Increasingly, the conversation about cybersecurity and data protection includes student transportation. STN addressed the subject of security in the September magazine issue, featuring articles that focused on video camera storage and security as well as data security and routing.
STN spoke with Jake McOmie, the CTO of Confluence Security, a systems integrator company that brings together products from various manufacturers — of cameras, recording devices, servers, networking equipment, and sensors — to create tailored security systems. These systems are designed to address both physical and cybersecurity needs with an emphasis on automation, identity management and analytics. The company, which works with government, school and commercial or enterprise customers, also provides software that unifies all components, enabling features like real-time alerts, video analytics and automated response to security events.
STN: Why is security and cybersecurity important for school districts and transportation departments right now?
McOmie: Security and cybersecurity aren’t new concerns, but in today’s connected world, they are more critical than ever. School districts are rapidly adopting technologies like IP cameras, GPS systems, Wi-Fi routers and student tracking software. These tools improve safety and efficiency, but each device added to the network also introduces potential vulnerabilities.
We call this security of security, a phrase borrowed from our trusted manufacturer partner of open-architecture security software platform, Genetec. The approach ensures a cybersecurity-first posture and it’s critical practice to understand your product choices are being systemically protected by design, not as an afterthought.
In the age of the Internet of Things (IoT), everything is interconnected. One unsecure device — whether a camera, HVAC sensor, or access control point — can act as the weak link that compromises the entire system. No matter how robust a network may be, its strength depends on every component being secure. That’s why it’s not enough to harden just the network. Districts must vet the products themselves, hold manufacturers accountable for cybersecurity practices and ensure every piece of technology is built with a “security-first” mindset.
Trust is earned, not assumed. Cybersecurity must be woven into procurement, deployment and management. When one compromised camera or device can become an open door, due diligence isn’t optional. It’s essential.
STN: How can transportation departments ensure their data is protected? What steps should they be taking?
McOmie: Transportation departments manage highly sensitive data, including student info, vehicle locations, incident videos and operational logs. To protect this data, a comprehensive approach during the initial planning will ensure this sensitive data is not jeopardized from unauthorized access. We can talk about the various aspects end users should keep forefront during the planning phase
-
- Vet manufacturers and integrators. Work only with vendors that prioritize cybersecurity and provide transparent security documentation. Vendors who operate under zero-trust security policies and demand nothing less of their technology partners, should be asked early in the process. It’s a pass or fail question and should be enforced without hesitation.
- Network segmentation. Isolate transportation and security systems from general-use school networks. Implementing advanced enterprise segmentation through Federations allows for controlled third-party access while maintaining autonomous and isolated authorization. Preferably utilize SaaS-hosted federation services so partner agencies, such as between schools and 911 centers, can connect their networks for data sharing without actually connecting to anything except the mediary cloud-hosted federation server. This method adds the benefit of permission-based access at the most minute level of data, like allowing access to a video feed only if three independent trigger points have verified.
- Multi-factor authentication (MFA). Implement MFA at all levels — application logins, device portals and cloud platforms — to prevent account takeovers, especially when passwords are compromised.
- Zero-trust approach. Assume no device or user is secure by default. Require verification and limit access by role. To maximize the effects of this policy, utilize automations and/or integrations to minimize the number of touchpoints when permission changes occur.
- Encryption & updates. Use end-to-end encryption for data in motion and ensure firmware/software is routinely patched. If available, consider using SaaS products to perform all or some tasks, which can help protect systems from becoming outdated, even if only for a short duration.
- Automation & alerting. Leverage tools that can automatically identify patterns or anomalies and escalate issues to the right personnel. Open-architecture systems allow for a larger variety of inputs, and with proper configuration, the sensors can be associated with other sensors or events to help qualify any given scenario before notifying personnel, and ensure the correct personnel are the ones being notified.
Protecting data is not just about prevention. It’s about building resilience and ensuring your team can respond quickly and effectively when an event occurs.
STN: How do you advise school districts to work with their technology department?
McOmie: One of the most common challenges we see is operational silos. Safety and security departments know the problems they need to solve, but IT departments hold the keys to implementation. Successful projects require early and continuous collaboration between these teams.
At Confluence Security, we provide end-to-end IP-based solutions, which means we’re deeply engaged with IT teams during planning, design and deployment. While safety leaders define the why, IT ensures the how is executed securely and effectively. The IT team is critical in achieving a successfully hardened system and should include these three key points:
-
- Designing the network architecture to limit exposure.
- Setting access controls and firewall rules.
- Validating compliance with cybersecurity policies.
In today’s world, a zero-trust model is no longer optional. Every actor, internal or external, must be authenticated and authorized. School districts can support this by standardizing processes like MFA and ensuring IT reviews any new connected hardware or software before it’s deployed.
STN: Where do you see AI in security?
McOmie: AI is transforming security in two important ways — behind the scenes and in front of the user.
Behind the scenes, AI helps devices self-optimize — learning traffic patterns, refining video compression, or detecting performance anomalies before they become problems. This isn’t flashy, but it’s foundational to deliver faster, smarter, more reliable systems. The increased accuracy and performance is generally appreciated by end users but in today’s world of tech, the continual improvements are more or less expected.
Video Analytics engines, where video streams are computer-analyzed for specific behaviors, have used AI to improve their intelligence for more than a decade in some cases. In this method, software developers gain tremendous assistance with perfecting their analytical algorithms. In recent years, advancemnts have been made so far as to providing users with the ability to generate their own behavior definitions and AI creates the behavior analysis, delivering a DIY approach to video analytics.
Related: Security Sessions at STN EXPO East Address Violence, Safety Programs
Related: As Camera Systems Evolve, IT Collaboration Necessary
From the user perspective, AI enhances how we interact with security systems. Instead of digging through hours of video, users can issue simple commands: “Show me anything unusual at Bus Lot A last night,” or “Search for students wearing red backpacks on buses 12 thru 15 last week.”
AI enables faster investigations and richer situational awareness. Rather than responding to noise (e.g., constant motion alerts), users receive qualified insights based on anomalies — events that stand out from the norm, like a student jumping out of an open bus window, or a person loitering in an atypical location.
But AI doesn’t stop at behavioral detection. It fundamentally supports action through automation. Systems can support users through if/then/else conditional logic decision making to promote accuracy in the users actions and response. Ultimately, the preferred outcome can be guided by digitized SOPs, allowing for a newbie operator to respond the same way a well-seasoned operator would.
These layers of logic ensure that when serious threats arise, escalation to law enforcement or 911 is intentional, not a false alarm, and delivers real actionable video, data and evidence.
STN: Thank you.
