Kevin Brownell

Kevin Brownell, principal physical security consultant at PTS Consulting Group, considers convergence of IT networks and physical security. He argues that current best practice shows that they no longer need to be separate disciplines and reassures installers that their diversity has been exaggerated. Brownell describes experiences of working with IT managers who no longer see networked CCTV and access control as ‘black arts’ and are buying into the idea of IP security as an integral part of truly ‘intelligent’ buildings. But optimism is tempered by the warning that our thinking needs to be truly ‘joined up’ if we are to avoid the elementary errors he has observed out in the field. Convergence is now delivering on its promises in the manner that users and integrators have hoped for since the original concepts came into the public domain Anybody observing how major security programmes are currently being implemented will have noted that many are appearing on the planning table from unconventional sources and are frequently bundled with IT. The corporate network has become not only a pervasive platform but also the starting point for security projects. Traditional CCTV systems with dedicated cabling in two or three different formats are coming close to extinction. Equally, you’re now unlikely to hear network managers dismiss IP-based CCTV with the familiar cry: “Not on my bandwidth you’re not!’ But that does not mean we have reached a utopia (promised by certain manufacturers) of all security systems operating on a single seamless network. The changes are even more far-reaching in terms of the hardware at the heart of the security systems – the servers. Clients are realising that the cost of owning and supporting their own dedicated hardware far exceed the cost of moving to a virtualised environment. The corporate network has become not only a pervasive platform but also the starting point for security projects Server virtualisation for multi-site systems is making geography an irrelevance; if one of my clients deems that I am a legitimate visitor to any of its offices in Europe then a centralised access control server – possibly in a different continent – need only be informed once of my access rights. What sounded far-fetched a couple of years ago is now the norm and the default question is: “Why would you not opt for such a solution?” Convergence is now delivering on its promises in the manner that users and integrators have hoped for since the original concepts came into the public domain. The IT network began as a dedicated structure in a facility. From this base position we have seen telephones, HVAC, fire systems, access control and more recently CCTV moving onto the network. Each discipline that has migrated to the network has come with problems of evolution but it is now safe to say that if a new building were unveiled featuring separate networks for each type of subsystem it would be viewed with incredulity followed quickly by derision. Facilities managers will not tolerate the disruption caused by separate cabling and multiple contractors; active Ethernet has become a default choice with a single installation process. This is not only true of new-build projects but is often the only viable approach for engineers working within the strictures imposed by listed buildings. New bedfellows Clients are realising that the cost of owning and supporting their own dedicated hardware far exceed the cost of moving to a virtualised environment We all have new partners with whom we must engage. Information technology, structural architects, network architects, physical security specialists, cyber security specialists, AV consultants, structured cabling providers, facilities management and human resources now have to balance what may be conflicting agendas and competing demands on space by pulling together. In-house IT and security resources must also show the self-awareness to consider using external sources of everyday support in addition to consultants dealing with conceptual issues. The key to successful convergence is to ensure that the widest possible range of stakeholders begin talking to each other around planning tables at an early stage and that significant individuals in the planning process begin to define technical strategy in line with threat vulnerability and risk assessments (TVRAs) carried out by security consultants. You don’t have to be Nostradamus to predict that altering systems at the delivery stage will be difficult and costly. Most major corporates use their networks to ensure scalability and built-in flexibility for the future in terms of both cyber and physical security. Short-sightedness is rare though many will have read recently about the New York merchant bank that was installing access control turnstiles as an afterthought while staff were arriving for their first morning’s work. It was an object lesson in the price of failure to invest time and resources in effective communication between clients and security integrators, and an abject illustration that there had been no security master plan. Assume nothing Building flexibility into corporate networks so that physical and IT security providers can continue to both optimise and safeguard the working environment is vital Physical security consultants should not assume – however logical the requirement might seem – that their needs will get picked up by others in the design process. Where we put security equipment is seldom where IT engineers might imagine: we seldom want networking points under desks and tend to use risers and other unexpected locations above the ceiling. New ways of working always filter throughout the security disciplines and access control manufacturers are reporting that the current breed of intelligent building requires functioning