Kevin Brownell, principal physical security consultant at PTS Consulting Group, considers convergence of IT networks and physical security. He argues that current best practice shows that they no longer need to be separate disciplines and reassures installers that their diversity has been exaggerated.

Brownell describes experiences of working with IT managers who no longer see networked CCTV and access control as ‘black arts’ and are buying into the idea of IP security as an integral part of truly ‘intelligent’ buildings. But optimism is tempered by the warning that our thinking needs to be truly ‘joined up’ if we are to avoid the elementary errors he has observed out in the field.

Convergence is now delivering on its promises in the manner that users and integrators have hoped for since the original concepts came into the public domain

Anybody observing how major security programmes are currently being implemented will have noted that many are appearing on the planning table from unconventional sources and are frequently bundled with IT. The corporate network has become not only a pervasive platform but also the starting point for security projects. Traditional CCTV systems with dedicated cabling in two or three different formats are coming close to extinction. Equally, you’re now unlikely to hear network managers dismiss IP-based CCTV with the familiar cry: “Not on my bandwidth you’re not!’ But that does not mean we have reached a utopia (promised by certain manufacturers) of all security systems operating on a single seamless network.

The changes are even more far-reaching in terms of the hardware at the heart of the security systems – the servers. Clients are realising that the cost of owning and supporting their own dedicated hardware far exceed the cost of moving to a virtualised environment.

The corporate network has become not only a pervasive platform but also the starting point for security projects

Server virtualisation for multi-site systems is making geography an irrelevance; if one of my clients deems that I am a legitimate visitor to any of its offices in Europe then a centralised access control server – possibly in a different continent – need only be informed once of my access rights. What sounded far-fetched a couple of years ago is now the norm and the default question is: “Why would you not opt for such a solution?”

Convergence is now delivering on its promises in the manner that users and integrators have hoped for since the original concepts came into the public domain. The IT network began as a dedicated structure in a facility. From this base position we have seen telephones, HVAC, fire systems, access control and more recently CCTV moving onto the network. Each discipline that has migrated to the network has come with problems of evolution but it is now safe to say that if a new building were unveiled featuring separate networks for each type of subsystem it would be viewed with incredulity followed quickly by derision.

Facilities managers will not tolerate the disruption caused by separate cabling and multiple contractors; active Ethernet has become a default choice with a single installation process. This is not only true of new-build projects but is often the only viable approach for engineers working within the strictures imposed by listed buildings.

New bedfellows

Clients are realising that the cost of owning and supporting their own dedicated hardware far exceed the cost of moving to a virtualised environment

We all have new partners with whom we must engage. Information technology, structural architects, network architects, physical security specialists, cyber security specialists, AV consultants, structured cabling providers, facilities management and human resources now have to balance what may be conflicting agendas and competing demands on space by pulling together. In-house IT and security resources must also show the self-awareness to consider using external sources of everyday support in addition to consultants dealing with conceptual issues.

The key to successful convergence is to ensure that the widest possible range of stakeholders begin talking to each other around planning tables at an early stage and that significant individuals in the planning process begin to define technical strategy in line with threat vulnerability and risk assessments (TVRAs) carried out by security consultants. You don’t have to be Nostradamus to predict that altering systems at the delivery stage will be difficult and costly.

Most major corporates use their networks to ensure scalability and built-in flexibility for the future in terms of both cyber and physical security. Short-sightedness is rare though many will have read recently about the New York merchant bank that was installing access control turnstiles as an afterthought while staff were arriving for their first morning’s work. It was an object lesson in the price of failure to invest time and resources in effective communication between clients and security integrators, and an abject illustration that there had been no security master plan.

Assume nothing

Building flexibility into corporate networks so that physical and IT security providers can continue to both optimise and safeguard the working environment is vital

Physical security consultants should not assume – however logical the requirement might seem – that their needs will get picked up by others in the design process. Where we put security equipment is seldom where IT engineers might imagine: we seldom want networking points under desks and tend to use risers and other unexpected locations above the ceiling. New ways of working always filter throughout the security disciplines and access control manufacturers are reporting that the current breed of intelligent building requires functioning access control earlier in the construction process than has been the norm. Similarly, if structured PoE cabling is to take multiple services, it must be fitted earlier.

