A house on sand
The security industry can be like a house built on sand without professional standards in place

Picture the scene: You’re suffering from a persistent pain and so decide to take a trip to your doctor to get it checked out. You step into the consulting room but, before you can speak, he looks you up and down, haw and hums, and then writes out a prescription. Would you be happy that drugs prescribed in this manner will cure your ailment when your doctor has not even bothered to establish what the problem is? Would you accept this as any sort of professional approach? Of course you wouldn’t, and yet every day, in every corner of the Security Industry, this is exactly what is happening, informs Stephen D Green, Physical Security Sector Champion for the Security Institute Research Directorate Knowledge Centre.

Security Managers, faced with an immediate security problem and Directors screaming for action, over-rely on experience, leap to conclusions as to what the solution should be, reach for the catalog and start ordering. This is why, for example, all too often I will come across vehicle control points in site perimeters equipped with K12 crash-rated roadblockers, when 10 yards to each side of the entrance is a chain-link fence that my kids could punch through. The Security Managers, like the doctor above, have failed to analyzeand diagnose the problem, leaving it to chance that the action taken will fit the need. But when the measures put in place fail, it is the Security Managers competence that is drawn into question.

All security system designs should be risk-based. Such an approach encourages analysis of evaluation of risks such that priorities may be established

Is such criticism fair? After all, Security Managers are only human, and humans use unconscious heuristics, or shortcuts, to achieve their goals. We all have personal biases and comfort-zones (“…it’s what we’ve always done”…), we all benchmark or crib off others (…”it’s what Bill down the road does”…) and we all satisfice (…”it’s good enough and it’s available now”…). And it’s not as if there is a wealth of reliable, independent information out there on which to base procurement decisions; in 2007 Professor Adrian Beck of Leicester University, describing the “data desert” at the heart of the Security Industry, stated that “…if CCTV or EAS were a drug, we would be absolutely appalled at the way it has been introduced and widely used without any rigorous testing of its likely impact on the patient*.I also wonder if the prevalence of second-careerist, ex-armed forces or police officers in the industry has a bearing; General Colin Powell famously once stated that “…if you have between 40 and 70% of the information required to make a decision, go with your gut”. So what can the poor beleaguered Security Manager do to improve this situation? The answer is simple; all security systemdesigns should be risk-based. Such an approach encourages analysis of causality and evaluation of risks such that priorities may be established, leading to problem-oriented solutions which, most importantly, are justifiable before a Company Board being asked to provide funding.

Risk analysis is essential for security
An initial and comprehensive risk analysis assessment should be executed prior to purchasing products for the system

Risk was defined in the seminal 1992 Royal Society report as “..the probability that a particular adverse event occurs during a stated period of time, or results from a particular challenge.”** There are many variants of quantified risk assessment process around the world, including the relatively-new ISO31000 standard, which developed out of the AS/NZS 4360 standard. Alternatively a good method, widely used within the petrochemical industries, is the American Petroleum Institute Security Vulnerability process. All of these various methods share a number of common features:

Risk Identification –Identifying and characterizing all critical assets and the specific threats facing them

Risk Analysis – Identifying from the list of all possible risks those which are credible given the existing vulnerabilities , the counter-measures already in place and the capabilities of the adversary

Risk Evaluation– Assigning a numerical, ordinal value against each risk to allow ranking and prioritisation of effort

The level of understanding required to achieve this can only come from careful and continuous stakeholder engagement to ensure a good cross section of views and opinions; it cannot come from one person, or indeed one discipline, in isolation. The perception of risk is influenced by too many factors to describe here, but suffice to say that it is subjective, personal and experiential in nature. This is why some people read a book or walk the dog at weekends while others throw themselves out of perfectly good aeroplanes or climb up the side of mountains.

