Cyber security

From satellite imagery to street views to indoor mapping, technology has disrupted our past world. This has left us dependent upon new ways to visualise large spaces. This new world has brought many benefits and risks. But what does that mean for the security professional or facility manager today and what technologies can be used to secure buildings and improve facility operations? A brief history of 3D technology Starting May 5, 2007 (inception 2001), Google rolled out Google Street View to augment Google Maps and Google Earth; documenting some of the most remote places on earth using a mix of sensors (Lidar/GSP/Radar/Imagery). The mission to map the world moved indoors May 2011 with Google Business Photos mapping indoor spaces with low cost 360° cameras under the Trusted Photographer program. In the earlier days, 3D scanning required a high level of specialisation, expensive hardware and unavailable computing power With the growth of 3D laser scanning from 2007 onwards, the professional world embraced scanning as effective method to create digitised building information modelling (BIM), growing fast since 2007. BIM from scanning brought tremendous control, time and cost savings through the design and construction process, where As-Built documentation offered an incredible way to manage large existing facilities while reducing costly site visits. In the earlier days, 3D scanning required a high level of specialisation, expensive hardware, unavailable computing power and knowledge of architectural software. Innovation during the past 8 year, have driven ease of use and lower pricing to encourage market adoption. Major investments in UAVs in 2014 and the commercial emergence of 360° photography began a new wave of adoption. While 3D scanners still range from $20K – $100K USD, UAVs can be purchased for under $1K USD and 360° cameras for as low as $100. UAVs and 360° cameras also offer a way to document large spaces in a fraction of the time of terrestrial laser scanners with very little technical knowledge.  Access to building plans, satellite imagery, Google Street View, indoor virtual tours and aerial drone reconnaissance prove effective tools to bad actors The result over the past 10+ years of technology advancement has been a faster, lower cost, more accessible way to create virtual spaces. However, the technology advances carry a major risk of misuse by bad actors at the same time. What was once reserved to military personal is now available publicly. Access to building plans, satellite imagery, Google Street View, indoor virtual tours and aerial drone reconnaissance prove effective tools to bad actors. Al Qaeda terror threats using Google Maps, 2007 UK troops hit by terrorists in Basra, 2008 Mumbai India attacks, 2016 Pakistan Pathankot airbase attacks, ISIS attacks in Syria using UAVs, well-planned US school shootings and high casualty attacks show evidence that bad actors frequently leverage these mapping technologies to plan their attacks. The weaponization of UAVs is of particular concern to the Department of Homeland Security: "We continue to face one of the most challenging threat environments since 9/11, as foreign terrorist organisations exploit the internet to inspire, enable or direct individuals already here in the homeland to commit terrorist acts."   Example comparison of reality capture on the left of BIM on the right. A $250 USD 360° camera was used for the capture in VisualPlan.net software What does this mean for the security or facility manager today? An often overlooked, but critical vulnerability to security and facility managers is relying on inaccurate drawing. Most facilities managers today work with outdated 2D plan diagrams or old blueprints which are difficult to update and share.Critical vulnerability to security and facility managers is relying on inaccurate drawing Renovations, design changes and office layout changes leave facility managers with the wrong information, and even worse is that the wrong information is shared with outside consultants who plan major projects around outdated or wrong plans. This leads to costly mistakes and increased timelines on facility projects.  Example benefits of BIM There could be evidence of a suspect water value leak which using BIM could be located and then identified in the model without physical inspection; listing a part number, model, size and manufacture. Identification of vulnerabilities can dramatically help during a building emergency. First Responders rely on facilities managers to keep them updated on building plans and they must have immediate access to important building information in the event of a critical incident. Exits and entrances, suppression equipment, access control, ventilation systems, gas and explosives, hazmat, water systems, survival equipment and many other details must be at their fingertips. In an emergency situation this can be a matter of life or death. Example benefit of reality capture First Responders rely on facilities managers to keep them updated on building plans A simple 360° walk-through can help first responders with incident preparedness if shared by the facility manager. Police, fire and EMS can visually walk the building, locating all critical features they will need knowledge of in an emergency without ever visiting the building. You don’t require construction accuracy for this type of visual sharing. This is a solution and service we offer as a company today. Reality capture is rapidly becoming the benchmark for facility documentation and the basis from which a security plan can be built. Given the appropriate software, plans can be easily updated and shared.  