Country cousins

Physical security has flourished in the age of distributed control systems and can take a share of the credit for the emergence of the truly intelligent building. IT managers realise this and are now less likely to treat security contractors as technically backward poor relations. Industry forums such as ONVIF and the PSIA, the British Security Industry Association (BSIA) and an active trade press all deserve credit for having ensured that physical security is treated seriously at board level such that IT directors are proving wise enough to work constructively with it. We should congratulate these bodies on having ensured that convergence of physical security with IT has never been a Wild West, and a new language has evolved.

Drivers for change

What have been the other drivers for change? The improved performance of IP CCTV cameras and the advent of video analytics (sometimes known as intelligent scene analysis) have contributed to ‘Big Data’ mining. Manufacturing advances in IP-addressable access control have made it an obvious hub for third-party integration and allowed it to combine effectively with visitor management software which had previously been the province of facilities management and IT. The safety advantages of integrating visitor management with access control in the event of a need for fire mustering are obvious.

The demonstrable effectiveness of biometric identification in government security spheres has been another catalyst that has prompted take-up in the private sector where databases of biometric data (facial, fingerprint and iris recognition) are used not necessarily to solve and prevent crime but primarily for access control.

The distinctions between IT and physical security are becoming imperceptible. Anybody reading this article in an office might like to consider what use they have made in the last hour of room booking, cashless vending, ‘follow me’ printing, RFID lockers, ‘hot desking’ and smart cards. They may also like to reflect that it is almost certain that had they not identified themselves to an access control device they would have been unlikely to have been able to log into a computer network and be benefiting from these services. Building flexibility into corporate networks so that physical and IT security providers can continue to both optimise and safeguard the working environment is vital.

Audience perception

Paradoxically, one of the biggest drivers for change has been people, and notably young staff members who have pragmatic, fearless attitudes to technology. Consultants who have had careers based on a single discipline are considering staff demographics as they implement new technology. They frequently observe that young audiences come to work with their own smart devices, are willing to get stuck in and simply expect things to work. Notably, they want previously disparate devices to connect via a network if they know this is the logical approach.

Of course not everybody is 21 years old and confident with technology. A consultant’s training strategy must cater for the whole work force and should prove sustainable over what may be a lengthy period of change. Staff should feel that the support they receive is evolving with the cycle of innovation and at no time should they think they are being neglected. This is vital at the end of the process and training materials should give employees a final momentum to continue and even experiment: the consultant should always ‘close with grace’.

When is an IP device not ‘just an IP device’?

As attitudes among young staff are changing, a new breed of engineer is also emerging, possibly taking their cue from the telephony sector. A phone on your office desk used to be the result of quite a complicated installation process. With the advent of the pervasive network, a telephone simply needed to be plugged in and it would find an IP address. The distinctions between a phone, a printer or a PC became minimal. The same might be said for an access control reader.

But what of an IP-enabled CCTV camera? A network engineer can assign it an IP address but can they produce a usable picture? Is the camera pointing in the right direction? Is it focused? Does the engineer understand the concepts of wide dynamic range (WDR), frame rate adjustment and the focus shift between white and IR light? These are issues that cannot be solved by just a structured cabling and treating the camera as just one more IP device.

A few provisos

Fortunately, cameras are an anomaly possibly because the optics surrounding them have not changed since the days of Gallileo. The likelihood is that both the traditional security installer and the new breed of network engineer will both ‘skill up’ to fill their knowledge gaps in building subsystems. The brave new world of interconnectivity really is as achievable as IT industry commentators are suggesting but a few warning notes need to be sounded on the ‘help yourself’ option of DHCP as opposed to fixed IP addresses. Just as with the New York bank, major installers in London will be aware of the recent meltdown of a transport hub when, after a power cut, 200 doors in an IP access control system simply indulged themselves in a free-for-all and assigned themselves new identities. I give these examples to show that my optimism is tempered by realism and that the increasing convergence of physical security with IT is not without some case studies that should make us pause and reflect. But multiple infrastructures can be, and are being, replaced with single holistic environments across every industry type with benefits in terms of ergonomics, safety, security and profitability.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Kevin Brownell Principal Physical Security Consultant, PTS Consulting Group

