From satellite imagery to street views to indoor mapping, technology has disrupted our past world. This has left us dependent upon new ways to visualise large spaces. This new world has brought many benefits and risks. But what does that mean for the security professional or facility manager today and what technologies can be used to secure buildings and improve facility operations?

A brief history of 3D technology

Starting May 5, 2007 (inception 2001), Google rolled out Google Street View to augment Google Maps and Google Earth; documenting some of the most remote places on earth using a mix of sensors (Lidar/GSP/Radar/Imagery). The mission to map the world moved indoors May 2011 with Google Business Photos mapping indoor spaces with low cost 360° cameras under the Trusted Photographer program. In the earlier days, 3D scanning required a high level of specialisation, expensive hardware and unavailable computing power

With the growth of 3D laser scanning from 2007 onwards, the professional world embraced scanning as effective method to create digitised building information modelling (BIM), growing fast since 2007. BIM from scanning brought tremendous control, time and cost savings through the design and construction process, where As-Built documentation offered an incredible way to manage large existing facilities while reducing costly site visits.

In the earlier days, 3D scanning required a high level of specialisation, expensive hardware, unavailable computing power and knowledge of architectural software. Innovation during the past 8 year, have driven ease of use and lower pricing to encourage market adoption.

Major investments in UAVs in 2014 and the commercial emergence of 360° photography began a new wave of adoption. While 3D scanners still range from $20K – $100K USD, UAVs can be purchased for under $1K USD and 360° cameras for as low as $100. UAVs and 360° cameras also offer a way to document large spaces in a fraction of the time of terrestrial laser scanners with very little technical knowledge.  Access to building plans, satellite imagery, Google Street View, indoor virtual tours and aerial drone reconnaissance prove effective tools to bad actors

The result over the past 10+ years of technology advancement has been a faster, lower cost, more accessible way to create virtual spaces. However, the technology advances carry a major risk of misuse by bad actors at the same time.

What was once reserved to military personal is now available publicly. Access to building plans, satellite imagery, Google Street View, indoor virtual tours and aerial drone reconnaissance prove effective tools to bad actors. Al Qaeda terror threats using Google Maps, 2007 UK troops hit by terrorists in Basra, 2008 Mumbai India attacks, 2016 Pakistan Pathankot airbase attacks, ISIS attacks in Syria using UAVs, well-planned US school shootings and high casualty attacks show evidence that bad actors frequently leverage these mapping technologies to plan their attacks.

The weaponization of UAVs is of particular concern to the Department of Homeland Security: "We continue to face one of the most challenging threat environments since 9/11, as foreign terrorist organisations exploit the internet to inspire, enable or direct individuals already here in the homeland to commit terrorist acts."

 Renovations, design changes and office layout changes leave facility managers with the wrong information, and even worse is that the wrong information is shared with outside consultants who plan major projects around outdated or wrong plans
Example comparison of reality capture on the left of BIM on the right. A $250 USD 360° camera was used for the capture in VisualPlan.net software

What does this mean for the security or facility manager today?

An often overlooked, but critical vulnerability to security and facility managers is relying on inaccurate drawing. Most facilities managers today work with outdated 2D plan diagrams or old blueprints which are difficult to update and share.Critical vulnerability to security and facility managers is relying on inaccurate drawing

Renovations, design changes and office layout changes leave facility managers with the wrong information, and even worse is that the wrong information is shared with outside consultants who plan major projects around outdated or wrong plans. This leads to costly mistakes and increased timelines on facility projects. 

Example benefits of BIM

There could be evidence of a suspect water value leak which using BIM could be located and then identified in the model without physical inspection; listing a part number, model, size and manufacture. Identification of vulnerabilities can dramatically help during a building emergency.

First Responders rely on facilities managers to keep them updated on building plans and they must have immediate access to important building information in the event of a critical incident. Exits and entrances, suppression equipment, access control, ventilation systems, gas and explosives, hazmat, water systems, survival equipment and many other details must be at their fingertips. In an emergency situation this can be a matter of life or death.

Example benefit of reality capture

First Responders rely on facilities managers to keep them updated on building plans A simple 360° walk-through can help first responders with incident preparedness if shared by the facility manager. Police, fire and EMS can visually walk the building, locating all critical features they will need knowledge of in an emergency without ever visiting the building. You don’t require construction accuracy for this type of visual sharing. This is a solution and service we offer as a company today.

