It all started on New Year’s Eve, 1999, when IT and university police staff members at MSU sat in the police station and waited. They had done all they could to ensure that Y2K would not disrupt the university’s computer system, but no one really knew what would happen when the clock ticked past midnight.
The security division had a bigger problem, though. Across campus a fire was raging. Members of the Earth Liberation Front (ELF) had set fire to a professor’s office. (ELF publicly took credit for the fire but, to date, no one has been charged.)
An audible alarm was sounding, but with all attention focused on the arrival of the new millennium, there was no one around to hear it. The lack of an alarm feed to the police station meant that the fire was well underway before the university police knew the fire had been set.
The fire resulted in more than $400,000 in damages to the historically important Agriculture Hall, one of the oldest buildings on the MSU campus. The disaster also highlighted a serious shortfall in campus safety and security: It showed that the existing security system was inadequate.
The security division at first put out a bid for a relatively small upgrade. It sought an access control and fire alarm system that would replace the ten existing fire alarm sensors and the panels that controlled them and add 30 access control readers. Security ultimately selected Siemens. The manufacturer had experience with access control systems at other universities and already maintained the environmental controls on the MSU campus, and it came in with the lowest bid. The security division was ready to seal the deal in the summer of 2001.
Then the events of 9-11 changed everything. “The whole idea of central monitoring and looking at security as a whole became a campuswide issue,” says Denni Kraft, systems coordinator at the university and manager of the project. Instead of going ahead with the small access control project, the university decided to assess security on the entire campus to see what vulnerabilities existed.
With regard to fire alarm systems, the concern, as highlighted by the fire, was lack of notification. Any new system would need to ensure that university police would also be notified of alarms. In this way, police would serve as a backup and would contact maintenance in case of alarms. This procedure would ensure that the alarm was noticed and responded to.
The assessment found a different concern with access control. Each university department made its own arrangements with local access control alarm monitoring companies. Each department also separately bid out access control contracts.
As a result, there could be four or five different vendors providing security services within one building. The same was true of computer labs and student housing complexes. Any individual building could bid out its access control needs. No central oversight or coordination occurred.
The assessment thus revealed the need to do much more than upgrade equipment. The project also needed to reorganize how security systems would be handled in the future. Departments with standing contracts with outside firms were allowed to keep them for the time being, with the caveat that, when the contracts expired, those facilities would be moved onto the larger system controlled by the security division.
This meant that the initial project would include 60 buildings; the others would be phased in when contracts expired. With this in mind, MSU did not want to commit to a certain number of access control points, so the security team set out to get the most expandable system possible.
After reviewing the systems on campus, the security division discussed the philosophy of access control with department heads and administrators. (Security refers to these end users as clients.) One factor surfaced as a paramount concern: Because faculty, staff, and some students work in numerous buildings, they wanted one card for all functions. This feature was, therefore, set as one of the primary objectives, and it became part of the new bid proposal. MSU wanted a system in which one card could serve as an access control card, parking card, and library card.
Another issue had to do with the nature of the academic community. Because MSU is a major research institution that is open all hours of the day and night, it needs strong security, but the access control system could not be too difficult to use. “Our mission is to protect the university community,” says Kraft. “We wanted to craft a system that could protect clients and property but allow academic freedom.”