The scope of the Nedap software reaches even as far as the catering service: the central food supply service is organised in this Mülheim hospital

Salto's off-line system and Nedap's AEOS enables the administration of all components, people and functions

When ‘Christoph 7’, the hospitals’ quick response emergency team – named after the most famous rescue helicopter in Germany – rushes to an emergency such as a heart attack or a stroke somewhere within the hospital, there is no time to be lost: in the most serious case it can be a matter of life or death. Saving lives has absolute priority and requires unhindered access – the access control management system must therefore be prepared for this eventuality. So the Team has its own special ‚Christoph 7‘ cards: held in front of any card reader they initiate elevator priority control. The elevator that is specially reserved for the emergency team is ordered to the appropriate floor. Only when a Christoph 7 card is used, the elevator will go to the selected floor with priority. The team can release the elevator for normal operation using the same card. This is just one of many features that the new access control system provides for the Protestant hospital in Mülheim. The system has been realised by the local company GST Gesellschaft für Sicherheitstechnik.

Paving the way for flexibility

The foundation of the system goes back to an investment decision made in 2008. Back then the hospital changed from the outdated old system in a migration process to Nedap AEOS. This comprehensive software-driven platform manages all the security requirements of one or many buildings. As well as access control, this includes identity and authorization management, IP video management and intrusion detection. Add to that the supervision and reporting with web-based alarm administration via a web-based, system-independent graphic interface. The Salto's off-line system has been fully integrated into the AEOS security management platform and thereby enables the homogeneous administration of all components, people and functions. AEOS manages a total of 1,580 off-line lock systems. It manages all online doors and online functions, the access doors, the off-line lock system, room doors, patient cabinets and containers, employee cupboards as well as mobile care and food trolleys. New cards including photos are issued using the AEOS software. An ID card can be created on the card printer for every data record in the system and assigned to the corresponding person.

People instead of ID carriers

A particular advantage of the AEOS platform lies in the fact that it is not based on ID carriers but people. The difference is immediately noticeable, for example, if a card is lost. The entire employee record must not be re-entered in the system just because a persons’ identification number is missing.

‘This particular criteria can be the deciding factor when choosing the system, above all if there are numerous locations at which the ID features must be distinguished‘, says Dietmar Vetten of GST. This fact permits the issue of multiple identification devices per person. For example, some people have two ID cards in one, that are valid in different hospitals. The cards replace the previously common bunches of keys. They don‘t just open doors and cabinets. Also, the elevator can be controlled with them. Meanwhile long-range readers have been installed near the elevators: these recognize when a bed is moved close to the elevator and permit priority use. The authorization can also be organized differentially so that a priority usage is only available if a member of staff arrives with a bed. If he is alone he will be treated like every other member of staff.

Emergency door monitoring and canteen trolleys

‘Our emphasis is on the integration of our software because we have an open platform, therefore we work together with experienced partners on a long-term basis’

Applications of the security management system can be found everywhere. All doors that are on escape and rescue routes within the hospital are connected to AEOS. Alarms can now be alerted at a central point and forwarded, whereas they used to be raised by pressing an emergency button. The connection also prevents doors being opened without permission. If this happens an alarm is raised in AEOS so that the door can be closed again. An additional connection to the video surveillance system is also planned. The scope of the Nedap software reaches even as far as the catering service: the central food supply service is organized in this Mülheim hospital. The deep frozen food is delivered to the kitchen, divided into portions and stacked in the canteen trolleys. It is then thawed and carefully warmed up on the ward so that it doesn‘t arrive on the plates lukewarm, or even cold, because of the long transport distances. Each of these canteen trolleys has a transponder that automatically opens the door as it passes over the inductive loop in the floor directly below. In this way it is not necessary for a member of staff to manually open a door with their card and the kitchen remains accessible to authorized persons.

Central location – preferred parking

For shopping-lovers it is very practical to use the car park of the centrally located hospital, and so some employees had the idea of using their ID cards outside normal working hours. This is now prevented by a connection to the AEOS software, as Dietmar Vetten of GST explains: ‘The installer has fitted a card reader to the parking lot barrier that is connected to the AEOS system. This has saved having three separate proprietary parking management systems’. The parking spaces can be of ‚mixed‘ use according to an algorithm – that is, by visitors and by staff. The software shows the current occupancy status of each. If one of the staff park there too long an email is sent to the facility management personnel.

Although all the staff from the stand-by team has authorization for the parking lot, only the person on duty can park there during his shift.

Optimum cooperation

With regard to the implementation of all these systems, no better praise can be given by the customer. This applies not only to the support by GST but also, as Georg Thies and Klaus Domscheit emphasize, for the ‘very good teamwork between Nedap and Salto’. The Salto striker portfolio, that has meanwhile been in use in the hospital for four years, provides an off-line product choice that is hard to beat. Good products alone are not decisive but also good communication within the triangle of manufacturer, installer and customer/user. As Axel Schmidt of Salto points out, this has already been tested ‘in hundreds of joint projects in Europe and worldwide’. During this time the cooperation has been optimized, as Christian Nagel of Nedap confirms: ‘Our emphasis is on the integration of our software because we have an open platform, therefore we work together with experienced partners on a long-term basis.’