Reality capture is rapidly becoming the benchmark for facility documentation and the basis from which a security plan can be built. Given the appropriate software, plans can be easily updated and shared.  They can be used for design and implementation of equipment, training of personnel and virtual audits of systems or security assessments by outside professionals.

Our brains process visual information thousands of times faster than text. Not only that, we are much more likely to remember it once we do see it. Reality capture can help reduce the need for physical inspections, walk-throughs and vendor site-visits but more importantly, it provides a way to visually communicate far more effectively and accurately than before. But be careful with this information. You must prevent critical information falling into the hands of bad actors.

You must watch out for bad actors attempting to use reality capture as a threat, especially photo/video/drones or digital information and plans that are posted publicly. Have a security protocol to prevent and confront individuals taking photos or video on property or flying suspect drones near your facility and report to the authorities. Require authorisation before capturing building information and understand what the information will be used for and by who.There are a number of technologies to combat nefarious use of UAVs today

Nefarious use of UAVs

There are a number of technologies to combat nefarious use of UAVs today, such as radio frequency blockers and jammers, drone guns to down UAVs, detection or monitoring systems. Other biometrics technologies like facial recognition are being employed to counter the risk from UAVs by targeting the potential operators.

UAVs are being used to spy and monitor for corporate espionage and stealing intellectual property. They are also used for monitoring security patrols for the purpose of burglary. UAVs have been used for transport and delivery of dangerous goods, delivering weapons and contraband and have the ability to be weaponised to carry a payload.Investigating reality capture to help with accurate planning and visualisation of facilities is well worth the time

The Federal Aviation Administration has prevented UAV flights over large event stadiums, prisons and coast guard bases based on the risks they could potentially pose, but waivers do exist. Be aware that it is illegal today to use most of these technologies and downing a UAV, if you are not Department of Justice or Homeland Security, could carry hefty penalties.

Facility managers must have a way to survey and monitor their buildings for threats and report suspicious UAV behaviours immediately to authorities. At the same time, it’s critical to identify various potential risks to your wider team to ensure awareness and reporting is handled effectively. Having a procedure on how identify and report is important.

Investigating reality capture to help with accurate planning and visualisation of facilities is well worth the time. It can help better secure your facilities while increasing efficiencies of building operations. Reality capture can also help collaboration with first responders and outside professionals without ever having to step a foot in the door. But secure your data and have a plan for bad actors who will try to use the same technologies for nefarious goals.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

In case you missed it

Managing security during unprecedented times of home working
Managing security during unprecedented times of home working