Even risk-based technical counter-measures are only of use when deployed in support of a set of good, well-thought out security policies, procedures and practices on which staff have been trained and exercised

Risk management is inherently a group activity, and should be iterative to reflect the changing nature of threat environments. The outcome of the risk assessment process should be a document, known variously as a security treatment plan or a Concept of Operations, which outlines the way the proposed new counter-measures are intended to work. From this it should be possible to define a detailed Operational Requirement for every device, listing its intended functionality and any technical performance criteria it needs to comply to. Later, following implementation, it is these two documents that will close the circle by verifying the installation delivers that which was intended at the outset. 

Of course, it must be acknowledged that getting the technical element right is only part of the solution. Security is a sociotechnical system; it is made up of technical and human elements. Even risk-based technical counter-measures are only of use when deployed in support of a set of good, well-thought out security policies, procedures and practices on which staff have been trained and exercised. Remove any of these elements and the project can only fail. Therefore, paraphrasing Mathew 7:26, the Security Industry can often be “…likened unto a foolish man, which built his house upon the sand”. If the industry wishes to present itself as professional, it needs to adopt professional standards of evidence-based and methodical design rather than the haphazard guesswork which remains all too prevalent today.

* - Beck, A. (2007a) The Emperor Has No Clothes: What Future Role for Technology in Reducing Retail Shrinkage? Security Journal, Volume 20, pp57–61

** - Royal Society (1992) Risk, Analysis, Perception and Management. London. Author

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Stephen D Green Physical Security Sector Champion, Security Institute

In case you missed it

Disruptive Innovation Providing New Opportunities In Smart Cities
Disruptive Innovation Providing New Opportunities In Smart Cities

Growth is accelerating in the smart cities market, which will quadruple in the next four years based on 2020 numbers. Top priorities are resilient energy and infrastructure projects, followed by data-driven public safety and intelligent transportation. Innovation in smart cities will come from the continual maturation of relevant technologies such as artificial intelligence (AI), the Internet of Things (IoT), fifth-generation telecommunications (5G) and edge-to-cloud networking. AI and computer vision (video analytics) are driving challenges in security and safety, in particular, with video management systems (VMSs) capturing video streams and exposing them to various AI analytics. Adoption of disruptive technologies “Cities are entering the critical part of the adoption curve,” said Kasia Hanson, Global Director, Partner Sales, IOT Video, Safe Cities, Intel Corp. “They are beginning to cross the chasm to realize their smart city vision. Cities are taking notice and have new incentives to push harder than before. They are in a better position to innovate.” “Safety and security were already important market drivers responsible for adoption of AI, computer vision and edge computing scenarios,” commented Hanson, in a presentation at the Milestone Integration Platform Symposium (MIPS) 2021. She added: “2020 was an inflection point when technology and the market were ripe for disruption. COVID has accelerated the adoption of disruptive technologies in ways we could not have predicted last year.” Challenges faced by cities Spending in the European Union on public order and safety alone stood at 1.7% of GDP in 2018 Providing wide-ranging services is an expanding need in cities of all sizes. There are currently 33 megacities globally with populations over 10 million. There are also another 4,000 cities with populations over 100,000 inhabitants. Challenges for all cities include improving public health and safety, addressing environmental pressures, enabling mobility, improving quality of life, promoting economic competitiveness, and reducing costs. Spending in the European Union on public order and safety alone stood at 1.7% of GDP in 2018. Other challenges include air quality – 80% of those living in urban areas are exposed to air quality levels that exceed World Health Organization (WHO) limits. Highlighting mobility concerns is an eye-opening statistic from Los Angeles in 2017: Residents spent an average of 102 hours sitting in traffic. Smart technology “The Smart City of Today can enable rich and diverse use cases,” says Hanson. Examples include AI-enabled traffic signals to help reduce air pollution, and machine learning for public safety such as real-time visualization and emergency response. Public safety use cases include smart and connected outdoor lighting, smart buildings, crime prevention, video wearables for field agents, smart kiosks, and detection of noise level, glass breaks, and gunshots. Smart technology will make indoor spaces safer by controlling access to a building with keyless and touchless entry. In the age of COVID, systems can also detect face mask compliance, screen for fever, and ensure physical distancing. 2020 was an inflection point when technology and the smart cities market were ripe for disruption, Kasia Hanson told the MIPS 2021 audience. Video solutions Video workloads will provide core capabilities as entertainment venues reopen after the pandemic. When audiences attend an event at a city stadium, deep learning and AI capabilities analyze customer behaviors to create new routes, pathways, signage and to optimize cleaning operations. Personalized digital experiences will add to the overall entertainment value. In the public safety arena, video enables core capabilities such as protection of people, assets, and property, emergency response, and real-time visualization, and increased situational awareness. Video also provides intelligent incident management, better operational efficiency, and faster information sharing and collaboration. Smart video strategy Intel and Milestone provide video solutions across many use cases, including safety and security Video at the edge is a key element in end-to-end solutions. Transforming data from various point solutions into insights is complicated, time-consuming, and costly. Cities and public venues are looking for hardware, software, and industry expertise to provide the right mix of performance, capabilities, and cost-effectiveness. Intel’s smart video strategy focuses around its OpenVINO toolkit. OpenVINO, which is short for Open Visual Inference and Neural network Optimization, enables customers to build and deploy high-performing computer vision and deep learning inference applications. Intel and Milestone partnership – Video solutions “Our customers are asking for choice and flexibility at the edge, on-premises and in the cloud,” said Hansen in her presentation at the virtual conference. “They want the choice to integrate with large-scale software packages to speed deployment and ensure consistency over time. They need to be able to scale computer vision. Resolutions are increasing alongside growth in sensor installations themselves. They have to be able to accommodate that volume, no matter what causes it to grow.” As partners, Intel and Milestone provide video solutions across many use cases, including safety and security. In effect, the partnership combines Intel’s portfolio of video, computer vision, inferencing, and AI capabilities with Milestone’s video management software and community of analytics partners. Given its complex needs, the smart cities market is particularly inviting for these technologies.

