The potential for cities to improve performance and personal security using data and crowd-sourced analytics is both dramatic and potentially unlimited

The vision of a utopian urban future rests
heavily on the success of Open Data
and a Cloud Computing paradigm

Confronting urban challenges using technology requires the private sector to work in tandem with governments to enable "smart cities." In fact, one report predicts the number of safe cities worldwide will quadruple in the next decade. It’s a topic that is increasingly top-of-mind.

For example, the Safe Cities Asia 2015 conference in Singapore in May brought together senior professionals and thought leaders to focus on topics such as cyber security, the cloud, Big Data analytics and mobile engagement strategies. Smart cities – as well as safe cities – were a big topic at IFSEC 2015 this year, too, and one of the presentations addressed emerging trends and technologies related to safe, smart and connected cities – and the impact of the Internet of Things (IoT). In this article, Simon Moores, a speaker at IFSEC, expounds on the impact technologies will have on our urban environments in coming years.

At the turn of the last century, in 1900, it’s estimated that 200 million people lived in cities. At the time, this was about one-eighth of the world’s population. A little over 100 years later, over 3 billion people now occupy an urban space. In 2015, London surpassed its 1939 peak of 8.5 million residents, placing unprecedented demands on both infrastructure and public services.

Rising urban housing demand

It’s the raw speed of urbanisation that matters. As the TV news reports nearly every day, we are in the middle of the largest migration period in history, and one can’t help but notice the future of the millions of urban poor being conspicuously absent in the utopic vision offered by the digital prophets in many developed and developing nations.

The security researcher Robert Muggah describes the phenomenon of “turbo-urbanisation,” and this is one of the key drivers of fragility and risk in developing economies today. For example, China is adding a mega-city the size of London every two years, and India needs to build the equivalent of a new Manchester every year to keep up with inexhaustible demand for urban housing.

It was as true of the era of Thomas Edison as it is of the present, that the search for an answer to the challenges of growing human urbanisation is believed to exist in the smarter application of new technologies. Where once, electricity and the arrival of the elevator gave us vertical cities, today, we have the promise of the Internet of Things (IoT), Artificial Intelligence (AI), Big Data, micro-controllers (MEMS) and new materials to help manage a very crowded future.

Getting rid of "sick cities" first

In hundreds of cities across the
world, we are seeing the arrival
of a new civic consciousness
as the smartphone becomes a
platform for reinventing the
urban landscape

Perhaps we should simply admit that nobody has a clue what the world will look like in even five years’ time, and before we start prematurely celebrating the arrival “smart cities,” we urgently need to solve the problems of “sick cities” and “safe cities” first. More importantly, we might ask if we so focused on the promise of an urban utopia, that we have lost touch with some of the very real technical, infrastructure and social problems that define the fastest growing urban environments. I noted on a recent BBC news report that some Chinese cities have been erected without adequate drainage and sewer systems to deal with regular monsoon-driven flooding.

An Era of Possibilities

Today, we are living in what has been described as “An Era of Possibilities,” a special window in both time and technology that is now driving the scaling of commercial and social activity beyond the familiar boundaries within which we become accustomed to thinking. Everywhere you look, it can be argued we are on the cusp of a technology-based societal transformation that will be at least as big as that of the Industrial Revolution.

In hundreds of cities across the world, we are seeing the arrival of a new civic consciousness as the smartphone becomes a platform for reinventing the urban landscape from the bottom up and we move away from dull, monolithic and centralised, City Hall-controlled data into far richer and more useful crowdsourced data from millions of smartphones. Cities are already the most complex structures mankind has ever created and for a new generation of civic leaders, in larger and developed “super-cities” like New York, London and Singapore, smart technology represents an opportunity to rethink and even reinvent the tired-looking model of local government.

In a conference presentation this summer in London (IFSEC Global) I was asked which “Smart Technologies” will have the biggest impact on cities in the future and what emerging trends are keeping people and property safe? Can we evolve the emerging concept of a smart city organically; one app, one Uber, one check-in, one API call, one Arduino, one hot spot at a time?

Two sides of IoT technology

The potential for cities to improve performance and personal security using data and crowd-sourced analytics is both dramatic and potentially unlimited. Technology appears to hold many, if not all, the answers it promises, but it simultaneously presents us with most of the bigger problems too. Why? Well, for one reason, whereas in the past, urban risk was widely distributed among structures rather than devices, the situation is changing.

