There’s Value In Integrated Security

From Security Products Online

By Marleah Blades · June 3, 2008

When Mike Howard became director of corporate security for Microsoft in 2003, he had to upgrade the company’s global security monitoring hub.

Microsoft wanted effective, integrated security and life safety monitoring -- watching cameras and access control events, performing dispatch, enabling seamless emergency response and continuity -- to protect corporate assets and nearly 80,000 employees around the world.

“As we started to do some due diligence into the center,” Howard says, “we realized that it was made up of a bunch of proprietary systems that didn’t integrate well with each other and were not scalable. In terms of real global presence, it was global in name only.”

The three Global Security Operations Centers that Howard and his global security team have worked for the past three years to develop -- one at Microsoft headquarters in Redmond, Wash., one at the Thames Valley campus in the United Kingdom and one at the Hyderabad, India, campus -- are based on a variety of Microsoft and third -- party applications that integrate with Microsoft products, backed by a technical infrastructure from Lenel Systems International. The GSOCs have built -- in interoperability and redundancy, so if one center goes down, all functions automatically transfer to another campus. Operators can easily pull up and view every camera location at each connected campus, and events can be monitored from anywhere.

Many companies won’t have the capital or technology available to create a system this elaborate to monitor remote offices or locations. Yet the lessons learned from this project apply to security for companies of all types and sizes.

Use technology as a force multiplier. “For smaller companies and for us, the idea is to leverage personnel in strategic hubs and use technology as a force multiplier,” Howard says. “So instead of, for example, having two or three guards in Dublin, you have remote monitoring via cameras that give you the same views of entrances and exits and garages without having to have personnel there.”

Howard notes that the GSOCs have allowed Microsoft to reduce the guard force at one U.K. campus from four to one, and they also were able to give the old monitoring room to one of the business units for other uses.

Evangelize security. “Our team has worked hard to get senior leadership support for the GSOCs,” Howard says. “The first part was just to acquaint senior management with what we’re doing here in global security and our strategy. To a lot of people five or six years ago, we were the guys who ran around in uniforms on campus. There was no knowledge of our investigations, threat analysis, handling of international events, etc.”

After the team briefed the managers on the security program, they focused on the inadequacies of the current monitoring center.

“We wouldn’t have been able to do this if we hadn’t gotten to senior leaders and been very open about the gaps,” says Howard, who took managers to the center to see the issues for themselves. “We were at a parking garage level, the room was very small, and I could take them around to see bundles of cables spliced together and stacks and stacks of servers that were running out of space. Once they saw that, it hit.”

Tie new projects to business value. A security leader will more easily gain support for any big project if he or she can show its business value -- not just how it may improve security, safety and productivity, but also, where possible, how it may be used by other groups to improve efficiencies or create new opportunities. Because the Microsoft GSOCs are built on Microsoft applications, the global security team works with

Microsoft’s sales and marketing departments to perform demonstrations for potential customers who might be interested in similar technologies.

“A typical example involves a scenario in which an earthquake in Redmond shuts down the operations center,” Howard says. “We’ll turn the lights off for our viewers and shut down the computers, and we move load sharing from Redmond to the United Kingdom. Then there is a fictional employee here on campus who can’t get out of his office. We are able to show that the U.K. center can see every camera view on our campus and can dispatch responders in Redmond to take care of that situation.”

These demonstrations make security more than a cost center.

“We’re contributing to the bottom line by influencing revenue, bringing in potential clients and having technology keep employees safe and maximize use of limited manpower,” Howard says.

About the author
Marleah Blades
Marleah Blades is senior editor for the Security Executive Council, an international professional membership organization for leading senior security executives spanning all industries, both the public and private sectors, and the globe. For more information about the council, visit http://www.SecurityExecutiveCouncil.com/?sourceCode=netcentric.

Maryland Park Police Department Deploys Mobile Video Camera System

From Security Products Online

June 11, 2008

Brekford International Corp., a provider of homeland security technology products and services, recently announced completion of installation of 20 Panasonic Toughbook Arbitrator mobile camera systems for use in police vehicles by the Maryland-National Capital Park and Planning Commission.

Mobile vehicle-mounted camera systems provide audio and video recordings of police activities to maintain chain of custody for evidence collection. The recordings can be used to provide information for use in court, for officer training, tracking, surveillance and a range of other applications to increase safety and effectiveness for police and the public.

