Industry Professional

Metro Proof

Securing the Amsterdam Metro Underground

  • By John Moa
  • Aug 01, 2017

The Amsterdam Metro is a mixed rapid transit and light rail system in Amsterdam and its surrounding municipalities: Amstelveen, Diemen and Ouder-Amstel in the Netherlands. The network is owned by the city of Amsterdam and operated by the Gemeentelijk Vervoerbedrijf (GVB), the company that also operates trams, ferries and local buses.

Underground Lock System

The lock system of the Amsterdam underground is quite extensive and includes 2,574 cylinders. GVB was able to find and implement a system that solved their key issues as well as environmental issues. We will take a look at the challenge Amsterdam Metro is facing, the CyberLock system, the solution, and finally, how CyberLock’s system benefit Amsterdam Metro. In the Amsterdam underground, a cylinder has a lot to endure.

It must be resistant to burglary attempts, vandalism, manipulation, corrosion and rough handling. Even if it’s strong enough to withstand all of these, the life of a lock can be severely shorted if a vital key gets lost.

“We used to have a mechanical lock system, but we were constantly facing problems with lost keys,” said Frank de Vries, security manager of the Amsterdam underground stations. “Since replacing all cylinders would be a rather costly affair, we only replaced those that the lost key could open. In doing so, we eventually ended up with huge key rings.”

Key-centric Solution

CyberLock is a key-centric access control solution. The power is completely in the key. Each key contains a unique ID that cannot be changed or duplicated. These keys have the ability to store thousands of access events such as lock ID, date and time and event type.

The keys carry access schedules for the specific key holder and retain encrypted access codes that bind the key to a specific system. Each key contains a specific list of authorized locks and a schedule of when they may be accessed. For example, a key can be programmed to allow access to one or several locks from 8 a.m. to 6 p.m. on weekdays and 10 a.m. to 4 p.m. on Saturdays.

If presented outside of this schedule it is denied access. As for key expirations, keys can be assigned a start date and an expiration date which means keys can be issued before they become active, and can be set to expire on a regular basis in the future. Key holders must reauthorize keys before access will be granted again. Setting shortterm expiration dates is an excellent way to minimize risk due to lost or stolen keys.

When a key first makes contact, the key energizes the lock. A split second exchange of information determines if a key is at an approved lock within an authorized time frame. Access is then either granted or denied and that action, along with a date and time stamp, is recorded to the memories of both the key and the lock. These features were crucial in Amsterdam Metro’s need to get rid of the huge key rings the employees were carrying around and with the programmability and expiration date of the keys, re-keying will never be in the Amsterdam Metro vocabulary.

Hardware Interface

Because diversity of communication was necessary for Amsterdam Metro, the devices they selected served as an interface between the hardware and software. Key holders were given access privileges as needed. An audit trail also could be downloaded from the key while simultaneously uploading new schedules, permissions and system information. The system is able to keep track of keep track of remote and on ground employees.

The GVB decided to look for another way to protect its station entrances and restrict access to equipment rooms. Under consideration were various alternatives, including electronic access systems and remote card readers; however, these solutions were not resistant to water, frost or vandalism. GVB felt the diversity of electronic cylinder locks made it easy for GVB to convert all locks by retrofitting all their existing hardware on site. Access privileges are distributed to key holders via communicators. These devices are linked to the software over a local area network or securely over the Internet.

Met with some skepticism from some managers, GVB officials held firm to their decision.

“Initially, this system was received with some skepticism; there were a few complaints from managers who were no longer able to open certain doors—doors they should not have been able to open to begin with,” de Vries said. “Within a month, all cylinders had been replaced, including those in doors with very uncommon profiles. We have not had to adjust a single lock, and the installation of the cylinders was easily done by our own locksmith.”

Since re-keying was a costly option, and CyberLock’s electronic cylinders were installed without wiring, Amsterdam Metro was able to stay in budget, as the price for a lock is one-tenth the cost for a hardwired system. Since the implementation of CyberLock at the GVB, de Vries has received visits from colleagues of nearly all Dutch transport companies wanting to learn more about the system that has been such a huge success for Amsterdam Metro.

This article originally appeared in the August 2017 issue of Security Today.

Featured

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

OSZAR »