2016 Technology Report: New Security Solutions and Risks Go Hand-in-Hand
View/download the original article published on Security Magazine here.
Technology moves quickly, as military and commercial tools and toys merge with security applications to create both new solutions and risks for the enterprise. What should you be on the lookout for this year?
The future, according to scientists and R&Ders, will be exactly like the past, only far more expensive. It can also be less expensive, more practical, more effective and at times more dangerous.
One of the first computers, the ENIAC, consisted of 18,000 vacuum tubes and weighed 30 tons. Today, there is more processing power in a typical lightweight laptop. Back in 1945, a computer bug – really a moth caught in the first Mark II – fried the computer works. Today, whole corporations can be brought to their economic knees thanks to Russian or Chinese cybercriminals.
In March 1876, Alexander Graham Bell famously said: “Mr. Watson, come here. I want to see you.” Today, the number of smartphone users will surpass 2 billion worldwide, representing over a quarter of the global population. Thousands of security professionals can view their cameras on their phones. At the same time, it is reported that global terrorists communicate with encrypted phones.
Major law enforcement organizations are calling for “immediate action” to halt encryption on what some call dark smartphones. The Paris terrorist attacks late last year could have been thwarted, according to some, if officials had access to their dark smartphones. A report, “A Law Enforcement Perspective on the Challenges of Gathering Electronic Evidence,” authored by the International Association of Chiefs of Police and the National District Attorneys Association, maintains that smartphones manufactured by the likes of Apple and Google should no longer come with built-in encryption, unless the government has easy access to encryption keys.
In 1951, the first videotape recorder, costing over $50,000, captured live images from television cameras. Nowadays, there are millions of security cameras in the U.S. and petabytes of security videos stored locally and in the cloud. Crime prevention’s their aim, but some may aim the wrong way.
Biometrics, say the experts, dates back to 1891 when Juan Vucetich started a collection of fingerprints of criminals in Argentina. Today, biometrics is automated and diversified, ranging from finger and palm, iris, retinal and face to the voice and even behavior. With attention to better accuracy and faster throughput, biometrics seems destined to be the perfect balance of convenience and security or an imbalance of personal intrusion.
Virtual reality, another innovation, will make a big splash at this month’s Consumer Electronics Show (CES), sponsored by the recently renamed Consumer Technology Association. Newer virtual reality headsets such as the Gear VR from Samsung Electronics, also a physical security tech player, make it practical and less expensive to use immersive video technology. At CES, such headsets are an emerging entertainment device; it’s just a matter of time for the tech approach to nest into physical security and law enforcement for patrols and investigations. But is it good to turn a security patrol into a gamer scenario?
And then there are drones, one of the hottest gifts this last Christmas. The earliest recorded military use of an unmanned aerial vehicle or UAV occurred in 1849 when Austrians attacked the Italian city of Venice with unmanned balloons loaded with explosives. Today, drones are patrolling the Mexico and Canada borders and are credited for thousands of arrests and the seizure of thousands of tons of illegal drugs.
Drones Doing Bad; Drones Doing Good
A growing number of utilities, ports, and stadiums though are concerned about the dark side of drones. For example, some security operations are using or considering small radar technology to alert to drone intrusions. And drones have intruded into sports stadiums and parades, peeked into windows and landed on the White House lawn.
On the other hand, experts at the University of Maryland's Robert H. Smith School of Business say drones are already into law enforcement and security applications. "We are missing out on a commercial opportunity that other countries have already embraced," says Smith School professor Oliver Schlake, a drone hobbyist who challenges his MBA students to develop business applications for the technology. Hank Lucas, another Smith School professor who wrote “The Search for Survival: Lessons from Disruptive Technologies,” says the impact will be immense as more companies discover commercially viable applications for drones. "It's well beyond our imagination," he says.
Storm watch: Drones can fly into the eye of a hurricane or hover over an active volcano, sending back data without risking lives. Global Hawk drones developed by Northrop Grumman can monitor stormy areas for up to 30 hours, generating data not available any other way.
Search and rescue: After severe storms hit Texas and Oklahoma in May 2015, the FAA sent drones from one of its test sites to search for survivors along the Blanco River.
Security: Drones equipped with headlamps, cameras, and alarms can startle intruders and records their movements – and they often can arrive at the scene faster than police or private security officers. A company with commercial security contracts in New Zealand plans to deploy the technology by the end of 2015.
Innovation and technology as applied to the security industry can, not surprisingly, be a two-edged sword. Still, the good side of that tech sword can slice through crime prevention, situational awareness, forensics and other security tasks with ease.
One example: Innovative integration through diverse software is squeezing more value out of enterprise investments in security technology that evolves from protection and into the natural workflow of an organization.
At Austin Hall in the College of Business at Oregon State University in Corvallis, a security management system (VI Connect from Vanderbilt) represents one of the most unique systems integration projects within the higher education market.
The technology seamlessly integrates building access control into a single data management solution that not only enables school officials to streamline door access but also allows students and staff to reserve one of 21 project rooms in the facility simply by using their existing credentials. In addition to the project rooms, the building also features classrooms, faculty conference rooms, IT closets, a four-room research suite, a mailroom and an assortment of event spaces.
To help manage access control at Austin Hall, which includes credentials for approximately 4,500 students each semester, Kirk Wydner, operating systems network analyst for the College of Business, and his team chose to take an innovative and integrated approach.
Innovative User-Defined Fields
According to Wydner, the system, which was installed by security systems integrator Steve Murphy of Chown Security, Portland, Oregon, had to not only work with existing HID Global identification cards used by students across campus; it also had to have an easy-to-access user repository. “A key feature that really helped us was the ability to add in user-defined fields because we needed to have our own unique key,” Wydner says.