“Demonstrating to the marketplace the high return on investment provided by vehicle-mounted video systems, which can reduce legal and insurance exposure, is an important next step in our strategy to provide fully integrated vehicle upfitting solutions,” commented William A. Shafley, CEO of Brekford International. “We believe these projects further validate the reputation we have earned for providing value to public safety agencies throughout the Mid-Atlantic.”

Brekford’s Upfitting division develops integrated, feature-rich, “office-in-the car” rugged mobile communication solutions that enable police officers, security personnel and first responders to obtain and exchange information in real-time. The Company’s growing client list includes branches of the U.S. military, the National Security Agency and critical security and public safety agencies in the State of Maryland.

Safe and Risk-Managed

From Security Products Online
By Kevin McDonald · June 2008

While every individual and organization that provides security products or services will have their spin on what security is and how to achieve the desired level, the truth is, security is essentially an unachievable outcome. A common definition of security is, “freedom from danger, fear and anxiety.” Security defined as such is, therefore, unattainable. Anyone who truly understands security knows this, and understands that security is actually a type of risk management. What this means in practice, is that security is all about fear and anxiety and managing levels of fear of danger that are acceptable to the organization.

The day you are free of at least some measure of fear and anxiety is the day you should retire because you’ve lost your core purpose. This is ironic, because many executives and security professionals will actually resist any attempt to introduce fear, uncertainty and doubt in the process of proposing the need for security remediation; or as I insist it should always be referred to, “Security Risk Management” or (SRM). If you are not scared, you are either naive or in denial.

Because human beings are responsible for acts and conditions that threaten security, security in the purest sense is impossible. In fact, it is the involvement of human beings in all things that perpetually assures insecurity. With human involvement come issues of intellectual competition, lack of education, inevitable error, injection of personality, potential acts of ignorance, laziness, retribution and unintended consequences. Whether you are talking about IT, personal or national security, your primary responsibility is identifying the real risk of loss and its impact. Your secondary responsibility is to balance the risk with the available solutions and financial and personnel resources. SRM must be a continuous and systematic process of analysis of the threats, their relative importance to the organization and then the ability to sustain a program of mitigation and further analysis.

The single biggest challenge in risk management is our human differences. While one individual may look at business SRM from the perspective of intellectual or financial asset protection, another might see it as preservation of reputation and brand. An honest person may see weakness where another sees opportunity. One may be keenly aware of a technical risk, while another is focused on social engineering. An executive sees potential loss of goodwill and customers, while a security manager is worried about his professional reputation and job. Anyway you look at it, risk management is first about a negotiation of priorities.

For some, it is only the existence of enforceable regulations with the threat of punishment that causes the implementation of SRM to become a priority. In the past, SRM was mainly focused on the direct protection of military information, financial assets and closely guarded secrets. The historical driver was business and government survival and a laser focus on keeping the bad guys away from those assets. Today, companies and individuals must guard not only their assets but those of others. This has also created some imbalance toward the protection of soft assets at the expense of other assets. Because the motivations for regulation are always political, one constituent may be served well to the detriment of another. One goal may be in direct contrast to another, and a middle ground must be found.

In recent years we have seen an exponential increase in the legal requirement to protect the hard assets (money, intellectual property and even identity) of those we do business with. I have included identity in hard assets because in the wrong hands, identity can result in significant loss of hard assets. Another aspect that is most challenging to place a value on is privacy and safety. These are what I will call soft assets at risk from emotional assaults like the release of an embarrassing medical history or passport travel records. Interestingly, they are also the assets that are being protected by ever expanding regulations.

So, with all of that said I can hear you asking, “What do I do? Where do I start?” Let’s start with analysis of the risks. To do proper analysis, you first need to win over the stakeholders and decision makers. In the majority of environments that I have consulted, this is a huge barrier to success. The significant disconnect between security practice managers and the boardroom is pervasive. To overcome disconnect, the security practice manager must learn to first listen and executives must be willing to engage those who are responsible for protecting them. The security practice manager must work to understand how the company makes its money, what are its real assets and who or what might do the company harm. Then you must agree on what a potential loss might do and what losses are tolerable. Only after the executives and security practice managers agree on what really matters can there be basis for risk analysis.

I know it’s difficult, but speak the language of the business executive and always be sure that they truly understand your points. You must work to avoid the tendency to speak in technical or industry jargon. This is true in any business category. Don’t rattle off acronyms, complex engineering or other high-level language. Recognize that you are generally talking to people whose education relates to issues of profit and loss, strategy, resource management and other broad-form business concepts. If you try to bowl them over with your intellect, or the-sky-is-falling theories, you may end up with an executive who thinks you are insulting them. In your negotiation, be sure to accurately identify the ways and reasons a risk is being introduced and balance that with the potential exposure. If a sales person needs Internet access to do their job, barring him from going online is not an option. If they don’t need it, the risk of giving that sales person Internet access, may well outweigh the desire to have it. Don’t make these decisions in a vacuum. If you go too far down the road without understanding the impact, you may find your whole program unraveling.

