In January 2018, the Mayor of New York, Bill de Blasio and the City’s Security Infrastructure Working Group announced plans to bring permanent perimeter barriers, or bollards, to high-profile sites and to create a process to streamline their design and construction. With funds exceeding $14 million for permanent bollards in Times Square and more than $50 million to commence the broader rollout of new protective measures in phases.

Mayor de Blasio said, “In 2017, New Yorkers witnessed the horrible capacity of people willing to do us harm, whether it was in our subways, on our bike paths or in Times Square. But we will not be cowed and our expanded investment today in barriers and bollards in our public spaces underscores our resolve in keeping New York City safe from future attacks. In this new year, we can and will protect our iconic public spaces while New Yorkers go on living our lives, including by hosting a record number of tourists.

These additional safety bollards will allow New Yorkers and visitors to be more secure at landmark locations and other sites throughout our City,” said Police Commissioner James P. O’Neill.With vehicles becoming a weapon for terrorists, the need to protect citizens has dawned on most large cities

Ensuring public security

And with vehicles seemingly becoming the weapon of choice for terrorists, the need to protect citizens from 'people willing to do harm' has dawned on most large cities, leaving many still trying to find the best way to protect their citizens.

Admittedly in many cases, it seems to be ‘after the horse has bolted’ so to speak. In 2016, a lorry was driven into crowds celebrating Bastille Day in Nice, killing 87 people and injuring 458. This was an awful, cowardly and devastating attack that had a huge impact on so many lives.

The stark reality is however, after two previous vehicle attacks in France, if there had had been tougher security measures in place, rather than an increased police presence, and a plastic temporary barrier, then many of those citizens would still be alive today.

MacSafe for vehicle incursion prevention

Reacting to these devastating events, Metropolis Nice C.te d’Azur decided to install a safety barrier along the Promenade des Anglais. The new barrier, or vehicle incursion prevention system, MacSafe, was tailormade for the Promenade des Anglais by Maccaferri and J&S Franklin.

It was inaugurated in July 2017. It is crash test rated to stop a 19-tonne truck travelling at 50km/h and impacting at 20°, equivalent to the vehicle used by the terrorist in Nice in 2016 and can withstand two successive impacts. The system is also accredited by the UIAU (University of Venice).

The MacSafe system consists of two high tensile steel cables supported on tubular steel posts and anchored at each end with our patented energy dissipation system. The posts are secured to ground foundations and all external fixings are designed to prevent them being easily removed.

The force of the vehicle impact is distributed through the cables and posts and absorbed within the patented energy dissipaters. The energy is absorbed through compressive deformation and not by friction. This ensures better and more reliable performance throughout the long-life of the barrier.Las Vegas plan to have their existing 800 bollards updated to some 7,000 by the end of 2018

Balancing security and aesthetics

On the 19th December 2016, a truck was deliberately driven into the Christmas market next to the Kaiser Wilhelm Memorial Church at Breitscheidplatz in Berlin, killing 12 people and injuring 56 others. One year on, and the Christmas Market in Berlin is protected by large concrete barriers, armed police patrols and stop and search checks.

In January 2017 in Melbourne, 6 people were killed and 37 injured when a car sped down a footpath crashing into pedestrians, by June 2017 $10 million had been allocated, and temporary concrete barricades and bollards had been installed around the City of Sydney.

In January 2018, the City of Gold Coast began installing heavy duty retractable bollards capable of repelling the force of a large heavy goods vehicle. They had previously resolved to spend $515,000 on bollards which met the Australian standard, but on the advice of the QPS Commonwealth Games security adviser, it was recommended that the bollards comply with a European standard bringing the cost of the project to $1.095 million.

Las Vegas plan to have their existing 800 bollards updated to some 7,000 by the end of 2018, to increase the safety of those walking The Strip in Sin City. However, some cities are still concerned about the aesthetics of concrete bollards on their historic cities, a case of balancing security over protecting tourism.

