The world of university and college campuses brings to mind openness and acceptance, an environment that in some ways seems to insulate these institutions from outside influences. But this may give a false sense of security, and especially in light of the fact that violence has indeed found its way into one of the last bastions of innocence. As one of the participants in the following roundtable pointed out, “I think perhaps the most unique characteristic about college and university setting is that we operate in an ‘artificially created community.’”
What happens on campuses today very often affects not only an entire community, but a nation as well. Therefore, a common theme among security practitioners and security providers is communication.
Sister publications Security and SDM brought together professionals in higher education campus security — four practitioners and two systems integrators — who specialize in finding solutions to the security issues in this sector. Here, they discuss the unique needs, the technology solutions, and how teams can work together to make these communities more secure.
The roundtable discussion is moderated by Security Editor Diane Ritchey and SDM Editor Laura Stepanek.
Laura Stepanek: What are the security concerns and the unique needs as you see them among universities, both public and private?
Mike McCarthy: It’s a transitional time for our students, given their age group of 18 to 22, in that they’re leaving home, going into a more independent setting. So they have to make that adjustment — and that adjustment is certainly not only academic and socially, but you have to become wise about your safety at the same time, both at the school and any time you venture away from the school.
Fountain Walker: From a strictly technical aspect, we all get an idea of what we need to do for the campus itself as providers of security. What I find interesting is that our young people, when they come here, lack survival skills. We spend quite a bit of time trying to educate in that regard. They’re adapting to a new environment; at the same time they really don’t have any reason to fear in most cases, especially if you’re at a very affluent private institution. Most of these young people haven’t experienced life in a more difficult environment. To get them to understand the significance of personal safety and being aware of your surroundings, I think, is the most important thing. They know basically when they’re dialing 911 [that] somebody’s coming, but what are they going to do until we get there?
Fred Behr: I think perhaps the most unique characteristic about a college and university setting is that we operate in an “artificially created community” where each year, 25 percent of our population changes and the majority of our population are 17 to 23 year olds.
The residential aspect of our communities, unlike many other security settings, also brings special challenges. The needs of residential students are different in that they require safety and security services 24 hours a day. These services would include safety escorts, building access, crime prevention, patrols, criminal investigations, medical emergencies, vehicle assists and parking and traffic management.
The total number of residential students at public and private colleges also varies widely and is not necessarily correlated to total student enrollment. So in order to create an effective safety and security plan, it is essential for us to develop partnerships with students, student organizations, residence life staff, faculty, athletics, conference and events, and a host of other entities within the campus community.
We extend our efforts to off-campus as well. At colleges with a large off-campus population, different issues can arise that require attention. Even though the students are living off-campus in rental apartments and houses, there is the expectation by city residents that the college is still responsible for the actions of their students.
Edmund G. Skrodzki: The security needs have to fit the campus needs and several factors play a role, such as urban versus rural settings, the number of buildings and the student and staff population. For me, the principal goal for security should be to deliver proactive security personnel and security. The technology that you use must fit the needs of the campus.
At Johns Hopkins University, we have 188 cameras around campus. About 160 use video analytics, which helps us to detect suspicious behavior with people and objects. Video analytics automates the monitoring of the video and prioritizes the alerts, which increases the effect of the person monitoring the system. Ultimately, that creates a more preventative rather than reactive system.
It also helps us customize the type of alerts we receive. One of the benefits of our video analytics system is that it can almost monitor itself. You set the parameters and you receive an alert. For us it complements our multi-layer security approach and makes us more proactive.
Laura Stepanek: Jeff, from your perspective as an integrator, what are the security concerns and unique needs on campus?
Jeff Gewedik: The biggest challenge that I’ve seen is the proposition of securing an environment that, by its nature, encourages a sense of openness; this presents a unique challenge in that you’re trying to have a high level of security and safety, yet you don’t want to discourage that unique educational experience that most people want to have.
The other challenge is you’re providing protection to a group of people that perhaps don’t want your protection. So it’s a bit of a philosophical proposition to get them to be accepting and to understand the need for security on a campus — and really how critical security is in terms of a university. If there ever were an incident, it comes under very direct scrutiny. Yet, in the interest of being proactive, it’s also the hardest area sometimes to find the budgetary opportunity to take those counter-measures in advance of an incident. So you’re working hard to secure a place that by nature is hard to secure.
Laura Stepanek: There must be a need for a lot of communication outside of the campus, as well. You’re not just isolated to communication with the students.