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

What Is The Impact Of Remote Working On Security?
What Is The Impact Of Remote Working On Security?

During the coronavirus lockdown, employees worked from home in record numbers. But the growing trend came with a new set of security challenges. We asked this week’s Expert Panel Roundtable: What is the impact of the transition to remote working/home offices on the security market?

Water Plant Attack Emphasizes Cyber’s Impact On Physical Security
Water Plant Attack Emphasizes Cyber’s Impact On Physical Security

At an Oldsmar, Fla., water treatment facility on Feb. 5, an operator watched a computer screen as someone remotely accessed the system monitoring the water supply and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. The chemical, also known as lye, is used in small concentrations to control acidity in the water. In larger concentrations, the compound is poisonous – the same corrosive chemical used to eat away at clogged drains. The impact of cybersecurity attacks The incident is the latest example of how cybersecurity attacks can translate into real-world, physical security consequences – even deadly ones.Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. The computer system was set up to allow remote access only to authorized users. The source of the unauthorized access is unknown. However, the attacker was only in the system for 3 to 5 minutes, and an operator corrected the concentration back to 100 parts per million soon after. It would have taken a day or more for contaminated water to enter the system. In the end, the city’s water supply was not affected. There were other safeguards in place that would have prevented contaminated water from entering the city’s water supply, which serves around 15,000 residents. The remote access used for the attack was disabled pending an investigation by the FBI, Secret Service and Pinellas County Sheriff’s Office. On Feb. 2, a compilation of breached usernames and passwords, known as COMB for “Compilation of Many Breaches,” was leaked online. COMB contains 3.2 billion unique email/password pairs. It was later discovered that the breach included the credentials for the Oldsmar water plant. Water plant attacks feared for years Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. Florida’s Sen. Marco Rubio tweeted that the attempt to poison the water supply should be treated as a “matter of national security.” “The incident at the Oldsmar water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers, but also from malicious actors with unknown motives and goals,” comments Mieng Lim, VP of Product Management at Digital Defense Inc., a provider of vulnerability management and threat assessment solutions.The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online “Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasizes the need to ensure the systems are defended against any adversary,” Mieng Lim adds. “Proactive security measures are crucial to safeguard critical infrastructure systems when perimeter defenses have been compromised or circumvented. We have to get back to the basics – re-evaluate and rebuild security protections from the ground up.” "This event reinforces the increasing need to authenticate not only users, but the devices and machine identities that are authorized to connect to an organization's network,” adds Chris Hickman, Chief Security Officer at digital identity security vendor Keyfactor. “If your only line of protection is user authentication, it will be compromised. It's not necessarily about who connects to the system, but what that user can access once they're inside. "If the network could have authenticated the validity of the device connecting to the network, the connection would have failed because hackers rarely have possession of authorized devices. This and other cases of hijacked user credentials can be limited or mitigated if devices are issued strong, crypto-derived, unique credentials like a digital certificate. In this case, it looks like the network had trust in the user credential but not in the validity of the device itself. Unfortunately, this kind of scenario is what can happen when zero trust is your end state, not your beginning point." “The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online for the first time as part of digital transformation projects,” says Gareth Williams, Vice President - Secure Communications & Information Systems, Thales UK. “While the move towards greater automation and connected switches and control systems brings unprecedented opportunities, it is not without risk, as anything that is brought online immediately becomes a target to be hacked.” Operational technology to mitigate attacks Williams advises organizations to approach Operational Technology as its own entity and put in place procedures that mitigate against the impact of an attack that could ultimately cost lives. This means understanding what is connected, who has access to it and what else might be at risk should that system be compromised, he says. “Once that is established, they can secure access through protocols like access management and fail-safe systems.”  “The cyberattack against the water supply in Oldsmar should come as a wakeup call,” says Saryu Nayyar, CEO, Gurucul.  “Cybersecurity professionals have been talking about infrastructure vulnerabilities for years, detailing the potential for attacks like this, and this is a near perfect example of what we have been warning about,” she says.  Although this attack was not successful, there is little doubt a skilled attacker could execute a similar infrastructure attack with more destructive results, says Nayyar. Organizations tasked with operating and protecting critical public infrastructure must assume the worst and take more serious measures to protect their environments, she advises. Fortunately, there were backup systems in place in Oldsmar. What could have been a tragedy instead became a cautionary tale. Both physical security and cybersecurity professionals should pay attention.

How Have Security Solutions Failed Our Schools?
How Have Security Solutions Failed Our Schools?

School shootings are a high-profile reminder of the need for the highest levels of security at our schools and education facilities. Increasingly, a remedy to boost the security at schools is to use more technology. However, no technology is a panacea, and ongoing violence and other threats at our schools suggest some level of failure. We asked this week’s Expert Panel Roundtable: How have security solutions failed our schools and what is the solution?