The innovative charm of the access system’s technology, however, is its handshaking with other software platforms for completely interoperable access and room reservation system. To accomplish this, Wydner and his team installed the data management engine (Pinwheel DME from SwiftData Technology). Pinwheel integrates data from the access system along with several other enterprise software solutions employed at the facility, including sophisticated room scheduling, Web calendar and online event registration software (from Dean Evans & Associates) and an enterprise resource planning platform from higher education software provider Ellucian.
However, there were several significant hurdles that had to be overcome by both the OSU IT group and others involved to help make these interoperability goals a reality. An integration of this magnitude had never been done before, so much of the project was uncharted water, comments Murphy. “We didn’t know quite where to begin,” Wydner adds. “We knew that we needed to get all of the user data – our faculty, staff members and students. We needed some way of defining who is taking a college business class and which system we were going to pull that out of, whether that’s going to be our central student repository, Active Directory or if we were going to go off of Salesforce.”
Wydner said the university eventually decided the best way to bring this information together was to enter it into Salesforce, the San Francisco, California-based firm known for its Web customer relationship management system and its strength in application programming interfaces or APIs. He started a separate project focused on integrating the identification numbers from the campus HID cards into their Salesforce database. Aside from that, the team also had to figure out a way to format the data from Salesforce so that it would be recognized by the access and Dean Evans event management software solutions.
By using the Pinwheel data management engine or DME platform, students are now enrolled automatically based upon the information entered into the Ellucian enterprise resource planning system. The successful integration of these systems would not have been possible, however, without some of the unique features provided by the access control platform with its innovative way of combining the access levels of students and staff members with their respective rights and privileges through a process known as nesting.
Austin Hall also uses an automated lock system which saved significantly on time and manpower.
Door Access and Meeting Scheduling
“The main thing that our faculty and students enjoy about the integration is that they can just walk up to a project room or a meeting room [and] tap their OSU ID on the lock (AD-400 wireless networked locks from Schlage). It then opens up, lets them in, and it also gives them an automatic one-hour reservation on the room,” observes Wydner.
“Multi-tech locks are future-proof and access panels can handle up to 16 locks,” points out Murphy, who believes the project took system integration capabilities to new and innovative heights.
There are other tech trends embedded in such an approach, according to Mitchell Kane, president, Vanderbilt. As compared to security video, it may seem that advances in electronic access control emerge and evolve more slowly. From a hardware perspective, technology moves at a snail's pace, says Kane. What is more innovatively important is the trend of interoperability with other systems and big data. Until recently, most data integration with access management was through HR or IT databases. Kane sees a trend toward integration with workflow applications, working with data on an automated level, based on logic and analytics.
Multifunctional ability can be viewed as innovative.
That’s the bottom line for Guy Grace, manager of security and emergency planning for the Littleton, Colorado, Public Schools, and who is installing a network-based communication and security system (the IX Series from Aiphone) featuring video entry security, internal communication, emergency stations, and paging. All units and apps in the systems can unlock doors remotely on a network, assist onsite visitors from an offsite location, broadcast emergency announcements and communicate using Power over Ethernet (PoE).
Among the “cool things we get from the technology is the intercom’s ability to record audio and video of visitors on our network digital video recorders or NDVRs. So now we have an extra camera, the ability to record all the transactions at the door in voice and video, the ability to talk to the door from the school and the security office miles away. And also these now can be used as a call for help stations 24/7,” says Grace.
Upgrading infrastructure is a crucial way to anticipate emerging innovations, contends Grace, who has spent time and resources on PoE to better handle “cutting edge, not bleeding edge. We can talk to people before they even talk to us by hearing the noise before you see something with two-way microphones and mass notification when needed.”
Kevin Miller, corporate director of security for the Davenport Hotels in Spokane, Washington, had a simple though mighty protection challenge and an innovative security video solution. The Davenport Hotels are a unique collection that includes the Davenport Grand with a city convention center and INB Performing Arts Center connected to the hotel via a sky bridge. The Spokane Veteran’s Arena, River Front Park, Spokane River, and Centennial Trail are all within walking distance.
To provide a comfortable, safe experience for guests, Miller with his IT department sought out proposals for new video technology. The Davenport Hotels have been leading-edge since the first in the collection – The Historic Davenport Hotel – opened in 1914. It was the first hotel with air conditioning, a pipe organ, a central vacuum system, housekeeping carts, and accordion ballroom doors.
When it came to security video, “I knew where I wanted to place cameras,” he says. And after the vetting process, he picked IP-based megapixel cameras (Omni from Arecont Vision). The manufacturer “gave me a first-class proposal, came out and visited. The quality of the cameras was there and the software was user-friendly,” contends Miller. “We can cover everything from guest vehicles to slip and falls, and with fewer cameras.” He can easily search 31 days of recorded video and, with a virtual network approach, “I can look in from any angle. I also get alerts on my phone.” The innovative technology has “already paid for itself.”
Of course, there is an even bigger picture when it comes to innovation and technology. It is a challenging view for Philip Lisk, director of information technology at the Bergen County Sheriff’s Office, Hackensack, New Jersey. He put together a top-notch technology-based set of solutions that includes a shared wired network as well as the wireless net.
When evaluating new technology, “I look at what is applicable to what I need now as my long-term growth needs. Suppliers must be well known and reputable, no flash in the pan,” Lisk advises. “Sure there is convergence and a blending of physical and network security. But don’t put all the things in one basket. Intrusion protection is especially important” these days. One innovative trend that’s both exciting and troubling is the so-called Internet of Things or IoT. The endgame is for all devices and things to talk and share among themselves. “As we all invest in IoT, we also must invest in more and better network security,” adds Lisk. “The level of awareness must increase.”