Jeff Gewedik: I would say your stakeholders’ list is significantly long.
Fountain Walker: It’s a long list, but I know I can’t be unique in my situation. I find that a lot of times people look at the campus police or security department as a necessary evil, even with local law enforcement. If it wasn’t for the fact I came from the area, I don’t know if I’d have as much participation and respect for the department and the training. A lot of people walk up to you and say, “There can’t be much crime here; there’s no need for it because of the community.” They have no idea of what we have to keep our eyes open for — predators, all kinds of things.
Thomas Giannini: The number of stakeholders is a very lengthy list. There are competing agendas within most colleges and universities. It’s very difficult at times to build consensus within the leadership and the stakeholders relative to what security should be and how it should be implemented. For many of our customers, their needs sometimes are driven out of necessity; meaning a situation occurred that they’re reacting to.
We see more awareness relative to risk management — what their risks are and how they should properly implement programs and plans and policies and technology as a component of it.
Laura Stepanek: Is there a resource that a college security director can go to, to learn about best practices?
Thomas Giannini: The International Association of Campus Law Enforcement Administrators (IACLEA) is a very good organization where campus safety, security, and political officials participate.
Mike McCarthy: There are local groups that do the same. But there’s also the Northeast Colleges and Universities Security Association (NECUSA).
Laura Stepanek: In general, has crime on college campuses increased, decreased or stayed about the same over the past two years? What are the most common types of criminal activities, and what programs and technologies are used to combat them?
Mike McCarthy: The common types of criminal activity have remained constant. I think we’ve seen the real violent, the active shooter type of incidents have actually increased in frequency — and I don’t think it’s just because of the notoriety that it now gets.
As far as the more common things, that stays pretty consistent — thefts and damage, and we’re always combating alcohol and under-aged drinking.
On the program side, we’re constantly doing educational pieces. The community policing comes into play with that, as well as notifications that there might be a wave of crimes going on such as thefts from cars.
Laura Stepanek: Fountain, what are the most common types of criminal activities and what programs and technologies do you use against them?
Fountain Walker: In general, theft, and I’ve seen a significant increase. In the last three weeks we’ve had about $15,000 worth of laptop computer and other hardware items stolen, and I can attribute half of it to one person. Quite a few students saw the individual, and it wasn’t until I got a picture of this individual and sent it out to the campus community that people were notifying us that they had seen him a week prior just before an incident. But at the time, no one wanted to call because they didn’t want to assume he wasn’t a member of the community, even though he’s 40 years old walking by with a 22-inch television at 2 o’clock in the morning.
That’s probably my biggest problem is that the community idea of political correctness causes these folks not to act appropriately. And we don’t learn about incidents and we’re not able to collect any information or data because it’s two, three weeks later. The hardest thing is to get them to report the incident so we can deal with it effectively.
Diane Ritchey: What do you do to encourage more active participation?
Fountain Walker: Freshman orientation we put on a little show to get the freshmen involved. We also have community watch programs. I offer food and free parking a lot. You have to give them a little something, you know? That’s ultimately what we do; we say “thank you” and then we’ll reward them. It’s not so much a crime stoppers, which we have used on campus, but it’s more of a pay-off if I tell a student, “OK, you helped us resolve this issue and you had $200 in parking fines. You are now forgiven.” But without their eyes, we’re pretty much just waiting for a phone call.
Laura Stepanek: On the integrator side, what’s your general perception of crime on college campuses?
Jeff Gewedik: When I looked into this question I went to see what I could find from a statistical perspective. What I learned was that reported crime is down 13 percent in 2009 from the previous year. But what is challenging to that figure is that it’s the amount of reported crime. I think there’s a significant amount of criminal activity that goes unreported, as I believe Fountain was indicating.
Similarly, and an unfortunate perspective of this, is that the incidence of violent crime appears to be increasing at a dramatic rate. So even though it may still be a smaller portion of the total crime perspective, it’s on the increase. Again, they’re statistics. So do they fit for every college campus? Probably not. It varies, I would say significantly, by where the campus is located and a host of other criteria.
From my perspective, there’s more to it than just designing a system. I think what really needs to be attached to that is some performance indicators to measure how effective it is once it’s installed. Is it easy to use? Is the video system capturing what you want to see? If it’s not, how do we move it? How do we make it more effective? Once you put it in, you’ve got to have a plan to make sure it’s as useful the first year as it will be in year five.
We’ve had some experience with customers where we do have these performance indicators. It does two things: It measures how effective that original system deployment was, but it also helps keep us, the integrators, on our toes to make sure we’re providing quality service to the end user.
