| securma | |||||
| the museum security network | |||||
| join the mailinglist | scroll down | STEVE KELLER'S REPORTS TO THE MUSEUM SECURITY MAILINGLIST | |||
I have read with interest the posts regarding confidential information about security in this public forum. The point is well taken. While my first reaction was to say that the writer's boss is paranoid to the extreme, there is a need for some discretion. I often find myself ignoring the public post and writing directly to the person with the question. I do this for two reasons. First, I don't want to post secrets, but also I don't want to accidentally divulge anything that I may have learned from a client of mine in a public forum. Just today I read and replied to a post from someone wanting information about dealing with copyists in the museum. My reply was for them to contact a specific security director who might be willing to answer questions about his policy which I think is excellent. I didn't feel comfortable posting his policy without him knowing it. I feel that it is unfortunate that I must do this since it deprives others of the benefit of my answer and that defeats the purpose of the newsgroup. My point is that we all must take some amount of care but let's not be paranoid. I also replied to Tammy about her questions about the radios. This was a public post because I didn't think it was critical or secret information. However, you will note that at the end of the post I added a personal note to Tammy (she's a client of mine and one of the newer security managers who really has her act together) where I indicated that I was coming to her town in the near future and would stop in. My original wording said, "I'll be in (your town name) in the near future and . . ." As I re-read my reply to her I decided to take out her town name so that no one would draw a conclusion about her location and thus her operational procedures from my reply. My point here is that if you reply to someone be careful that if they don't give their institution, you should not say anything in your reply that gives their identity away. Someone might say, "Hi this is John Smith and my alarm system doesn't work worth beans. What do you recommend to fix it." I'd never suggest replying, "Hi John, how are things in the Smithville Museum of Fine Art".
But have you ever thought about the secret information you put out to the public without knowing it? Does your museum's annual financial report list all staff? Most list the names of all employees and their positions. I can get a full list of all guards from most annual reports and knowing the number of guards on your payroll gives me information about how many are on duty at any given time. One museum security department has its entire security staff pictured on their web page. How about your burglar alarm system. I recommend that if your system is working well and your alarm coverage is what it should be, your walk test lights should be on for each detector because without walk test lights you simply can't walk test your alarms and a walk test is a daily necessity or I guarantee I can break into your museum. But many museums have walk test lights on that give the crook valuable information about the coverage of the alarm system. If the coverage is good, this is an advantage. It shows the bad guy what he is up against and he will go elsewhere. But if your coverage is bad, he knows exactly how bad it is! We give out information all the time and we must be careful. I agree with Ton Cremer's comment that it is useful to let the bad guy know what he is up against. I have heard people in the past say that you should never brag about your security or someone will try to prove you wrong. I don't think that there are people with the gunslinger mentality who just want to knock off the best gunfighter in town and will break in to your museum because you bragged about how good you are. But I do know of disgruntled employees even former guards who will vandalize a picture to make the bragging boss look bad. It's happened several times in the past that I know of. I am a strong advocate of carefully controlling the information that you put out. I dislike the practice of hiding cameras in light cans. I want them visible. I like walk test lights constantly blinking at visitors in the galleries (when the system is a good one), and I like enough subtle security that even the dumbest bad guy can't miss it. I often controlled the information that was released to the public and still do for clients who ask me to do so. But the key word here is "control". Tell them what you want them to know.
As for the newsgroup, I have seen very little information on this
newsgroup that is really sensitive and have full confidence that Ton
will contact anyone who inadvertedly posts something real damaging to
make sure they really want to tell the world that their alarm system
is not working or their guards all sleep at night.
