Tagging hardware can also help to monitor access and reduce theft. For example, large data centers are increasingly tagging their racks so that any access, even if it is by an authorized engineer, is monitored. Revolving doors are widely used to provide exact tracking of the people entering a building, particularly useful in buildings where large numbers are working or visiting. By using integrated systems across multiple buildings on a given site, this can prove useful in mass Frost and Sullivan’s Analysis of the Global Vulnerability Research Market in Q3 2011 points to the rise of attacks on third party applications. Once an application has been weakened, any devices on the network can become a point of entry for further hacking notification systems. These are the systems designed to simultaneously warn people in an emergency situation, sending alerts and instructions through a range of media, including cell phones, computer screens, landline phones, closed circuit TV screens and public address systems. This highlights the move towards a more intelligent response to emergencies.
Intelligent response through integration
Intelligent response relies on the data provided by the increasing integration of safety, security and other building management systems. Open a rchitecture is very much a focus at the moment, with a move towards standardizing protocols to allow different systems, often from different manufacturers, to work together. This can include security, life safety – including notification systems – and comfort provided by heating, ventilation, cooling, lighting, and power management systems. Convergence is currently a widely used term in security. This is convergence in terms of the different systems working together but also between physical and IT security. Technological advances in video management, network cameras, recording
devices, intelligent access control and software have helped security applications to take advantages of the IP network. Response systems of the future – Intelligent Response systems where the system in place involves a variety of fully integrated, multimodal technologies – will take integration further still. With systems capable of analyzing all relevant data collected from the thousands of sensors and field devices and the various management systems operating throughout a building, a ‘demand controlled’ response to incidents will be possible. This data will automatically trigger the relevant system response mechanisms in relation to the nature, size and criticality of the incident, and enable the automated provision of dynamically updated and
targeted instructions to everybody concerned, from guiding them quickly and efficiently to a place of safety to providing relevant situational information for swift and efficient intervention. The benefits of such solutions are multifold: intervention is faster (supported by comprehensive situational information), mitigation is more targeted and efficient (the right systems are triggered automatically to e.g. extinguish a fire), and collateral risks are minimized (e.g. quicker return to secure building situation, e.g. access controlled doors locked etc). In addition, audit trail of actions taken and sequence of events can be leverage to facilitate the post-incident and recovery activities (insurance claims, liability risk management) and continuous improvements with regards to security and business continuity (policies and workflows).
Forensic analysis: video surveillance
Returning to the issue of forensic analysis, an area of significant development is the application of this approach to video surveillance systems. In the UK, a watershed event that was certainly a driver indeveloping this technology was the London bombings of 7 July, 2005 when four terrorist bombs – three on the London Underground network and 1 on a double-decker bus – killed 52 people and injured more than 700. Reviewing the video surveillance footage for London to try and piece together the events leading up to, during and after the bombings was a costly and labor intensive exercise. It highlighted a need for a process whereby the useful information could be retrieved much quicker. Motion detection has been used in video surveillance for some time, offering the capability to focus attention only on those periods when motion has been captured. However, this is still often a lot of footage, primarily just showing people walking around a building for example, who are presenting no security threat. This leads to the adoption of technology which attached events or alarms to the video, tagging the video at the point when an alarm wasrecorded and developing an index of tags. With the increasing integration
of different security disciplines, this means that an event or alarm generated by any of the systems can be tagged to the video. If, for example, somebody uses their access control card to enter a particularly sensitive area of the building, that event can be tagged with a piece of video. This can then be checked very quickly to ascertain if that person is the rightful carrier of the card. This is again enhancing the intelligence of systems. No longer is it a case of saying ‘show me the video stream between 9am–11am on Friday 11 May’. It is moving towards Google style searches, e.g. ‘show me the events where doors were forced’ or ‘show me the events when access control point A was entered’. In the age of the internet, we are very familiar with such searches and it enables useful and pertinent data to be identified much more quickly.
Forensic analysis: the next steps
Moving to the next stage and beyond just video surveillance, takes us into convergence again. By using multimodal systems, the goal is to identify an event from all of the system inputs, including, for example, an intrusion into the IT network i.e. physical and IT security operating under a single front end control. Many so called cyber attacks can include a physical security element. One person could be orchestrating the attack remotely, from anywhere in the world, but often this will involve an accomplice operating in or close to the building, plugging in Ethernet cables, for example, or parked next to the building piggybacking on the Wi-Fi networks. By adopting fully integrated, multimodal systems, you can have a much better level of situational awareness,
knowing that not only is the network under attack but that it is being achieved through an Ethernet cable plugged into Rack 7 which was accessed via control point A. Ultimately, forensic analysis in this context is about very quickly finding the relevant information from the wide ranging and extensive
data that is being processed, improving the speed of response and therefore the opportunity to resolve an incident. This area of research and development is seeing a lot of collaborative projects between security systems specialists and dedicated IT companies.
With the increasing use of IP technology, particularly the advent of open standards enabling different systems to communicate more readily, so the distinction between the previously separate worlds of physical and IT security have become blurred. Convergence will only increase as security, along with other safety and building control systems, continues to migrate to the IT realm. A more holistic approach to safety and security is being adopted, one in which integration has a greater part to play. Systems are being developed which draw on a more structured and standardized approach using the
IT networks but which allow greater flexibility in tailoring solutions to specific requirements. Data plays such an important role in the modern world that finding effective ways to protect it from the many threats, both those that currently exist and those that are yet to come, will become en ever increasing challenge.
Mark Mooney, Head of Product Line Corporate Security, Siemens Building Technologies Division