Digi Intruder Detectors & Detection Systems  (2)

Gregor Schlechtriem has worked in the access control market for over 20 years and is now responsible for the Access & Intrusion Business Unit at Bosch Building Technologies. In this interview, the expert talks about key industry trends, the impact of the COVID-19 (Coronavirus) pandemic, technical innovations and his company’s strategy. Mr. Schlechtriem, you have many years of experience in the security technology market. What is your background and what are your responsibilities as Senior Vice President at Bosch Building Technologies? Gregor Schlechtriem: I am a trained engineer and electrical technician, and have been involved with access control in the broadest sense, since I started my career in the late 1980s. I started in the field of parking garage technology and then switched to security technology in 2001, as Managing Director of micos GmbH, which specialised in traditional access control. micos GmbH was known for its highly available and highly secure access control systems, for critical infrastructure and government applications. Many systems from that time are still in use today and continue to be supported and upgraded. Bosch is continuing micos’ business here? Gregor Schlechtriem: Exactly, micos was taken over in 2004 by Bosch Security Systems, now known as Bosch Building Technologies. Since then, we have continuously been developing the access control business. Being part of the Bosch Building Technologies division, we benefit a lot from international cooperation with colleagues Being part of the Bosch Building Technologies division, we benefit a lot from international cooperation with colleagues and from overlap with other product lines, such as intrusion detection technology and video security. This gives us the opportunity to implement outstanding project solutions for demanding customers in an international environment. In developing this business, I rely on my experience from other interesting roles at Bosch that I took on, after micos was bought in 2004. For a time, I worked in the European System Integrator Business, which I also had the privilege of managing for several years, as well as being directly responsible for business units. In Fairport, USA, I had the overall responsibility for intrusion detection technology for many years, as I later did in Eindhoven for video systems. Since 2018, the global access control and intrusion detection business has once again been my direct responsibility. At Bosch Building Technologies, we have in the meantime assigned sales to the respective business units, so that we can develop our product and solution portfolio, in close cooperation with sales and our regular customers. Our main task now is to make our access control portfolio accessible to a broader market. We want to make Bosch much better known, as an access control provider, in the international market. After all, with our own access product portfolio, the power of the Bosch Group and over 40 years of experience in this sector, we have a lot to offer. As an expert in access control, how do you see the industry developing? In which direction is it currently evolving? Gregor Schlechtriem: First of all, I see that security requirements are constantly increasing. Whereas there are currently still simple ‘key replacement systems’ that merely record card numbers, such an approach, to a large extent, no longer meets today’s security and user experience requirements.The core task of access control has not changed over the years In the beginning, access control was more or less a kind of key replacement. Later, there was the possibility of increasing security via a pin code, i.e., via verification through simple data inputs. The next step in this direction was biometrics, which is another key step up, because it allows verification by means of unmistakable characteristics. However, the core task of access control has not changed over all the years and has basically always remained the same: access control means determining who has an access request and checking whether this request can be fulfilled. What’s next on this path to greater security? Gregor Schlechtriem: Biometrics-based access control is becoming increasingly powerful and user-friendly through the use of artificial intelligence (AI). Here, data protection plays a major role, as wherever identities are established and movement data is recorded, it is necessary to reconcile the evolving technology with data protection.Biometrics-based access control is becoming increasingly powerful and user-friendly through the use of artificial intelligence The question of data protection is becoming even more significant, as systems increasingly migrate to the Cloud. Bosch puts particular emphasis on ensuring that, even in the cloud, the data generated in access control is always in line with data protection rules, regardless of where it is located. In my opinion, this