Identity Across the Enterprise
Speaking of the big picture, the really BIG picture, global giant Schneider Electric, the supplier of integrated energy solutions, faced a major update to its IT infrastructure. With more than 170,000 employees across more than 100 countries, the company needed an identity and authentication management (IAM) strategy that could scale with the company’s next phase of growth while maximizing the efficient use of resources. The goal: Implement an IAM system with single sign-on (SSO) across the whole company; a system that could reuse identities and streamline disjointed “islands of data.”
It implemented a quick and successful proof of concept and selected Auth0 for its new federated identity management system. “What we found (in Auth0) was an authentication-as-a-service solution built by developers with the modern developer in mind,” says Stephen Berard, senior global software architect at Schneider Electric.
“Security is often misunderstood, and when it is an afterthought, left to the end, it tends to bite you in the butt. We didn’t have to kick the proverbial can down the road every time a new security or authentication question came up, whether the question was hypothetical, practical or mission-critical,” says Berard. “With the platform, we can plan and integrate identity architecture early to save critical time and ensure a secure system is in place when a project gets off the ground.” The outcome:
- Empowers the IT team to invest in a strategic business, customer demands, and innovation;
- Enables the IT team to be able to plan identity scenarios early and make any necessary integrations quickly; and
- Provides both traditional enterprises SSO as well as serve as the ultimate accelerator to integrate the same identity management into custom applications and APIs.
Workhorse storage is another area of surprising innovation that impacts security.
There is a security strategy about what to put where. Especially for highly regulated organizations, the strategy is to keep storage locally, on-premises on the enterprise’s devices.
For chief security officers and chief information security officers, there is game-changing architecture and user experience that fundamentally redefines expectations of what storage should be. Such designs extend far beyond traditional storage by being data-aware and tracking data access and analyzing data as it is stored.
Eric Chapman, network and systems administrator at Radiation Monitoring Devices, Inc., (RMD) the research business unit of Dynasil Corporation of America, uses innovative technology “to create detailed logs auditing who is accessing what,” Chapman says. He works with the Discovery Series (from DataGravity), a unified storage appliance for an organization’s most critical and sensitive data. It enables turnkey data management by combining a flash-optimized storage design with data protection, enhanced data governance, and integrated search and discovery capabilities. It elevates storage from just a filing cabinet to a data-aware business asset.
Data awareness is important to RMD, which itself provides innovative solutions across a broad range of security, medical and industrial applications, including radiation imaging and detection, nuclear instrumentation and non-destructive test equipment. The unique storage appliance was easy and fast to set up. “Thirty minutes and you power on and configure,” comments Chapman.
Perry Dickau, DataGravity director of product management, says the analysis of data provides security. Data storage is in mirror form, with a primary side where the data is written and then a duplicate side for redundancy and intelligence. Applying data analysis to this dormant mirror side can show enterprises who are sharing or looking at the data, and helps enterprise security leaders to make create actionable intelligence out of data.
Getting the word out faster and more accurately can be both helpful and innovative.
States such as Wisconsin are turning to solutions (for example, Roam Secure Alert Network from Eaton) for crime alerting systems to communicate to businesses and citizens about crimes committed in their neighborhood. Through alerting systems, law enforcement is able to increase awareness of crimes, build trust with the community and put thousands of additional eyes and ears on the streets looking for suspects.
When a crime is reported in a specific area, the alerting system enables law enforcement officers to send real-time information via email, text message, fax, pager and voice call to registered users. The system provides a description of the alleged perpetrator.
The Wisconsin Department of Justice launched the Wisconsin Crime Alert Network, which partners local law enforcement with residents
 and businesses to keep the public informed, solve and prevent crimes and help find missing people. Today, more than 10,000 Wisconsin citizens, businesses and law enforcement officers are using the network, including approximately 900 police departments. Alerts can be sent quickly based on location or can be targeted to groups from more than 50 categories, such as pharmacies or convenience stores. Officers can choose to issue those alerts to specific, affected groups across the county, a multi-county region or statewide.
Security innovations can extend beyond security and law enforcement personnel.
For instance, Kindred Health Transitional Care and Rehabilitation in Eagle Creek, Indiana, is a nursing home and rehabilitation center specializing in short-term rehabilitation therapy, bridging the gap between hospital and home, as well as long-term care.
Before using new technology (DuraVision from Eizo), Kindred Health operated two nursing stations that included several clinical systems without an adequate PC storage and cable management solution. Nurses could not monitor the activity in hallways, parking lots and entrances with the previous configuration rendering them vulnerable and susceptible to physical security issues and time away from attending to patients. Their immediate need was to be able to monitor all activities from any nursing station within the facility.
Kindred Health deployed the solution at each nursing station. With IP cameras already installed and connected to an NVR and view stations at security and the manager’s office, the technology connects directly to the nursing network with no computer or software needed. Nurses and administrative personnel now view up to 16 different cameras from any of the nursing stations.
Unique communications can help bring innovative security to tricky locations.
The Pennsylvania Police Department and the Redevelopment Authority of the City of Bethlehem are leveraging millimeter-wave radio technology (Siklu and its EtherHaul radios) to secure the new Hoover Mason Trestle at SteelStacks, a 10-acre campus dedicated to arts, culture, family events that was once home to Bethlehem Steel, the second-largest steel manufacturer in the nation.
A safe and secure experience is part of the mission of SteelStacks, says Tony Hanna, executive director of the Redevelopment Authority.
Hanna points out that the trestle, which used to be a small gauge railroad line bringing materials to the steel plant, is now a public walkway 40 feet or so off the ground, open day and night with multiple cameras monitoring all the time. Axis Communications provided cameras, while LTW (Let’s Think Wireless) provided system integration, design and installation services.
