Stonestreet Farm

Stonestreet is a horseman’s paradise. The property is one of three horse farms owned by vintner Jess Jackson, founder of Kendall- Jackson Winery, and is a world-class facility for raising and training champion thorough-bred horses. Also, it’s where his broodmares foal, so this pristine farm is a nursery, of sorts, for horses. When Jackson and Jay Foote, his security manager, were discussing the farm’s vulnerabilities, they turned to Roy Abney of Secure Concepts Integration in Lexington. Together they worked on designing a system that met their needs and goals. SCI was then challenged to implement the solution within the 32 remaining days until the 2006 Kentucky Derby.

The Royal Treatment

Foote said the system was integrated by selecting the most compatible components from a variety of manufacturers. The objective was to deliver maximum performance given the high profile of its owner and his guests, which have included oil magnates, heads of state and other high-profile guests.

“When we examined possible equipment, I picked items I like,” Foote said. “Then the integrator suggested certain applications, and we met halfway. The best part of working with SCI is they showed us how to get the most use from the equipment we were installing.”

A high-profile installation covering a large area that uses both wired and wireless technology cost Stonestreet Farms about a quarter of a million dollars. While the investment is significant, it is so diverse in capability that multiple departments within the farm operations use its features. Security officers were trained to fully understand the ins and outs of the new system, including how to use the cameras to their full potential and maximum efficiency. Officers have access to wireless panic buttons and roving vehicles now equipped with the capability of 24-hour surveillance. Human resources also use the system to inform officers as to when workers arrive for daily duties. From a personnel standpoint, security management also can keep track of who is at work and where they are.

Candid Camera

Cameras and intercoms are used to enhance the farm’s access control system by allowing security officers to view and communicate with whoever is approaching any of the automated security gates. The cameras are the mainstay of the operation, and they come in many varieties. Equipment installed includes a grouping of fixed cameras in American Dynamics housing and PTZ equipment. SCI installed a parallel Ethernet network strictly for the access control and video surveillance system.

"When the camera is approaching the house, we zoom in on the license plate and grab a clear image of it"

SCI placed up to five Toshiba IK- 6200A cameras in each of the barns. These same cameras are installed at the main entrance to provide security for those people permitted on that part of the farm. The cameras are attached to Axis 241Q network video servers where streaming video is sent wirelessly over the Alvarion Ethernet cloud covering the entire farm. The Toshiba cameras were selected because of price and performance ratios. At the time of installation, the cameras represented a good value for a color CCD camera with day/night capabilities. According to SCI systems integrator Stephen Bond, there were considerable savings to be gained by using analog cameras attached to an Axis video server that used all four of its ports.

SCI selected the Sony SNC-CS3N IPELA network camera for those areas where only one or two cameras were needed. This camera streams video directly across the Alvarion wireless network. One advantage of using IP cameras is that the end user can adjust brightness, color and contrast from the camera’s Web interface. This is far superior to dragging a ladder around the farm, fine tuning cameras for optimum performance. These cameras are installed at all entrance gates, the main office and at the guard shack, where one is used as a license plate reader.

Cameras also are used as access control devices so security officials know when a gate opens, allowing them to zoom in on prefixed points. These cameras are installed at the main office, used as a license plate reader and placed at the guard shack. Integrators selected the Sony SNC CS11 IPELA cameras because they stream video directly into the Alvarion wireless Ethernet cloud and were cost effective for the application.

Taking this concept a bit further, a Sony SNC-RZ25N network PTZ camera was installed near the island bridge leading up to the main residence. Multiple vehicle sensors are tied into the camera, so the camera tracks vehicles as they move up the driveway.

“When the camera is approaching the house, we zoom in on the license plate and grab a clear image of it,” Bond said. “There is a slight bump as you roll onto the stone bridge, which everyone breaks for. The bridge acts as a natural speed bump, causing everyone to tap their brakes and slow down. This allows for nearly perfect license plate shots every time.”

“When other farm managers come to view our operations, it’s been fun showing off our security system that works in conjunction with our daily activities"

Bond also said the camera is in a preset tour mode when no vehicles are in the area, and the roving security detail has full control of the camera’s PTZ capabilities anytime they want to look around. This can be accomplished from the security vehicle, the guard shack or the main security office.

A Sense of Pride

Although the installation was completed more than a year ago, Bond said the system is clearly still state-of-the- art. The camera system also has other uses. For example, the camera system is used for training the security force by allowing them to review their performance after staged incidences. In the event something should happen, all video is recorded and archieved for at least 30 days on multiple American Dynamics INTELLEX IP NVRs.

Even on a farm where thoroughbreds are the prized possession, this security system has had its share of the limelight. “When other farm managers come to view our operations, it’s been fun showing off our security system that works in conjunction with our daily activities,” Foote said. “I’m very proud of what we’ve done here.”

While Phase I was completed by the 2006 Kentucky Derby, other features have been added to the security system, including integration with a Kantech access control system and an audible messaging system forthe roving security vehicles. In 2010, the FEI Alltech World Equestrian Games will be held in Lexington, making it the first time this Olympics for horses will be held outside Europe. Horse farm managers are looking at Stonestreet Farms as they begin preparations for this major event that will require substantial security upgrades at their facilities, as well.