In case you missed it

COVID-19 worries boost prospects of touchless biometric systems
COVID-19 worries boost prospects of touchless biometric systems

Spread of the novel coronavirus has jolted awareness of hygiene as it relates to touching surfaces such as keypads. No longer in favour are contact-based modalities including use of personal identification numbers (PINs) and keypads, and the shift has been sudden and long-term. Both customers and manufacturers were taken by surprise by this aspect of the virus’s impact and are therefore scrambling for solutions. Immediate impact of the change includes suspension of time and attendance systems that are touch-based. Some two-factor authentication systems are being downgraded to RFID-only, abandoning the keypad and/or biometric components that contributed to higher security, but are now unacceptable because they involve touching. Touchless biometric systems in demand The trend has translated into a sharp decline in purchase of touch modality and a sharp increase in the demand for touchless systems, says Alex Zarrabi, President of Touchless Biometrics Systems (TBS). Biometrics solutions are being affected unequally, depending on whether they involve touch sensing, he says. Spread of the novel coronavirus has jolted awareness of hygiene as it relates to touching surfaces such as keypads “Users do not want to touch anything anymore,” says Zarrabi. “From our company’s experience, we see it as a huge catalyst for touchless suppliers. We have projects being accelerated for touchless demand and have closed a number of large contracts very fast. I’m sure it’s true for anyone who is supplying touchless solutions.” Biometric systems are also seeing the addition of thermal sensors to measure body temperature in addition to the other sensors driving the system. Fingerscans and hybrid face systems TBS offers 2D and 3D systems, including both fingerscans and hybrid face/iris systems to provide touchless identification at access control points. Contactless and hygienic, the 2D Eye system is a hybrid system that combines the convenience of facial technology with the higher security of iris recognition. The system recognises the face and then detects the iris from the face image and zeros in to scan the iris. The user experiences the system as any other face recognition system. The facial aspect quickens the process, and the iris scan heightens accuracy. TBS also offers the 2D Eye Thermo system that combines face, iris and temperature measurement using a thermal sensor module. TBS's 2D Eye Thermo system combines face, iris and temperature measurement using a thermal sensor module Another TBS system is a 3D Touchless Fingerscan system that provides accuracy and tolerance, anti-spoofing, and is resilient to water, oil, dust and dirt. The 2D+ Multispectral for fingerprints combines 2D sensing with “multispectral” subsurface identification, which is resilient to contaminants and can read fingerprints that are oily, wet, dry or damaged – or even through a latex glove. In addition, the 3D+ system by TBS provides frictionless, no-contact readings even for people going through the system in a queue. The system fills the market gap for consent-based true on-the-fly systems, says Zarrabi. The system captures properties of the hand and has applications in the COVID environment, he says. The higher accuracy and security ratings are suitable for critical infrastructure applications, and there is no contact; the system is fully hygienic. Integration with access control systems Integration of TBS biometrics with a variety of third-party access control systems is easy. A “middleware” subsystem is connected to the network. Readers are connected to the subsystem and also to the corporate access control system. An interface with the TBS subsystem coordinates with the access control system. For example, a thermal camera used as part of the biometric reader can override the green light of the access control system if a high temperature (suggesting COVID-19 infection, for example) is detected. The enrollment process is convenient and flexible and can occur at an enrollment station or at an administration desk. Remote enrollment can also be accomplished using images from a CCTV camera. All templates are encrypted. Remotely enrolled employees can have access to any location they need within minutes. The 3D+ system by TBS provides frictionless, no-contact readings even for people going through the system in a queue Although there are other touchless technologies available, they cannot effectively replace biometrics, says Zarrabi. For example, a centrally managed system that uses a Bluetooth signal from a smart phone could provide convenience, is “touchless,” and could suffice for some sites. However, the system only confirms the presence and “identity” of a smart phone – not the person who should be carrying it. “There has been a lot of curiosity about touchless, but this change is strong, and there is fear of a possible second wave of COVID-19 or a return in two or three years,” says Zarrabi. “We really are seeing customers seriously shifting to touchless.”

