With a future-safe PACS infrastructure, administrators can stay ahead of security threats without worrying about a rip-and-replace hardware upgrade

How to block campus security threats now–and in the future


With a future-safe PACS infrastructure, administrators can stay ahead of security threats without worrying about a rip-and-replace hardware upgrade

The typical K-12 school system has the same basic security needs as any modern university campus: centralized management and control of security systems and procedures, and a strategy for staying ahead of threats while protecting earlier investments. In both cases, the latest open-architecture Physical Access Control System (PACS) solutions offer an infrastructure that is flexible, scalable, and can easily be upgraded to strengthen security and add capabilities without changing the hardware.

Building a Future-Safe Foundation

A future-safe PACS infrastructure operates with any access control software and add-on solutions ranging from parking gates to additional IT security. This requires a highly flexible and non-proprietary open-architecture framework with modern security protocols, technology interoperability, and open Application Programming Interfaces (APIs) that enable hardware to be integrated into any access control system software or security application.

An infrastructure like this ensures scalable, flexible, and unified PACS and security management with a more streamlined operations workflow. Rather than having to monitor different access control, video surveillance, intrusion alarm, and other programs, security personnel have centralized command and control. They can streamline daily operations and reporting and easily add or remove cardholders, adjust access areas, and create access schedules and audit logs for incident investigations. Unreturned cards can be turned off. Lockdown and emergency egress areas can be defined and activated instantly. It is also easier and less time-consuming to train new security personnel in this unified environment that, from a cybersecurity perspective, also makes firmware updates less intrusive.

The path to this infrastructure often starts with a single modernization need, i.e., adding 4K security cameras or replacing physical badges with mobile credentials used with smartphones. Wherever journey starts, the course it takes at the K12 level is remarkably similar to that of the most technologically advanced university.

First Things First

Before campus administrators can consider advanced security and other capabilities, they first must harden their existing infrastructure. This requires a vulnerability assessment and the ability to prioritize needs and plan a smooth migration to a more secure and adaptable PACS.

There was a time when campus security started and ended with doors, locks, and keys. But even after they replaced keys with a PACS and ID cards, not every campus kept ahead of security threats. Many still use low-frequency 125 kHz-based contactless card technology invented decades ago. These proximity – also known as Prox – cards simply transfer unencrypted RFID signals to a reader. All it takes is a $30 cloning device or trip to a grocery store’s key-making kiosk for people to make as many copies of a stolen card as they want.  The technology should have been replaced long ago when more secure high-frequency card technologies were introduced.

While the security hardening process may be more complex at a university with many different systems than in a closed K12 environment, each campus benefits from this future-safe PACS foundation. Budget often arrives in phases, and this infrastructure supports incremental additions that can be executed across an extended timeline without requiring hardware changes.

Three Basic Building Blocks

The three PACS building blocks are credentials (cards and mobile), readers, and panels. Each must be future-safe so administrators can address evolving threats and add capabilities when needed.

Credential offerings should support multiple form factors and communication protocols. All high-frequency credential choices should be based on peer-reviewed global standards and offer essential security features like secure messaging and provide a smooth migration path from vulnerable legacy technology to modern and secure options. The most secure options implement AES128 encryption, a secure channel for protecting card data from man-in-the-middle attacks, and a random unique identifier (UID) for protecting user privacy. Some options go further to protect a credential’s identity data through key diversification, authentication signatures and encryption, and enables mobile and wearable form factors. 

Readers need to support the widest possible range of credential technologies, plus Near Field Communications (NFC) and Bluetooth Low Energy (BLE) to enable the use of mobile credentials. It is important to evaluate a reader’s range, mobile performance, and administration capabilities, and ensure it supports the Open Supervised Device Protocol (OSDP) so technicians with iOS and Android devices can reconfigure and update them in the field. OSDP also enables technologies to be added and turned on and off without visiting each reader.

eSchool Media Contributors