Specifically Speaking with Jeff McCormack

AVP technical leader/sr. program manager with AECOM, based in Baltimore, Md.
Wednesday, February 21, 2018

What's your role at the company?

As the AVP technical leader/sr. program manager, I provide technical and leadership support for MTA Systems Equipment & Engineering Department. I also provide support, oversight and coordination for MTA Systems Equipment and Engineering projects for light rail, metro, bus and MARC in the areas of (LAN/WLAN)/Radio Communications, CCTV, train control, signaling, traction power, miscellaneous electrical, SCADA, fare collection and ITS systems.

I also provide support to the construction management team during all phases of design and construction to include specification/bid support, design, construction, field verification, testing, safety certification, cutover, contract documentation, contract changes and claims and closeout.

In addition, I provide oversight of capital program budgets, procurement and contracts management, project performance and compliance, contractor/subcontractor solicitation, qualification and selection.

What kinds of systems do you design/specify and what services does the company provide?

AECOM provides a vast array of services including design, engineering and architectural services. My division, Transit Rail, Systems Engineering, designs and specifies:
•    Communications (LAN, WAN, WLAN, LMR, telephone)
•    CCTV
•    Access control
•    Public address
•    SCADA
•    Fare collection
•    Infotainment
•    Fire alarm/management
•    Signaling systems
•    Operations control centers

What vertical markets does the company specialize in?

AECOM covers:
•    Cities
•    Commercial & residential
•    Governments
•    Healthcare
•    Industrial
•    Leisure and hospitality
•    Oil, Gas and chemicals
•    Power
•    Sports and venues
•    Transportation (rail, surface and aviation)
•    Water

Projects that we are intimately involved include the MTA Purple Line; LR Overhaul; METRO Signaling and Systems replacement; and the BUS Unified Systems Architecture.

How did you get started in security and designing/specifying?

I started out as a Chemical Plant Engineer deigning SCADA systems for reactors. I then went on to specifying/designing Comms Enterprise/LAN / WAN networks which progressed to MBS, PA systems, CCTV systems for the Port Authority NY/NJ. Then I moved to AECOM where I continued to specify and design systems for Transit including Fire Alarm, LMR, CAD/AVL.

Can you talk about what new or emerging technologies you are seeing or specifying today and how those are changing the industry?

The big ones for us are: Biometrics; IoT; AI & ML data collection, aggregation and analytics; SDN – Software Defined Networking; cybersecurity and comms reliability; and drones.

I think the industry moving forward will adopt biometrics on a much larger scale, as it will replace the more traditional methods of authentication and access control. On the top of the list for the 5 Mega Trends identified by the then APTA chairman Phil Washington was “Safety and Security first.”  The NTSB is now more acutely focused on the need to provide safe and reliable transit systems for passengers, employees and assets. Safety is critical to the effective operation of the Transit business. Accidents, security breaches, and any other threats to safety grossly affect the Transit business’ bottom line, including financial and image which underscores the importance of security and access control.

CCTV systems will develop and integrate AI and ML to provide much better data analytics at the edge. Cameras are becoming more of a commodity item and the camera vendors will have to offer clients a more integrated platform that includes biometrics and the Internet of Things (IoT). The Internet of Things has promised a number of things that I believe are currently unattainable in the security business. Although the security industry is one of the early adopters of IoT, the “automation” provided by IoT inherently causes a lack of control and security. The implementation of IoT is relatively low because I think in its present state it could deeply undermine network security (cybersecurity being the main concern). 

AI and machine learning will be the tools used to address the analytics, to process the data and evaluate incidents and alerts. I expect AI & ML to take a significant leap in 2018 to augment and automate IoT and cybersecurity functions. Today, we need to detect breaches, isolate infected assets and network segments, and rapidly restore damaged data and systems, allowing the functions that cannot be automated such as high-risk threats, improving defenses, and situational judgment to be handled by humans. I think AI and ML being outsourced is due to the huge amount of resources it will require—hence Amazon AWS.

To move forward, there needs to be a shift in infrastructure deployments and a keen focus on network security. IoT is very network sensitive and requires a lot of bandwidth. A lot more than current “legacy” networks will provide. Software Defined Networking will be the bridge to transition networks from their current state to networks that offer a much bigger pipe (bandwidth) and the development of neural networks. 

Also, cyber criminals are becoming a lot more sophisticated. I think we can expect to see more cybercriminals and more coordinated and sophisticated attacks in the coming years. I expect to see a wider range of attacks over time affecting a larger number of sectors/verticals.

I believe drones are the new “patrol agents.” Gone will be the security guard that patrols the perimeter and sensitive areas of a building or property. As cameras get better and the drone tech adopts AI, patrolling the perimeter with a guard and a flashlight will become a thing of the past. Robotics will assist security officers with the tracking and apprehension of intruders.

Moving forward, the security Industry will have to:
•    Develop security strategies based more on prevention.
•    Develop multilayer security strategies based on a needs analysis and a Defense in Depth security analysis.
•    Develop an IoT risk assessment plan and manage the deployment of IoT based on necessity.
•    Develop sound security disaster recovery plans for their clients.