Once you have agreed on what is at risk, the level of importance of each asset and how much loss is tolerable you can begin to identify a program of Security Practice Management. Start with a calculation of the potential losses, then add in what you believe would be covered by insurance and other liability management instruments, and find your potential hard-dollar exposure. Don’t forget lawsuits, loss of goodwill, trust of clients, etc. Now decide what you are willing to spend, (potential investment budget) and begin allocation of resources by priority. There is never enough money, people or time to cover it all, so be sure that you don’t put money in to a low-priority risk, at the expense of one that can have a major impact. Thin and wide in the world of risk management equals no management at all.

However, even if you install the latest and greatest technology, close the holes in the fence and put locks on your doors there is always some new risk, some new attack technique and some agent that can cause harm. Treat security risk management as a systematic program of constant analysis and disciplined remediation and then buy lots of insurance. Remember at the root of every effective Security Practice Management strategy is understanding how to manage fear and anxiety, and not about totally eliminating them. It’s not about fear mongering, it’s about taking a practical and pragmatic approach to identifying and managing potential exposure.

About the author
Kevin McDonald
Kevin McDonald is executive vice president Alvaka Networks

Tips: Prevent Lock ‘Bumping’

From Security Products Online

May 30, 2008

If your home is protected with an ordinary lock, it may not do you much good, says the National Crime Prevention Council.

Thieves have caught on to an increasingly popular technique called “bumping.” It is easier than traditional lock picking, which requires manipulating the pins inside the lock with small tools.

All that is needed for bumping is a “bump key” that is specially manipulated to pick the lock without other tools.

The National Crime Prevention Council wants homeowners to be aware of the prevalence of bumping, especially because there are many “how-to” videos online demonstrating how easy bumping is.

This is a huge problem because usually there are no signs of a break-in when bumping is done.

This means insurance companies may not cover it because “you probably left your door open.” Installing high-quality locks is a good defense against home burglaries, according to the National Crime Prevention Council.

“Not all locks can be bumped; consumers just need to know the differences,” said Clyde Roberson, director of technical services at Medeco Security Locks. “Consumers should consider using quality high-security locks for their home or business in order to have adequate protection from bumping and other forms of lock attack.”

The National Crime Prevention Council also recommends consulting a professional locksmith or security provider for advice on which locks protect against this and other forms of lock bypass.

Reduce Your Risk

  • Use high-security locks to mitigate the risk of bumping.
  • Consult a professional locksmith for questions about your current system or recommendations on a new locking system.
  • Use patent-protected keys to protect against unauthorized duplication.
  • Be sure to lock your doors when you are away from the home.

Los Angeles County Sheriff’s Department Uses Digital Surveillance As Part Of Crime Fighting Plan

From Security Products Online

June 9, 2008

Sheriff’s deputies at Century Station, part of the Los Angeles County Sheriff’s Department, are now using “digital eyes” to protect citizens on the streets of Lynwood, Calif. and the surrounding unincorporated areas.

As part of its Advanced Surveillance and Protection Plan (ASAP), the department has deployed a wireless video surveillance network enabled by Firetide. The deputies have already made several arrests as a direct result of this surveillance, including one when deputies spotted a drug deal in progress in the park next to a neighborhood school.

“Wireless video surveillance is changing the way we serve and protect the community,” said Capt. James Hellmold of Los Angeles County Century Sheriff's Station. “It is a very effective force multiplier and officer safety tool. The quality of video is truly evidence-grade, which will serve us well not only to deter crime, but to help our district attorneys prosecute crime.”

The 13-square-mile area served by Century Station -- which is home to over 300,000 residents -- has twice the national average of violent crime. Gang violence, prostitution and drug dealing are frequently discussed at the community’s town hall meetings, and the citizenry is vocal in its support of the department’s taking whatever actions are necessary to make the streets safer.

“Our residents deserve the best law enforcement officers and the most advanced tools to fight crime and strengthen public safety,” said Sheriff Leroy Baca of the Los Angeles County Sheriff’s Department. “The Century ASAP program seeks to augment the dramatic crime reduction already made possible through the dedication and hard work of the men and women of Century Sheriff’s Station and the Gang Violence Task Force.”