trend towards the Cloud will continue, because companies are increasingly looking for complete service offerings, so that they can focus on their core business. Also, a system in the Cloud is easier to maintain and always up-to-date with the latest software, which makes cloud solutions even more attractive for providers and users. How can higher security be reconciled with a good user experience? Gregor Schlechtriem: Today, the card still plays a central role in the user experience, as the essential credential. Another current trend is ‘one card for everything’: with the increasing availability of secure multi-function smart cards, the possibility arises to use cards beyond the pure access function, for example, for payment in the canteen, at the catering and coffee machines, and in the parking garage, as well as simple access to other properties and so on.The security of cards has evolved significantly and kept pace with requirements The security of the cards, the reading and encryption processes, has evolved significantly and kept pace with requirements, although we are also facing an installed base that no longer meets these requirements, due to outdated systems. Today, it is standard for communications between reader and card to be encrypted. In some cases, the keys are also only held centrally to further increase security. The security systems industry was also affected by the COVID-19 (Coronavirus) pandemic. How do you think the industry has changed? What technical solutions have emerged during this time? Gregor Schlechtriem: First of all, there is a certain need for retrofitting in the industry due to changes in how buildings are used. For example, American retailers used to be open around the clock and always had staff on site. Now, due to COVID-19, stores are also closed, and this results in a whole new need for intrusion detection and access control systems to protect the buildings. For access control, an obvious task has arisen as a result of the COVID-19 pandemic, namely to track contacts, as far as this is compatible with data protection. We actually expected more to happen here, but in our observation, many companies did quite little, despite clear and simple steps that could have been implemented relatively quickly. The installed access control systems clearly lag behind the technical possibilities. Another topic that the COVID-19 pandemic has brought into focus is hygiene Another topic that the COVID-19 pandemic has brought into focus is hygiene. Companies should actually have invested in contactless systems here and retrofitted speed gates or motorised doors. But in many cases this was not put into practice. The door opener is still often used, which has to be operated manually and therefore, is touched multiple times. But, if everyone presses the same button, that doesn't help hygiene. Surprisingly, this is different in North America. Here, ‘request-to-exit’ proximity detectors are used almost everywhere, which avoids this problem completely and releases the door, when an authorised person approaches it. Mobile access and smartphone-based access control are also growing markets. What kind of developments do you see in these areas? Gregor Schlechtriem: I already mentioned that users increasingly want to be able to use one card for several applications. But, what we are seeing here is that even with the most modern cards, which have a lot of applications loaded on them, we are reaching performance limits and the user experience suffers. If you compare the card with the smartphone as a credential, you have a much more attractive integration platform there, which is significantly faster and delivers much better performance. For us, the mobile credential or the smartphone is the future, because it simply offers more possibilities that the card will not be able to provide in the long term. What is the specific direction Bosch is taking here? Gregor Schlechtriem: We are currently working on a broad implementation. A whole team is working on the user experience around the smartphone, because it’s understood that smartphone-based access has to work just as easily, as it currently does with a card.A whole team is working on the user experience around the smartphone In theory it does, but if you look at some of the actual implementations, this topic is still relatively complex. In terms of user experience and automation, we still have quite a way to go, and we are working hard on that at the moment. The user experience is one side of the coin, the other side concerns establishing security in the smartphone as a whole. In other words: How do I make the smartphone secure enough as a mobile credential, to meet my access control requirements? We are also working intensively on this. That's actually an IT task. Do you do this yourself at Bosch or do you work with external experts here? Gregor Schlechtriem: We have our own powerful Bosch IT, which also manages our