access control earlier in the construction process than has been the norm. Similarly, if structured PoE cabling is to take multiple services, it must be fitted earlier. Country cousins Physical security has flourished in the age of distributed control systems and can take a share of the credit for the emergence of the truly intelligent building. IT managers realise this and are now less likely to treat security contractors as technically backward poor relations. Industry forums such as ONVIF and the PSIA, the British Security Industry Association (BSIA) and an active trade press all deserve credit for having ensured that physical security is treated seriously at board level such that IT directors are proving wise enough to work constructively with it. We should congratulate these bodies on having ensured that convergence of physical security with IT has never been a Wild West, and a new language has evolved. Drivers for change What have been the other drivers for change? The improved performance of IP CCTV cameras and the advent of video analytics (sometimes known as intelligent scene analysis) have contributed to ‘Big Data’ mining. Manufacturing advances in IP-addressable access control have made it an obvious hub for third-party integration and allowed it to combine effectively with visitor management software which had previously been the province of facilities management and IT. The safety advantages of integrating visitor management with access control in the event of a need for fire mustering are obvious. The demonstrable effectiveness of biometric identification in government security spheres has been another catalyst that has prompted take-up in the private sector where databases of biometric data (facial, fingerprint and iris recognition) are used not necessarily to solve and prevent crime but primarily for access control. The distinctions between IT and physical security are becoming imperceptible. Anybody reading this article in an office might like to consider what use they have made in the last hour of room booking, cashless vending, ‘follow me’ printing, RFID lockers, ‘hot desking’ and smart cards. They may also like to reflect that it is almost certain that had they not identified themselves to an access control device they would have been unlikely to have been able to log into a computer network and be benefiting from these services. Building flexibility into corporate networks so that physical and IT security providers can continue to both optimise and safeguard the working environment is vital. Audience perception Paradoxically, one of the biggest drivers for change has been people, and notably young staff members who have pragmatic, fearless attitudes to technology. Consultants who have had careers based on a single discipline are considering staff demographics as they implement new technology. They frequently observe that young audiences come to work with their own smart devices, are willing to get stuck in and simply expect things to work. Notably, they want previously disparate devices to connect via a network if they know this is the logical approach. Of course not everybody is 21 years old and confident with technology. A consultant’s training strategy must cater for the whole work force and should prove sustainable over what may be a lengthy period of change. Staff should feel that the support they receive is evolving with the cycle of innovation and at no time should they think they are being neglected. This is vital at the end of the process and training materials should give employees a final momentum to continue and even experiment: the consultant should always ‘close with grace’. When is an IP device not ‘just an IP device’? As attitudes among young staff are changing, a new breed of engineer is also emerging, possibly taking their cue from the telephony sector. A phone on your office desk used to be the result of quite a complicated installation process. With the advent of the pervasive network, a telephone simply needed to be plugged in and it would find an IP address. The distinctions between a phone, a printer or a PC became minimal. The same might be said for an access control reader. But what of an IP-enabled CCTV camera? A network engineer can assign it an IP address but can they produce a usable picture? Is the camera pointing in the right direction? Is it focused? Does the engineer understand the concepts of wide dynamic range (WDR), frame rate adjustment and the focus shift between white and IR light? These are issues that cannot be solved by just a structured cabling and treating the camera as just one more IP device. A few provisos Fortunately, cameras are an anomaly possibly because the optics surrounding them have not changed since the days of Gallileo. The likelihood is that both the traditional security installer and the new breed of network engineer will both ‘skill up’ to fill their knowledge gaps in building subsystems. The brave new world of interconnectivity really is as achievable as IT industry commentators are suggesting but a few warning notes need to be sounded on the ‘help yourself’ option of DHCP as opposed to fixed IP addresses. Just as with the New York bank, major installers in London will be aware of the recent meltdown of a transport hub when, after a power cut, 200 doors in an IP access control system simply indulged themselves in a free-for-all and assigned themselves new identities. I give these examples to show that my optimism is tempered by realism and that the increasing convergence of physical security with IT is not without some case studies that should make us pause and reflect. But multiple infrastructures can be, and are being, replaced with single holistic environments across every industry type with benefits in terms of ergonomics, safety, security and profitability.