Qualification & Training

Schools are continuing to upgrade security measures for pupil safety. However, on top of all the fundamental challenges schools face, implementing well-rounded and effective security solutions can seem a great difficulty. Andrew Shaw, architectural consultant for Allegion UK, discusses the advantages of electro-mechanical solutions. Schools can equate to some of the most complex security challenges for architects, specifiers and school officials alike. This is because choosing the right solution requires a comprehensive analysis of a building’s design and layout and the different requirements of each perimeter, alongside specific uses, user groups and opening hours. Different areas and spaces, such as reception areas, entry points or classrooms, each need to be approached differently in terms of safety and security measures. Precautionary Lockdown Strategy Adequate training also means all staff know how to support an effective lockdown and facilitate a safe escape in the event of an emergency What’s more, if the building is used for out-of-hours purposes, or if contractors are on-site, these issues will also need to be addressed. Simply put, there’s no one-size-fits-all solution for schools. Security hardware and a precautionary lockdown strategy are necessities, as they are integral to the safety of teachers, students and visitors. Adequate measures need to be implemented so that schools are prepared for, and safeguarded against, external threats or unauthorized access. While a lot of the responsibility falls on the shoulders of facility managers, it’s also important for teachers and administrators to be aware of, and educated on, solutions and training. This means knowing how certain hardware works and how to spot a faulty product. Adequate training also means all staff know how to support an effective lockdown and facilitate a safe escape in the event of an emergency. Unique Building Requirements This is becoming increasingly important with newer systems too, especially as the Internet of Things (IoT) becomes more commonplace within the industry. Integrating electro-mechanical solutions into existing school security systems is now more commonly viewed as an achievable and viable option. Because an off-the-shelf security solution to fit all doesn’t exist, the benefits of integrating both electronic and mechanical solutions into systems are quickly becoming realized. As such, schools are growing more accustomed to tailored solutions based on their own unique building requirements and budgets. Each school layout is unique and, therefore, must address a range of security factors specific to different areas. Many areas within a school’s building design must accommodate for high capacity, especially in places that may be part of a fire escape route. Mechanical Door Hardware Schools need to consider the amount of exit and entry points, which will be dependent on the size and layout of the school grounds All schools need to address three different levels of security. The first level is the least vulnerable of the three and concerns the perimeter entry and exit points. The second level is more vulnerable than the first and relates to the point at which people are screened before entering the interior of the school. Finally, the third level - and the most vulnerable - refers to the core of the school that both pupils and staff occupy. The first level of security is the perimeter, and these areas become more important depending on the time of day. Schools need to consider the amount of exit and entry points, which will be dependent on the size and layout of the school grounds. Incorporating some level of electronic access control should be a consideration, whether that is a combination of electronic and mechanical door hardware, or a complete electronic solution. Greater Visitor Management An electromechanical solution, such as electric strikes, can be beneficial in the effectiveness of perimeter security as they provide greater visitor management and traffic control. Electric strikes are able to control access via keypads, cards and proximity readers. When combined with mechanical locks, they provide the benefits of unrestricted egress. This option also allows integration with central security systems, which can be automatically activated and pre-programmed for regular scheduled control. These solutions help lower the risk of potential unauthorized entry, which can lead to theft of equipment, and compromising people’s safety. They also aid facility and site managers in knowing where potential weak points are in the school perimeter. Because schools will most likely have multiple access points, the combination of mechanical hardware and access control systems allows for both security and convenience, providing greater control and monitoring. Efficient Access Control A well-designed school with a single-entry point allows for such monitoring, but should also cater to the efficient movement in and out of the building The second level of security is the administration or reception area. As this area will be designed primarily to facilitate visitor entry, it will require adequate monitoring of access control. This area should be able to restrict visitors from freely accessing the rest of the school. A well-designed school with a single-entry point allows for such monitoring, but should also cater to the efficient movement in and out of the building. To do this, the latches used on access-controlled egress doors can be electronically controlled from the reception area or school office. Exit or entry doors can be opened by a push from the inside and, if the entry area is also an emergency exit, electronically-powered panic bars can also provide an effective solution. When using access control solutions, schools are provided with information on who entered a part of the premises and when, are able to restrict or limit access to specific times of the day, and easily add and delete users, allowing them to manage access to the building more efficiently. Integrated Centralized Systems The areas most susceptible to vulnerability are the internal hallways, corridors, stairwells, entry points and restricted areas (such as staff lounges and science laboratories). These are the areas where a school must foster the safest environments for pupils, while also providing protection as they often contain confidential information, expensive equipment or chemicals. For these areas, there are a number of different solutions that will be beneficial, whether electronic, mechanical or a combination of the two. For electronic solutions, there are two options available: remote or centralized systems. With remote lockdown systems, individual locks are activated by remote control within proximity to the door. With integrated centralized systems, the access control system is linked to all doors within the school building and locked at the touch of a button.  Mechanical solutions, which include a cylinder lock and key, are also ideal for places such as classrooms, as doors can be locked externally with a key or internally with a thumbturn, to prevent unauthorized persons from entering. When paired with electronic access control systems, mechanical hardware can provide simplified yet improved security levels. Electromagnetic Door Closers Electromechanically exit devices allow for monitored and safe access, while also allowing for an immediate exit In schools, it is often the case that entrance doors will also be fire exits. Electromechanically exit devices allow for monitored and safe access, while also allowing for an immediate exit. When integrated with electronic access control systems, emergency exit points become safer and more secure as access control measures can be added, whether for teachers, pupils or visitors.  In the interest of fire safety, and to eliminate the illegal practice of propping fire doors open as well as aid free passage in busy areas, electromagnetic door closers can be linked with the building’s fire alarm system. When the fire alarm sounds (or in the event of a power outage), the electromagnet deactivates, bringing the door to a close in a normal manner, preventing the spread of fire and smoke. Building Design Requirements By design, electronic access control systems are also easy to use and maintain. The reliability and durability of such systems also means that there will be less need for excess time and money spent on maintenance, and there’s peace of mind in knowing the systems are code-compliant. Their flexibility additionally allows for the implementation of a highly-effective bespoke solution. Electronic access control and electronic devices are able to be integrated with or into a variety of other electronic and mechanical systems. This means schools are able to successfully tailor solutions to their own budgets and building design requirements. Fully integrated security solutions and biometrics are becoming increasingly affordable and accessible, giving school officials and managing teams greater control over their buildings. These solutions also give them scalability for the future, meaning systems are both future-proof and easily upgradable.

