In the wake of 9/11, the Federal Government’s secure-the-fort, big idea was to create an identity credential for all federal employees and contractors. Homeland Security Presidential Directive (HSPD)-12 set it all in motion. Today, we know the smartcard-based credential that arose from HSPD-12 as the Personal Identity Verification (PIV) card.

The PIV card is meant to give employees/contractors physical access to federal facilities and logical access to federal information systems. While using a PIV card for logical access has been largely successful and compliant with HSPD-12, implementing PIV-based, physical access control systems (PACS) has been much more difficult to conquer. As a result, HSPD-12 compliance for PACS has largely eluded the Federal Government. The noncompliance reasons are many, but there is now hope for fully achieving HSPD-12’s mandates.

Interoperability With Any Agency’s PIV

Beyond Passports, PIV cards represent the only other open-standards-based, multi-vendor-supported, identity credential program on the planetAll Executive Branch employees and long-term contractors, including the entire Department of Defense, have been issued PIV cards. This has been true since 2013. Beyond Passports, PIV cards represent the only other open-standards-based, multi-vendor-supported, identity credential program on the planet.

It seems so simple, where employees/contractors previously used their proximity card to open a federal facility door or go through a turnstile, they should now be able to use their PIV card. However, HSPD-12 took the PIV requirement one step further – compliant PACS must be interoperable with any agency’s PIV. This introduced an entire magnitude of additional complexity.

A compliant, interoperable, PIV-based PACS should work like this: an authorized employee (or contractor) presents a PIV card (contact or contactless) to a card reader to enter whichever federal agency building they have reason to be. Over the last 14 years, in all but a very few cases, the lack of PACS’ HSPD-12 compliance has prevented this from happening.

Secure Credential Policy

Today, less than 1% of the Federal Government’s PACS are HSPD-12-compliant. At most federal facilities, especially those outside the National Capitol Region, a noncompliant PACS works like this: an authorized employee (or contractor) presents a proximity (‘prox’) badge to a proximity card reader to enter his or her agency’s facility. At the fraction of federal facilities with upgraded PACS that work with PIV cards, virtually all such PACS fail to properly use a minimum number of PIV security features before granting access – let alone interoperate with a PIV card from any other agency.

Active government solicitations are issued for new, non-compliant, proximity-based systems that perpetuate the delay to HSPD-12 complianceNew federal initiatives frequently suffer from having no policy to enforce their roll-out. That isn’t the case with PACS compliance. Policies have been in place for so long that newer policies like Office of Management and Budget (OMB) M-11-11 (February 3, 2011) remind everyone what the policies said in 2004 and 2006. This year, OMB publicized its proposed OMB M-18-XX (Draft), which will replace M-11-11. OMB M-18-XX’s (Draft) main PACS thrust is, once again, to ensure that everyone understands what the Federal Government’s secure credential policy is. It hasn’t changed since 2004.

It would be tempting to say that PACS technology isn’t mature, but that isn’t the case. In 2013, the Federal Government revamped the PACS portion of the FIPS 201 Evaluation Program and, since that time, all PACS on the General Services Administration’s (GSA) Approved Products List are 100% compliant and interoperable. Yet, on any given day, active government solicitations are issued for new, non-compliant, proximity-based systems that perpetuate the delay to HSPD-12 compliance.

The usual suspects, policy and technology, are not the culprits for this epic delay.

An authorised employee presents a proximity badge to a proximity card reader to enter his or her agency’s facility
An authorized employee presents a PIV card to a card reader to enter whichever federal agency building they have reason to be

Difficulties In Adopting HPSP-12 Compliance For PACS

  • Standards – The Federal Government’s approach to standards is to avoid a great deal of specificity. It’s an unspoken tenet that federal standards must be flexible, promote innovation and avoid disadvantaging any participating market segment. The opposite is true if your goal is interoperability: nearly every detail must be specified. Consider the standards-based success story of chip-based credit cards. When was the last time you used a credit card and it didn’t work? Interoperability failures are nearly unheard of. If you look at the hundreds of volumes of technical specifications that cover minute aspects of every component in credit cards and payment terminals, you quickly realize why it works so well. Nothing is left to chance, nothing is a variable, and there is no optionality.

The Good News: Work to increase viability through deep scrutiny has progressed in recent years. The GSA APL PACS Testing Lab, set up in 2013, annually tests credentials from all PIV issuers against all GSA-approved PACS. This testing has significantly reduced interoperability failures at federal facilities.