company smartphones. If our company smartphones are lost, the data on them is automatically deleted. The devices use biometrics to identify users, before they can access the data. It is a sound security concept that a card cannot offer. Moreover, we are working with other partners in the IDunion project, to create the additional infrastructure around mobile credentials as well. What exactly is the IDunion and what role does Bosch play? Gregor Schlechtriem: Digital identities must be openly accessible, widely usable, interoperable, and secure. This applies not only to access control, but to the digitised economy in general. The IDunion project has set itself the task of creating the infrastructure for this, in the form of an independent wallet, i.e., secure identity storage on smart devices. The project is funded by the German Federal Ministry for Economic Affairs and Energy (BMWI), because digitisation is also a critical social issue. We are intensively involved in the ‘Physical access to the building’ work package in this consortium. Through this involvement, we want to ensure that our access control systems benefit from this infrastructure and are open to future digital business models. Does ‘digital identity management’, which includes biometrics and mobile access, also play a role for Bosch? Yes, it plays an important role for us, and I wouldn’t consider these topics separate Gregor Schlechtriem: Yes, it plays an important role for us, and I wouldn’t consider these topics separate. For me, a mobile device has the advantage that it has already ensured and verified my identity from the moment of interaction. That’s the fascinating thing about it. If I only allow the device to communicate with the access control system, if I have identified myself first, I have implemented biometrics and access control together in a widely accepted process. From my point of view, this is a very interesting perspective, in terms of security and user experience, because the biometrics procedures in smartphones are, I think, the best currently available. In my view, the smartphone has the potential to take over central functions in access control in the future. What are your goals for the access control business of Bosch Building Technologies in the near future? Gregor Schlechtriem: We will continue to focus on specific solutions for large customers. That is the continuation of our current strategy. In these projects, we will introduce new topics as I have just described, i.e., primarily new technology elements. I believe that, precisely because of the longevity of access control, a long-term migration capability is also of particular importance. We want to reach out to the broader market and make more widely available, what we have developed in terms of technology and innovation. We are currently in the process of setting up and optimising our sales organisation, so that it becomes much more widely known that we at Bosch have our own powerful access control portfolio, which can be used for all kinds of applications. In addition, we want to differentiate ourselves in the market with our systems, in line with the motto of our founder, Robert Bosch: ‘Technology for life’. The user experience with Mobile Access should be simple, straightforward, and secure: You hold your smartphone in front of the reader and the door opens.

Today’s organisations face numerous diverse threats to their people, places and property, sometimes simultaneously. Security leaders now know all too well how a pandemic can cripple a company’s ability to produce goods and services, or force production facilities to shut down, disrupting business continuity. For example, a category three hurricane barreling towards the Gulf of Mexico could disable the supplier’s facilities, disrupt the supply chain and put unexpected pressure on an unprepared local power grid. Delivering timely critical information Tracking such risk is hard enough, but managing it is even more difficult. A swift response depends on delivering the right information to the right people, at the right time. And, it’s not as easy as it sounds. Indeed, 61 percent of large enterprises say critical information came too late for them, in order to mitigate the impact of a crisis, according to Aberdeen Research (Aberdeen Strategy & Research). These challenges are accelerating the hype around Artificial Intelligence (AI) These challenges are accelerating the hype around Artificial Intelligence (AI). The technology promises to help us discover new insights, predict the future and take over tasks that are now handled by humans. Maybe even cure cancer. Accelerating the hype around AI But is AI really living up to all this hype? Can it really help security professionals mitigate risk? After all, there’s a serious need for technology to provide fast answers to even faster-moving issues, given the proliferation of data and the speed at which chaos can impact operations. Risk