Part 3 of 3 in a series of articles, which are excerpts from the keynote address made on May 24, 2023, by Steve Keller at the security conference held at the Taft Museum of Art, Cincinnati.
In this series, Mr. Keller speaks about three trends in museum security we should be aware of: Ransomware attacks, Dealing with Environmental Protesters, and Artificial Intelligence, along with some practical action you can take to protect your museum from these threats. Please note that these remarks were made before the recent publicity regarding artificial intelligence began to break in the news during the week of June 5, 2023.
Here are the links to the first and second articles in the series.
Fifteen years ago, I began a personal crusade to convince my clients that they needed to build multiple dedicated fiber optic networks for the exclusive use of their security systems. One network should host only the alarm and access control systems. Another dedicated physical network should host only the CCTV system. And a third network would host only the object protection system. Note that these networks are not virtual (VPN) networks. They are physical fiber optic networks that are completely dedicated to these purposes and which never touch the internet.
We have encouraged all of our clients since then to build these dedicated networks, and we lobbied unsuccessfully that the “Recommended Guidelines for Museum Security” include a requirement for a dedicated network. In every new museum my company was involved with, we designed dedicated networks for those institutions.
What are the characteristics of these networks?
- Fiber optic cables between the security closets and the servers in the command center
- Security servers under the control of Security, not IT, and are physically located in the Security server room in the command center.
- All network cabling in conduit.
- Security closets are alarmed and equipped with card readers.
- Security closets are dedicated to security systems with no sharing of closets with non-security systems.
- Door contacts on all closets.
- Security servers and other racks in the command center in a locked server room or inside alarmed and locked racks not accessible to guards.
- These networks should never allow wireless.
- Wherever there is a computer that provides access to the network, these need to be password protected, and users need to know that signing in and out each time they use the network is mandatory. For example, if the access control system has a badge printer, there will be a computer that runs that printer for making badges. On these machines, the USB ports and DVD drive must be disabled so they cannot be used. Only the USB and DVD ports on the server and on the secure operator terminal used in the Director of Security’s office may be equipped with working USB and DVD ports.
- The room containing this computer must be secure at all times and be equipped with a card reader.
The Director of Security must have complete control of all servers that run on the security networks and of the networks themselves. This includes complete control of their service and maintenance.
%20(600%20%C3%97%20350%20px)%20(1)-1.png?width=600&height=350&name=Untitled%20(300%20%C3%97%20175%20px)%20(600%20%C3%97%20350%20px)%20(1)-1.png)
Effective immediately, I am recommending that no software containing artificial intelligence be allowed on these networks. I am recommending this because the number one objective from here on out is to protect these networks from any possibility of compromise by AI. Because many programs like Bing and Microsoft Office include or will soon include AI, these networks must remain sterile and protected from any program containing AI.
When systems operating on these networks, such as your CCTV system, require software updates via the internet, arrangements must be made to manually connect the network to the internet and then only for the amount of time needed to upload the software update.
Effective immediately, the primary role of the Director of Security should be to protect those networks from AI. This should be reflected in the Director of Security’s job description.
This may seem like overkill, but it is the only way that these critical networks can be protected from the “greatest criminal tool ever made,” artificial intelligence.
Protecting Your Job from Artificial Intelligence
So how can the Director of Security protect him or herself from the inevitable loss of a job when AI replaces security department employees? That’s easy. If your primary responsibility is to protect your systems from AI by providing secure dedicated networks, then you can’t be replaced by AI.
But what about your security staff? Will they really be replaced by AI? While we are ten years away from an adequate melding of AI and robotics, I think that these robotic security officers will not be able to mingle with the museum visitors and provide the level of visitor experience and friendly service that a human being can provide. I think that at the current rate, you have a few years, maybe fifteen, until your museum can comfortably embrace non-human security officers to interface with the public.
My advice is that you concentrate your time and resources on building a guard force that consists of well-trained security officers and supervisors. The days of OJT are over. Your emphasis must be on building a security force of people who can not only do the job but can also do it with humanity and enthusiasm. Security will always be their primary mission, but closely behind providing security is visitor experience. Your security department must be able to provide the one thing that AI cannot provide at this time, and that is the warmth and welcoming approach of a human being.
Copyright © 2023 by Steve Keller and Associates, Inc.
All rights reserved. May be reproduced for non-profit purposes with full attribution to the author. Please include this copyright notice in all reproductions of this material.