  • Collaboration – In the past, physical access practitioners from federal agencies rarely collaborated, unlike their logical access counterparts. This is also true for PACS procurement decision-makers across agencies and facilities.

The Good News: In 2018, an agency trend has emerged where finally physical access, physical security and IT practitioners have begun sitting down to discuss their shared responsibilities. We have already begun to see coordinated budget requests between IT and Security with enterprise architectures positioning PACS as an enterprise service on the network

  • Scale – The Federal Government owns so many buildings that they can’t be counted. Google doesn’t know how many there are and neither does any one government official.
  • Variability – A significant percentage of facilities have unique aspects making a one-size-fits-all approach infeasible.

The Good News: Mature consulting services can now help agencies marry federal requirements with their unique environments to develop robust PACS enterprise architectures. As we see this occurring more and more frequently, a repeatable, achievable, systems-based upgrade of all PACS may be on the horizon.

Active government solicitations are issued for new, non-compliant, proximity-based systems that perpetuate the delay to HSPD-12 compliance
The GSA APL PACS Testing Lab annually tests credentials from all PIV issuers against all GSA-approved PACS
  • Provenance – In many cases, different groups own different parts of a single facility, not all of whom might be subject to, or wish to interoperate with, a high-assurance compliant PACS. For example, GSA manages facilities for Legislative and Judicial tenants who aren’t subject to HSPD-12. Policy dictates that GSA manage the PACS for the front doors of these facilities should be HSPD-12-compliant, despite the fact that these tenants likely don’t have credentials that work with this technology. Sure, these tenants could commercially obtain a PIV-I credential, but almost none have.
  • Economics – It’s difficult for agencies to create their annual security budget requests when HPSD-12 PACS upgrades are in scope, because so many unknowns exist at each facility. To assess the cost, the time to complete, and the facility’s existing equipment inventory, it would be logical for an agency to hire a contractor with PACS expertise to perform a site assessment. Having to do capital planning for an assessment phase in advance of making the annual budget request for the PACS upgrade creates a never-ending cycle of delay. Especially at agencies with multi-year capital planning requirements. Many agencies, trying to avoid this delay cycle, have fallen prey to doing site assessments themselves. This results in their integrators doing their walk-throughs after the contract is awarded. This is the leading cause of PACS upgrade cost overruns.
  • Dependence on the agency’s IT department – Historically, PACS have been deployed on dedicated networks and are rarely ever connected to the enterprise, let alone the Internet. High-assurance PACS that validate credentials from other agencies must now communicate with many different systems on an enterprise network and over the Internet – so much so that the Federal Government reclassified PACS as IT systems.

The Good News: With collaboration increasing between Physical Security Officers (PSOs) and Chief Information Officer (CIOs), we expect this to improve in due course.

  • Resistance to change – This is a classic human factors challenge, and it’s a big one. PSOs have spent decades achieving their positions. PIV-based PACS could not be more different from the technologies that proceeded it, and such radical change is often resisted. When the value proposition is clear, change is adopted more readily. But security value isn’t easily measured or observed. It is often said that the best performance review for a PSO is to note that nothing happened. And when something does happen, it is necessarily kept quiet so the risk can be remediated without calling attention to the vulnerability in the interim. To date, the value proposition of moving to PIV-based PACS has been entirely based on policy (without corresponding funding in most cases) and through the shock value of white hat hackers, showing how easily most proximity badges can be cloned. This is not the stuff of change agents.
PACS have been deployed on dedicated networks and are rarely ever connected to the enterprise
PIV-based PACS could not be more different from the technologies that proceeded it, and such radical change is often resisted

Are These Challenges A Unique Situation?

No, these PACS challenges are not unique. Cybersecurity initially faced many of the same challenges that federal PACS face today. By 2000, the Federal Government recognized its urgent need to improve cybersecurity practices across its computing infrastructure and issued many policies that required agencies to improve. Improvement was sparse and inconsistent. GSA Schedules were set up to help agencies buy approved products and services to assist them, but this too produced lacklustre results.