The Internet of Things will
deliver exciting opportunities
and new kinds of services,
many of which we have yet to
imagine. However, there will be
equally unimagined and
unintended consequences

Today, technology companies and even politicians imagine anything capable of holding an electric current, from the city’s water supply valves, to your bathroom light-bulb, with its own IP address, can be connected to the Internet. We are confronted with a perfect storm of risk factors and potential vulnerabilities that might make the recent Ashley Madison hack look like child’s play as each of these connection points is potentially a source for a security breach.

If I were to summarise the message of my presentation at IFSEC Global this last summer, it would be this:

Much like the arrival of Uber and Airbnb, The Internet of Things will deliver exciting opportunities and new kinds of services, many of which we have yet to imagine. However, there will be equally unimagined and unintended consequences, if only because, in highly complex systems with many connected and tightly-linked elements, accidents are inevitable.

Open Data and Cloud computing for secure urbanisation

The vision of a utopian urban future rests heavily on the success of Open Data and a fast-evolving Cloud Computing paradigm. However, unless government and industry can collectively find a standardised model to properly secure a trillion or so smart devices, the surface area risk for tomorrow’s Smart Cities appears daunting as a wider communications break-down in the Cloud could lead to the kind of “Downtime” paralysis described by the science fiction novelist, Cory Doctorow, in his short story, “Human Readable.”

That’s not to say I’m a pessimist, far from it. On a recent visit to give a talk in Hong Kong, my taxi from the airport had five smartphones fixed to a specially constructed Perspex dashboard, neatly positioned in front of the driver and at any one time he appeared to be using at least three.

Having grown-up with an earlier vision of the future in the Ridley Scott movie, “Blade Runner:”, the oriental combination of a very old Toyota taxi and a small gallery of smartphones, pointed me firmly in the direction of another urban landscape. Governments and big technology companies may have grand visions for the future of smart cities, but ultimately, the coming age of global urbanisation will be crowd-shaped by citizen interest groups, market forces, Open Data, smartphones … and even an army of fast-talking, multi-tasking Chinese taxi drivers?

Download PDF version

Author profile

In case you missed it

Why moving to a risk-based approach helps business
Why moving to a risk-based approach helps business

Today’s security leaders encounter many challenges. They have to operate with reduced budgets and face challenging and evolving risks on a daily basis. Security leaders are often ignored and only called upon when needed or in disaster situations. Many don’t have an ongoing relationship with the C-suite because the C-suite doesn’t understand the value they bring to the whole business. In order to resolve these challenges, a security leader can apply a risk-based approach to their security program. According to  dictionary.com, risk is “exposure to the chance of injury or loss; a hazard or dangerous chance”. Risk is broader than a security concern and involves the entire business.  Through utilising a 3R model - considering resources, risks and resolutions - a security leader can evaluate the output from the model to build the foundation of a strong plan. This allows the leader to make security decisions based on a quantified risk measure.  A business determines what resources it wants to protect, what risks it needs to protect the resources from and what resolutions it can put in place to mitigate the risk. Decisions are based on measurable evidence. Free online risk assessment tools are available to provide a fast, easy way to determine an organisation's basic security risks through an investigative approach The 3 Rs The first step in the 3R model is to figure out what resources need protection. This could be physical - such as buildings, critical infrastructure or valuable equipment, knowledge-based - such as intellectual property, or organisational - such as people or governance structure. Understanding the business will help the security leader develop a list of critical elements. Look for tangible resources such as buildings and machinery, and intangible resources like reputation, knowledge and processes. Second, determine what the resources need to be protected from. Anything that threatens harm to the organisation, its mission, its employees, customers, partners, its operations or its reputation could be at risk. These can include contextual risks (workplace safety or natural disasters), criminal risks (theft or cybercrime) or business risks (compliance or legal issues).  