Laura Stepanek: Tom, what’s your perspective on this?
Thomas Giannini: Property crimes and alcohol-related crimes seem to be the majority of the events that are taking place on the campus. Our customers are very interested in two areas: How can I improve the security program to decrease property crimes and what can I do to leverage technology to help me see what’s going in more real time and a way that benefits the campus as a whole?
What we need to tell our customers is: One, the technology that we can provide is not the panacea; it is a part of their overall plans and programs. Money is tight. So applying technology to provide solutions has to have a shelf life of more than a couple of years so their investment doesn’t become obsolete, that it can be built upon as the technology changes.
Video seems to be, without a doubt, of great interest to a lot of stakeholders on the campus. If you can help them leverage any infrastructure that they have to make the investment more cost-effective, that’s certainly an advantage for them.
We see that colleges and universities have a tremendous IT infrastructure. By working with the IT directors you can gain a lot of acceptance to put security solutions on networks by helping that IT director articulate a return on the investment.
So it’s working with some key stakeholders, such as public safety and information technology. With the residential life people, video seems to be the one area that they want to have more of, and a single-source credentialing scenario. They don’t want students, staff or faculty to have multiple credentials; they want one credential that’s going to allow them to do many things besides just identification.
Diane Ritchey: Mike and Fountain, do you have single-source credential systems? And are you both using your IT network to run your security system? If so, how closely are you working with IT?
Mike McCarthy: I work very closely with our IT department, and that has increased in the last couple years because of all the different systems that we use. In fact, I enjoy a very good relationship with them. I bring them in when I’m working on something to make sure that we can integrate it within what we have here.
Fountain Walker: To be honest, IT guys are very territorial. You can’t just hook up anything to the system and think they’re going to let you have it. You’ve got to ask permission first. What I enjoy about the relationship is that they allowed us to assign someone to our department to assist with several different areas — wireless links and VPN network with the state.
Diane Ritchey: Mass notification is probably one way that you’re able to communicate with your students over a large area. Mike, what type of mass notification system are you using and what are some of the challenges with it?
Mike McCarthy: We use an off-campus supplier for our mass notification. It’s Web-based so if we activate it, it goes off and then it comes back on.
What are the challenges? We learned recently that when we activated the system, mass amounts of e-mail came in to the campus. And they started going through the e-mail filters on campus, and it slowed it down considerably, because we sent out the original message and then shortly thereafter we sent out a second message. So we learned not to bog down the system, and how do we fix it? Well, we’re still trying to figure that out.
It was a gas leak that we were dealing with. The residence students were concerned if they were in any kind of danger and if they should evacuate and leave campus. The director of residence life sent out an e-mail saying, “No, everything’s fine, the residence halls are fine.”
The other piece of it is getting people to register. It’s the opt-in or opt-out kind of system. Do you put everybody in with their information that you have on file and let them pull themselves out of they don’t want to be notified, or do we just send out notices and have them register on their own if they want to be notified? We’re more of an opt-in setup here. But we pre-loaded everybody with their (university) e-mail, which was our undoing.
So there are some concerns about how we manipulate the technology that we already have. We’ve done testing with that mass notification system but none of this came up in it because we’d send out one notice, we’d get the replies, and we thought life was good. But when a real incident occurred — and they’re not all that frequent — we saw some of the drawbacks and shortcomings that we had with it.
Diane Ritchey: Are there students that actually don’t want to receive that information?
Mike McCarthy: Yes, absolutely. “I don’t want to be bothered with it,” is one of the quotes I get.
Fountain Walker: “Or pay for the text message coming in to my phone.”
[Our] system allows us to send text, e-mail and also it’s an integrated system so it will also have a public address system attached to it.
As we went through our test similar to what Mike experienced, we found the IT system wasn’t prepared to deal with that number of e-mails to be sent out at one time. So they figured out how to filter it.
The bigger problem was the text messaging, though, because you have probably 65 different phone companies out there. You have to set basically each target group up so that the phone system will accept. Then, when it sends the message out in a burst, it’s only going to send so many. The first time we did a test, we sent out a burst basically with the text messaging. People were getting redundant text messages.
You have to also talk to your vendor about setting it up so there’s only maybe one re-try or two re-tries. We had ours set up for three re-tries, so if the person never answered the phone, they would keep getting a text or keep getting the e-mails.
