post, they are not allowed to use the door.'

One potential shortcoming of centralized security is the challenge of maintaining operations when the network or central server fails. Digitus devices store access data locally, and administrators make any changes on the central server and distribute them to the local units.

In the event of a network outage, the devices could log as many as 32,000 access attempts and then send the data to the server when the connection is restored. Each unit contains a battery that provides as much as 24 hours of backup power.

Catch a thief

Loiacono said networking the sensors has saved time and improved security. 'Adding a user takes about 30 seconds; maintaining and looking up logs takes about 45 seconds,' he said. 'Once you get it in place, adding units, deleting units and scanning for IDs is a piece of cake.'

The Digitus notification system alerts Loiacono of any failed access attempts via a pop-up window on his computer.

'If I am off-duty, the physical security guy is in charge of it, so it is constantly monitored,' he said. 'It sends an e-mail and buzzes my BlackBerry so I would know what was happening even if I was at home sleeping at 3:00 in the morning.'

When he receives an alert, he notifies the person in charge of security for that building, investigates it personally or sends the Military Police to check it out. In most cases, it is user error: someone entering the wrong ID number or using the wrong finger for authentication.

The new system also helped solve another security issue. 'Two months ago, a system was stolen from the main terminal,' he said. 'With the log system, I was able to look at the database, narrow it down to what day at what time, find out which people were in the building and find out who was responsible.'

Loiacono is buying another 15 units to add to the network and, if funds are available, will eventually expand it to cover every building and gate.

'We are trying to gradually make it the standard at Hunter and Stewart,' he said.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above