Poor requirements too often result in delay and expensive rework, but in the case of a Miami prison that repeatedly released all of its maximum security inmates from their cells, missed requirements caused serious injury.
As reported by Wired Magazine, on two separate occasions the doors of Turner Guilford Knight Correctional Center in Miami, Florida opened inadvertently, releasing hundreds of maximum security inmates into common areas throughout the prison. Violent attacks resulted, leaving one inmate with two broken vertebra after jumping from a second story balcony to avoid being stabbed.
When the global door release command was mistakenly entered the first time, Black Creek Integrated Systems, the company that installed the door control system, controlled by a central touch screen interface, attributed the problem to a lack of a fail safe message confirming the operator’s intent to open every cell door. Believe it or not, during the process of developing and installing the door control system, Black Creek never considered the possibility that an operator might inadvertently press the wrong area of the touch screen control. It’s hard to understand how this could be missed, but once it happened, the company quickly updated their system with a confirmation message that would follow any global unlock command, in essence asking the operator, “Are you sure you want to release every cell door in the maximum security wing?” They also added some basic error logging behavior that would associate an “operator error” code to any attempt to open every cell that was cancelled upon display of the confirmation message.
When the cell doors mysteriously opened a second time, investigators looked back at the error log, and found the “operator error” code present at the time of the door release. This indicates that whatever error coding was added to the system was not sufficiently described and tested, resulting in the triggering of the error code even though the command was confirmed and the prison doors opened.
While the true cause of the cell doors issues is under investigation; in addition to the weak security updates applied by Black Creek, the logic controllers that powered the cell doors may have been accessible to a network, making it vulnerable to a remote cyber-attack. Ultimately, whether the jail releases were the result of sloppy use of the touch screen interface (who hasn’t gotten strange results from trying to type on a smartphone?) or malicious intent, it’s hard to argue that proper attention was paid when the system was implemented at the Turner Guilford Knight Jail.
A security expert who examined the cell door system after the series of releases remarked on the shocking lack of forethought when implementing the global door release feature. It’s common practice to install a physical switch controlled by a key to control a global release but, in this case, a single press of a touch screen button was deemed sufficient. It’s a shame that someone had to pay the price for poorly planned requirements with a jump from a two story balcony.