Our last test was in January. The initial test is an emergency scenario, to make sure everybody knows where their evacuation places. We do a campus-wide alert. It takes about an hour, everybody goes back in, then we’re good to go. Then in the spring we just do a simple text message test.
But my fear is that our citizen’s expectation is that once they get that notification they’re just going to wait on us. Everybody’s going to stop moving and say, “OK, now what?” That’s the hardest thing to get them to understand — when I tell you to take shelter, I mean take shelter. Or if you need to get out of the building and if a bad guy is in the hallway, break the window. These are legitimate concerns that faculty, staff and students have expressed, very sincerely.
Edmund G. Skrodzki: We only send an alert to students if we have an imminent danger. Obviously, past events have demonstrated a need for mass notification systems and timely notification may save lives because these events are usually occurring for short periods of time. We have multiple technologies at our disposal, such as e-mail and telephone messaging systems, siren and public address that can address a large audience, but I still believe that you’d better have bullhorns around because technology can sometimes fail.
Instead, we rely heavily on educating our students, faculty and staff. We have neighborhood walkers on patrol; we take new students around neighborhoods and teach them street smarts, for example. We’ve been very successful with these efforts. If people think that security is the only answer for crime prevention, they are mistaken. It’s a total effort with the students, faculty and staff and the neighborhoods. That’s where you get the results and real crime prevention.
To me, a university should have a communication center that should be the centralized management point for all of the security efforts and technology on campus. It should include CAD, telephones, radio, security video, access control and more, and it should be your central hub.
A good example is thefts: we’ve seen a 60 percent decrease in property theft on campus. We don’t have cameras in all of the buildings, so I think it’s a result of people being more security aware. We also have a Hopkins Crime Watch Program, where we give participating students an anonymous way to report crimes. And if a student is asked to testify in a crime case as a result of reporting a crime, we will take that student to the court house and back to school. We make it as convenient as possible for them to help us and the Baltimore Police Department.
Diane Ritchey: Jeff, what has been your experience with mass emergency communications?
Jeff Gewedik: Managing and testing and understanding the true effectiveness of a mass notification system is a challenge. As we get more experience and applications are tested and tried, we see that there’s some refining going on in the industry in terms of the manufacturers interpreting what kind of product to make compared to what is really required from the end user’s perspective. I think there was a really big gap for a while, and that gaps seems to be closing.
It’s interesting to note that Underwriters Laboratories is now going to be to issuing what’s called UL2572 to be published later in 2010. It really is the first edition of standards related to mass notification application design and functionality. It gives some clarification to what it should accomplish, how mass notification should be used, what the core objectives are and how to measure its effectiveness.
From our experience, when customers come to us for a mass notification solution, they want us to be providing a turnkey, scalable solution. They really like to see us use as much of the current infrastructure that’s there already to minimize some of their costs. They’re looking for professional design and installation, and the knowledge of how to keep it effective and how to manage the process.
Ultimately, is there anything we can do from an integrator perspective to help them with the application for or the locating of grants and funding opportunities? There are a number of them out there. What we could do is probably take all those things, put it together and really package it in a nice solution to an end user. That’s where we see the real opportunity. It’s really a relationship thing; it’s not something that you just sell and walk away from.
Laura Stepanek: Tom, this is your specialty.
Thomas Giannini: Fortunately for Simplex Grinnell our heritage is life safety.
There are three elements for a college campus that we focus on: process, funding and technology. We tell our customers that one type of technology is not going to get you where you need to be for mass notification. Most of the personal notification systems that you gentlemen were describing use public networks. The carriers that own those networks use aggregators to compile the message traffic as it is being developed. So there is a burst of information, the number of messages that are going to go out. And there’s only so much that they can do.
We tell our customers to separate it into three components: What are your interior solutions going to be for on campus; what are your exterior solutions going to be for on campus; and what is going to be your personal notification solutions for the target audience of off-campus first? The reason we tell them that is infrastructure. Most modern fire alarm systems have a fire evacuation voice capability. Most have speaker systems that were designed initially for fire evacuation.
If a building code authority having jurisdiction implements the new fire code, there is a mandated section now, in NFPA72, on emergency communications — what the requirements are and what you need to implement, and so on. The leverage point for that is fire alarm systems. Every college and university by code has to have a fire alarm system. Most of the systems placed in the last 15 years or so have fire evacuation capabilities. So there’s a technology that we encourage them to leverage. It’s actually a very cost-effective upgrade to take that fire alarm system and turn it into an emergency communication system. In the new 2010 fire code, emergency communications takes precedence over fire alarm. That’s the importance that they’re placing on emergency communications.