DICE Corporation has announced that the company is launching a new Tech Security Summit that will combine the annual DICE User Group conference with exclusive training and educational resources for professionals in all sectors of the security industry. 2019 Tech Security Summit The inaugural event takes place April 29 through May 2, 2019 at the Sheraton Grand National Downtown in Nashville, TN. Event highlights include panel discussions with DICE representatives and industry experts, product demos, exhibitor showcases, education and training, roundtable sessions, and networking and group activities. The 2019 Tech Security Summit offers something for anyone interested in the latest products and advancements in security technology. Whether you’re a business leader, central station operator, IT professional, dealer, or systems distributor, the event promises to present useful insight into the ever-changing security technology the industry uses day-to-day. Technology And Education “We are pleased to be able to provide a platform that focuses exclusively on technology and education for the security industry,” said DICE Corporation President and CEO Cliff Dice. “By providing a gathering space for training and certifications, product demos, and many opportunities for one on one discussion with our team and guest speakers, I anticipate the Tech Security Summit will quickly become a must-attend event for anyone interested in learning more about the technology that commands the industry.”

Bosch has expanded its professional services for integrators with the Boost Onsite Support offering available in North America. Designed to assist with the commissioning of large and complex installations, integrators selecting this service receive in-shop and/or on-site support from a Bosch technical expert as well as access to this specialist via email and phone throughout the duration of the project. Bosch Security, Safety And Communications Systems With this level of onsite support, installations are more efficient, and the integrator gains valuable experience that can be applied to future projects" The Bosch technical expert will provide review and guidance on the programming of Bosch security, safety and communications systems to ensure they are configured to meet the end user’s expectations and specifications. The expert will also advise the integrator on the best way to test the system, the functionality of the network, and any interfaces to products and systems from other manufacturers, as well as assist with end user training when needed. “With this level of onsite support, installations are more efficient, and the integrator gains valuable experience that can be applied to future projects,” said Eric Cechak, Vice President of After Sales Service in North America for Bosch. “Integrators that participated in our initial pilot program of the service have seen the requirement for additional phone-based technical support greatly reduced on projects where Boost Onsite Support was used. Their feedback verifies that having a Bosch expert provide guidance ensures up-front configuration is done correctly and any required adjustments are made efficiently. Overall, this service speeds installation time, reduces troubleshooting and call-back costs for the integrator, and improves end user satisfaction.” Boost Onsite Support Boost Onsite Support rounds out Bosch’s technical support offerings, which include a variety of solutions. In addition to support via phone, email and live chat, Bosch offers an online knowledgebase with technical solutions articles as well as YouTube channels featuring a wide range of video tutorials.

Viakoo, a provider of a proven means to proactively automate surveillance and access control system verification in the security industry, is demonstrating solutions to assist in proving and maintaining regulatory or organizational compliance at GSX 2018. The dynamic capabilities of this system help customers ensure – and prove – consistent compliance with physical security regulations across a wide range of applicable industries including: transportation, payment card processing (PCI), electrical distribution and many more. This solves a persistent challenge in these industries to help avoid the risk of fines or service interruptions. Cyber-Risk Management Working in conjunction with Coalfire, a cyber-risk management and compliance firm, the Viakoo Predictive product was found to fully or partially automate the audit process for 38 specific physical security controls. Using automated discovery and push-button reporting from Viakoo can save significant time during an audit, and can help avoid the risk of expensive penalties, recalls or other service interruptions as a result of failing an audit. Additionally, Viakoo sits on the TIA-942 Edge Data Center working group, providing a focus on physical security requirements and cyber hardening of data centers to the group. Viakoo provides the only patented solution available to prove data retention compliance. Viakoo offers the only proactive and automated solution assessed by forensic auditors from Coalfire for physical security controls" Physical Security Compliance Viakoo has joined with the Telecommunications Industry Association (TIA), which represents the global information and communications technology industry, to comprehensively and proactively participate in providing compliance solutions for protecting telecommunications facilities and products. “Viakoo offers the only proactive and automated solution assessed by forensic auditors from Coalfire for physical security controls,” said Bud Broomhead, CEO, Viakoo. “By working with Coalfire, and joining with the TIA, Viakoo continues to work with industry leaders to provide proactive, automated solutions for ensuring physical security compliance across industries.” Surveillance Systems Many organizations that employ surveillance systems are required by regulations, industry standards, or internal compliance standards to retain video evidence for a period (typically 30 to 90 days). Auditors for industry standards such as PCI, NERC, NIST, TIA-942, FedRAMP and others, are now required to confirm that organizations systematically retain video data for the required retention period in order to achieve compliance certification.

Dortronics, global manufacturer of electric locking hardware and controls for the security industry, announces the expansion of its lunch and learn course offerings by adding Building Industry Consulting Service International (BICSI) Continuing Education Credits. BICSI is a professional association supporting the advancement of the information and communications technology (ICT) community. ICT covers the spectrum of voice, data, electronic safety & security, project management, and audio and video technologies. These informative sessions provide designers, specifiers, and resellers the opportunity to explore and compare the various types of door hardware, interlocking systems and their applications. Topics include mantraps, sally ports and cleanroom/laboratory air locks, and their applications. Courses On Door And Access Control Solutions Dortronics continues to offer AIA and BICSI courses in a small and relaxed environmentThe lunch and learn sessions are accredited by the American Institute of Architects (AIA) as well as recognized by BICSI. Upon successful completion of each course, participants will receive one BICSI CEC and/or one AIA Learning Unit. These informative sessions provide users with detailed information on how door control solutions are designed, manufactured and implemented, and address both off-the-shelf and custom options available. Dortronics continues to offer AIA and BICSI courses in a small and relaxed environment. Two one-hour courses are currently available: Door Interlocks: Applications and system design reviews the various types of door interlocks, mantraps, sally ports and their applications as well as discusses the different types of interlock controls and the accessories required for a fully functional system. Electronic Locking Devices for access control systems reviews electrified door locking hardware and related components which interface with electronic access controllers to provide a complete security solution.