Physical barriers for pedestrian security

Take for instance, Barcelona in Spain. On the 17th August 2017, a van was driven into pedestrians strolling along Las Ramblas, in Barcelona, killing 13 people and injuring at least another 130. Advice was given that bollards were needed, warnings of impeding threats were given, and yet, the action taken was to increase policing levels on the streets.

Now, thankfully, there are a few bollards and increased police presence on the streets, and going forward they are “studying the possibility of installing physical barriers to prevent further attacks with vehicles.Although guard rails would not have stopped either of the London attacks, they can limit the damage

In London on 22nd March 2017, a car was driven into pedestrians on Westminster Bridge, killing 5 people and injuring 49 others. The driver also stabbed a policeman to death.

Built-in counter terrorism design

Again, in London, on 3rd June 2017, a van was driven at pedestrians in the London Bridge Area. Three attackers began stabbing people, before being shot by police. 8 people died. 48 were injured, 21 critically. Controversially previously installed 'Guard Rails' had been removed from London’s streets to protect cyclists and make the Capital more ‘attractive’.

Although guard rails would not have stopped either of the London attacks, they could have limited the damage. However, today, protective barriers are erected on Thames bridges and from London’s experience of previous terrorist activities (IRA) there are very few buildings or indeed public spaces that don’t have ‘counter-terrorism’ design inbuilt.

Government-initiated guidance

The UK Government has produced a 174-page guide, Crowded Places Guidance, that highlights the threat as a vehicle being used as a weapon, but also highlights that these threats can be “mitigated by installing physical measures (including blending into the landscape or streetscape) which may be passive (static) or active (security controlled). These measures can be installed either on a permanent or temporary basis. All such measures should meet appropriate standards in terms of their vehicle impact performance, design and installation.

Vehicle security barriers, need not be ugly concrete monstrosities. Nor do they need to be concrete lumps that need huge lifting gear to place them. They can be totally inconspicuous, letting everyday life continue and forgetting they are there, or full on ‘in your face’ shouting a warning to would be terrorists that this area is safe.Planters can be installed quickly and are sited to allow pedestrians to pass through while vehicles can’t

PAS68 Street Planters

They come in many guises, from retractable bollards and passive static bollards to street furniture. Even cleverly disguised PAS68 Street Planters from Securiscape, which have an attractive floral display whilst cleverly acting as a security barrier.

These planters can be installed quickly and are sited to allow pedestrians to pass through while vehicles can’t, but due to intelligent design, incorporating a surface mounted, reinforced structure which can stop a vehicle if it is used as a battering ram. But if none of that appeals, then there are many landscaping options, including, ditches, bunds and berms.

DefenCell mesh gabion

DefenCell by J&S Franklin, is a lightweight geotextile welded mesh gabion that once filled with locally available materials, can be incorporated into security measures for public places and protection. Filled and stacked, these gabions can be covered and planted, maintaining the aesthetic and environmental considerations of high profile or sensitive locations.

Sadly, people with ‘evil intent’ are a fact of life. Which makes vehicle security barriers a permanent part of our city landscapes. So, whether hidden or in plain sight they will be there be to Protect and Protect again.

Download PDF version

In case you missed it

School security benefits from advanced communication technology
School security benefits from advanced communication technology