By code, the fire alarm system’s speaker coverage is far superior to public address systems. It has required voice intelligibility that is not required on public address systems. It has survivability and redundancy built in by code. We had two customers in the Midwest that because of the severe weather this past winter, used their emergency communication system to let the students and faculty on campus know that they were shutting down because of a severe storm. Power had already gone out to the campus, but because of the way the codes are written, the fire alarm systems at a minimum have to operate for 24 hours after a power loss. So they were able to effectively evacuate their campuses and manage the situation even though there was no power to any of their campus locations.
The personal notification systems, as both Mike and Fountain pointed out, is opt-in/opt-out. Getting the people to subscribe to the service is always a challenge. The one thing that you can control on your campus is your fire alarm network. You own it, you control it, there’s no public carrier or provider involved. So you can put out whatever you want and you can use the voice component or use visual message displays.
The last piece is personal notification. If you’re leveraging capabilities that you already have with your infrastructure and talk to your students on campus, our advice is direct it to those students who live in off-campus housing — parents especially. One incident that comes to mind is the one that occurred at Northern Illinois University. Parents were finding out about it on CNN before the students on the campus were fully notified there was an active shooting.
It’s a matter of going back to those three elements: process, funding and technology. Someone had mentioned there are plenty of grants out there. One of the grants sources, besides the Department of Education, is FEMA, which has emergency preparedness coordinators in all 10 of their regions in the United States, and that person’s job is to work with colleges and universities as their number one priority.
We have teamed our university customers with those FEMA emergency preparedness directors to help them identify grants. There are some grants that are non-competitive, meaning all apply. They’ll continue to release the money as long as it’s been allocated, until the funding is exhausted. Then there are competitive grants, which you have to write a compelling grant application as to why you should get the money over somebody else.
Diane Ritchey: Not a lot of people have staffs that specifically know how to write an effective grant, though, right?
Thomas Giannini: A cottage industry has grown up on the grant writers. With private institutions it’s a little bit more difficult to get public money. But depending on the endowment funds that private institution has and how you can influence the alumni and the stakeholders at a private institution many times dictates how the money’s going to be spent.
They have to set aside money to get these types of emergency technologies. You talk to most parents when they’re looking at a potential college, they’re very interested knowing what the emergency communications technology on a campus.
With the Higher Education Opportunity Act that was passed last summer, starting July 1, 2010 emergency preparedness plans and drills now have to be annually reported under the Clery Act as most crime statistics are now required to be reported.
Diane Ritchey: What is on your wish list in terms of technologies?
Mike McCarthy: I think we’ve been hitting the nail on the head here. It’s improving this notification system to multiple methods. That we can’t rely on one system, so it’ll be having a couple of different methodologies to rely on to get the message out in some rapid method.
Fountain Walker: I’m stuck on that video technology that I came across not too long ago that gave instant notification if there’s a tailgater. The software has the ability to see that there is more than one body in a particular area. It automatically notifies the patrol officer and that patrol officer has a PDA-type device that he can look at a snapshot to see if this was someone that could be a student or a threat to the community and respond accordingly.
Edmund G. Skrodzki: I am looking for financial resources to obtain new technologies. For example, I’m looking to upgrade our radio technology to be interoperable with all of the police and fire agencies within the city of Baltimore. We have a grant writer on staff and we do receive some grant money, but the difficulty is that we are a private university so we often are not eligible for public funds.
Jeff Gewedik: What I’d like to see happen is the continuation or improvement in wireless technologies that help us deploy systems faster, more economically, make them a little more flexible. I’d like to see the manufacturing segment really focus on how to drive that while keeping quality high. The other thing that I see a lot is where the system administration meets the end user, you need to keep that simple, easy to understand, easy to operate. A lot of times, people that have the responsibility for managing the system are also doing probably a dozen other things. What can be done to make it easier, faster, simpler, more effective?
Fountain Walker: I just realized when he said that, if I’m not here and my captain’s not here, one of the patrol officers has to make the call. And they have to be able to access this stuff really quickly. I don’t know if that’s always taken into account. The assumption maybe is that there is some administrator somewhere that’s going to do it, but that may not be the case.
Thomas Giannini: I would sum it up in two areas: One, the entire emergency communications arena, that’s an area of technology that is going to continue to be a high priority for colleges and universities. And Web-enabled technologies: most of our customers want to be able to manage their solutions anywhere at any time.