NTT Security, the specialized security company of NTT Group, has strengthened its UK management team with the appointment of Azeem Aleem to the position of Vice President Consulting and Head of its UK & Ireland (UK&I) business. Azeem is a highly respected cybersecurity specialist and joins following a six-year tenure at RSA Security, where most recently he held the role of Global Director and Head of its Worldwide Advanced Cyber Defense (ACD) Practice. Experienced Cybersecurity Expert “Azeem is a very experienced cybersecurity expert and leader with a strong global background and I am very glad to welcome him to NTT Security. He will strengthen our UK management team, but also contribute, based on his extensive experience, to the success of our EMEA organization,” says Kai Grunwitz, Senior Vice President EMEA at NTT Security. Azeem joins NTT Security with a strong track record in cybersecurity with over 15 years’ experience in cyber defense technologies, security operations, counter threat intelligence, data analytics and behavioral classification of the cybercriminal. Within the domain of organizational operations, Azeem has wide-ranging experience in managing P&L, driving operational excellence, change management and process re-engineering. Azeem has been at the forefront of architecting cyber resilience capabilities against Advanced Persistent Threats Cyber Threat Prevention Azeem has been at the forefront of architecting cyber resilience capabilities against Advanced Persistent Threats (APT) for some of the best financial, government and public sector organizations across Europe, the US, Asia and the Middle East. He has worked with both national and international law enforcement agencies around intelligence training, detection and investigation of cybercrime. As a subject matter expert, he has made frequent appearances on regional television and radio programs commenting on the increase of cyber threats that are affecting the security of our connected society.  A published book author and academic criminologist, he has authored several periodicals on advanced security threats in peer reviewed journals and security magazines. He is an eminent plenary conference guest speaker both at national and international level.

  What a year it’s been! 2017 has been a monumental period of product innovation and growth for Pivot3. The company experienced a more-than-50-percent increase in bookings from Q2 to Q3 this year, including a record number of million-dollar orders. We also saw deals supporting multiple use cases more than double, and experienced continued growth in the video surveillance market, driven by new product enhancements and contracts worth more than $1 million. We have also invested in building an influential group of surveillance-focused experts internally, and increased our focus on building strong partnerships with major VMS players, key systems integrators and other aligned-technology providers, such as Iron Mountain and Lenovo. A More Robust Industry It wasn’t only Pivot3 that had a healthy year; the industry, as a whole, is robust. Investment in technology is growing in markets ranging from public sector organizations, municipalities, gaming and transit agencies — all seeking technology solutions that drive value, increase intelligence and reduce risk. It is the drive for data that propels the video surveillance industry forward. A respected industry thought leader said recently that “data is the modern currency,” and video is the most prominent Big Data application in the world (by far). Those vendors and installers that understand how to help organizations capture, analyze and leverage data will be the ones who secure their future in the marketplace. A respected industry thought leader said recently that “data is the modern currency" Honest Predictions Last year, I predicted that cybersecurity would become of greater importance to our market and that prediction was on point. Data security has become the number one concern in the industry, widely because users are moving back to more-trusted brands that focus on implementing cybersecurity protocols into network devices. In the coming year, cybersecurity will continue to be a primary focus — and it must be — for all product vendors, integrators and end-users. The adoption of standards and guidelines around data security for physical security technology will be imperative to ensuring data integrity. An Era Of Evolution Over the past year, deep learning and artificial intelligence have become some of the most quoted buzzwords. Organizations see the value in leveraging these trends to analyze data more efficiently, and because of recent market innovations, we see a real impact an analytics effectiveness. Additionally, we have seen more and more large organizations migrate more of their security function to the cloud. Today, private-cloud architecture is no longer novelty; it is expected, and despite some well-publicised breaches, the public cloud is now considered more secure than some traditional on-site solutions. Cloud-based systems will be deployed much more frequently across some market segments, from SMEs to larger enterprises The Year To Come As 2018 approaches, I expect to see many of these same trends accelerate even further. Cloud-based systems will be deployed much more frequently across some market segments, from SMEs to larger enterprises. AI will become more mainstream, and analytics solutions will become more advanced. Overall, we at Pivot3 look forward to another strong growth period and seeing the continued evolution of the market as we swing into another year.

The demand for security consultancy services has increased as recent terror events have highlighted the need for effective and proportionate mitigation measures. Security training has seen an increase in demand, especially for technical courses in the areas of access control and CCTV.   Security management training has also risen, except in the oil and gas sector where demand dropped significantly; this is attributed to the suppressed oil price. However, recently there are signs indicating this trend has bottomed out and oil companies are beginning to invest once again in security management training. Security Ramifications Of Brexit Important trends developing in the last year include higher demands for training in cyber-security, and the facilities management market’s pushing to upskill in security disciplines in response to the heighten risk of terrorism. The Brexit situation is having an impact as companies seek to safeguard their international supply chains. For example, there is an increased demand for security advice on Authorized Economic Operator applications. Those businesses which ignore EU requirements, which include producing risk assessments, are at risk of legal restrictions in trading operations. The changing tactics of terrorists – for example, using vehicles as a weapon and marauding attacks – have demonstrated the need for flexible mitigation strategies. Educating Against Cybercrime Terrorism and cyber-related crime, often involving extortion, are amongst the leading issues looking ahead to 2018, with the C-suite continuing to place reputational risk as a top-three agenda item. The impact of lax security can be extreme, as evidenced recently via international media of many leading brands targeted by cyber criminals and terrorists. In the next year, we at The Linx International Group will continue to invest in increasing our eLearning programs portfolio, and are gearing to provide more consultants to meet higher demands overseas, particularly across EMEA and the Far East. What has emerged in 2017 is an increasing mandate from overseas for British-based security consultancy and training services, which are widely regarded as “best in class.” In 2017, there is an increasing mandate from overseas for British-based security consultancy and training services Winners And Losers The winners in the new year will be those companies that invest in quality training to produce increased skills sets in their people, appreciating such investment will increase outputs and ultimately customer confidence. The losers will be those security businesses, particularly in the guarding sector who resist investing in their people and rely on winning business based purely on price alone. We have seen a clear trend in corporates wanting multi-disciplined third-party contractors able to supply personnel with recognized industry qualifications, not just providing manpower at the cheapest possible price. Continuing Success Into The New Year The Linx International Group has had a successful 2017, increasing staff numbers to address double-digit increase in sales. Key achievements for the group have included: the design and creation of two new technical training centers in Dubai and Singapore, the creation of a new professional register for Certified Technical Security Professionals and the launch of a new Master’s Degree in International Security and Risk Managements (developed in conjunction with the University of South Wales). Building on these successes will be a challenge in 2018, as will keeping pace with the ever-rapid changes in technology. One thing is certain, the demand for security across most areas of life will increase – our biggest challenge will be to meet that demand. 