managers face three major obstacles to ensuring business continuity and minimising disruptions. These include: Data fatigue - Simply put, there’s too much data for human analysts to process in a timely manner. By 2025, the infosphere is expected to produce millions of words per day. At that pace, you’d need an army of analysts to monitor, summarise and correlate the information to your impacted locations, before you can communicate instructions. It’s a herculean task, made even more difficult, when we consider that 30 percent of this global datasphere is expected to be consumed in real time, according to IDC. Relevance and impact - Monitoring the flood of information is simply the first hurdle. Understanding its impact is the second. When a heat dome is predicted to cover the entire U.S. Pacific Northwest, risk managers must understand the specifics. Will it be more or less hot near their facilities? Do they know what steps local utilities are taking to protect the power grid? Such questions can’t be answered by a single system. Communication - Once you know which facilities are impacted and what actions to take, you need to let your employees know. If the event is urgent, an active shooter or an earthquake, do you have a fast, effective way to reach these employees? It’s not as simple as broadcasting a company-wide alert. The real question is, do you have the ability to pinpoint the location of your employees and not just those working on various floor in the office, but also those who are working from home? How AI and ML cut through the noise Although Artificial Intelligence can help us automate simple tasks, such as alert us to breaking news, it requires several Machine Learning systems to deliver actionable risk intelligence. Machine Learning is a branch of AI that uses algorithms to find hidden insights in data, without being programmed where to look or what to conclude. More than 90 percent of risk intelligence problems use supervised learning, a Machine Learning approach defined by its use of labelled datasets. The benefit of supervised learning is that it layers several pre-vetted datasets, in order to deliver context-driven AI The benefit of supervised learning is that it layers several pre-vetted datasets, in order to deliver context-driven AI. Reading the sources, it can determine the category, time and location, and cluster this information into a single event. As a result, it can correlate verified events to the location of the people and assets, and notify in real time. It’s faster, more customised and more accurate than simple Artificial Intelligence, based on a single source of data. Real-world actionable risk intelligence How does this work in the real world? One telecommunications company uses AI and ML to protect a mobile workforce, dispersed across several regions. An AI-powered risk intelligence solution provides their decision makers with real-time visibility into the security of facilities, logistics and personnel movements. Machine Learning filters out the noise of irrelevant critical event data, allowing their security teams to focus only on information specific to a defined area of interest. As a result, they’re able to make informed, proactive decisions and rapidly alert employees who are on the move. Four must-have AI capabilities To gain real actionable risk intelligence, an AI solution should support four key capabilities: A focus on sourcing quality over quantity. There are tens of thousands of sources that provide information about emerging threats - news coverage, weather services, social media, FBI intelligence and so much more. Select feeds that are trusted, relevant and pertinent to your operations. Swift delivery of relevant intelligence. To reduce the mean-time-to-recovery (MTTR), risk managers need an accurate understanding of what’s happening. Consider the different contextual meanings of the phrases ‘a flood of people in the park’ and ‘the park is at risk due to a flood’. Machine Learning continuously increases the speed of data analysis and improves interpretation. Ability to cross-reference external events with internal data. As it scans different data sources, an AI engine can help you fine-tune your understanding of what’s happening and where. It will pick up contextual clues and map them to your facilities automatically, so you know immediately what your response should be. Ready-to-go communications. Long before a threat emerges, you can create and store distribution, and message templates, as well as test your critical communications system. Handling these tasks well in advance means you can launch an alert at a moment’s notice. The ability to minimise disruptions and ensure business continuity depends on speed, relevance and usability. AI and ML aren’t simply hype. Instead, they’re vital tools that make it possible for security professionals to cut through the noise faster and protect their people, places and property.