With the recent tragic events in Florida, it’s evident that schools require more tools to help ensure their students’ safety. With that, school and municipal officials all over the country are looking for more advanced ways to combat gun violence. While there is no perfect solution for the myriad of threats and emergencies with which our schools are confronted, many have looked to technology to help improve communications before, during and after incidents. For schools across the state of Arkansas; Nassau County, New York; Snohomish County, Washington; New Castel County, Delaware; Limestone County, Alabama and scores of others, the answer was the implementation of technologies that connect school personnel directly with local police, fire and EMS, and designated individuals at the school. Communication tools have proven invaluable when a potential active shooter situation was being discussed on social media Key to these schools’ choice in technology was the recognition that while the most traumatic of threats is the active assailant, any technology investment should be just as effective in handling the more frequent day-to-day incidents. Communication technologies for incident management How have technologies such as mobile panic buttons and anonymous texting helped impact school safety? Here are a few examples: In Limestone County, Alabama, 9-1-1 Director Brandon Wallace led an effort to implement technology tools across the county to help prevent and more quickly notify personnel of possible emergency situations. Communication tools have proven invaluable especially when a potential active shooter situation was being discussed on social media. Advanced technology integration The technology not only connected directly to emergency personnel, but also ensured that school faculty were able to communicate with one another during a potential emergency and account for students. Following the tragic shooting in Newtown, Connecticut, the school superintendent Dr. Joseph V. Erardi, Jr. chose to make communication technology a part of their new safety plan. The integration of advanced technology has given staff and teachers a greater sense of safety with not only active shooter events but also events like medical emergencies that require fast action and a quick response from public safety officials. Trainings ensure that staff and students are prepared for any type of situation and be on the same page in an emergency situation Implementing enhanced safety measures What are some lessons learned from these schools that can be applied to protect students in other areas? Here are some tips for implementing more safety measures into schools: Make sure your solution has a daily use. Unfortunately, many great technologies have sat unused when emergencies struck simply because those involved weren’t familiar with them or were under extreme duress and forgot about them. Training is an obvious necessity, but finding solutions with daily use cases (such as value in medical emergencies) can have a huge impact not only on ROI but also during an incident. Evaluate past incidents. Response during past incidents can always help future plans. Whether incidents have been handled well or have room for improvement, it’s important to continue to develop incident responses. For Limestone County, Alabama, the use of technology in their response plan was first tested during a medical emergency which helped to confirm the continued use within the school. Knowing the ease of use and responsiveness of emergency response tools, the county decided to build upon the technology already in place to help thwart future incidents. Train staff on the newest measures. Snohomish County, Washington holds trainings with teachers and staff, alongside local emergency personnel to prepare for active shooter incidents. Trainings ensure that staff and students can be prepared for any type of situation and be on the same page in the event of an emergency. Especially as new technology is introduced, integrating the tools with staff first will help ensure greater adoption throughout the process. Integrate practice drills. Fire drills are a common part of the school year; why not implement practicing other scenarios which may affect your school? Not only will this help with preparedness but will also highlight any measures that might need to be adjusted. New tools can then be tested to ensure that all staff and students are comfortable in the event they will need to utilise it in the future. Expand those involved in your drills to be those who will actually be involved in an incident. All too often, drills are siloed and don’t include outside agencies. Re-evaluating safety procedures Schools across the country can learn a lot from districts that have implemented and actually used new communications technologies addressing school safety, which are leading the way in how teachers and faculty are preparing to keep students safe. However, it will remain important to re-evaluate safety procedures and integrate technology to help ensure that these steps remain effective. As the tools continue to advance, the available safety measures will only continue to grow.

Artificial intelligence is changing intrusion detection dynamics in the security industry
Artificial intelligence is changing intrusion detection dynamics in the security industry