Outside Video Wireless Transmission
The project included building a wireless network that could extend the police department’s video surveillance system to the Trestle. The radios were selected as they transmit on different frequencies than Wi-Fi, and would, therefore, be able to assure reliable operation of the security video delivery system, even in potentially congested areas. Video from the cameras is aggregated to a rooftop point and then transmitted to the local police department, the Bethlehem Redevelopment Authority and to additional radio links throughout the city.
Small footprint but unique radar technology also is playing an innovative role in enterprise perimeter protection.
A virtual “iron dome” pulls together radar and security video to uniquely protect the nation’s power grid. Recently Honeywell Security Group and SpotterRF Radar were part of a design to cover an electrical generation and transmission facility that features state-of-art generators.
Typically, unmanned plants operate in secluded locations, and are configured for efficient power generation rather than security. Chain link fences have become antiquated in a modern world of heightened access. Following an attack on a substation in California in 2013, the North American Electric Reliability Corporation (NERC) increased its security standards. When these standards are not met, noncompliance penalties can range up to $1 million per day.
The resulting innovative installation integrates active surveillance with intelligent video analytics, video management, access control, and perimeter intrusion detection and fire. A central management solution (Pro-Watch) for intrusion and access control handles all alarms and system messages.
Honeywell collaborated with SpotterRF, integrating its active radar technology with intrusion detection and protection of the perimeter and beyond. With a range of 350 meters, the appliance blankets the surrounding 20 acres with complete coverage while using less power than a 10-watt lightbulb. Integrated behavioral filters detect moving targets, automatically analyze behavior and instantly cue cameras to that spot using GPS coordinates for pinpoint accuracy. Thermal Capabilities of the HD cameras can determine if movement belongs to a live individual who might present a threat or simply another of the man-sized tumbleweeds that are routinely thrown against the fence by the wind.
According to SpotterRF CEO Logan Harris, the radar device weighs less than two pounds, and its small size enables easier installation in a variety of locations. The device can detect up, down and sideways, setting it apart from a standard spinning radar.
The system also actively monitors the surrounding skies. And the use of thermal imaging along with intelligent video analytics enables accurate visual detection 24/7 at night, in fog, during inclement weather and even behind obstructions.
The integrated solution includes access control, robust reporting to meet strict auditing regulations and constant monitoring of the perimeter surrounding the fence line and hundreds of meters beyond to make it easy for the station to exceed requirements and establish best practices, possible future compliance requirements, and operational needs.
It’s all about situational awareness and accuracy of alarms by reducing false ones, according to Angela Oberman, senior channel manager, critical infrastructure at Honeywell. The technology targets four steps, she says: deter, detect, delay and respond. Beyond the lightweight radar, another tech breakthrough is gunshot detection that can even indicate the caliber of the bullet as well as more use of thermal cameras.
Innovative technology for special events often emphasizes ease of set-up, effectiveness, and ease of removal after the event. No one knows better than those who protected Pope Francis during his September 2015 visit to the United States.
Mobile deployable vehicle crash barriers (from Delta Scientific) helped police and security personnel protect Pope Francis from vehicle bomb attack and errant drivers as he traveled to various venues in Washington, D.C., Philadelphia and New York City. At each location, the totally self-contained barriers were towed into position and controlled vehicle access within 15 minutes. No excavation or sub-surface preparation was required. Once positioned, the mobile barricades unpacked themselves by using hydraulics to raise and lower the barriers off their wheels. DC-powered pumps then raised or lowered the barriers. The shorter mobile deployable vehicle crash barriers can stop 7.5-ton vehicles traveling 30 mph. Both the operation of the barrier as well as deployment and retrieval are push-button controlled.
When exploring innovative technology that helps prevent crime and mitigate losses, there is a serious race to fight growingly sophisticated fraud. According to a Javelin Strategy & Research study released in 2015, fraudsters stole $16 billion from 12.7 million U.S. consumers in 2014. Technology is helping combat this, but companies also are concerned with creating too much friction in the consumer experience.
Gasan Awad, vice president, global identity and fraud product management at Equifax, the Atlanta, Georgia-based consumer credit reporting agency and one of the three largest American credit agencies realizes the need for a balance between higher-level security and convenience. “We’ve been helping through big data before it was cool,” he says.
“It’s important to have a multi-layered approach. Do things match? There is a need to deploy fraud-fighting models that manage the customer experience as well as the assets” that might potentially be lost, Awad points out. One innovation: the Canada Known Fraud Exchange, which collects data on frauds and perpetrators and allows enterprises to dip into the big data to stop a fraudster sooner than later. Equifax is helping establish a U.S. Known Fraud Exchange, too.
There also is a unique organization working on fraud from another perspective.
The Open Identity Exchange (OIX) is a San Ramon, California-based technology agnostic, non-profit trade organization of leaders from competing business sectors focused on building the volume and velocity of trusted transactions online. OIX enables members to expand existing identity services and serve adjacent markets. To effectively provide digital services, businesses and governments need to validate, verify and authenticate identity in a cheap, reliable, repeatable manner. The rapid advancement of open identity technologies has created an interoperable technical platform to make this possible.
While the technology exists for relying on parties (such as an online retailer or government agency) to use third-party identity providers, the business and legal policies that set the rules for identity issues such as digital transactions have lagged behind. Without clear agreements on the business, legal and technical terms of a transaction, how can parties trust each other? OIX was formed to facilitate the development of the business and legal policies that match open identity technologies, thereby establishing a trust that will enable deeper deployments of existing services and rapid deployments of new online products.
Awad sees yet another innovative fraud-fighting avenue: the selfie. At the point of a transaction, selfies, coupled to facial and document biometrics, can speed a fraud-free experience.
