Download PDF version Contact company
Camera resolution is important for a surveillance system to be useful 

Resolution quality must be considered when assessing surveillance effectiveness

Surveillance cameras are becoming more and more commonplace, especially in busy metropolitan locales. Police and detectives hope to reduce crime rates by keeping a watchful eye on civilians but CCTV has only been helpful in solving a small percentage of crimes. Mike Lewis, Country Manager UK for CCTV manufacturer MOBOTIX AG, highlights key considerations for improving the efficiency of existing surveillance systems.

In May of 2008, Detective Chief Inspector Mike Neville, head of Scotland Yard's Visual Images, Identifications and Detections Office (Viido) became the UK's first senior police officer to challenge the misconception around CCTV's role in reducing crime. Speaking at Security Document World Conference in London, the Chief Inspector said: "Billions of pounds have been spent on kit, but no thought has gone into how the police are going to use the images and how they will be used in court. It's been an utter fiasco."  Neville also pointed out that only 3 per cent of London's street robberies had been solved using CCTV images. A low figure considering the capital is one of the most densely populated areas of CCTV coverage anywhere in the world.

Identifying problems with existing CCTV surveillance systems

Mike Lewis, UK Country Manager for CCTV manufacturer Mobotix AG believes that the problem stems from a fundamental issue of image quality. "For many organizations CCTV is treated as a ‘check-box' item with little thought given to how a CCTV installation can help the police solve crimes. Criminals are not stupid and a deterrent is simply not enough; the technology has to be able to gather evidence to help the police secure convictions."

Lewis points out that the majority of CCTV installations in the UK still use old analog technology with barely a fifth of the resolution found in a basic camera phone. "If a CCTV system, say covering a street outside a jewellers', captures a car pulling up and three men brandishing shotguns marching into the shop - unless you have the resolution to capture the license plate, or some distinguishing features of each masked robber, or audio capture to get a voice print - the system is pretty worthless."

Mandating changes in surveillance video resolution requirements

The industry also is "less than opaque"  when it comes to selling CCTV in his view. "Many vendors will play down high resolution as not necessary or too expensive to implement without actually explaining that it is exactly these high resolution images and audio capture that will help police make successful prosecution where a grainy image would simply be thrown out of court."

"Billions of pounds have been spent on kit, but no thought has gone into how the police are going to use the images and how they will be used in court"

Lewis points to the continent as an example of where UK CCTV market needs to learn from.  In France for example, under anti-terrorism laws pioneered after the 7/7 tube bombings in London, all government building and high risk areas are legally required to have CCTV of a high resolution and retain data for up to 30 days. In Germany, all banks are required to deploy high resolution CCTV to monitor customers, staff and financial transactions in every branch.  [It will be very useful to define what is classified as "high resolution" or the minimum resolutions that are acceptable in these countries]

MOBOTIX, which only sells fully-digital high resolution CCTV camera systems believes that the potential of CCTV to reduce crime won't be fulfilled unless either the government, police or even third parties such as insurers, licensing boards or trade associations insist that end users deploy a better resolution capture, coverage and video storage and retrieval.

"There will be another wave of CCTV installation heading up to the Olympics, so as a nation, we have a perfect opportunity to set a CCTV standard that meets the needs of police, local government and end users to help us reduce crime and secure more prosecution off the back of CCTV evidence,"comments Lewis.

High resolution cameras are important for viewing potentially crucial details in crime solving
Lewis believes CCTV would be able to help solve more crimes if they had higher resolutions

"The technology is not the barrier and newer CCTV systems with hemispheric (360 degree) fields of view will allow end users to actually deploy fewer security cameras while maintaining better resolution and wider coverage - the problem is still trying to persuade people that CCTV can catch criminals and not just scare them away."

Optimising CCTV for solving and prevention of crime

Lewis offers some constructive suggestions on how to improve CCTV's effectiveness as a crime prevention and evidence gathering tool. "There are an estimated 4 million CCTV cameras in the UK but where they all are, what they record and accessibility to these video archives is mostly unknown - having a register of CCTV for use by the police would help them to quickly gather post incident evidence."

The idea of CCTV built into the environment was the theme of the 200 Secured by Design' (SBD) initiative that has been adopted by parts of the building industry to promote crime prevention measures like CCTV in development design. The initiative was endorsed by the Association of Chief Police Officers (ACPO), and has the backing of the Home Office Crime Reduction Unit. However, for police gathering information after an incident, there is no easy way to locate CCTV installations in any given area.

The industry also is "less than transparent" when it comes to selling CCTV in his view

Most CCTV systems installed in the UK use a centralised approach. Each surveillance camera is effectively dumb with the image processing, access to footage and storage taking place at a remote location. In smaller environments, this could be a DVR simply recording everything on a 24-hour loop. In larger campuses or city centres, this is often a dedicated control room monitored 24 hours a day.

Instead Lewis argues that a decentralised approach that places more intelligence into the CCTV camera would allow greater accessibility by third parties such as the police and emergency services. "With a decentralised system, private companies could allow the police to quickly add their local cameras into a centrally managed grid." In this method, if an incident occurs, the police CCTV control center could patch an instant video feed from the nearest available CCTV camera. With a decentralised approach, each CCTV camera becomes an access point on an IP network and can be shared by multiple agencies in a more cost effective approach.

"This might sound a bit hi-tech, but it is technically possible," explains Lewis. To give an analogy, when the police receive a 999 call, the dispatcher is automatically informed of the location of the caller from the Caller Line Identification system which cross references a database of addresses of each of the 25 million public and private landlines installed in the UK. "A similar system where the police type in a post code and are presented with secure access to video feeds from all decentralised CCTV installations in an area would be a potentially society changing tool for fighting crime."