A security awareness program is an educational process to help employees observe events or people through a “security lens” Organizations have a duty of care to protect their employees wherever they work. But in the increasingly complex world that we all live in, the ability to deliver a risk-commensurate and cost-efficient security program that adds real value to a business is extremely challenging, according to IFSEC International 2016 speaker Frank Cannon. He will be speaking on developing an employee security awareness program in the Security Management Theatre at IFSEC International in London on 23 June. Benefits And Challenges Of Security Awareness Programs SourceSecurity.com: In what ways does a good employee security awareness program add value to a business? Cannon: Simply put, it increases the number of people within an organization who behave appropriately to safeguard the workforce and protect its property. Through enhanced vigilance and informed awareness, the employees identify and report suspicious conditions or people at the earliest opportunity, so triggering a proportionate response by others. This early notification helps to minimize the negative consequence of crime and thus saves money.  SourceSecurity.com: Why is implementing an employee security awareness program such a challenge? "The location, audience, timeavailable and importance of thesecurity message often dictatehow and when the securityawareness program is delivered" Cannon: To be effective, a security awareness program must have the support of senior executives and then resonate with the workforce. It is necessary to identify a series of key security messages that are consistent with the security risks, but that also echo the organization’s beliefs and vision statement. The pitch, tone and proportionality of the security message must complement the day-to-day working culture of the target audience. There is no one-size-fits-all program that can be used to create a security culture, but more there’s a need for a cognitive process that requires an informed approach to harness the views of numerous stakeholders. Once initiated, the program must adapt to the changing work environment and security risks. The challenge is convincing leaders to invest funds based on the likelihood that an undesirable event will have a negative impact on the business and/or convincing the workforce to change their behaviors to minimize the impact of such events. Logistics Of Security Awareness Training SourceSecurity.com: If all employees are effectively part of the wider security team, how do you distinguish between their roles and those of security professionals? Cannon: A “team” is a group of people with a common purpose; in this instance, the purpose is to safeguard all those within the team and to protect the property they use or own. Communication is the essence of good teamwork and by encouraging each and every member of the team to observe, listen and communicate, it allows others to take appropriate action to address any fears or concerns. Non-security professional members of staff become the “alarm” or information gatherers, leaving the security practitioners to respond or analyze and plan.  SourceSecurity.com: What does a security awareness training program look like?  Cannon: My belief is that “training” is a process to develop skills or practical ability, whereas “education” is the giving and receiving of knowledge or theoretical competence. A security awareness program is an educational process to help employees observe events or people through a “security lens” and help them recognize an abnormal situation that may place people or property at risk. Initial inductions, promotional courses, trade training, team meetings, periodicalworkshops and quarterly town halls all provide good platforms to engage workforces SourceSecurity.com: What are the main elements of such a program? Cannon: Prior to the development of a security awareness program, the security threats and associated risks against the organization, its workforce or its assets require assessment. You then have to create an integrated security program with a proportionate blend of physical, technical and procedural elements. The security procedures set out behavioral expectations for employees, so that a pre-determined outcome is achieved. Only then can an employee awareness program be developed to communicate with the workforce.  A program consists of numerous methods (or tools) to communicate security expectations to active participants. These consist of key messages, each of which amplifies specific issues that, when put together, help to create a security culture. This isn’t a tangible asset or outcome but more a way routine business is carried out. Key messages are developed with the support of stakeholders and should complement an organization’s culture, beliefs and operating processes.  SourceSecurity.com: What format does the training take (classroom/online/reminders/refreshers etc.)? Cannon: Security education is a continually evolving process that takes advantage of opportunities as they appear. Initial induction, promotional courses, trade training, team meetings, periodical workshops and quarterly town halls all provide good platforms to engage the workforce. "By encouraging each and everymember of the team to observe,listen and communicate, it allowsothers to take appropriate actionto address any fears or concerns" The location, audience, time available and importance of the security message often dictate how and when the security awareness program is delivered. This can range from regular (3 to 5 minute) “security moments” at the start of routine meetings, to a full day workshop involving larger audiences. A tradesperson with little access to a computer may benefit from a “toolbox talk” at the start of the day, whereas an office worker may learn more through an online e-package. For those with time – or for the more important security risks – a workshop or standalone meeting may be the most appropriate forum. Alternatively, a well-designed poster may successfully convey the simpler messages.  The critical element of a security awareness program is that the message being communicated must be relevant, important and personal to each person. He or she must identify with the message and understand a personal benefit for changing an otherwise acceptable behavior to help increase the levels of protection for themselves, their colleagues or the property they are responsible for.  Effective Physical And Cyber Security Awareness SourceSecurity.com: Does the security awareness program include information security as well as conventional physical security? Cannon: If the organization, its management or the security risk assessment identifies a cyber risk that requires employees to behave in a specific way, then information security can be included in the program. Anything that adds to the protection of personnel or assets can be included, including health and safety, environmental or community interaction.   SourceSecurity.com: How can you measure the effectiveness of such a program? Cannon: This is challenging and is often why organizations tend not to invest in security awareness programs. I often say that the success of my program is when I have leaders or supervisors discussing personal safety or asset protection as part of routine business. An organization with an effective program (or security culture) has security as part of its operational planning process, listed within job descriptions and part of its meeting agenda items. Success is when employees are routinely reporting suspicious people or events, where employees are willing to participate in workshops or practice drills, where they change their behaviors based on advice received and where they seek out security awareness materials for use within their own teams. The ultimate goal is to have an incident- and injury-free working environment so that the incident statistics support a downwards trend. The security risk level can change overnight, however, so incident trends are not always a true reflection on the success of a security awareness program.