Sometimes, when migrating to network video from analog, enterprises look at other ways to innovate and squeeze more value from their investment. A case in point is wireless mesh.
The Willow Lane Trading Estate in Surrey, England, houses more than 150 businesses and employs more than 2,500 people. When the business upgraded an existing analog video surveillance system, the business park chose a wireless mesh networking solution (from Fluidmesh Networks). The new installation uses multiple-input multiple-output MIMO-based wireless radios designed for backhauling mission-critical video, voice and data, and other radios, which host an integrated sector antenna, providing coverage of 120 degrees.
Beyond upgrading to network cameras, another key goal was that the system is designed to enable substantial expansion. And it was critically important that the recorded images provide legible, evidential quality image capture.
This solution didn’t come without its challenges. Among them, there was no existing duct infrastructure, and the system needed to be wholly wireless.
Wireless mesh networks (WMNs) are an innovative technology for video surveillance, among mission-critical applications, often because trenching and creating direct cable connections is an expensive undertaking and usually requires permits. And, it also resolves distance issues associated with Wi-Fi, where security exposure can be a liability.
Simply stated, a wireless mesh network is a communications network comprised of radio nodes set up in a mesh topology, which is the arrangement of the various elements (links, nodes, etc.) of a computer network, according to Umberto Malesci, Fluidmesh Networks’ co-founder and CEO.
Wireless mesh networks in outdoor wireless networking applications rank as the third most commonly used topology, following point-to-point links and point-to-multipoint networks. Every device deployed in a wireless mesh network is called a mesh node, and each is connected to multiple other mesh nodes simultaneously.
WMNs can connect nodes through multiple hops and leveraging other nodes as repeaters, creating inherent redundancy and reliability, says Malesci. This is an advantage for enterprises because mesh networks are able to reroute data traffic through multiple paths to overcome interference, link failures, power failures or network device failures.
Two types of wireless mesh networks are usually deployed for government and commercial applications: Structured wireless mesh networks and unstructured (omnidirectional) wireless mesh networks.
Updated 2/22/2016:
This report was updated to add the Expert Commentary Section “Beyond Thermal, Video Crystal Ball Imaging.”
Beyond Thermal, Video Crystal Ball Imaging
Security magazine: Every year, there seems to be a dominant buzz word or trend in the video surveillance industry. What do you expect that will be this year?
Net Payne, chief sales and marketing officer with March Networks: Without a doubt, organizations will continue to focus on cybersecurity this year, with the goal of securing all possible entry points into their corporate network as effectively as possible.
Most organizations today have some degree of cybersecurity initiative currently on the go right now. Worldwide, it’s estimated that companies will spend $77 billion on IT security by the end of 2015, with that amount set to increase to $101 million on information security in 2018 (CybersecurityVentures Market Report, Q3 2015).
So it’s not surprising that, when it comes to potential video system vulnerabilities, many organizations are turning to trusted technology providers and vendors to help.
For example, this past year there was a comprehensive [security video] audit with a large and long-term banking customer as part of its information technology risk management program. The extensive audit covered a wide range of business policies and practices, including how products are designed with security in mind, track and assess potential vulnerabilities and communicate software updates to mitigate risks. We were able to demonstrate a high level of competency in all key areas and worked quickly to adjust where further effort was needed.
Not every organization is able to initiate an audit of this extent with their vendors, but customers should ask their providers to demonstrate how they are staying on top of potential security vulnerabilities and take appropriate action.
In our case, there is a security advisories and updates program that’s transparent. We track threats reported by the U.S. Computer Emergency Readiness Team (US-CERT) and do an immediate evaluation to see how they might impact products. If a potential vulnerability is found, proactively a software update is issued as well as Web posts; certified partners and providers are alerted so they can act before there’s a problem.
Security magazine: Which video surveillance products or solutions do you think more organizations will adopt in 2016?
Net Payne: We heard a lot about 4K and even 7K cameras this past year and I expect that will continue in 2016. What we’re seeing in a customer base, however, is more of a slow march toward adoption of these very high-resolution cameras, rather than a rush to replace.
In fact, one large retail customer recently trialed megapixel IP cameras in a couple of stores to capture activity at point-of-sales. While impressed with video clarity, they had already seen a noticeable improvement in the quality of existing analog video after upgrading hybrid NVRs, and ultimately decided the analog video was sufficient for what was needed – even for new builds. Ultimately, the cost per pixel ROI just wasn’t there.
Another trend that’s definitely gaining momentum is the idea of using surveillance video to provide relevant insights into other parts of the business – whether focused on improving customer service, optimizing their workforce, analyzing business trends or improving operational efficiencies.
Expanding video’s use beyond the more typical security and loss/fraud prevention applications is a real and growing concept that I expect will simply be table stakes for most organizations in time. We started to see this shift in mindset with our retail and banking customers once they started to think of video as yet another source of big data they could gather and combine with other system data to extract intelligence.
For example, a financial institution may want to evaluate the speed of service at teller stations in certain regional branches or organization-wide. By integrating a queue length monitoring analytic with surveillance video, they can not only measure the wait times at each teller station and branch, they can also view the video to see what’s contributing to any anomalies. The best solutions will integrate the data in a software dashboard that will generate reports automatically using a customer’s key performance metrics and provide reporting tools complete with graphics to help parse the data and highlight trends and outliers.
Security magazine: What should enterprises demand from their systems integrators and vendors in 2016?
Net Payne: Customer support should be at the top of the list, as organizations continue to evaluate new solutions and capabilities, such as emerging cloud-based offerings and the business intelligence applications discussed above.
Enterprise security executives need to be able to rely on service providers to help guide to products and solutions that will deliver the results needed. A one-size-fits-all approach will not work. The experienced systems integrators know this and are excellent at advising customers on the pros and cons of different technologies.