With the ever-growing availability of video data thanks to the low cost of high-resolution video cameras and storage, artificial intelligence (AI) and deep learning analytics now have become a necessity for the physical security industry, including access control and intrusion detection. Minimising human error and false positives are the key motivations for applying AI technologies in the security industry. What is artificial intelligence? Artificial intelligence is the ability of machines to learn from experience using a multi-layer neural network, which mimics the human brain, in order to recognise items and patterns and make decisions without human interference. The human brain is estimated to have 86 billion neurons; in comparison, the newest Nvidia GPU Volta has 21 billion transistors (the equivalence of a neuron), which offers the performance of hundreds of CPUs for deep learning.AI can learn continuously 24 hours per day every day, constantly acquiring, retaining and improving its knowledge In addition, unlike humans, AI can learn continuously 24 hours per day every day, constantly acquiring, retaining and improving its knowledge. With such enormous processing power, machines using Nvidia GPU and similar chips can now distinguish faces, animals, vehicles, languages, parts of speech, etc. Depending on the required complexity, level of details, acceptable error margin, and learning data quality, AI can learn new objects within as fast as a few seconds using Spiking Neural Network (SNN) to a few weeks using Convolution Neural Network (CNN). While both SNN and CNN offer advantages and drawbacks, they outperform tradition security systems without AI in terms of efficiency and accuracy. According to the research reports of MarketsandMarkets, the market size of perimeter intrusion detection systems is projected to increase from 4.12 billion USD in 2016 to 5.82 billion USD in 2021 at a Compound Annual Growth Rate (CAGR) of 7.1%. Meanwhile, the predicted market of AI in security (both cyber security and physical security) will grow from 3.92 billion USD in 2017 to 34.81 billion USD by 2025, i.e., with an impressive CAGR of 31.38%. Legacy perimeter intrusion detection systems Legacy perimeter intrusion detection systems (PIDSs) are typically set up with the following considerations: Geographical conditions: landscape, flora, fauna, climate (sunrise, sunset, weather conditions, etc.), whether there are undulations in the terrain that would block the field of view of cameras Presence or lack of other layers of physical protection or barriers Integration with other systems in the security network: camera, storage, other defensive lines (door, lock, alarm, etc.) Types of alarm triggers and responses System complexity: intrusion detection with various types of sensors, e.g., microwave sensors, radar sensors, vibration sensors, acoustic sensors, etc. Length of deployment Local regulations: privacy protection, whether the cameras/sensors must be visible/hidden/buried, etc., electromagnetic interferences that may affect other systems such as oil rigs or power plants Human involvement: on-site personnel arrangement, human monitoring, human action in response to alarms AI object detection can easily distinguish different types of people and objects Pain points and benefits of AI The conditions listed above correspond to certain requirements of an intrusion detection systems: minimal false alarm, easy setup and maintenance, easy integration, and stable performance.AI by nature is designed to learn, adapt itself and evolve to work in multiple conditions: it should be integrated with existing video recording systems  Minimal false alarms: False alarms lead to increased cost and inefficiency but are the main problem of PIDSs without AI technology, where animals, trees, shadows, and weather conditions may trigger the sensors. AI object detection can easily distinguish different types of people and objects, e.g., in a region set up to detect people, a car driving by, a cat walking by, or a person’s shadow will not trigger the alarm. Therefore, the amount of false alarms can be reduced by 70% to orders of magnitude. Easy setup and maintenance: Legacy PIDSs without AI must account for terrain, line of sight of cameras, sensor locations; any changes to the system would require manual effort to recalculate such factors and may disturb other components in the system. In contrast, AI PIDSs enable the system administrator to access the entire system or individual cameras from the control room, configure the region and object of interest in the field of view of cameras within minutes, and adjust with ease as often as necessary. Computing knowledge and even specific security training are not required to set up a secured PIDS with AI because AI PIDS is designed to relieve humans from knowing the inner working of machines. Easy integration with complementary technologies: Legacy PIDS without AI relies on physical technology, which are often proprietary and require complete overhaul of systems to function smoothly. On the other hand, AI by nature is designed to learn, adapt itself and evolve to work in multiple conditions, so AI PIDS is easily integrated with existing video recording (camera) and storage (NVR) systems. AI also eliminates the need for physical wireless or fiber-based sensors; instead, it functions based on the videos captured by cameras. Furthermore, AI enables easy and instantaneous combinations of multiple layers of defense, e.g., automatic triggering of door lock, camera movement focusing and access control as soon as a specified object is detected in the region of interest, all set up with a click of a button.  Stable performance and durability: Legacy PIDSs without AI requires complicated setup with multiple components in order to increase detection accuracy. More components mean a higher probability of malfunction in the system, including exposure to damages (e.g., sensors can be destroyed) and delay in detection, while human monitoring is inconsistent due to human fatigue (studies have shown that a person can concentrate in mundane tasks for only up to 20 minutes, and the attention span decreases even more rapidly when humans are faced with multiple items at once, e.g., multiple camera monitoring screens). AI significantly reduces, if not completely eliminates the need for human involvement in the intrusion detection system once it is set up. In addition, AI reduces the risk of system malfunction by simplifying the hardware sensors needed. Minimising human error and false positives are the key motivations for applying AI technologies in the security industry Additional benefits of AI in intrusion detection Artificial Intelligence is undeniably reshaping every business and weaving into every aspect of daily lifeMaximal detection capability: The most advanced AI intrusion detection system today provides an all-in-one solution to distinguish any combination of alarm-triggering criteria beyond perimeter protection. Using AI, the system administrator can configure as many zones with different settings and object of interests as necessary, which include detections for specific colors or attributes (e.g., person not wearing the required uniform or carrying food/drink), numbers and dwell time (e.g., group of more than 5 people loitering), or movements (e.g., cars moving faster than the speed limit). In addition, AI can accurately pinpoint the location of event occurrence by displaying the camera that records the event in near real time, i.e., with few-second delays. Lower security operation cost: By minimising the number of false positives and human involvement while maximising ease of use and stability, AI intrusion detection systems significantly decrease the total cost of ownership. Companies can reduce the large security personnel overhead and cost of complicated and expensive legacy PIDSs systems. McKinsey Global report in June 2017 shows that proactive AI adopters can realize up to 15% increase in profit margin across various industries. Artificial Intelligence is undeniably reshaping every business and weaving into every aspect of daily life. In security, legacy systems are giving way to AI-based systems, and the first enterprises to adopt AI-based systems will soon, if not immediately, benefit from such investment. By Paul Sun, CEO of IronYun, and Mai Truong, Marketing Manager of IronYun