Video cameras have been deployed at key intersections, near schools, and near two hospitals. The broadcast-quality (30 fps) video is transported in real-time over the Firetide wireless mesh network directly to the integrated video and 9-1-1 dispatch command center, where watch deputies guide teams on the ground as they respond to calls for service. Fifteen deputies have already been trained in the use of the new video surveillance system, which allows them to control the cameras and pan, tilt and zoom into images, track suspects and assess situations as reports of crimes in progress come in.

Number Of Wireless Security Alarm Systems Expected To Increase

From Security Products Online

June 6, 2008

Traditionally, security alarm systems used fixed telephone lines to pass information from the security alarm panel to a central monitoring facility. Today, however, that communication is increasingly being delegated to a digital cellular link. ABI Research forecasts that the 2007 number of just fewer than 2.5 million wireless security alarm connections will increase to more than 7.5 million in 2013.

What is driving this transition? According to senior analyst Sam Lucero, a number of factors have combined to create this new market trend.

“In North America, formerly analog wireless security alarms are now shifting to digital cellular services as a result of the AMPS ‘sunset’ in February 2008,” Lucero said. “More importantly, the continuing decline of landline voice services and the increasing utilization of second phone lines for DSL broadband services have made cellular connectivity more attractive, even necessary, for security alarm connectivity.”

Other factors promoting cellular security backhaul include the general trend for cost-optimized alarm systems to rely on wireless connectivity exclusively, particularly in Europe. In addition, wireless operators and broadband service providers are increasingly entering the security alarm service industry and are utilizing wireless either as a primary connection or back-up connection to a primary broadband connection. Also, unlike wired connections, cellular connections cannot be cut, and current cellular module technology includes anti-jamming features.

Lucero does caution that there are challenges to the adoption of wireless technology by the security alarm industry.

“Wireless is a relatively new option and many security alarm dealers have to be trained in the installation process,” he said. “In addition, the relatively high cost of modules, particularly CDMA modules, is an inhibitor. Despite these barriers, however, there is an opportunity here for most if not all cellular module vendors, as well as for carriers and specialist M2M providers.”

AT&T appears to have positioned itself as a key player in the North American market, as has M2M mobile operators Aeris, Jasper Wireless, and Numerex. M2M mobile virtual network operator KORE Telematics is also strongly positioned in this market.


Oklahoma City Unveils Wireless Mesh Network For Public Safety

From Security Products Online
June 5, 2008

Oklahoma City recently unveiled its wireless network -- the largest city owned and operated municipal Wi-Fi mesh network in the world.

The network is used for public safety and other city operations. At this time it does not provide wireless Internet access to the public.

Tropos Networks president and CEO, Tom Ayers presented a plaque to the Mayor and City Council recognizing the City of Oklahoma City for successfully building and implementing the world’s largest municipal wireless broadband network. Tropos Networks provides the network infrastructure equipment.

The wireless mesh network covers 555 square-mile area with 95 percent service coverage in the city’s core. Wireless Tropos routers are installed on city siren towers, traffic lights, buildings and other places. Tropos’ mobile routers are mounted in city vehicles, extending the network coverage area.

“We’re proud to receive this award and claim this distinction,” Mayor Mick Cornett said. “Our state-of-the-art wireless communication system allows City government to be more efficient and provide a higher level of service to our citizens.”

The wireless network is an extension of the City’s information technology infrastructure. City staff now has access from the field to more than 150 software applications.

Police officers are equipped with a laptop in patrol cars that gives them better access to advance criminal information in real time and allows them to download photos, file reports and even do paperwork in the field. In addition, police officers and fire fighters have access to over 300 video cameras, giving them a real time, around-the-clock, birds-eye view of key locations throughout the city.

Fire battalion chiefs are now able to locate water hydrants, review site maps, building floor plans and hazardous materials information while en route to a fire or accident; enabling them to tell incoming response vehicles how and where to set up.

The Wi-Fi mesh network system took more than two years to implement. Strong security measures and policies the city put in place have worked well protecting the network and meeting performance needs.

“We’ve been so pleased with how the wireless network system has improved the coordination and service delivery in our public safety operations that we’re now using it in other City operations,” City Manager Jim Couch said.

Former UK Law Enforcement Official Says Public Surveillance Cameras Work

From Security Products Online
By Brent Dirks · June 6, 2008

Public surveillance cameras in the United Kingdom work, but there are a few caveats. Sir Chris Fox, former president of the National Association of Chief Police Officers and 34-year veteran of British law enforcement, made the case for surveillance in a recent presentation.