Having said that, organizations should demand similar expertise and support from their technology vendors. How do their vendors train and support their partner integrators? What can the vendor offer in terms of proof-of-concept? What’s their approach to cybersecurity and how do they keep their partners and customers informed? It’s also a good idea to understand a vendor’s technology vision for the longer-term and how that might benefit your business in the future.
Can You Hear It?
Audio monitoring innovations are expanding, and that’s good.
According to Richard Brent, the CEO of Louroe Electronics, the sound is as important as sight to accurate security threat detection and investigations.
A microphone can hear glass breaking, gunshots or people needing assistance. As more and more municipalities require secondary verification before responding to alarms, audio serves as a necessary tool to verify crime in progress, duress or other events requiring a response. Using a two-way audio system paired with video cameras, a monitoring station can view a person approaching a building or facility and verbally engage them without needing to dispatch a security officer. In the event of an incident, audio can provide additional evidence. By hearing a suspect’s voice, a security system will capture names, accents, languages and other vital identifying information.
Talking up innovation, in partnership with audio classification developer Sound Intelligence of the Netherlands, a new gunshot detector integrates microphones, select cameras, and video management software. The solution has an excellent detection range, recognizing gun discharge up to 3,000 feet away in quiet environments, and accurately analyzes gunshots from a variety of weapons including handguns, shotguns, rifles and automatic rifles.
And aggression detector software using advanced audio analytics, also with Sound Intelligence, integrates microphones, IP cameras and video management software. Similar to how the human ear processes audio, the program analyzes noises through advanced algorithms and detects specific sounds such as verbal aggression. As a result, end-users can identify high-risk situations in real-time and prevent acts of physical aggression before they happen.
Tech Combines with People; Who Would Have Figured?
Companies are better known for their security officer and investigative services, and the thin margins that go with those offerings, are aggressively moving into physical and cybersecurity technology, integration and cloud services for their existing and new clients.
Take for example G4S and its Secure Integration operation, headquartered in Omaha, Nebraska. Steve Ellis, vice president service, G4S Secure Integration, calls it “service 2.0,” and sees this evolution as part of the journey from reactive to predictive security. These joined solutions help enterprise security leaders’ awareness of issues such as video path based uptime, video retention compliance and video stream delivery indexing for preventative maintenance, diagnosis, and repair.
Joe Young, director, cloud monitoring services for G4S Secure Integration, adds that through the service, CSOs gain insight into the health of their VMS systems, as service providers monitor video feeds to ensure the system is running properly without accessing the video images. Through this system, they can remotely connect into a client’s infrastructure and fix something, or provide advanced information for a technician.
Another firm. Dunbar, known for its security personnel and armored car services, just branched out.
Recently, Dunbar Security Systems formally unveiled the next chapter in its nearly century-long history: a new security operations center (SOC) designed to provide its customers with a managed, full-service approach to physical, protective and cybersecurity.
The new division fully integrates Dunbar’s existing cybersecurity, security systems, and protective services businesses and provides mid- to large-sized customers with enhanced protection against a full range of threats by monitoring facilities and networks, dispatching guards and conducting threat assessments from the SOC.
The new, high-tech SOC includes a real-time cyber threat screen powered by Norse, state-of-art access control and video systems and an in-house developed big data platform called Cyphon that collects, filters and bottles data into custom alerts, depending on the customer’s needs. This platform is the heart of the newly rebranded managed offering, Dunbar Security Solutions.
Darren McCue, president of Dunbar Security Solutions, says that out of the 80 million cyber-related incidents annually, 70 percent go undetected, and most of these events include both physical and IT components. McCue gave the example of a retail client that might have gaps in their data devices, non-functioning security cameras, and other issues. His firm’s mission is to tighten up those gaps and make sure the network is secure. One key aspect of the SOC, he adds, is to tie the physical and digital security together to stop threats before they happen by not looking at security in a siloed environment. Physical and cybersecurity operators sit side-by-side and will be able to easily share information, trends, and threats they see on their screens.
Recognizing those License Plates
For convenience and security, license plate recognition (LPR) is catching on in innovative ways.
License plate recognition is an image-processing technology used to identify vehicles by their license plates. This technology is used in various traffic applications and security such as access control. In one example: While a vehicle approaches the gate, garage entrance or lot, the LPR unit automatically “reads” the license plate registration number, compares it to a predefined list and opens the gate if there is a match.
The technology concept assumes that all vehicles already have the identity displayed (the license plate) so no additional transmitter or responder is required to be installed or read in or on the car.
The system uses a camera to take the image of the front or rear of the vehicle, then image processing software analyzes the images and extracts the plate information. This data is used for enforcement, data collection or access control.
Another advantage is that the system can keep an image record of the vehicle for forensics. Sometimes, an additional camera can focus on the driver’s face and save the image for security reasons.
It sounds simple, but it is not always, according to John Chigos, CEO of PlateSmart Technologies. There are multiple types of LPR systems to choose from, and not all of them would be the right fit for every installation. Some are fixed-location solutions, some are mobile, and some hinge around cloud-based hosting solutions. Chigos suggests looking for an open system that works with any camera and a system that processes images in color. Systems that can be trained and can connect into existing and created databases are additionally useful.
Innovative LPR technology can read any license plate from any state and can distinguish state jurisdictions, can be easily integrated with third-party hardware and software packages and fully scalable.
Now’s the Time for Biometrics
If you are tired of reading that this is the year that innovative biometrics will break out of the gate, stop reading here. But, myriad biometrics methodologies have landed for secure identity, access control, and convenience. Biometrics has not so suddenly grown to a $26 billion industry and is becoming one hot access control technology of choice into 2016.