Steve Keller
IntlArtCop@aol.com
It is very difficult to use card readers on historic doors. First there is the issue of historic fabric damage and then there is the issue of appearance. You must use an electric strike or magnetic lock on the door and this is rarely possible. Even modification of the door to receive modern locks is sometimes difficult depending upon the door. (I often can't even get magnetic door contacts on historic doors). Code locks, I assume you mean the ones where you input a four digit number into a keypad, also use electric strikes or magnetic locks so the problem is the same. The only difference is that one uses a card that is programmed with the number and the other requires a human to input the number. Of course, if your building is adaptive re-use in nature, then fabric issues are less of a concern. In back of the house or non-historic areas where the above concern is not valid, then card keys are acceptable and preferred. But I never trust high security areas to just a card key lock. I always like a sturdy mechanical lock with a non-proprietary keyway (one you can't make copies of without going through the local manufacturer's rep for the product or taking a locksmith a key blank that he can't himself stock) in addition to the electronic lock. While the Suggested Guidelines In Museum Security do not specifically apply to house museums, they are appropriate if they can be applied. They require that doors with card readers also have a mechanical lock if they protect high value assets in a museum. Card keys are always preferable to code locks that use a keypad and personal code number. (I'll take heat for that generalization but I'll take the risk). But not all card key systems are created equal. It does you no good to have an expensive card key system if you can't do programming easily, if it is too complex for your security capabilities, etc. And cheap card reader systems give you exactly what you pay for. They are often not easily programmed, don't give you data about who used the protected space and when and this data is the advantage of card key systems, they usually don't include battery back-up, etc.
I find that in historic house museums--and I'm a consultant to about
60 of them--a good quality lock and key is all you can get away with
in historic areas but this is adequate if the alarm system is
adequate. Electronic locks are no more secure than mechanical locks.
In fact, they can be less secure. Their advantage is logging who comes
and goes and being able to program someone out quickly if you need to.
But you can do this with your alarm system if it is good enough. I
have very few house museum settings with card key systems. One reason
for this is that they are expensive. A good system is PC based. Thus
it is not user friendly if a half dozen non-security employees must
use it. PC's have many other problems in this setting. They require
more in the way of power loss support. (I can put 24 hours of battery
back-up on a Radionics panel using one battery but it takes a UPS the
size of a refrigerator to run a PC for 24 hours). Once you invest in
the PC-based access control system you can use it for your alarm
system and often are compelled to do so due to the cost. But this
brings a host of problems in a small facility. To get a properly UL
listed PC based access control system you have to buy an expensive
one. Many carry a UL label but they are UL listed for access control,
not burglar alarm monitoring. If you don't use a PC based access
control system you will probably use a stand alone system (I don't
recommend it) or will use something like an access control system's
data gathering panel without a PC, but you lose the ability to easily
program or interface with it. So why have it? If you have a small
facility and you simply must have a card access system, Radionics
makes the Redi-Key system. Ask your Radionics dealer. Northern
Computers makes the best lower cost PC based and stand alone systems
on the market for most applications. (Another generalization I'll take
heat for but I know the systems and trust theu won't get a bill. This
is a complex issue and I can't be sure my answer serves you well
without knowing more details but I'm willing to try.
Steve Keller
Security Consultant IntlArtCop@aol.com
(904) 673-9974
22 Foxfords
Chase
Ormond Beach, FL 31274
I had one client who used prison labor. One of the prisoner/custodians broke
into a case and stole a gun that was on display.
Another uses prisoners for work on the grounds and has had no problems. I had
a fit about it. They actually have armed prison guards with shotguns watching
over about ten prisoners about 50 yards from visitors to this historic site.
This saves the museum money so it is acceptable even though it is scary as can
be, and doesn't project the image the museum should want. On the other hand,
security devices and security signage are considered unfriendly and are not
permitted. It's all a matter of priorities, I guess.
In one recent project I asked the museum director for a set of burglar alarm
system blueprints. I was told they would have to order them from Prison
Industries. After picking myself up off the floor, I learned that Prison
Industries has the contract for this city's blueprinting. They had converted
the blueprints for all city buildings (including the museum alarm system and
police department buildings) to CAD. Copies of the prints could be obtained by
calling the contractor, and prisoners would make the prints. A city rep said,
"How would these guys get the blueprints out of the building to abuse them?"
Every hear of diskettes or modems.
Steve Keller
Steve Keller and Associates, Inc.
Museum Security Consultants
22 Foxfords Chase Ormond Beach, Florida 32174 USA
IntlArtCop@aol.com
Steve Keller