Citizen Portal
Sign In

County to consider access-control upgrade after staff demonstrated badge-spoofing vulnerability

5579571 · August 11, 2025

Get AI-powered insights, summaries, and transcripts

Subscribe
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

IT and risk management flagged a security flaw in the county's ID-badge access system after staff demonstrated spoofing with an inexpensive device; the county can cancel lost or stolen badges in the Velocity system but staff recommended an upgrade to technology resistant to spoofing.

Eric Colwell and Leslie Contreras told commissioners that the county’s physical access-control system uses ID badges that, in some cases, can be spoofed. Contreras said a staff member purchased a small device from an online retailer and was able to spoof a card and open doors, a test that highlighted a security flaw.

Colwell described the proposed upgrade as moving to access-control technology that is not subject to that form of spoofing. Commissioner Nina Payne asked whether lost or stolen badges can be deactivated; IT staff said yes, badges can be canceled in the county’s Velocity system when reported lost or stolen, though Contreras cautioned that not all lost badges are reported.

The physical-access upgrade was lower on IT’s prioritized list and was presented for future capital consideration. No procurement or timeline was decided during the workshop.