How to maximise your body temperature detection systems
How to maximise your body temperature detection systems

There are many companies jumping into selling temperature detection systems to the state, local governments, hospitals, airports and local businesses, but do they know how to drive one? Anyone can get behind a car and drive it into a wall by accident. The same can happen with a temperature detection system.  The first thing you should ask is “does my firm have a certified thermographer?”. If not, the firm are at risk of getting a low quality system that is being resold to make quick cash. Businesses that are doing this do not know how to operate it properly. Asking the right questions Secondly, you should ask whether the system is NDAA compliant. NDAA compliance means that your temperature detection equipment is protected by U.S. law. Does your system have a HSRP device (blackbody)? HSRP (Heat Source Reference Point) is a device that will allow the camera to detect the correct temperature a distance. Even if the room temperature does change throughout the day, treat it as a reference point for the camera to know the temperature at that distance. Can your system scan mutliple people at once? Can your system scan mutliple people at once? This is a bad question but often asked since most systems will say yes. For ease, everyone wants to scan many people at once, but the best practice according to FDA and CDC guidelines is to run one person at a time for best accuracy. Why? The HSRP (blackbody) device tells the camera what the correct temperature is at a given distance away from the camera. Every foot you are away from the HSRP device will be off by 0.1 degrees roughly. If you are in a room full of people, let's say 6, in view of the camera, every person that is not next to the HSRP device (5) will be given an inaccurate reading. Hence why it is so important to run the system correctly with just one person at a time. You will also need to follow the 6 feet rule. If you take that into consideration, one at a time at 6 feet apart, the device should tell you how you need to run the system. Sensitivity of thermal imaging Is your system’s sensor accurate enough? The FDA recommends an error of ±0.5°C or better. When looking for a system, make sure it is better than what they recommend. I would recommend ±0.3°C or better. Do not purchase a system over ±-.5°C degrees as you are doing yourself and your customers or employees an injustice.  Another thing to look at is how many pixels it can determine the temperature from. Some cameras can only tell the temperature of 6 points on the screen, whilst others can take a temperature reading from each pixel. Take a 384x288 camera, for example, which would be over 110,000 points of temperature taking on a single image.      Thermal cameras are very sensitive, so there are a lot of do’s and don’ts. For example, the system cannot see through glasses or hats. On the below image you can see a person with the visual camera on the right, whilst on the left side is through a thermal camera.  Both are pointing at the same area. It is clear the person on the left side is “invisible” to the thermal imaging camera. Demonstrating the sensitivity of thermal imaging If you are a company who wants to detect the temperature of customers or employees though the front door, window or a car window, the answer would be no. You need a clear line of sight without any interference to scan for temperatures. Other things you need to look out for is wind and distance away from the HSRP (blackbody) device. Air and distance away from the HSRP device will make the system less and less accurate the more space between the device. Air and distance away from the HSRP device will make the system less and less accurate Thermal imaging and COVID-19 If you have a clear line of sight, is there anything I need to know? The answer is yes. Reflective materials such as metal can interfere with your temperature readings. Reflective materials are easily picked up from the thermal side so pointing at a medal, glass or anything reflective can cause inaccuracies within the system. In the age of COVID-19, temperature detection systems are more important than ever. Organisations must get a system in place to help scan for high temperatures in order to reduce the spread of the virus.

What are the security challenges of the oil and gas market?
What are the security challenges of the oil and gas market?

Protecting the oil and gas market is key to a thriving economy. The list of security challenges for oil and gas requires the best technology solutions our industry has to offer, from physical barriers to video systems to cybersecurity. We asked this week’s Expert Panel Roundtable: what are the security challenges of the oil and gas market?