How physical security consultants ensure cybersecurity for end users
How physical security consultants ensure cybersecurity for end users

Cybersecurity talk currently dominates many events in the physical security industry. And it’s about time, given that we are all playing catch-up in a scary cybersecurity environment where threats are constant and constantly evolving. I heard an interesting discussion about cybersecurity recently among consultants attending MercTech4, a conference in Miami hosted by Mercury Security and its OEM partners. The broad-ranging discussion touched on multiple aspects of cybersecurity, including the various roles of end user IT departments, consultants, and integrators. Factors such as training, standardisation and pricing were also addressed as they relate to cybersecurity. Following are some edited excerpts from that discussion.  The role of the IT department Pierre Bourgeix of ESI Convergent: Most enterprises usually have the information technology (IT) department at the table [for physical security discussions], and cybersecurity is a component of IT. The main concern for them is how any security product will impact the network environment. The first thing they will say, is “we have to ensure that there is network segmentation to prevent any potential viruses or threats or breaches from coming in.” The main concern for IT departments is how any security product will impact the network environment”They want to make sure that any devices in the environment are secure. Segmentation is good, but it isn’t an end-all. There is no buffer that can be created; these air gaps don’t exist. Cyber is involved in a defensive matter, in terms of what they have to do to protect that environment. IT is more worried about the infrastructure. The role of consultants and specifiers Phil Santore of DVS, division of Ross & Baruzzini: As consultants and engineers, we work with some major banks. They tell us if you bring a new product to the table, it will take two to three months before they will onboard the product, because they will run it through [cybersecurity testing] in their own IT departments. If it’s a large bank, they have an IT team, and there will never be anything we [as consultants] can tell them that they don’t already know. But we all have clients that are not large; they’re museums, or small corporations, or mom-and-pop shops. They may not be as vulnerable from the international threat, but there are still local things they have to be concerned about. It falls on us as consultants to let them know what their problems are. Their IT departments may not be that savvy. We need to at least make them aware and start there. Wael Lahoud of Goldmark Security Consulting: We are seeing more and more organisations having cybersecurity programs in place, at different maturity levels. At the procurement stage, we as consultants must select and specify products that have technology to enable cybersecurity, and not choose products that are outdated or incompatible with cybersecurity controls. We also see, from an access control perspective, a need to address weaknesses in databases. Specifying and having integrators that can harden the databases, not just the network itself, can help. The impact of physical security products on the network environment was a dominant topic at the MercTech4 consultants roundtable discussion The need for standards on cybersecurity Jim Elder of Secured Design: I’d like to know what standards we as specifiers can invoke that will help us ensure that the integrator of record has the credentials, knows what standards apply, and knows how to make sure those standards are maintained in the system. I’m a generalist, and cybersecurity scares the hell out of me.We’re not just talking about access to cameras, we are talking about access to the corporate network and all the bad things that can happen with that. My emphasis would be on standards and compliance with standards in the equipment and technology that is used, and the way it is put in. It can be easier for me, looking at some key points, to be able to determine if the system has been installed in accordance. We are seeing more and more organisations having cybersecurity programs in place, at different maturity levels"I’m taking the position of the enforcement officer, rather than the dictator. It would be much better if there were focused standards that I could put into the specification— I know there are some – that would dictate the processes, not just of manufacturing, but of installation of the product, and the tests you should run accordingly. Pierre Bourgeix: With the