Cybersecurity talk currently dominates many events in the physical security industry. And it’s about time, given that we are all playing catch-up in a scary cybersecurity environment where threats are constant and constantly evolving. I heard an interesting discussion about cybersecurity recently among consultants attending MercTech4, a conference in Miami hosted by Mercury Security and its OEM partners. The broad-ranging discussion touched on multiple aspects of cybersecurity, including the various roles of end user IT departments, consultants, and integrators. Factors such as training, standardisation and pricing were also addressed as they relate to cybersecurity. Following are some edited excerpts from that discussion.  The Role Of The IT Department Pierre Bourgeix of ESI Convergent: Most enterprises usually have the information technology (IT) department at the table [for physical security discussions], and cybersecurity is a component of IT. The main concern for them is how any security product will impact the network environment. The first thing they will say, is “we have to ensure that there is network segmentation to prevent any potential viruses or threats or breaches from coming in.” The main concern for IT departments is how any security product will impact the network environment” They want to make sure that any devices in the environment are secure. Segmentation is good, but it isn’t an end-all. There is no buffer that can be created; these air gaps don’t exist. Cyber is involved in a defensive matter, in terms of what they have to do to protect that environment. IT is more worried about the infrastructure. The Role Of Consultants And Specifiers Phil Santore of DVS, division of Ross & Baruzzini: As consultants and engineers, we work with some major banks. They tell us if you bring a new product to the table, it will take two to three months before they will onboard the product, because they will run it through [cybersecurity testing] in their own IT departments. If it’s a large bank, they have an IT team, and there will never be anything we [as consultants] can tell them that they don’t already know. But we all have clients that are not large; they’re museums, or small corporations, or mom-and-pop shops. They may not be as vulnerable from the international threat, but there are still local things they have to be concerned about. It falls on us as consultants to let them know what their problems are. Their IT departments may not be that savvy. We need to at least make them aware and start there. Wael Lahoud of Goldmark Security Consulting: We are seeing more and more organisations having cybersecurity programs in place, at different maturity levels. At the procurement stage, we as consultants must select and specify products that have technology to enable cybersecurity, and not choose products that are outdated or incompatible with cybersecurity controls. We also see, from an access control perspective, a need to address weaknesses in databases. Specifying and having integrators that can harden the databases, not just the network itself, can help. The impact of physical security products on the network environment was a dominant topic at the MercTech4 consultants roundtable discussion The Need For Standards On Cybersecurity Jim Elder of Secured Design: I’d like to know what standards we as specifiers can invoke that will help us ensure that the integrator of record has the credentials, knows what standards apply, and knows how to make sure those standards are maintained in the system. I’m a generalist, and cybersecurity scares the hell out of me.We’re not just talking about access to cameras, we are talking about access to the corporate network and all the bad things that can happen with that. My emphasis would be on standards and compliance with standards in the equipment and technology that is used, and the way it is put in. It can be easier for me, looking at some key points, to be able to determine if the system has been installed in accordance. We are seeing more and more organizations having cybersecurity programs in place, at different maturity levels"I’m taking the position of the enforcement officer, rather than the dictator. It would be much better if there were focused standards that I could put into the specification— I know there are some – that would dictate the processes, not just of manufacturing, but of installation of the product, and the tests you should run accordingly. Pierre Bourgeix: With the Security Industry Association (SIA), we are working right now on a standard that includes analyzed scoring on the IT and physical side to identify a technology score, a compliance score, a methodology, and best-of-breed recommendation. Vendor validation would be used to ensure they follow the same process. We have created the model, and we will see what we can do to make it work. Terry Robinette of Sextant: If a standard can be written and it’s a reasonable process, I like the idea of the equipment meeting some standardized format or be able to show that it can withstand the same type of cyber-attack a network switch can withstand. We may not be reinventing the wheel. IT is the most standardized industry you will ever see, and security is the least standardized. But they’re merging. And that will drive standardization. Jim Elder: I look to Underwriters Laboratory (UL) for a lot of standards. Does the product get that label? I am interested in being able to look at a box on the wall and say, “That meets the standard.” Or some kind of list with check-boxes; if all the boxes are checked I can walk out and know I have good cybersecurity threat management.IT is the most standardised industry you will ever see, and security is the least standardised" The Role Of Training Phil Santore: Before you do any cybersecurity training, you would need to set the level of cybersecurity you are trying to achieve. There are multiple levels from zero to a completely closed network. Wael Lahoud: From an integrator’s perspective, cybersecurity training by the manufacturer of product features would be the place to start – understanding how to partner the database, and the encryption features. We see integrators that know these features are available – they tick the boxes – but they don’t understand what they mean. Cybersecurity is a complex topic, and the risk aspects and maturity levels vary by organization. That would be a good starting point. The Role Of Integrators Wael Lahoud: Integrators like convenience; less time means more money. So, we see some integrators cut corners. I think it is our role (as consultants) to make sure corners are not cut. If you rely solely on integrators, it will always be the weak password, the bypass. We have seen it from small projects to large government installations. It’s the same again and again. Even having an internal standard within an organization, there may be no one overseeing that and double-checking. Tools will help, but we are not there at this point. I will leave it up to manufacturers to provide the tools to make it easy for consultants to check, and easier for integrators to use the controls. Cybersecurity is a complex topic, and the risk aspects and maturity levels vary by organization - so training is very important The Impact of Pricing Pierre Bourgeix: The race to the cheapest price is a big problem. We have well-intended designs and assessments that define best-of-breed and evaluate what would be necessary to do what the client needs. But once we get to the final point of that being implemented, the customer typically goes to the lowest price – the lowest bidder. That’s the biggest issue. You get what you pay for at the end of the day. With standards, we are trying to get to the point that people realise that not all products are made the same, not all integrators do the same work. We hope that through education of the end user, they can realise that if they change the design, they have to accept the liability.It’s not just the product that’s the weakest link, it’s the whole process from design to securing that product and launching it" The big picture Wael Lahoud: The Windows platform has a lot of vulnerabilities, but we’re still using it, even in banks. So, it’s not just the product that’s the weakest link, it’s the whole process from design to securing that product and launching it. That’s where the cybersecurity program comes into play. There are many vulnerable products in the market, and it’s up to professionals to properly secure these products and to design systems and reduce the risk. Pierre Bourgeix: The access port to get to data is what hackers are looking for. The weakest link is where they go. They want to penetrate through access control to get to databases. The golden ring is the data source, so they can get credentialing, so they can gain access to your active directory, which then gives them permissions to get into your “admin.” Once we get into “admin,” we get to the source of the information. It has nothing to do with gaining access to a door, it has everything to do with data. And that’s happening all the time.