The impact of the COVID-19 pandemic has accentuated our digital dependency, on a global scale. Data centres have become even more critical to modern society. The processing and storage of information underpin the economy, characterised by a consistent increase in the volume of data and applications, and reliance upon the internet and IT services. Data centres classed as CNI As such, they are now classed as Critical National Infrastructure (CNI) and sit under the protection of the National Cyber Security Centre (NCSC), and the Centre for the Protection of National Infrastructure (CPNI). As land continues to surge in value, data centre operators are often limited for choice, on where they place their sites and are increasingly forced to consider developed areas, close to other infrastructures, such as housing or industrial sites. Complex security needs One misconception when it comes to data centres is that physical security is straightforward One misconception when it comes to data centres is that physical security is straightforward. However, in practice, things are far more complex. On top of protecting the external perimeter, thought must also be given to factors, such as access control, hostile vehicle mitigation (HVM), protecting power infrastructure, as well as standby generators and localising security devices to operate independently of the main data centre. Face value How a site looks is more important than you may think. Specify security that appears too hostile risks blatantly advertising that you’re protecting a valuable target, ironically making it more interesting to opportunistic intruders. The heightened security that we recommend to clients for these types of sites, include 4 m high-security fences, coils of razor wire, CCTV, and floodlighting. When used together in an integrated approach, it’s easy to see how they make the site appear hostile against its surroundings. However, it must appear secure enough to give the client peace of mind that the site is adequately protected. Getting the balance right is crucial. So, how do you balance security, acoustics and aesthetics harmoniously? Security comes first These are essential facilities and as a result, they require appropriate security investment. Cutting corners leads to a greater long-term expense and increases the likelihood of highly disruptive attacks. Checkpoints Fortunately, guidance is available through independent accreditations and certifications, such as the Loss Prevention Certification Board’s (LPCB) LPS 1175 ratings, the PAS 68 HVM rating, CPNI approval, and the police initiative - Secured by Design (SBD). Thorough technical evaluation and quality audit These bodies employ thorough technical evaluation work and rigorous quality audit processes to ensure products deliver proven levels of protection. With untested security measures, you will not know whether a product works until an attack occurs. Specifying products accredited by established bodies removes this concern. High maintenance Simply installing security measures and hoping for the best will not guarantee 24/7 protection. Just as you would keep computer software and hardware updated, to provide the best level of protection for the data, physical security also needs to be well-maintained, in order to ensure it is providing optimum performance. Importance of testing physical security parameters Inspecting the fence line may seem obvious and straightforward, but it needs to be done regularly. From our experience, this is something that is frequently overlooked. The research we conducted revealed that 63% of companies never test their physical security. They should check the perimeter on both sides and look for any attempted breaches. Foliage, weather conditions or topography changes can also affect security integrity. Companies should also check all fixtures and fittings, looking for damage and corrosion, and clear any litter and debris away. Accessibility When considering access control, speed gates offer an excellent solution for data centres. How quickly a gate can open and close is essential, especially when access to the site is restricted. The consequences of access control equipment failing can be extremely serious, far over a minor irritation or inconvenience. Vehicle and pedestrian barriers, especially if automated, require special attention to maintain effective security and efficiency. Volume control Data centres don’t generally make the best neighbours. The noise created from their 24-hour operation can be considerable. HVAC systems, event-triggered security and fire alarms, HV substations, and vehicle traffic can quickly become unbearable for residents. Secure and soundproof perimeter As well as having excellent noise-reducing properties, timber is also a robust material for security fencing So, how do you create a secure and soundproof perimeter? Fortunately, through LPS 1175 certification and CPNI approval, it is possible to combine high-security performance and up to 28dB of noise reduction capabilities. As well as having excellent noise-reducing properties, timber is also a robust material for security fencing. Seamlessly locking thick timber boards create a flat face, making climbing difficult and the solid boards prevent lines of sight into the facility. For extra protection, steel mesh can either be added to one side of the fence or sandwiched between the timber boards, making it extremely difficult to break through. A fair façade A high-security timber fence can be both, aesthetically pleasing and disguise its security credentials. Its pleasant natural façade provides a foil to the stern steel bars and mesh, often seen with other high-security solutions. Of course, it’s still important that fencing serves its primary purposes, so make sure you refer to certifications, to establish a product’s security and acoustic performance. Better protected The value of data cannot be overstated. A breach can have severe consequences for public safety and the economy, leading to serious national security implications. Countering varied security threats Data centres are faced with an incredibly diverse range of threats, including activism, sabotage, trespass, and terrorism on a daily basis. It’s no wonder the government has taken an active role in assisting with their protection through the medium of the CPNI and NCSC. By working with government bodies such as the CPNI and certification boards like the LPCB, specifiers can access a vault of useful knowledge and advice. This will guide them to effective and quality products that are appropriate for their specific site in question, ensuring it’s kept safe and secure.