By: Tony DePrato | Follow me on Twitter @tdeprato
I spend much of my time thinking like a cyber attacker. I read about how various threat vectors are introduced into systems. I imagine the scenario with regard to my school and network. I simulate those threat vectors, and test the boundaries inside and outside of the school.
I empathize with all those people in the world trying to make schools safe, without destroying the open and harmonious structure many educators are trying to maintain. The task seems overwhelming.
I listen to and read ridiculous arguments that are only viable arguments after the fact. I have been a bystander, simply empathizing. However, I do I have some ideas on how to make campuses safer.
This will be a two part post. I am going to explain how to use common strategies employed in network security (hopefully most campuses are already following these strategies) to enhance physical safety and security.
The NESA Conference
A few years ago I attended a conference in Dubai hosted by The Near East South Asia Council of Overseas Schools (NESA). I attended a full workshop on school security lead by a US Military specialist who helped embassies, and schools with embassy children, harden their security.
From my participation and review of my notes, I realized that the strategies taught in the workshop were very similar to strategies used in network security. Since then, I have used these strategies to enhance network security in very “aggressive” security environments.
One of the main areas that resonated with me was access levels and access groups.
Understanding Access Levels and Groups
Within the school community there are three main Access Levels. They govern foundational access to the school. Each one has groups within it, and in some cases, sub-groups.
Main Access Levels
- Active and Enrolled
- Deactivated and Unenrolled
- Potential and Unknown
- Administration and Support Staff
- Third Party Support (Government Inspections, Sub-Contractors, etc. )
Schools tend to obsess over Level 3 (L3), Potential and Unknown. They are following the “stranger danger” philosophy even though statistics tell us that most violent crimes occur within Level 1 and 2 (L1 and L2). Because of this fear of strangers, the main areas of risk are often not fully vetted for loopholes.
Each level and group must have a protocol to follow when coming to the campus. These protocols can take the form of nice waiting lobbies, parking lots far from the main building, finger print scanning for employees, etc. Protocols do not have to be impolite or obtrusive.
If a single group in a single level is left without a protocol, then a loophole is created. A threat from that loophole is then possible.
In fact, new families wanting to enroll in the school fall into L3, yet their only motivation is to apply for education, or enroll in a new public school. They would be more harshly scrutinized than a parent of a currently enrolled student.
Why doesn’t that logic make sense? Because good security follows a simple common sense concept: never trust, always verify. In network security many people refer to the most stringent of these practices as Zero Trust Architecture. Or simply, just because we let you attend the school, does not mean you are shielded from on-going verification.
This is the same reason wifi networks need usernames and passwords; and passwords need to be changed and not recycled on a regular basis.
School Uniform Protocols Are A Good Example of a Security Loophole
School uniforms bind students together. As a large group, they all basically look the same. If a young child is wandering aimlessly around the campus without a uniform, every adult can quickly conclude that the child is not enrolled in the school; and they are missing their guardian. Simply not having the uniform allows quick action and decision.
In the early 2000s, I was walking through the hallway of my high school building. I noticed a student, in uniform, but I had never seen the student before. There was no notice of a new student sent around to the staff. I immediately engaged the student in conversation, and very quickly realized that they were not enrolled in the school. As a prank, they had stolen an old uniform from an actual student, and came to our school for a day.
Schools ask families to buy uniforms, but how many manage uniforms when students leave the school? How often do they change the design, the logo, the patch, etc. ?
To eliminate the uniform loophole, schools could issue a removable patch to students that changes annually, and then collect the patch when the term ends. Schools could offer a used uniform buy-back program and then recycle the clothing to a charity outside the immediate area. Without some type of plan, used uniforms create the potential for a security issue.
The students in L1 and L2 have the uniforms, no one in L3 would be able to easily buy one without proof of enrollment. Worrying about the L3 people getting a new uniform from a shop without proof of enrollment is statistically flawed. The real issue are those who know about the uniforms, have access to the uniforms, and know the loopholes in the planning. The real problem are those trusted once, and never re-verified.
In part 2, I will discuss how segmenting levels and groups can work without upsetting the physical environment. This will be based off of common techniques used in Wifi network management from schools to Starbucks.
Killed by a Stranger: A Rare Event, but a Rising Fear