To succeed in business, one must be brilliant at one thing. In many cases it’s a skill, such as art, coding, engineering or design. Or that one brilliant attribute can also be a personality trait or a business process. No business will be successful unless it is at least adequate, and preferably superb, in product development, sales, and customer engagement - not to mention finance, planning, marketing and recruiting.  Too many VMS producers are trying to do all these things themselves when they should be doubling up on what they are best at and leveraging the rest. It is a new mindset. Instead of obsessing about which ‘me-too’ product to supply, software producers could make their first priority finding complementary and compatible partners. Developing A Partnership Ecosystem One partner might see the opportunity to sell a solution. Another partner might know a better way to distribute a product. A third partner might provide the vertical expertise to get the customer a perfectly tailored solution. By leveraging partners and developing a partner ecosystem, a company will tend to have more unique offerings and the ability to execute faster in an ever-changing world. All this additional partner horsepower is still no guarantee a company will succeed but partnerships will also give a company a feedback channel.  Many stand-alone companies plod along, never quite failing, but never getting better either. Partners are less likely to tolerate business limbo. They will be quick to utilize great products, and less wedded to the concept if it doesn’t prove out. Because the partners are in close contact with the market, they are the first responders to changing or developing needs. This is why a company should listen very closely to their partners: They are the feet on the street and the ears to the beat! Open Platform Matters Producing software takes time, and producing great software takes even longer All of this is not possible, however, if a company produces closed platform software. This is software whose functions can only be changed by the original developers. Producing software takes time, and producing great software takes even longer. This means low agility. The partners might identify great opportunities, but before the closed platform software producer can react, the opportunities might be gone - or worse, be grabbed by competitors. The slow reaction capabilities of closed platform providers will frustrate partners and may lead to the worst of all complications in a partnership: distrust. Add-On Modules and Intrinsic Scripting When the products are based on an open platform, however, they are adaptable. Then the partners have the ability to change the solution through the open software architecture. Not by changing the basic code (that would be open source) but by add-on modules and intrinsic scripting abilities. Total Integrated Solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution to fulfill the customer’s needs with the minimum of effort. This gives agility, and agility means fast go-to-market abilities. Just what is needed in this fast-moving world. There are some important things to note here. The ways to extend and enhance the software have to be easy and well documented. The partners must have access to training and knowledge sharing. (It does not help to have a system for extending the capabilities of the software if the partners have to guess at the process and the documentation is rudimentary.) Open Access Is Key It is important that the business philosophy is based on openness, giving the partners full access to all relevant information. And openness is a two-way street: By being open for your partners, you also have to be open about their business. A partner might be able to develop a highly sophisticated solution but be unable to market the solution. By building a catalog of partner solutions easily accessible to customers, openness extends to ensure open access to the partners. Openness is not something a business can just tack on to their approach. It has to be in the DNA of the business from the start. In a Harvard Business Review article entitled ‘Predators and Prey: A new ecology of competition,’ JF Moore says: “A business ecosystem, like its biological counterpart, gradually moves from a random collection of elements to a more structured community.” Structured Business Ecosystem Milestone has seen this progression within the company's ecosystem Milestone has seen this progression within the company's ecosystem. They introduced training and certification requirements as part of the partnership success structure, ensuring knowledge is shared and also used in a way that is most mutually beneficial for all involved. Moore also writes: “Every business ecosystem develops in four distinct stages: birth, expansion, leadership and self-renewal.” At present, Milestone and its partners are entering into the ‘leadership’ stage, where video enabling is creating opportunities beyond those offered by a traditional video surveillance system, and into areas that provide additional business benefits to our customers. Video Enabling “A leader must emerge in the ecosystem,” Moore says, “to initiate a process of rapid, ongoing improvement that draws the entire community toward a grander future.” This is the role Milestone has played in leading the industry towards the video enabling phase and redefining the industry’s expectations of what a surveillance system is capable of. In the article, Moore underlines that “executives whose horizons are bounded by the traditional industry perspectives will find themselves missing the real challenges and opportunities that face their companies.” Getting Connected Connectors are those people with a wide range of contacts across different social circles In his book The Tipping Point, Malcolm Gladwell describes what he calls ‘The Law of the Few,’ which says: "The success of any kind of social epidemic is heavily dependent on the involvement of people with a particular and rare set of social gifts." This is based on the 80/20 principal, “which is the idea that in any situation roughly 80 percent of the 'work' will be done by 20 percent of the participants." He goes on to identify three types of people with these gifts: Salesmen, who are skilled in persuasion and negotiation; Mavens, who collect and disseminate useful information; and Connectors. Connectors are those people with a wide range of contacts across different social circles who can make introductions and create links between otherwise disparate individuals. Milestone, Key Connector In Physical Security Industry In the wider scheme of things, Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry. Milestone brings together companies who are brilliant in their respective fields and make it easy for them to work together to create a valuable solution for the customer. The company provides the environment for that to occur and work closely with them to ensure that the end result is useful and effective. At Milestone, partners realized that significant investments in education and training was required to create the demand for the company's products and solutions that the conservative physical security industry required. The value of partnership was learnt and the ‘open’ approach adopted, which was a central part of the thinking behind our software. Adopting The Scandinavian Management Model Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry Milestone extended this approach to the entire business model, creating the ecosystem that has been the driving force for success. And while the company embraced the best of the Scandinavian management model, its inclusiveness and encouragement of creativity, they still needed to have the courage to make changes to the business, changes which would ensure the best possible position to take on whatever challenges the future might hold.  Milestone Partner Ecosystem Milestone have always worked in a partner-driven business mode. The company from the start was designed to be open and partner oriented. The Milestone partner ecosystem is a fundamental part of its mindset and daily operations. It is one of the major reasons for getting the company to the position where it is today. To be in a company without the partner component would be like cutting the internet and phone cables while reverting to telex and written paper letters! The company would be developing products in the dark, not knowing the demand. Open Business World Today, Milestone's partners are delivering optimal solutions to mutual customers, building a better and open business world with video as a business enhancer. All thanks to the company's open platform and community approach. To have a flourishing partner ecosystem, one must think not as a corporation but in human terms. Because companies don’t think, humans do. In all senses of the word, there is one thing that will contribute more to the success of a partnership than anything else; 'Give before hoping to receive'.