They can be used for design and implementation of equipment, training of personnel and virtual audits of systems or security assessments by outside professionals. Our brains process visual information thousands of times faster than text. Not only that, we are much more likely to remember it once we do see it. Reality capture can help reduce the need for physical inspections, walk-throughs and vendor site-visits but more importantly, it provides a way to visually communicate far more effectively and accurately than before. But be careful with this information. You must prevent critical information falling into the hands of bad actors. You must watch out for bad actors attempting to use reality capture as a threat, especially photo/video/drones or digital information and plans that are posted publicly. Have a security protocol to prevent and confront individuals taking photos or video on property or flying suspect drones near your facility and report to the authorities. Require authorisation before capturing building information and understand what the information will be used for and by who.There are a number of technologies to combat nefarious use of UAVs today Nefarious use of UAVs There are a number of technologies to combat nefarious use of UAVs today, such as radio frequency blockers and jammers, drone guns to down UAVs, detection or monitoring systems. Other biometrics technologies like facial recognition are being employed to counter the risk from UAVs by targeting the potential operators. UAVs are being used to spy and monitor for corporate espionage and stealing intellectual property. They are also used for monitoring security patrols for the purpose of burglary. UAVs have been used for transport and delivery of dangerous goods, delivering weapons and contraband and have the ability to be weaponised to carry a payload.Investigating reality capture to help with accurate planning and visualisation of facilities is well worth the time The Federal Aviation Administration has prevented UAV flights over large event stadiums, prisons and coast guard bases based on the risks they could potentially pose, but waivers do exist. Be aware that it is illegal today to use most of these technologies and downing a UAV, if you are not Department of Justice or Homeland Security, could carry hefty penalties. Facility managers must have a way to survey and monitor their buildings for threats and report suspicious UAV behaviours immediately to authorities. At the same time, it’s critical to identify various potential risks to your wider team to ensure awareness and reporting is handled effectively. Having a procedure on how identify and report is important. Investigating reality capture to help with accurate planning and visualisation of facilities is well worth the time. It can help better secure your facilities while increasing efficiencies of building operations. Reality capture can also help collaboration with first responders and outside professionals without ever having to step a foot in the door. But secure your data and have a plan for bad actors who will try to use the same technologies for nefarious goals.

The Boring Labs announces its Boring Toolbox, a series of functional tools that help enterprises and integrators more efficiently manage medium-to-large distributed video surveillance/security networks using Milestone XProtect Express+, XProtect Professional+, XProtect Expert and XProtect Corporate. Initial tools include hardware/device name, password and device-group management that reduce the time spent on these manual functions by up to 97%. “While working as a leading Milestone integrator, we found that our customers regularly ignored cybersecurity compliance recommendations for passwords because of XProtect’s inability to change passwords in bulk. Tasks such as camera grouping were arduous and manual and could take system administrators hours or days to complete,” said Ronen Isaac, CEO of The Boring Lab. “We’ve created The Boring Toolbox to make managing Milestone XProtect installations easier and less boring.” Allows bulk camera password changes in Milestone to comply with modern IT cybersecurity policiesImproving application speed The Boring Lab’s newly developed application programming interface (API) is optimised to work with the Milestone software development kit (SDK) to improve application speed and user experience for greater performance and flexibility. Initial functions include: Password Management: Allows bulk camera password changes in Milestone to comply with modern IT cybersecurity policies—showing a reduction from 67 hours of labour for a thousand camera system down to just 20 minutes and 10 clicks. Passwords can also be simultaneously synchronised to Axis cameras, speakers and other devices. Device Group Management: Allows for the automatic grouping of cameras based on models, firmware or recording server storage configuration. Trials show that The Boring Toolbox reduces task time by 97%. Hardware & Device Name Management: Renames hardware and devices in bulk—potentially reducing task time by over 90%. Reporting Function: Quickly exports filterable Excel spreadsheets with information such as point-in-time camera snap shots, recording server hardware type, network information and video stream for at-a-glance system audits that will ensure system compliance to customer or company standards. Managing medium-to-large XProtect systems “The Boring Toolbox is a really exciting verified Milestone Technology Partner product that fine-tunes the operational side of managing medium-to-large XProtect systems,” said Jeremy Scott, Strategic Alliances Program Manager - Americas, Milestone Systems. “With The Boring Toolbox, our customers and system integrators can see an exponential decrease in time spent on management functions. We look forward to seeing more features added by the team at The Boring Lab.”