Security Industry Association (SIA), we are working right now on a standard that includes analysed scoring on the IT and physical side to identify a technology score, a compliance score, a methodology, and best-of-breed recommendation. Vendor validation would be used to ensure they follow the same process. We have created the model, and we will see what we can do to make it work. Terry Robinette of Sextant: If a standard can be written and it’s a reasonable process, I like the idea of the equipment meeting some standardised format or be able to show that it can withstand the same type of cyber-attack a network switch can withstand. We may not be reinventing the wheel. IT is the most standardised industry you will ever see, and security is the least standardised. But they’re merging. And that will drive standardisation. Jim Elder: I look to Underwriters Laboratory (UL) for a lot of standards. Does the product get that label? I am interested in being able to look at a box on the wall and say, “That meets the standard.” Or some kind of list with check-boxes; if all the boxes are checked I can walk out and know I have good cybersecurity threat management. IT is the most standardised industry you will ever see, and security is the least standardised" The role of training Phil Santore: Before you do any cybersecurity training, you would need to set the level of cybersecurity you are trying to achieve. There are multiple levels from zero to a completely closed network. Wael Lahoud: From an integrator’s perspective, cybersecurity training by the manufacturer of product features would be the place to start – understanding how to partner the database, and the encryption features. We see integrators that know these features are available – they tick the boxes – but they don’t understand what they mean. Cybersecurity is a complex topic, and the risk aspects and maturity levels vary by organisation. That would be a good starting point. The role of integrators Wael Lahoud: Integrators like convenience; less time means more money. So, we see some integrators cut corners. I think it is our role (as consultants) to make sure corners are not cut. If you rely solely on integrators, it will always be the weak password, the bypass. We have seen it from small projects to large government installations. It’s the same again and again. Even having an internal standard within an organisation, there may be no one overseeing that and double-checking. Tools will help, but we are not there at this point. I will leave it up to manufacturers to provide the tools to make it easy for consultants to check, and easier for integrators to use the controls. Cybersecurity is a complex topic, and the risk aspects and maturity levels vary by organisation - so training is very important The impact of pricing Pierre Bourgeix: The race to the cheapest price is a big problem. We have well-intended designs and assessments that define best-of-breed and evaluate what would be necessary to do what the client needs. But once we get to the final point of that being implemented, the customer typically goes to the lowest price – the lowest bidder. That’s the biggest issue. You get what you pay for at the end of the day. With standards, we are trying to get to the point that people realise that not all products are made the same, not all integrators do the same work. We hope that through education of the end user, they can realise that if they change the design, they have to accept the liability.It’s not just the product that’s the weakest link, it’s the whole process from design to securing that product and launching it" The big picture Wael Lahoud: The Windows platform has a lot of vulnerabilities, but we’re still using it, even in banks. So, it’s not just the product that’s the weakest link, it’s the whole process from design to securing that product and launching it. That’s where the cybersecurity program comes into play. There are many vulnerable products in the market, and it’s up to professionals to properly secure these products and to design systems and reduce the risk. Pierre Bourgeix: The access port to get to data is what hackers are looking for. The weakest link is where they go. They want to penetrate through access control to get to databases. The golden ring is the data source, so they can get credentialing, so they can gain access to your active directory, which then gives them permissions to get into your “admin.” Once we get into “admin,” we get to the source of the information. It has nothing to do with gaining access to a door, it has everything to do with data. And that’s happening all the time.