The Federal Government found that the best cybersecurity results occurred when enforced at the time an agency commissioned a system

Congress enacted the Federal Information Security Management Act of 2002 (FISMA) (now amended by the Federal Information Security Modernization Action of 2014). FISMA mandates an Authority To Operate (ATO) accreditation process for all information systems. The Federal Government found that the best cybersecurity results occurred when enforced at the time an agency commissioned (vs. purchased) a system.

FISMA and ATO accreditation has been highly successful when implementing new systems. These cybersecurity requirements are the closest thing that the Federal Government has to the ‘PIV Police’ today. However, the PIV requirements in FISMA and ATOs currently apply to only logical access for information systems.

The proposed OMB M-18-XX (Draft) mentions that a FISMA PACS overlay to NIST SP 800-53 is forthcoming. The intent of the PACS overlay is to use the army of ATO accrediting officials in the Federal Government and enable them to assess implemented PACS as fit for purpose. This is the first time an enforcement approach has been brought forward that could reasonably succeed.

How Long For HSPD-12 Compliance?

We know that it won’t take another 14 years to achieve HSPD-12 compliance. Pockets of compliance are popping up. Compliant procurements do exist, and the state of PACS across the Federal Government is better in 2018 than in any previous year. Progress to date has been at a constant rate. The question is: what would take for progress to occur at an exponential rate instead? A major attack or compromise involving PACS would certainly hasten upgrades, but let’s hope that’s not the solution.

The energy distribution sector has been riding a wave of security upgrade demands to retrofit their facilities across the U.S.

The energy distribution sector, under nearly constant Advanced Persistent Threat attacks, has been riding a wave of security upgrade demands to retrofit their facilities across the U.S. The potential threat exists for Federal Government facilities as well.

Looking into the federal PACS-compliance crystal ball, we’re beginning to see the faint outline of a multi-faceted campaign of education, budgetary oversight and accreditation of PACS that will ultimately see us past the tipping point. Consider though, at the current rate of PACS enablement, a 50% compliance rate is still far in the future.

When that day arrives, the PIV card form factor may no longer be the key that fits that future lock. (Are you already using a mobile device’s Bluetooth interface to open the door to your office building?) Taking decades to perform a technology upgrade is the aging elephant in the room no one talks about. By the time critical mass is achieved with an upgrade facing these many challenges, there are typically compelling reasons to start over again with the next generation of technology. That cycle may well prove to be the Federal Government’s biggest PACS challenge of all.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Jeff Nigriny President and Founder, CertiPath

In case you missed it

Security Technology And AI: A Powerful Duo In The Fight Against COVID-19
Security Technology And AI: A Powerful Duo In The Fight Against COVID-19