“Community safety cameras work when they are planned, designed and implemented properly,” said Fox, who spoke at an ADT-sponsored event in May in Berkeley, Calif. “They work and are a good thing.”

The use of surveillance cameras in the United Kingdom stretches back to 1964 when the new technology was first used by retail and shops. Currently, there are a staggering 4.2 million plus cameras in the country -- one for every 14 people.

Fox said there were a number of reasons for the camera explosion without any outcry from civil liberties groups.

While, with the exception of the Sept. 11 attacks, the United States has been shielded from terrorism, violence from the IRA was a very real occurrence in the United Kingdom. Thanks to government funding in the 1990s and that constant threat of violence, the “community safety” cameras were welcomed in the country.

“In our environment, as it was, cameras were seen as a good thing,” he said. “Every day, I would get a request from a neighborhood saying we want some cameras. I never got a request saying take them away, it was an invasion of our privacy. The mentality was totally different; it’s changed a little bit, but then it was totally accepting.”

Currently, a typical CCTV system in the United Kingdom covers both high-risk and high-crime areas. Run by a city council, the system is not monitored by police but by trained users who are in contact with police via telephone and radio. All images are recorded and kept for 30 days.

Fox stressed that the notion of privacy doesn’t extend into a public place. But he said the system can’t target an individual without judicial approval.

Cameras in the country, Fox said, play a major role in the effort to reduce crime. When cameras are installed, the technology deters offenders and detects crime, eventually leading to more public vigilance and making communities feel safer. In the United Kingdom, citizens are now safer than they have since 1981.

But for the technology to work, Fox said, communities need to set goals and define success before installing the cameras -- as well as update the justice system with the compatible technology and hire enough police to respond to incidents caught by the system.

Fox’s presentation highlighted a number of successes thanks to the cameras -- including the July 2005 bombings that killed 52 and injured more than 700. Fox helped coordinate the national police response to the incident.

By using the cameras, police were able to identify the bombers and learn from the incident. Eventually, more than 194 other suspects were identified and arrested.

The cameras also were instrumental in identifying suspects in a failed attack against London transportation two weeks later.

And despite the cultural and other differences between the United Kingdom and United States, Fox said cameras also could work in America, especially with the advent of video analytics and intelligent surveillance systems.

“What I would tell my fellow police authorities and officials in the United States is to get your act together and be very specific with what you want and go to the private sector and ask ‘What can you do?’” Fox said. “They need to be thought through very carefully and analytically before saying ‘We want some of that.’”

Speaking of ADT, I recently was able to tour a wireless mesh surveillance system installed by the company in the city and port of Richmond, Calif., a Bay Area suburb. I’ll have more on the setup and technology behind it in the homeland security section of September’s Security Products magazine.

About the author

Brent Dirks
Brent Dirks is e-news editor for Security Products magazine.


Study: Revenue From Video Surveillance Software To Dramatically Increase In Next Five Years

May 29, 2008
from Security Products Online

Video surveillance systems have existed for many years, but until recently, extracting useful information from them was labor-intensive, time-consuming and tedious.

Now, however, the quickening transition from analog to digital video has made it possible to use software for detection and analysis. This can free humans from the drudgery while improving accuracy and creating opportunities to use video in ways never before possible.

“Analytics software has become increasingly sophisticated and more accurate,” said ABI Research vice president and research director Stan Schatt. “It is beginning to be used for such tasks as identifying customer buying behavior, identifying criminal behavior before crimes take place, identifying objects left unattended in public venues, and much more.”

A new study from the firm forecasts a nearly fourfold increase in revenue from video surveillance software between now and the end of 2013, rising from about $245 million to more than $900 million.

In fact, surveillance software has a myriad uses. The homeland security applications are self-evident, but it is also starting to be used in marketing, to identify customer’s “eyeball connections” with products and analyze their retail behavior. In a retail environment it can also analyze customer traffic patterns, helping to improve store layouts. ABI Research expects the retail market segment to grow exponentially. Casinos are also using it to keep staff from restricted areas.

Software can also be used in ATMs and in banks, to identify known criminals before they commit a crime (shades of the film Minority Report).

“There are many small software companies in this market, and some big ones such as IBM, which has released software that is largely platform-agnostic, increasing pressure for others to follow suit. And while most systems today are sold to end-users,” Schatt said. “IBM Global Services sees potential in a managed service model, and it would not be surprising to see HP jump in as well, particularly following its EDS acquisition.”