Some places are legally required to have high resolution CCTV cameras
High risk areas in France were legally required to have high resolution CCTV following London Tube bombings

Considerations for realising CCTV's full security potential

Lewis also believes: "All CCTV cameras should have a minimum mandated image quality with all information stored in a digital format for a minimum of 7 days that can be easily accessed by the police for evidence gathering."

Many police forces around the country already have voluntary guidelines for business deploying CCTV and several have made CCTV installation a condition of alcohol or gaming licences. However this policy has successfully been challenged by landlords and upheld by Information Commissioner as potentially in conflict with the data protection act.

Unfortunately, Lewis believes for any of these measures to work, there needs to be stronger backing from the government: "There is obviously a fear of creating an oppressive surveillance society but we have regulation for other areas like fire prevention, road safety, disabled access and a host of other health and safety issues - why CCTV, which has the potential to protect lives, is treated differently is a complete mystery to me."

 

Mike Lewis, UK manager for Mobotix

Mike Lewis
UK Manager
Mobotix  AG

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

What Is The Impact Of Remote Working On Security?
What Is The Impact Of Remote Working On Security?

During the coronavirus lockdown, employees worked from home in record numbers. But the growing trend came with a new set of security challenges. We asked this week’s Expert Panel Roundtable: What is the impact of the transition to remote working/home offices on the security market?

Water Plant Attack Emphasizes Cyber’s Impact On Physical Security
Water Plant Attack Emphasizes Cyber’s Impact On Physical Security

At an Oldsmar, Fla., water treatment facility on Feb. 5, an operator watched a computer screen as someone remotely accessed the system monitoring the water supply and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. The chemical, also known as lye, is used in small concentrations to control acidity in the water. In larger concentrations, the compound is poisonous – the same corrosive chemical used to eat away at clogged drains. The impact of cybersecurity attacks The incident is the latest example of how cybersecurity attacks can translate into real-world, physical security consequences – even deadly ones.Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. The computer system was set up to allow remote access only to authorized users. The source of the unauthorized access is unknown. However, the attacker was only in the system for 3 to 5 minutes, and an operator corrected the concentration back to 100 parts per million soon after. It would have taken a day or more for contaminated water to enter the system. In the end, the city’s water supply was not affected. There were other safeguards in place that would have prevented contaminated water from entering the city’s water supply, which serves around 15,000 residents. The remote access used for the attack was disabled pending an investigation by the FBI, Secret Service and Pinellas County Sheriff’s Office. On Feb. 2, a compilation of breached usernames and passwords, known as COMB for “Compilation of Many Breaches,” was leaked online. COMB contains 3.2 billion unique email/password pairs. It was later discovered that the breach included the credentials for the Oldsmar water plant. Water plant attacks feared for years Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. Florida’s Sen. Marco Rubio tweeted that the attempt to poison the water supply should be treated as a “matter of national security.” “The incident at the Oldsmar water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers, but also from malicious actors with unknown motives and goals,” comments Mieng Lim, VP of Product Management at Digital Defense Inc., a provider of vulnerability management and threat assessment solutions.The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online “Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasizes the need to ensure the systems are defended against any adversary,” Mieng Lim adds. “Proactive security measures are crucial to safeguard critical infrastructure systems when perimeter defenses have been compromised or circumvented. We have to get back to the basics – re-evaluate and rebuild security protections from the ground up.” "This event reinforces the increasing need to authenticate not only users, but the devices and machine identities that are authorized to connect to an organization's network,” adds Chris Hickman, Chief Security Officer at digital identity security vendor Keyfactor. “If your only line of protection is user authentication, it will be compromised. It's not necessarily about who connects to the system, but what that user can access once they're inside. "If the network could have authenticated the validity of the device connecting to the network, the connection would have failed because hackers rarely have possession of authorized devices. This and other cases of hijacked user credentials can be limited or mitigated if devices are issued strong, crypto-derived, unique credentials like a digital certificate. In this case, it looks like the network had trust in the user credential but not in the validity of the device itself. Unfortunately, this kind of scenario is what can happen when zero trust is your end state, not your beginning point." “The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online for the first time as part of digital transformation projects,” says Gareth Williams, Vice President - Secure Communications & Information Systems, Thales UK. “While the move towards greater automation and connected switches and control systems brings unprecedented opportunities, it is not without risk, as anything that is brought online immediately becomes a target to be hacked.” Operational technology to mitigate attacks Williams advises organizations to approach Operational Technology as its own entity and put in place procedures that mitigate against the impact of an attack that could ultimately cost lives. This means understanding what is connected, who has access to it and what else might be at risk should that system be compromised, he says. “Once that is established, they can secure access through protocols like access management and fail-safe systems.”  “The cyberattack against the water supply in Oldsmar should come as a wakeup call,” says Saryu Nayyar, CEO, Gurucul.  “Cybersecurity professionals have been talking about infrastructure vulnerabilities for years, detailing the potential for attacks like this, and this is a near perfect example of what we have been warning about,” she says.  Although this attack was not successful, there is little doubt a skilled attacker could execute a similar infrastructure attack with more destructive results, says Nayyar. Organizations tasked with operating and protecting critical public infrastructure must assume the worst and take more serious measures to protect their environments, she advises. Fortunately, there were backup systems in place in Oldsmar. What could have been a tragedy instead became a cautionary tale. Both physical security and cybersecurity professionals should pay attention.

How Have Security Solutions Failed Our Schools?
How Have Security Solutions Failed Our Schools?

School shootings are a high-profile reminder of the need for the highest levels of security at our schools and education facilities. Increasingly, a remedy to boost the security at schools is to use more technology. However, no technology is a panacea, and ongoing violence and other threats at our schools suggest some level of failure. We asked this week’s Expert Panel Roundtable: How have security solutions failed our schools and what is the solution?