A person infected with the Coronavirus (COVID-19) infects an average of 2.5 other people within five days. You do not need to be a mathematician to realize that early detection of infected people is key to successful pandemic containment. The aim of effective containment strategies is therefore not so much to reduce the number of absolute cases as it is to extend the time frame within which they occur. Without effective containment measures, the virus spreads rapidly and is beyond the capacity of the health care system. However, if infection rates can be minimized through early detection and rapid, targeted identification of further infections, cases will continue to occur over a longer period of time and remain within the capacity of the health care system. Identifying, testing and results For example, the goal of many countries is to carry out as many Corona tests as possible to quickly identify infected people. It is then necessary to identify and reach potentially-infected people and isolate them in quarantine. This is a tried and tested procedure. But this method also costs valuable time in the fight against the virus and has many unknowns. The determination of a concrete test result alone sometimes takes up to 48 hours due to limited laboratory capacity. Added to this is the imprecise and slow procedure for determining contact persons. Or do you still remember exactly who and where you shook hands with in the last ten days - and could you provide information on this? Security technology to the rescue When it comes to the time factor, security technology can be a great help. Thermal imaging cameras and temperature sensors, for example, can help to detect a person with elevated body temperatures. Fever can also be one of the symptoms in those infected with the Coronavirus. At neuralgic points such as airports and train stations, or at entrances to hospitals, thermal imaging cameras can quickly reveal which people have fever. Presumably infected people can be easily separated and asked about other symptoms. Physical security technology can make a great contribution here. Dr. Frank Gillert, a professor at the University of Applied Sciences in Wildau, Germany states, however, as one of the leading scientists for logistics-centric security research, he demands "rapid innovation in dealing with situations like COVID-19 should be a priority". He sees enormous potential in the possibilities of IT and artificial intelligence; "We should use the disruptive changes that are currently taking place and that are challenging global orders to strengthen the significance in IT infrastructure development and also in security technology development.“ The goal in a global crisis And he is right: In global crises such as the Corona pandemic, security-related deficits become apparent and space is created for technical innovations. The goal of governments and companies is to restore security and save human lives as quickly as possible. The German data analytics powerhouse G2K, for example, has developed a Corona Detection & Containment System (CDCS) that is ready for immediate use in record time. Detection takes place in combination with AI-supported data analysis to specifically identify virus hotspots and distribution routes, as well as to identify other potentially infected persons. When developing the system, the focus was on two questions: How do I detect a suspected infected person in crowded environments and even more importantly, how do I quickly and comprehensively determine the person's contacts and previous whereabouts, and find correlations and patterns in this information? The data experts of the Berlin-based company found the answer in the combination of physical security technology and their existing data analytics platform. The G2K system The system is based on G2K's scalable IoT platform "Situational Awareness Builder" (SAB), which is already in use in several projects worldwide and sets standards in process automation and process optimization, including security management. As soon as a person with fever is detected by the system, he or she can be immediately screened to avoid contact with other people and thus prevent possible new infections, i.e. to interrupt the chain of infection. For this purpose, stationary thermal imaging cameras or smartphones equipped with a temperature sensor accessory can be used. The potentially infected person must now be registered and referred to a doctor or hospital for further specific diagnostic measures. The entire process is covered by a mobile G2K application. A combination of security and medicine The platform can bring together available hospital capacity, infection reports, movement and contact profiles and provide an excellent picture of the source of infection. Thus, medically necessary isolations can be implemented quickly. At the same time, infected patients can use the app to document their recovery and become actively involved. All this data is centrally managed and analysed, using deep learning methods. This provides crisis managers with a single monitoring, control and resource management tool that enables immediate action to be taken to combat the spread of the virus and gives officials full transparency on the status of the pandemic. Karsten Neugebauer, founder and CEO of the company behind the solution, explains his commitment as follows "A few weeks ago we too were faced with increasing difficulties due to the Corona crisis. As we have a strong presence in Europe in particular, we had to struggle with postponed project starts and limited resources". But instead of burying their heads in the sand, G2K's dedicated team decided to declare war on the virus." "In our entrepreneurial duty, we, therefore, decided to use our available technology and equip it to fight COVID-19. Our team has been working day and night over the last few weeks to expand our software platform to enable us to contain the pandemic quickly and effectively. Politicians must now immediately push ahead with the unbureaucratic implementation of prevention and control measures such as our CDCS to ensure the stability of our public systems," demands Karsten Neugebauer. The pandemic continues As the COVID-19 pandemic spreads from continent to continent, researchers around the world are working to develop antidotes to the virus. As long as this has not been found, the spread of the virus must be slowed down internationally. Only by this can system-relevant infrastructure be held consistently. Combining modern physical security technology with platform technology and artificial intelligence provides an excellent possibility to slow down the current and for sure, future pandemics.

Face Recognition: Privacy Concerns and Social Benefits
Face Recognition: Privacy Concerns and Social Benefits