Companies are following government guidance and getting as many people as possible working from home. Some companies will have resisted home working in the past, but I’m certain that the sceptics will find that people can be productive with the right tools no matter where they are. A temporary solution will become permanent. But getting it right means managing risk. Access is king In a typical office with an on-premise data centre, the IT department has complete control over network access, internal networks, data, and applications. The remote worker, on the other hand, is mobile. He or she can work from anywhere using a VPN. Until just recently this will have been from somewhere like a local coffee shop, possibly using a wireless network to access the company network and essential applications. CV-19 means that huge numbers of people are getting access to the same desktop and files, and collaborative communication toolsBut as we know, CV-19 means that huge numbers of people are getting access to the same desktop and files, applications and collaborative communication tools that they do on a regular basis from the office or on the train. Indeed, the new generation of video conferencing technologies come very close to providing an “almost there” feeling. Hackers lie in wait Hackers are waiting for a wrong move amongst the panic, and they will look for ways to compromise critical servers. Less than a month ago, we emerged from a period of chaos. For months hackers had been exploiting a vulnerability in VPN products from Pulse Secure, Fortinet, Palo Alto Networks, and Citrix. Patches were provided by vendors, and either companies applied the patch or withdrew remote access. As a result, the problem of attacks died back.  But as companies race to get people working from home, they must ensure special care is taken to ensure the patches are done before switching VPNs on. That’s because remote desktop protocol (RDP) has been for the most part of 2019, and continues to be, the most important attack vector for ransomware. Managing a ransomware attack on top of everything else would certainly give you sleepless nights. As companies race to get people working from home, they must ensure special care is taken to ensure the patches are done before switching VPNs on Hackers are waiting for a wrong move amongst the panic, and they will look for ways to compromise critical serversExposing new services makes them also susceptible to denial of service attacks. Such attacks create large volumes of fake traffic to saturate the available capacity of the internet connection. They can also be used to attack the intricacies of the VPN protocol. A flow as little as 1Mbps can perturbate the VPN service and knock it offline. CIOs, therefore, need to acknowledge that introducing or extending home working broadens the attack surface. So now more than ever it’s vital to adapt risk models. You can’t roll out new services with an emphasis on access and usability and not consider security. You simply won’t survive otherwise. Social engineering Aside from securing VPNs, what else should CIO and CTOs be doing to ensure security? The first thing to do is to look at employee behaviour, starting with passwords. It’s highly recommended that strong password hygiene or some form of multi-factor authentication (MFA) is imposed. Best practice would be to get all employees to reset their passwords as they connect remotely and force them to choose a new password that complies with strong password complexity guidelines.  As we know, people have a habit of reusing their passwords for one or more online services – services that might have fallen victim to a breach. Hackers will happily It’s highly recommended that strong password hygiene or some form of multi-factor authentication (MFA) is imposedleverage these breaches because it is such easy and rich pickings. Secondly, the inherent fear of the virus makes for perfect conditions for hackers. Sadly, a lot of phishing campaigns are already luring people in with the promise of important or breaking information on COVID-19. In the UK alone, coronavirus scams cost victims over £800,000 in February 2020. A staggering number that can only go up. That’s why CIOs need to remind everyone in the company of the risks of clickbait and comment spamming - the most popular and obvious bot techniques for infiltrating a network. Notorious hacking attempts And as any security specialist will tell you, some people have no ethics and will exploit the horrendous repercussions of CV-19. In January we saw just how unscrupulous hackers are when they started leveraging public fear of the virus to spread the notorious Emotet malware. Emotet, first detected in 2014, is a banking trojan that primarily spreads through ‘malspam’ and attempts to sneak into computers to steal sensitive and private information. In addition, in early February the Maze ransomware crippled more than 230 workstations of the New Jersey Medical Diagnostics Lab and when they refused to pay, the vicious attackers leaked 9.5GB or research data in an attempt to force negotiations. And in March, an elite hacking group tried to breach the World Health Organization (WHO). It was just one of the many attempts on WHO and healthcare organisations in general since the pandemic broke. We’ll see lots more opportunist attacks like this in the coming months.   More speed less haste In March, an elite hacking group tried to breach the World Health Organization (WHO). It was just one of the many attempts on WHOFinally, we also have bots to contend with. We’ve yet to see reports of fake news content generated by machines, but we know there’s a high probability it will happen. Spambots are already creating pharmaceutical spam campaigns thriving on the buying behaviour of people in times of fear from infection. Using comment spamming – where comments are tactically placed in the comments following an update or news story - the bots take advantage of the popularity of the Google search term ‘Coronavirus’ to increase the visibility and ranking of sites and products in search results. There is clearly much for CIOs to think about, but it is possible to secure a network by applying some well thought through tactics. I believe it comes down to having a ‘more speed, less haste’ approach to rolling out, scaling up and integrating technologies for home working, but above all, it should be mixed with an employee education programme. As in reality, great technology and a coherent security strategy will never work if it is undermined by the poor practices of employees.

How does audio enhance security system performance?
How does audio enhance security system performance?

Video is widely embraced as an essential element of physical security systems. However, surveillance footage is often recorded without sound, even though many cameras are capable of capturing audio as well as video. Beyond the capabilities of cameras, there is a range of other audio products on the market that can improve system performance and/or expand capabilities (e.g., gunshot detection.) We asked this week’s Expert Panel Roundtable: How does audio enhance the performance of security and/or video systems? 

How have standards changed the security market?
How have standards changed the security market?

A standard is a document that establishes uniform engineering or technical criteria, methods, processes, and/or practices. Standards surround every aspect of our business. For example, the physical security marketplace is impacted by industry standards, national and international standards, quality standards, building codes and even environmental standards, to name just a few. We asked this week’s Expert Panel Roundtable: How have standards changed the security market as we know it?