After all, if the security system in place is good enough for royalty, surely it must be fitting for some of the finest thoroughbred race horses in the world.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

What Is The Impact Of Remote Working On Security?
What Is The Impact Of Remote Working On Security?

During the coronavirus lockdown, employees worked from home in record numbers. But the growing trend came with a new set of security challenges. We asked this week’s Expert Panel Roundtable: What is the impact of the transition to remote working/home offices on the security market?

Water Plant Attack Emphasizes Cyber’s Impact On Physical Security
Water Plant Attack Emphasizes Cyber’s Impact On Physical Security

At an Oldsmar, Fla., water treatment facility on Feb. 5, an operator watched a computer screen as someone remotely accessed the system monitoring the water supply and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. The chemical, also known as lye, is used in small concentrations to control acidity in the water. In larger concentrations, the compound is poisonous – the same corrosive chemical used to eat away at clogged drains. The impact of cybersecurity attacks The incident is the latest example of how cybersecurity attacks can translate into real-world, physical security consequences – even deadly ones.Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. The computer system was set up to allow remote access only to authorized users. The source of the unauthorized access is unknown. However, the attacker was only in the system for 3 to 5 minutes, and an operator corrected the concentration back to 100 parts per million soon after. It would have taken a day or more for contaminated water to enter the system. In the end, the city’s water supply was not affected. There were other safeguards in place that would have prevented contaminated water from entering the city’s water supply, which serves around 15,000 residents. The remote access used for the attack was disabled pending an investigation by the FBI, Secret Service and Pinellas County Sheriff’s Office. On Feb. 2, a compilation of breached usernames and passwords, known as COMB for “Compilation of Many Breaches,” was leaked online. COMB contains 3.2 billion unique email/password pairs. It was later discovered that the breach included the credentials for the Oldsmar water plant. Water plant attacks feared for years Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. Florida’s Sen. Marco Rubio tweeted that the attempt to poison the water supply should be treated as a “matter of national security.” “The incident at the Oldsmar water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers, but also from malicious actors with unknown motives and goals,” comments Mieng Lim, VP of Product Management at Digital Defense Inc., a provider of vulnerability management and threat assessment solutions.The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online “Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasizes the need to ensure the systems are defended against any adversary,” Mieng Lim adds. “Proactive security measures are crucial to safeguard critical infrastructure systems when perimeter defenses have been compromised or circumvented. We have to get back to the basics – re-evaluate and rebuild security protections from the ground up.” "This event reinforces the increasing need to authenticate not only users, but the devices and machine identities that are authorized to connect to an organization's network,” adds Chris Hickman, Chief Security Officer at digital identity security vendor Keyfactor. “If your only line of protection is user authentication, it will be compromised. It's not necessarily about who connects to the system, but what that user can access once they're inside. "If the network could have authenticated the validity of the device connecting to the network, the connection would have failed because hackers rarely have possession of authorized devices. This and other cases of hijacked user credentials can be limited or mitigated if devices are issued strong, crypto-derived, unique credentials like a digital certificate. In this case, it looks like the network had trust in the user credential but not in the validity of the device itself. Unfortunately, this kind of scenario is what can happen when zero trust is your end state, not your beginning point." “The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online for the first time as part of digital transformation projects,” says Gareth Williams, Vice President - Secure Communications & Information Systems, Thales UK. “While the move towards greater automation and connected switches and control systems brings unprecedented opportunities, it is not without risk, as anything that is brought online immediately becomes a target to be hacked.” Operational technology to mitigate attacks Williams advises organizations to approach Operational Technology as its own entity and put in place procedures that mitigate against the impact of an attack that could ultimately cost lives. This means understanding what is connected, who has access to it and what else might be at risk should that system be compromised, he says. “Once that is established, they can secure access through protocols like access management and fail-safe systems.”  “The cyberattack against the water supply in Oldsmar should come as a wakeup call,” says Saryu Nayyar, CEO, Gurucul.  “Cybersecurity professionals have been talking about infrastructure vulnerabilities for years, detailing the potential for attacks like this, and this is a near perfect example of what we have been warning about,” she says.  Although this attack was not successful, there is little doubt a skilled attacker could execute a similar infrastructure attack with more destructive results, says Nayyar. Organizations tasked with operating and protecting critical public infrastructure must assume the worst and take more serious measures to protect their environments, she advises. Fortunately, there were backup systems in place in Oldsmar. What could have been a tragedy instead became a cautionary tale. Both physical security and cybersecurity professionals should pay attention.

How Have Security Solutions Failed Our Schools?
How Have Security Solutions Failed Our Schools?

School shootings are a high-profile reminder of the need for the highest levels of security at our schools and education facilities. Increasingly, a remedy to boost the security at schools is to use more technology. However, no technology is a panacea, and ongoing violence and other threats at our schools suggest some level of failure. We asked this week’s Expert Panel Roundtable: How have security solutions failed our schools and what is the solution?