News reports and opinion columns about face recognition are appearing everyday. To some of us, the term sounds overly intrusive. It even makes people shrink back into their seats or shake their head in disgust, picturing a present-day dystopia. Yet to others, face recognition presents technology-enabled realistic opportunities to fight, and win, the battle against crime. What are the facts about face recognition? Which side is right? Well, there is no definitive answer because, as with all powerful tools, it all depends on who uses it. Face recognition can, in fact, be used in an immoral or controversial manner. But, it can also be immensely beneficial in providing a safe and secure atmosphere for those in its presence.  Concerns of facial recognition With the increased facial recognition applications, people’s concerns over the technology continuously appear throughout news channels and social media. Some of the concerns include: Privacy: Alex Perry of Mashable sums up his and most other peoples’ privacy concerns with face recognition technology when he wrote, “The first and most obvious reason why people are unhappy about facial recognition is that it's unpleasant by nature. Increasing government surveillance has been a hot-button issue for many, many years, and tech like Amazon's Rekognition software is only making the dystopian future feel even more real”. Accuracy: People are worried about the possibilities of inaccurate face detection, which could result in wrongful identification or criminalization. Awareness: Face recognition software allows the user to upload a picture of anyone, regardless of whether that person knows of it. An article posted on The Conversation states, “There is a lack of detailed and specific information as to how facial recognition is actually used. This means that we are not given the opportunity to consent to the recording, analyzing and storing of our images in databases. By denying us the opportunity to consent, we are denied choice and control over the use of our own images” Debunking concerns  The concerns with privacy, accuracy, and awareness are all legitimate and valid concerns. However, let us look at the facts and examine the reasons why face recognition, like any other technology, can be responsibly used: Privacy concerns: Unlike the fictional dystopian future where every action, even in one’s own home, is monitored by a centralized authority, the reality is that face recognition technology only helps the security guard monitoring public locations where security cameras are installed. There is fundamentally no difference between a human security guard at the door and an AI-based software in terms of recognizing people on watchlist and not recognizing those who are not. The only difference is that the AI-based face recognition software can do so at a higher speed and without fatigue. Face recognition software only recognizes faces that the user has put in the system, which is not every person on the planet, nor could it ever be. Accuracy concerns: It is true that first-generation face recognition systems have a large margin for error according to studies in 2014. However, as of 2020, the best face recognition systems are now around 99.8% accurate. New AI models are continuously being trained with larger, more relevant, more diverse and less biased datasets. The error margin found in face recognition software today is comparable to that of a person, and it will continue to decrease as we better understand the limitations, train increasingly better AI and deploy AI in more suitable settings. Awareness concerns: While not entirely comforting, the fact is that we are often being watched one way or another on a security camera. Informa showed that in 2014, 245 million cameras were active worldwide, this number jumped to 656 million in 2018 and is projected to nearly double in 2021. Security camera systems, like security guards, are local business and government’s precaution measures to minimize incidents such as shoplifting, car thefts, vandalism and violence. In other words, visitors to locations with security systems have tacitly agreed to the monitoring in exchange for using the service provided by those locations in safety, and visitors are indeed aware of the existence of security cameras. Face recognition software is only another layer of security, and anyone who is not a security threat is unlikely to be registered in the system without explicit consent. The benefits In August 2019, the NYPD used face recognition software to catch a rapist within 24 hours after the incident occurred. In April 2019, the Sichuan Provincial Public Security Department in China, found a 13-year-old girl using face recognition technology. The girl had gone missing in 2009, persuading many people that she would never be found again. Face recognition presents technology-enabled realistic opportunities to fight, and win, the battle against crimeIn the UK, the face recognition system helps Welsh police forces with the detection and prevention of crime. "For police it can help facilitate the identification process and it can reduce it to minutes and seconds," says Alexeis Garcia-Perez, a researcher on cybersecurity management at Coventry University. "They can identify someone in a short amount of time and in doing that they can minimize false arrests and other issues that the public will not see in a very positive way". In fact, nearly 60% Americans polled in 2019 accept the use of face recognition by law enforcement to enhance public safety. Forbes magazine states that “When people know they are being watched, they are less likely to commit crimes so the possibility of facial recognition technology being used could deter crime”. Saving time  One thing that all AI functions have been proven to achieve better results than manual security is speed. NBC News writes, “Nearly instantaneously, the program gives a list of potential matches loaded with information that can help him confirm the identity of the people he’s stopped - and whether they have any outstanding warrants. Previously, he’d have to let the person go or bring them in to be fingerprinted”. Facial recognition can also be immensely beneficial in providing a safe and secure atmosphere for those in its presence With AI, instead of spending hours or days to sift through terabytes of video data, the security staff can locate a suspect within seconds. This time-saving benefit is essential to the overall security of any institution, for, in most security threat situations, time is of the utmost importance. Another way in which the technology saves time is its ability to enable employees (but not visitors) to open doors to their office in real-time with no badge, alleviating the bottleneck of forgotten badge, keycode or password. Saving money A truly high-performance AI software helps save money in many ways. First, if the face recognition software works with your pre-existing camera system, there is no need to replace cameras, hence saving cost on infrastructure. Second, AI alleviates much of the required manual security monitoring 24/7, as the technology will detect people of interest and automatically and timely alert the authorities. Third, by enhancing access authentication, employees save time and can maximize productivity in more important processes. The takeaway AI-enabled face recognition technology has a lot of benefits if used correctly. Can it be abused? Yes, like all tools that mankind has made from antiquity. Should it be deployed? The evidence indicates that the many benefits of this complex feature outweigh the small chance for abuse of power. It is not only a step in the right direction for the security industry but also for the overall impact on daily lives. It helps to make the world a safer place. 