Anything that threatens harm to the organisation, its mission, its employees, customers, partners, its operations or its reputation could be at riskFree online risk assessment tools are available to provide a fast, easy way to determine an organisation's basic security risks through an investigative approach. The tools ask several questions and determine risk based on an organisation’s location and the answers provided. Security leaders can also work with security companies and consultants that offer risk assessments to determine their company’s needs, and then offer solutions based on that assessment.  The third objective is to determine how businesses can best protect the identified resource. The last of the 3 Rs - resolutions - are those security activities that enable the business to mitigate the impact of security risks. Resolutions can potentially prevent a security incident from occurring, contain the impact to resources if an event does occur and also assist the organisation in recovering from an impact more quickly or easily.   The first step in the 3R model is to figure out what resources need protection, this could physical such as buildings or critical infrastructure  The path forward Understanding what risks a business faces in totality provides an opportunity for the security leader to collaborate with other department heads. This gives security leaders an opportunity to engage with functions outside their norm as well as a chance to demonstrate their subject matter expertise. A risk-based approach also helps security leaders fully understand an organisation’s needs and concerns, which they can communicate to the C-suite to help them make better business decisions. Metrics can also help business leaders understand the cost/benefit of resolutions C-suite and executives help define an acceptable level of security risk tolerance to resources and make quality, educated decisions about mitigating security risks. Through collaborating with security leaders using a risk-based approach and the 3R model, metrics and reports show the impact of security expenses, and there is a transparent view of security risk. The final decision about how to mitigate and resolve risks is up to the business owner of the resource and the risk stakeholders. To obtain funding, show the risk and value of resources exposed to potential impact. Then present the recommended resolution that reduces the potential level of impact and the associated cost benefit savings. By providing this information, security leaders can ensure that the business owners can make an educated decision. Measuring success A risk-based approach aligns the security mission with the organisation’s mission. Security leaders should have these conversations with their business leaders on a regular basis. Understanding the thresholds of risk tolerance and showing when incidents or activities are trending outside of acceptable boundaries will help business leaders make educated decisions. The 3R model also helps a business to track occurrences, quantify the direct and ancillary impact and make continuous adjustments to the security program Determining a baseline of acceptance gives a foundation for security leaders to point out when the organisation is not meeting its own requirements. Metrics can also help business leaders understand the cost/benefit of resolutions and demonstrate when costs may be trending outside of acceptable boundaries. The 3R model also helps a business to track occurrences, quantify the direct and ancillary impact and make continuous adjustments to the security program. It is important to note that this process is not stagnant, and needs to be constantly revisited. Examining risks, resources and resolutions in a systematic way will help security leaders understand what they are protecting Defining risks and vulnerabilities Continuous conversations using the 3R model also help business leaders understand what security risks could interfere with meeting business objectives. It also aligns the total cost of ownership for the security program with the business value of the resources at risk.The approach puts the security risk decisions in the hands of the ones impacted by those risks And it defines the security role as risk management, not just task management. The approach puts the security risk decisions in the hands of the ones impacted by those risks…the “owners” of the resources. Examining risks, resources and resolutions in a systematic way will help security leaders understand what they are protecting, what they are protecting it from, and how they can help prevent, contain or recover against a specific risk. Followers of this approach are in a better position to ask for funding because they can clearly define and quantify risks and vulnerabilities. Applying these principles will equip security leaders with the knowledge needed to have better dialogue with colleagues in other departments, encouraging more proactive discussions about security.