The potential for catastrophic injury in the petrochemical industry makes safety training and credentialing of employees imperative. Coordinating this process for a variety of industries, including many in the petrochemical fields of southern Alabama, is Training Solutions for Construction and Industry (TSCI). The mission of TSCI is to promote and facilitate workforce development ‘by providing industry-recognized training with portable credentials to create a diverse, trained and sustainable workforce’. TSCI provides computer-based and instructor-led training developed by the Association of Reciprocal Safety Councils (ARSC) and based on requirements from the Occupational Safety and Health Act (OSHA) and the U.S. Department of Homeland Security. Within one day, a person can gain all of his or her required training for a year, and it will be accredited. ID Cards With Encoded Results Workers who successfully complete a TSCI safety orientation receive a tamper-proof ID card, encoded with the results of his or her training. “ID cards give students a record of their training and eventual access to a plant,” said Jack Fecas, Operations Manager, TSCI. The card is valid for one year. If other safety or specialized training is completed during that year, the card is encoded with the additional credentials. All member plants of TSCI and ARSC member organizations recognize and accept the ID card. Workers look to TSCI for training in such areas as fire safety, process safety management, confined space entry, respiratory protection, hazardous energy, basic first aid and CPR, scissor lift, scaffolding, excavation and trenching, elevated work surfaces, electrical safety and disaster site safety. The Office of Homeland Security also can set criteria for credentialing, such as asking for drug screen results. Site-Specific And Fire Safety Training TSCI provides site-specific training, which might include a focus on fires or explosions at a refinery or dust-particle respiratory safety at a mill In addition to its basic orientation training programs, TSCI provides site-specific training, which might include a focus on fires or explosions at a refinery or dust-particle respiratory safety at a mill. “Some companies using dangerous materials have wind socks to indicate which direction the wind is blowing, telling employees which exit route is safe for use at that time,” said Fecas. “This kind of training needs to be site-specific.” Other site-specific training might include basic alarm system safety, teaching employees what to do when they hear a constant alarm versus what they might do if they hear several short bursts of an alarm. About 1,500 workers take the basic orientation program from TSCI every year, and the numbers are growing. With only one printer, clearly more capacity was needed. Fargo’s DTC550 Printer/Encoder Fecas knew that his organization needed more capacity in order to handle the increasing volume, so he began looking for an additional printer – one that was fast, yet reliable. He needed barcode technology and a printer that could encode new data as workers took additional classes. TSCI found all of the requirements it was seeking in Fargo’s DTC550 Direct-to-Card printer/encoder from ID Wholesaler. Not surprisingly, the security offered by the DTC550 was a primary selling point for Fecas. In addition to being recommended by other ARSC Safety Councils, it just made good business sense. TSCI chose a standard holographic overlaminate available with the DTC550, which improves the card’s durability and reduces the risk of counterfeiting. More than 80 percent of training occurs at the TSCI offices, according to Fecas, but it also can take place at a plant site. With the new DTC550 able to handle the increasing demand at TSCI, the old printer will be used for remote training, thus increasing TSCI’s ability to meet the needs of its customers. Workspace Security The common curriculum of our safety training levels the playing field, so when workers leave TSCI they can recognize the hazards in the worksite and protect themselves and their co-workers" “The common curriculum of our safety training levels the playing field, so when workers leave TSCI they can recognize the hazards in the worksite and protect themselves and their co-workers,” Fecas added. “They still have information to learn at the plant, but they are ready to go to work.” “We have had ID cards since we began in 1995,” he said, “but with the early cards, there was much more hand-work. Our operator had to add a photo by hand and then wait for the laminating machine to heat up before the card could be laminated. The evolution has been very interesting. In addition, we have been very pleased with the service provided by the Fargo printer and by ID Wholesaler. I can pick up the phone or send an e-mail, and a representative is available for assistance.” Most Secure System “We recommended the DTC550 printer because it is very reliable and has more than one holographic laminate choice,” said Jeff Gunhus, ID Wholesaler Sales Team Leader. “TSCI originally bought just the printer and had to wait until its next budget cycle to purchase the lamination unit. They liked the fact that the Fargo printer had an upgrade path. It is important to listen to our clients’ wants, needs and concerns,” Gunhus added. “Then we simply do our best to help them out.” “If a company is going to do business nowadays, it needs to be secure,” adds Fecas. “Our business relies on plants and regulatory agencies trusting what we do. We need to be on the cutting edge when it comes to information technology. The best system is the most secure system. We made a decision to go with what has been tried and true and working in industry now.”