Axis Expects Body-Worn Camera System to Expand the Technology Use Cases
Axis Expects Body-Worn Camera System to Expand the Technology Use Cases

Axis Communications has introduced a body-worn camera solution, which the company says represents a natural extension of their corporate vision, business strategy and core competence. The new body-worn cameras and other elements of the system will provide Axis new opportunities to grow by tapping into existing and new customers. The fast-growing body-worn camera market is an attractive one, and Axis sees opportunities to extend the use of body-worn cameras beyond the current core market of police and corrections officers. Private security applications for the technology include healthcare, education, banking, public venues, retail, logistics, transportation and places of worship. The new body-worn camera system was designed with Axis partners and ecosystem in mind, says Martin Gren, Founder and Director of New Projects at Axis. “We try to make it fit with existing customers.” Deploying and using the system The new body-worn camera system was designed with Axis partners and ecosystem in mind Gren says the system is easy to deploy and use. The Axis W100 camera provides 1080p images, wide dynamic range (WDR) and has dual microphones, operating 12 hours on a single charge. GPS/GNSS global satellite navigation provides location, and a six-axis gyroscope and accelerometer offer additional data beyond the video image. For example, sensors might be triggered in some situations to initiate recording.  One-bay (Axis W700) or eight-bay (Axis W701) docking stations enable high-speed supervised data offloading and battery charging, and a system controller (Axis W800) provides a central point for integration and management. Use of Zipstream compression technology saves on bandwidth and storage. Video cannot be accessed in the field, but only when a camera has been docked. There are many layers of security, and encryption protects all data used in the system from being accessed by outside agents. The USB interface cannot be connected to an ordinary computer but only to the docking station. Open standards Open standards ensure easy integration with video management systems and/or evidence management systems, whether on-premises or in the cloud. At the time of release, the Axis body-worn camera system is already integrated with Milestone XProtect, Genetec Security Center, and Axis Camera Station VMSs. It is also integrated with the Genetec Clearance cloud-based evidence management system. An application programming interface (API) will facilitate additional integrations over time.  The body-worn cameras will be sold through the current Axis channels The body-worn cameras will be sold through the current Axis channels of distributors, systems integrators and resellers. The camera is part of the Axis “ecosystem,” which includes the company’s familiar network cameras as well as recent additions such as access control, network audio systems (including loud speakers), intercom door stations, a radar detector and other Internet of Things (IoT) devices. “The more things you integrate, the more value you add to customers,” said Gren. The new body-worn camera systems are core products for Axis; they are not made by another original equipment manufacturer (OEM) and merely sold under the Axis label. “When we decided to do body-worn cameras, OEMing was not an option,” said Gren. “Instead we took some experienced Axis engineers and a bunch of new ones to develop this product line to ensure the same Axis quality and compatibility.” Introducing the new product The body-worn camera system was unveiled remotely in a press conference webinar; the original plan was to introduce the new product at ISC West, which was canceled to minimize spread of the novel coronavirus. In addition to announcing the new product, the Axis executives provided commentary and insight into the ongoing coronavirus crisis. “The security industry is a close-knit community that is connected in more ways than one,” said Fredrik Nilsson, Axis Vice President of the Americas. “We are all in this together. The industry has always exemplified resiliency, ingenuity and vision to address such challenges.” We are all in this together. The industry has always exemplified resiliency, ingenuity and vision" “There is some disruption in the Axis supply chain, but we have a broad partner-based supply chain when it comes to our sub-suppliers, our seven global CLCs (Configuration and Logistics Centers) and the distributors who keep inventory for integrators,” said Nilsson in the March 18th press call. “There is some stress on some components, but things are working relatively well under the circumstances. We are monitoring it on a day-to-day basis, but so far we have been able to hold things up very well.” Gren offered a comment on the possible use of thermal cameras (which Axis makes) to measure body temperature during the COVID-19 crisis: “When we designed our thermal cameras, that was a common question,” he said. “But in general, it is difficult to use a thermal camera to get an accurate reading. We have one model – the Q2901 – that is a temperature-accurate thermal camera, and if you look straight into the camera, it is accurate to around 1° F. However, there are more efficient ways to [measure temperature]. In general, it’s not a business application I would recommend.”