Why regional? Inside ADT's mergers and acquisitions of US security integrators
Why regional? Inside ADT's mergers and acquisitions of US security integrators

ADT Inc.’s acquisition of Red Hawk Fire & Security, Boca Raton, Fla., is the latest move in ADT Commercial’s strategy to buy up security integrator firms around the country and grow their footprint. In addition to the Red Hawk acquisition, announced in mid-October, ADT has acquired more than a half-dozen security system integration firms in the last year or so.  Here’s a quick rundown of integrator companies acquired by ADT: Protec, a Pacific Northwest commercial integrator (Aug. 2017); MSE Security, the USA’s 27th largest commercial integrator (Sept 2017); Gaston Security, founded in 1994 as a video surveillance integration company and whose services have since expanded to include intrusion, access control, and perimeter protection (Oct. 2017); Aronson Security Group (ASG), which delivers risk and security program consultants and offers advanced integration services, consulting and design engineers and a National Program Management team (March 2018);  Acme Security Systems, among the largest privately held security systems integrators in the Bay Area, focusing on electronic security systems, access control, video networks and more (March 2018); Access Security Integration, a regional systems integrator specialising in design, delivery, installation and servicing of electronic security systems including enterprise-level access control, video and visitor management solutions, perimeter security and security operation command centers (Aug. 2018); In addition to their moves in the commercial integrator space, ADT has also sought to expand their presence in cybersecurity with the following two acquisitions: Datashield, specialising in Managed Detection and Response Services (Nov 2017); Secure Designs, Inc., specialising in design, implementation, monitoring, and managing network defense systems, including firewall services and intrusion prevention, to protect small business networks from a diverse and challenging set of global cyber threats (Aug. 2018). ADT has acquired more than a half-dozen security system integration firms in the last year or so For additional insights into ADT’s game plan and the strategy behind these acquisitions, we presented the following questions to Chris BenVau, ADT’s Senior Vice President of Enterprise Solutions. Q: ADT has been actively acquiring regional integrators this year – more than a half a dozen to date. Please describe the history of how ADT came to embrace a strategy of acquiring regional integrators as a route to growth? ADT's acquisition of Red Hawk is set to close in December, and brings premiere fire and life/safety solutions BenVau: Our acquisition strategy started at Protection 1 when we embarked on our journey to build out our commercial and national account business and add enhanced integration capabilities to our portfolio. The merger of Protection 1 and ADT brought that foundation to ADT which up to that point was primarily a residentially and SMB-focused company. After the merger, we set out to identify and acquire additional regional integrators that would continue to build on that foundation and deliver enhanced technical solutions, advanced technologies and an expanded service, install and support footprint. Through our acquisitions we now operate two Network Operations Centers and three Centers of Excellence. We are also unique in the industry with the number and variety of certifications, like Cisco and Meraki, our engineers hold which ultimately allows us to offer Managed Security as a Service. They have also enhanced our operational capabilities. Q: What criteria do you use to evaluate whether an integrator is a good “fit” for ADT? BenVau: First and foremost, we look at the culture of the companies. The companies that we target for acquisition must be metrics- and customer service-driven. Secondly, we look at the leadership teams. ADT view their acquisitions more like mergers and take a patient approach to integrating them into their business We have been fortunate in the fact the leadership of the companies we acquired remain with us today in key management and executive positions helping to drive continued growth within their organisations. We also evaluate their current customer base, unique solutions and their ability to complement and enhance our portfolio with the goal of becoming a leading full-service, enterprise commercial provider. Our acquisitions have bolstered our network capabilities, brought enterprise risk management services, and a broader solution set in high-end video and access control solutions. Our most recent acquisition – Red Hawk, set to close in December – brings us premiere fire and life/safety solutions. Q: What changes are typically needed after an integrator is acquired in order to adapt it to the ADT corporate model? BenVau: We view our acquisitions more like mergers and take a patient approach to integrating them into ADT while taking into account their culture. We want to ensure that we find the right positions for their people, embrace the right messaging and put the right processes in place. We acquire these companies because they are the best in their respective businesses and geographies and bring their knowledge and experience in markets or with solutions that we may not have had previous access to. ADT can support clients with their own in-house technicians which helps to ensure a consistent security program Q: How can regional integrators benefit from the ADT brand? Have your newly acquired integrators realised additional growth? BenVau: The companies we have acquired, generally, have exceeded expectations and surpassed initial goals. ADT brings expanded opportunities for these companies as well with our national footprint. Our National Account Sales Team has seen impressive growth over the years and are only limited by our ability to deliver. These integrators help to deliver on that. In the past, the regional players may have had to rely on sub-contractors to service their larger clients. With ADT, we can now support those clients with our own in-house technicians which helps to ensure a consistent security program across multiple locations.Our National Account Sales Team has seen impressive growth over the years and are only limited by our ability to deliver" Q: Are additional integrator acquisitions planned this year and into 2019? How much is enough and when will it end (or slow down significantly)? BenVau: We expect to close on our latest acquisition, Red Hawk, before the end of 2018. Red Hawk brings a national footprint focused on fire/life safety and security to ADT. While ADT already had a robust security offering, Red Hawk will contribute significantly to the fire side of the business. In addition, we will continue to evaluate the companies in the industry to determine if additional acquisitions make sense. Q: Do you expect greater consolidation of the integrator channel in the industry as a whole? Why is this a good time for consolidation? Is it a good M&A market for buyers like ADT? BenVau: We will continue to evaluate companies in the industry to determine if further acquisitions make sense. As for the industry, we can only speak for ourselves. Our focus is on investing in our field organisation, in particular our service technicians, engineers and project management teams" Q: What other trend(s) do you see in the industry that will impact ADT (on the commercial side) in the next year or so, and how? BenVau: In addition to their moves in the commercial integrator space, ADT has also sought to expand their presence in cybersecurity Networking is a big one. As we continue to drive integration of devices and services, from AI, “the cloud,” machine learning and even analytics, there will be more focus on the network they ride on. A deeper knowledge of network design, bandwidth impact, and system integration will be critical. As part of our acquisition strategy, we focused on talent to add to the team and have been able to add to our bench strength in this area. Q: Any other comments/insights you wish to share about ADT’s strategy, future, and role in the larger physical security marketplace? BenVau: Our focus is on investing in our field organisation, in particular our service technicians, engineers and project management teams. The cornerstone of our success lies in our ability to deliver outstanding customer support and service. It starts with sales and the ability to deliver security and life safety technologies, but it ends with a delighted customer who partners with us to help secure the things that matter most to them. Our recent acquisitions have more than doubled our commercial field operations teams and are key to establishing the ADT Commercial brand as a leading full-service provider of enterprise solutions to the marketplace.

Does “security technology” cover the broader application possibilities of today’s systems?
Does “security technology” cover the broader application possibilities of today’s systems?

The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?