Government regulations continue to step up security demands at federal agencies, requiring identity cards to support multiple identity assurance factors and be validated at entries into a building or location. Because of the cost and infrastructure that goes along with many security upgrades, federal agencies must wait months or, in many cases, years to implement changes. The Federal Aviation Administration—an operating mode of the U.S. Department of Transportation—is no different. The FAA is tasked with the colossal mission of regulating and overseeing all aspects of civil aviation in the United States. With offices around the world, including its headquarters in Washington, D.C., the FAA has a large number of employees and buildings to oversee. With so many people coming into and out of the buildings each day, it is particularly important that security personnel have reliable tools to validate employee credentials Need Of Tools For Validating Employee Credentials As part of its security requirements, the FAA must validate Personal Identity Verification (PIV) cards at checkpoints within its facilities. With so many people coming into and out of the buildings each day, it is particularly important that security personnel have reliable tools to validate employee credentials. As recently as a year ago, FAA security personnel were conducting visual inspection of PIV cards at the gates into facilities that did not have PIV card readers. They had no way of telling if the card was authentic, revoked, or if the employee had access rights to a checkpoint at a particular time. At the FAA headquarters, which employs just under 6,000 permanent employees, and another FAA facility, the Minneapolis Air Route Traffic Control Center, which is the organization’s 11th busiest airport traffic control tower, visual verification just wasn’t enough. Automating The Verification Process In order to comply with HSPD-12 and the Office of Management and Budget (OMB) Memorandum 11-11, the FAA needed a process beyond visual verification that allowed security personnel to quickly check the authenticity and revocation status of a card, as well as access rights to a particular area of the facility. With as many as 5,000 people coming into the FAA headquarters facility daily, the organization’s primary goal was to automate the verification process. “The project needed to provide guards the ability to validate PIV cards at FAA facilities where the gates did not have PIV card readers,” said Craig Auguston, HSPD-12 Program Manager at the Federal Aviation Administration. “We also wanted a mobile solution for backup and for roaming guards to be able to validate secure areas, such as parking garages.” Codebench’s OMNICheck Plus Software OMNICheck Plus was ultimately decided upon because it is integrated with many physical access control systems including the P2000 The FAA began looking at products that could not only meet its requirements for mobile validation, but also integrate seamlessly with its P2000 security management database from Johnson Controls (JCI), according to Auguston. “This upgrade was important to meet the FAA’s requirement to validate PIV cards at all check points,” Auguston said. The FAA’s former process of visual verification was not allowing security guards to check the status of a PIV card, such as revocation status and specific access rights, both of which the organization needed to meet its security goals. After testing a couple of mobile software validation programs, the organization chose OMNICheck Plus software from Codebench, a HID Global Company. OMNICheck Plus was ultimately decided upon because it is integrated with many physical access control systems including the P2000, and it is listed on the GSA’s FIPS 201 Approved Products List as a CAK authentication system when running on an ARM-based mobile device such as the DAP CE3240B, which both FAA facilities use. Giving Mobile Access To The Security Guards “They really needed something that was going to allow their security guards to be mobile in certain parts of a facility,” said Botio Mandov of Johnson Controls. Johnson Controls, the integrator for the project, helped the FAA implement a larger security upgrade, which included the security management database and mobile validation software. Together, the FAA’s mobile DAP devices and OMNICheck Plus software enabled roaming security guards to use the mobile handheld devices in FAA parking garages and other entry points that needed to be secured, but do not have stationary PIV card readers. One of the most important aspects of authentication software for the FAA was the ability to check an employee’s access rights directly on the mobile card readers Checking Access Rights On Mobile Card Readers In addition to mobility, one of the most important aspects of authentication software for the FAA was the ability to check an employee’s access rights directly on the mobile card readers—something only their organization’s P2000 physical access control system could do previously. With an OMNICheck module called Data Import, certain cardholder information housed in the FAA’s P2000 database, such as access rights, was pushed down into the DAP mobile devices used by security personnel.  “Access rights allow FAA security guards to make sure employees’ cards are not only valid, but that they are allowed to be in a certain area at a certain time,” Mandov said. In addition, FAA security administrators can run audit reports that show which cards were checked and when. The implementation took about five months, including testing the interface with the access control system and coming up with a training guide for the security guards, according to Auguston. The FAA is currently using 31 DAP CE3240B mobile readers with OMNICheck Plus. Saving Money By Eliminating Physical Parking Passes Prior to the OMNICheck Plus installation, FAA security personnel had an unreliable way of authenticating PIV cards and access rights. Now, security personnel are able to verify digital certificates, revocation status and access rights, all while having an audit trail of the cards checked in the system. An additional, unexpected benefit for the FAA has been the cost savings of eliminating physical parking passes at its two facilities. “We are able to positively identify cardholders’ status when they try to enter the facility. We were able to save money by eliminating the physical parking pass by using OMNICheck to validate cardholder’s status for parking in FAA-controlled facilities,” Auguston explained.

The Sinan Erdem Dome is the largest multi-purpose indoor venue in Turkey. Located in Istanbul, the dome has a seating capacity of up to 22,500, and hosts a number of events, including concerts, tennis matches, and basketball games. Strengthening Stadium Security Upon being chosen to host a number of games during the European Basketball Championships 2017, the chief European men’s international basketball competition held biannually, the Sinan Erdem Dome looked to strengthen their security system. The dome’s large-scale presented high-surveillance requirements such as support for 64 split-screens, hundreds of cameras, and a back-end storage and management infrastructure that could support the entire system. Dahua provided the dome with a complete, high-end monitoring system that included a total of over 600 IP, speed dome, and ANPR cameras on the front-end, and NVRs, video walls, video matrix devices, and related control accessories on the back-end. Smart Detection Technologies The dome’s surveillance system was constructed with the latest cutting-edge technology To better protect the stadium from a variety of threats, the solution employed a number of smart detection technologies such as intelligent analysis, which includes motion detection, tripwire, intrusion, and smart-tracking functionality. ANPR was also utilised, which recognises license plates numbers and checks them against a central whitelist and blacklist. Plate records are also stored on NVR devices and can be searched through by security officers. In less than a week, the local team completed installation, testing, and customer training, and the dome was fully ready to securely host international sporting events. Protecting All Corners In under a week, the dome’s surveillance system was constructed with the latest cutting-edge technology, increasing its appeal to international events seeking venues. Dahua smart technologies automated a great number of surveillance operations, such as automatic car-barrier operation enabled by ANPR camera integration, thus greatly reducing the strain on security workers. Every corner of the stadium was covered by Dahua cameras providing high definition video, ensuring zero blind spots and optimal detail collection. In addition, Dahua showcased its customer-centric philosophy through supplying high-quality customization, technical support, operation training, and after-sales service, which guaranteed the expertise of system operators as well as long-term reliability and quick issue resolution.

Even the most advanced and sophisticated security systems are limited in their effectiveness by a factor that is common to all systems – the human factor. How effectively integrators install systems and how productively users interface with their systems both depend largely on how well individual people are trained. We asked this week’s Expert Panel Roundtable: What is the changing role of training in the security and video surveillance market?

What happens after the sale is complete, after the contracts are all signed and sealed? That’s when an abundance of variables can kick in – variables that can mean the difference between a successful security system or a case of buyer’s remorse. The features and value of equipment involved in a security system are well known before the sale closes, as hopefully are the integrator’s and end-user’s expectations about after-sale service. But what is the reality of after-sale service, and how can manufacturer’s make it better? We asked this week’s Expert Panel Roundtable: How can security system manufacturers improve their after-sale service for integrators and end users?