What Are the Physical Security Challenges of Smart Cities?
What Are the Physical Security Challenges of Smart Cities?

The emergence of smart cities provides real-world evidence of the vast capabilities of the Internet of Things (IoT). Urban areas today can deploy a variety of IoT sensors to collect data that is then analyzed to provide insights to drive better decision-making and ultimately to make modern cities more livable. Safety and security are an important aspect of smart cities, and the capabilities that drive smarter cities also enable technologies that make them safer. We asked this week’s Expert Panel Roundtable: What are the physical security challenges of smart cities?

New Markets For AI-Powered Smart Cameras In 2021
New Markets For AI-Powered Smart Cameras In 2021

Organizations faced a number of unforeseen challenges in nearly every business sector throughout 2020 – and continuing into 2021. Until now, businesses have been on the defensive, reacting to the shifting workforce and economic conditions, however, COVID-19 proved to be a catalyst for some to accelerate their long-term technology and digitalization plans. This is now giving decision-makers the chance to take a proactive approach to mitigate current and post-pandemic risks. These long-term technology solutions can be used for today’s new world of social distancing and face mask policies and flexibly repurposed for tomorrow’s renewed focus on efficiency and business optimization. For many, this emphasis on optimization will likely be precipitated by not only the resulting economic impacts of the pandemic but also the growing sophistication and maturity of technologies such as Artificial Intelligence (AI) and Machine Learning (ML), technologies that are coming of age just when they seem to be needed the most.COVID-19 proved to be a catalyst for some to accelerate their long-term technology and digitalization plans Combined with today’s cutting-edge computer vision capabilities, AI and ML have produced smart cameras that have enabled organizations to more easily implement and comply with new health and safety requirements. Smart cameras equipped with AI-enabled intelligent video analytic applications can also be used in a variety of use cases that take into account traditional security applications, as well as business or operational optimization, uses – all on a single camera. As the applications for video analytics become more and more mainstream - providing valuable insights to a variety of industries - 2021 will be a year to explore new areas of use for AI-powered cameras. Optimizing production workflows and product quality in agriculture Surveillance and monitoring technologies are offering value to industries such as agriculture by providing a cost-effective solution for monitoring of crops, business assets and optimizing production processes. As many in the agriculture sector seek to find new technologies to assist in reducing energy usage, as well as reduce the environmental strain of modern farming, they can find an unusual ally in smart surveillance. Some niche farming organizations are already implementing AI solutions to monitor crops for peak production freshness in order to reduce waste and increase product quality.  For users who face environmental threats, such as mold, parasites, or other insects, smart surveillance monitoring can assist in the early identification of these pests and notify proper personnel before damage has occurred. They can also monitor vast amounts of livestock in fields to ensure safety from predators or to identify if an animal is injured. Using video monitoring in the growing environment as well as along the supply chain can also prove valuable to large-scale agriculture production. Applications can track and manage inventory in real-time, improving knowledge of high-demand items and allowing for better supply chain planning, further reducing potential spoilage. Efficient monitoring in manufacturing and logistics New challenges have arisen in the transportation and logistics sector, with the industry experiencing global growth. While security and operational requirements are changing, smart surveillance offers an entirely new way to