Just look at SRI International, founded as a research institute within Stanford University in 1946. The R&D gurus there are responsible for some of today’s most cutting edge technologies across biometrics, cybersecurity, and robotics. SRI’s Iris on the Move (IOM) biometric systems cover various applications from access control and workforce management to digital identification, according to Mark Clifton, president, products and solutions division at SRI International.
Customers can easily integrate innovative face capture and iris recognition components directly into their own turnstiles, infrastructures or entrances, creating a true “walk-through” system. Beyond DNA, Clifton contents, iris recognition is the most accurate.
Some on-the-horizon biometrics are bubbling up from places like Kickstarter, based in Brooklyn, New York and which has built a global crowdfunding platform focused on creativity.
Dallas, Texas-based Biometric Signature ID unveiled its BioTect-ID on Kickstarter – a mobile security app for Android and iOS devices, using gesture-based biometrics to authenticate users instead of physical biometrics like fingerprints. The software measures how a user writes – the length, speed, direction, angle, and height of each stroke – to create a unique biometric profile. To defeat the system, says CEO Jeff Maynard, a hacker would have to replicate the user’s drawing style exactly, in addition to knowing their password.
According to Finish Conner, president, and CEO of BluStor PMC, enterprises need to remove vulnerabilities by eliminating the need for users’ un-secure usernames, passwords or PINs. The BluStor solution is a secure mobile briefcase – a wireless personal biometric identification and data storage card that fits into an employee’s wallet or purse. This CyberGate card supports multi-factor biometric authentication and replaces or augments traditional usernames, passwords and PIN numbers with multi-factor biometric authentication and never on a mobile device or cloud-based service. It can work with wireless Bluetooth, Bluetooth Low-Energy and near field connectivity as well as with facial, fingerprint and iris on-card biometric matching.
Secure Identity on the Web and Smartphones
Identity and age verification now has moved from flashing a driver’s license at Irish Eyes bar to websites through a computer, laptop, tablet or smartphone.
As EMV, the technical standard for smart payment cards, payment terminals, and automated teller machines, continues to gain traction in the United States, it is expected that fraud will shift to website applications. This, in combination with an increased amount of businesses moving products and services to the card-not-present environment, has lead criminals to alter their methods and move their activities online.
As new fraud schemes arise targeting online applications, businesses will need to take increased action to boost their identity verification and fraud prevention programs, advises John Dancu, president and CEO of IDology, an identity and age verification provider.
Dancu sees innovative technology providing multi-layered verification, especially within mobile applications, in order to combat shifting fraud methods and growing needs to secure mobile transactions. Mobile identity can bind to the phone and move the identity from one carrier to the next as needed, he says.
As malicious actors change their tactics, enterprise security leaders must remain aware and alter their own defenses.
Gartner’s Top 10 Tech Trends
Gartner, Inc., the information technology research and advisory company, recently spotlighted its top 10 technology trends that will be strategic for most organizations in 2016 at its Gartner Symposium/ITxpo.
The Device Mesh: The device mesh refers to an expanding set of endpoints people use to access applications and information or interact with people, social communities, governments, and businesses. The device mesh includes mobile devices, wearable, consumer and home electronic devices, automotive devices and environmental devices.
Ambient User Experience: The device mesh creates the foundation for a new continuous and ambient user experience. Immersive environments delivering augmented and virtual reality hold significant potential but are only one aspect of the experience. The ambient user experience preserves continuity across boundaries of device mesh, time and space. The experience seamlessly flows across a shifting set of devices and interaction channels blending physical, virtual and electronic environments as the user moves from one place to another.
3D Printing: Advances in 3D printing have already enabled 3D printing to use a wide range of materials, including advanced nickel alloys, carbon fiber, glass, conductive ink, electronics, pharmaceuticals, and biological materials. These innovations are driving user demand, as the practical applications for 3D printers expand. It also sets up incidents of copyright, trademark and intellectual property infringement.
Information of Everything: Everything in the digital mesh produces, uses and transmits information. This information goes beyond textual, audio and video information to include sensory and contextual information. Information on everything addresses this influx with strategies and technologies to link data from all these different data sources.
Advanced Machine Learning: In advanced machine learning, deep neural nets (DNNs) move beyond classic computing and information management to create systems that can autonomously learn to perceive the world on their own. The explosion of data sources and the complexity of information makes manual classification and analysis infeasible and uneconomic. DNNs automate these tasks and make it possible to address key challenges related to the information of everything trend.
Autonomous Agents and Things: Machine learning gives rise to a spectrum of smart machine implementations including robots, autonomous vehicles, virtual personal assistants and smart advisors that act in an autonomous or at least semiautonomous manner. While advances in physical smart machines such as robots get a great deal of attention, the software-based smart machines have a more near-term and broader impact.
Adaptive Security Architecture: The complexities of business and the algorithmic economy combined with an emerging “hacker industry” significantly increase the threat surface for an organization. Relying on perimeter defense and rule-based security is inadequate, especially as organizations exploit more cloud-based services and open APIs. Security leaders must focus on detecting and responding to threats as well as more traditional blocking and other measures to prevent attacks. Application self-protection, as well as user and entity behavior analytics, will help fulfill the adaptive security architecture.
Advanced System Architecture: The digital mesh and smart machines require intense computing architecture demands to make them viable for organizations. Providing this required boost are high-powered and ultra-efficient neuromorphic architectures.
Mesh App and Service Architecture: Monolithic, linear application designs are giving way to a more loosely coupled integrative approach: the apps and services architecture. Enabled by software-defined application services, this new approach enables Web-scale performance, flexibility, and agility. Microservice architecture is an emerging pattern for building distributed applications that support agile delivery and scalable deployment, both on-premises and in the cloud.
Internet of Things Platforms: IoT platforms complement the mesh app and service architecture. The management, security, integration and other technologies and standards of the IoT platform are the base set of capabilities for building, managing and securing elements in the IoT.
Expert Advice to Take to the Innovation Bank
Those in the know are often eager to share.
How should enterprise security executives evaluate new innovations and technology? According to Amag Technology President Matt Barnette, enterprise security executives should be leery. Determine if the company will be around long-term, and look at the cost to install and maintain the system. Barnette believes that most security industry R&D is in access and video. And when it comes to integration, he says that there is a shift back to access control as the core platform with video as an add-on.
One tech challenge: Provisioning of people across large organizations, especially teams of people regarding compliance, observes Barnette. The cloud can help with self-registration workflow processes or enable administrators to configure access rights remotely. He sees access panels as less needed in the future with smartphones as a credential and continued growth of biometrics.
Vance Kozik, director of product marketing for IP surveillance at D-Link, the influential networking equipment manufacturing corporation, sees that the infrastructure backbone is more critical today as enterprises move to higher megapixel cameras although such a transition for many will take a few years. Managed Ethernet switches also enable users to reboot cameras, log in remotely and see how much power each device is using.
When asked about video storage, Kozik acknowledges that with higher resolution, there is the need for more storage as retention periods grow. He suggests that enterprises store critical data locally, and when they need higher speed and reliability. Hybrid approaches are becoming more popular, he notes.
The D-Link executive adds that video analytics is getting better as well as the integration of security into business processes. For example, he says, a security director at a chain of grocery stores equipped shopping carts so that if they do not go through a checkout lane but attempt to go through the main door instead, the cart’s wheels lock up, stopping a potential shoplifter in his or her tracks.
As Ron Grinfeld, director of global vertical marketing at DVTEL, sees tech things, at the heart of it all is a single operating platform for managing security systems and integrating with access control systems, video analytics, GIS systems, license plate recognition programs, and perimeter systems. This demands an extensive range of communication protocols to connect to other systems (TCP/IP, XML, Restful API, text files and more).
One ultimate integration, according to Grinfeld, is the concept of smart cities, which originally centered around surveillance, but is transforming into essential hubs for sensors and big data applications.
Another tech area of awareness is the security of security. For example, Grinfeld’s IP-immune Cyber Defense Suite addresses one of the biggest concerns in the IP video industry today, and probably the greatest danger for corporate IT networks: the threats of cyber vulnerability exploitation. The innovative technology uses a multi-layered protection approach designed to ensure that video surveillance solutions are sealing IT corporate grids from cyber penetrability.
“The network is the matrix” is the mantra of Pierre Racz, president of Genetec. Unified platforms go one step beyond integration, he says, agreeing with Grinfeld about the importance of security. Cyber attacks on surveillance cameras have hit all levels of installations, including residential and DIY types. Video encryption is needed at the application level, he says.
Racz is seeing regulations among other drivers pushing a high length of video retention, which can vary by enterprise from 30 days to 730 days. So there is a purpose for cloud archives services for extended video retention and reduced storage investment. Another tech trend: integration of security with business systems and processes.
You should fear the backdoors, advises Christopher Camejo, the director of threat and vulnerability analysis at NTT Com Security, which specializes in information security and risk management through consulting services, managed security services and technology solutions.
As much time as enterprises spend keeping malicious actors away from the network entrance, the business’s backdoors may be left less guarded, Camejo says. One solution: network behavior alerting. When it comes to compliance, enterprises should be away from the difference between ticking off the boxes and examining the real threats, he adds.
The sweet spot is situation management for Dr. Bob Banerjee, senior director for training and development at Qognify (formerly Nice Security). He says that as security shifts from being a cost center to serving the broader needs of the enterprise – managing situations to keep the enterprise running – maintaining relationships with other departments and keeping track of the big picture is essential.
Looking to the future, Banerjee believes that technology is not the limiting factor of what enterprises can achieve. CSOs should look at use cases and business solutions to move the enterprise forward.
Higher resolution cameras are finding their niche, observes Charlie Hare, national category manager, security and mobile video solutions at Panasonic, who predicts that H.265 will go mainstream this year. High-Efficiency Video Coding (HEVC), also known as H.265, is a newer video compression standard. It can provide twice the compression efficiency of the previous standard, H.264. Hare says that security has “already crossed the threshold” of migrating from analog to network video.
Hare adds that storage platforms will continue to drop in price over time. It is obvious that there is a lot of interest in the body-worn and in-car video where storage also plays a role. Panasonic System Communications Company of North America, a provider of advanced mobile technology and video evidence solutions for the government and public sector, recently announced that customers using Panasonic video evidence solutions can now take advantage of Microsoft Azure Government cloud storage. Along with Panasonic’s Arbitrator BWC (body-worn camera), Arbitrator 360º HD in-car video system and Unified Evidence Management System, Azure Government makes it easier than ever for public sector agencies – including those in law enforcement, emergency response, homeland security, corrections, and the military – to capture, manage and store high-quality video evidence in a cost-effective and flexible manner.
Innovation Covers Critical Infrastructure
As production and manufacturing systems become more interconnected, the exposure to network-based cyber incidents increases, putting production, reputation and, ultimately, profits at risk, alerts Paul Rogers, president, and CEO of Wurldtech Security Technologies of Vancouver, Canada, and general manager of industrial cybersecurity for General Electric. Attacks on critical infrastructure such as in oil and gas, utilities, smart grid, transportation, medical facilities, and others can lead to serious consequences in the economic, political, personal, public safety and privacy arenas, he adds.
Furthermore, as operational technology (OT) leverages the benefits of the network, the threat of a successful cyberattack greatly increases with the expanded attack surface. System operators and security directors face challenges in responding to the growing number of security threats they face in today’s environment.