monitor and control the physical side of logistics, correcting problems that often go undetected by the human eye, but have a significant impact on the overall customer experience. Smart surveillance offers an entirely new way to monitor and control the physical side of logistics, correcting problems that often go undetected by the human eye. Video analytics can assist logistic service providers in successfully delivering the correct product to the right location and customer in its original condition, which normally requires the supply chain to be both secure and ultra-efficient. The latest camera technology and intelligent software algorithms can analyze footage directly on the camera – detecting a damaged package at the loading dock before it is loaded onto a truck for delivery. When shipments come in, smart cameras can also alert drivers of empty loading bays available for offloading or alert facility staff of potential blockages or hazards for incoming and outgoing vehicles that could delay delivery schedules planned down to the minute. For monitoring and detecting specific vehicles, computer vision in combination with video analysis enables security cameras to streamline access control measures with license plate recognition. Smart cameras equipped with this technology can identify incoming and outgoing trucks - ensuring that only authorized vehicles gain access to transfer points or warehouses. Enhance regulatory safety measures in industrial settings  Smart surveillance and AI-enabled applications can be used to ensure compliance with organizational or regulatory safety measures in industrial environments. Object detection apps can identify if employees are wearing proper safety gear, such as facial coverings, hard hats, or lifting belts. Similar to the prevention of break-ins and theft, cameras equipped with behavior detection can help to automatically recognize accidents at an early stage. For example, if a worker falls to the ground or is hit by a falling object, the system recognizes this as unusual behavior and reports it immediately. Going beyond employee safety is the ability to use this technology for vital preventative maintenance on machinery and structures. A camera can identify potential safety hazards, such as a loose cable causing sparks, potential wiring hazards, or even detect defects in raw materials. Other more subtle changes, such as gradual structural shifts/crack or increases in vibrations – ones that would take the human eye months or years to discover – are detectable by smart cameras trained to detect the first signs of mechanical deterioration that could potentially pose a physical safety risk to people or assets. Early recognition of fire and smoke is another use case where industrial decision-makers can find value. Conventional fire alarms are often difficult to properly mount in buildings or outdoor spaces and they require a lot of maintenance. Smart security cameras can be deployed in difficult or hard-to-reach areas. When equipped with fire detection applications, they can trigger notification far earlier than a conventional fire alarm – as well as reduce false alarms by distinguishing between smoke, fog, or other objects that trigger false alarms. By digitizing analog environments, whether a smoke detector or an analog pressure gauge, decision-makers will have access to a wealth of data for analysis that will enable them to optimize highly technical processes along different stages of manufacturing - as well as ensure employee safety and security of industrial assets and resources. Looking forward to the future of smart surveillance With the rise of automation in all three of these markets, from intelligent shelving systems in warehouses to autonomous-driving trucks, object detection for security threats, and the use of AI in monitoring agricultural crops and livestock, the overall demand for computer vision and video analytics will continue to grow. That is why now is the best time for decision-makers across a number of industries to examine their current infrastructure and determine if they are ready to make an investment in a sustainable, multi-use, and long-term security and business optimization solution.