Pivot3, global provider of security, Internet of Things (IoT) and hybrid cloud infrastructure solutions, has announced the introduction of the Pivot3 Architect and Engineer (A&E) Program. This initiative will provide architects, engineers and consultants with the resources and support needed to make intelligent decisions when specifying infrastructure platforms at the core of enterprise-class IoT, video surveillance and security solutions for their clients. Pivot3 A&E Program The Pivot3 A&E Program is intended to help specifiers and their clients address the complexities of planning, designing, deploying and managing compute and storage infrastructure for today’s sophisticated security applications including video surveillance, analytics, access control, building management and all other integrated systems. Pivot3 understands the specific needs of both the security and IT markets" A&E firms will gain access to a wide variety of resources that can be used to facilitate projects based on Pivot3's high-performance, ultra-dense, highly resilient solutions that reduce risk, eliminate downtime and data loss, and simplify scale and management. With Pivot3, A&E firms can specify one common infrastructure to consolidate multiple applications and solutions — all manageable through a single pane of glass. Advanced tools and support “Pivot3’s A&E program seeks to provide the advanced tools and enhanced support necessary to specify infrastructure solutions that serve as the backbone of intelligent environments,” said Ray Bernard, president and principal consultant, Ray Bernard Consulting Services. “Pivot3 understands the specific needs of both the security and IT markets, as well as the design and deployment challenges in each domain." "The company has the in-depth deployment experience needed in both to effectively support system designers and specifiers in all stages of design and deployment work. The team also understands the client perspectives and issues, and the IT-physical security collaboration dynamics. This new program demonstrates Pivot3’s commitment to helping system designers access the expertise and tools needed to design enterprise-class, IT-proven solutions.” Pivot3 A&E Program members will have access to:  Document development and review assistance with specifications, proposals, and commissioning and acceptance plans. A&E resources including CSI MasterFormat 2018 specification documents, 3D BIM Modules for AutoDesk Revit, MS Visio stencils and templates, and CAD drawings. Solution development and design support including review of system architecture, sizing and workload/throughput calculations, and application validation. Dedicated A&E support contact and local support from Pivot3’s Solution Architects and Regional Sales Directors. Design guides, best practices and white papers. Training, webinars and newsletters. Mission-critical infrastructure solutions “The availability of dedicated Pivot3 contacts and resources will help the A&E community consider, design and ultimately, deliver infrastructure solutions that ensure the performance resiliency, and scalability that their customers’ mission-critical environments demand,” said Mike Maddox, director of A&E programs, Pivot3. “The Pivot3 A&E Program will provide the tools, insight and support necessary to achieve the successful design of enterprise-grade, IT-ready infrastructure solutions for a variety of applications and markets.”

BeyondTrust, the pioneer in privilege-centric security, announced that the company has been named as McAfee’s Security Innovation Alliance (SIA) Partner of the Year winner. This news comes on the heels of last year’s award as Runner Up for McAfee’s SIA Most Innovative Partner of the Year. The award was announced at the McAfee MPOWER Cybersecurity Summit in Las Vegas on October 16. “We’re honoured to be recognised for our continued work with the Security Innovation Alliance for the benefit of our joint customers,” said Morey Haber, Chief Technology Officer at BeyondTrust. “This award is a testament to the success our joint customers are experiencing as we reduce complexity and make it easier for organisations to control privileged accounts and mitigate potential endpoint threats.” Resolving threats faster The McAfee SIA program provides customers with integrated security solutions that enable them to resolve more threats fasterThe McAfee SIA program provides customers with integrated security solutions that enable them to resolve more threats faster with fewer resources. Partners are screened for innovation, strategic value, and market leadership in their respective market segments that complement the McAfee solution portfolio. “BeyondTrust was selected as our Most Valuable Partner of the Year based on the review of more than 150 SIA partners and their multiple integrations and engagement with McAfee,” said D.J Long, vice president, strategic business development at McAfee. “BeyondTrust took top honours because of their ability to seamlessly integrate and provide management solutions that allow users to better understand and take actions against privilege-based risks.” Enabling customers to protect endpoints The certified integration between BeyondTrust’s Avecto DefendPoint solution and McAfee ePO enables customers to protect endpointsThe certified integration between PowerBroker Password Safe and McAfee ePolicy Orchestrator (ePO) provides a flexible and convenient way to manage privileged passwords and privileged sessions through the McAfee ePO console. In addition, the certified integration between BeyondTrust’s Avecto DefendPoint solution and McAfee ePO enables customers to protect endpoints and implement least privilege policy across any organisation – all through the centralised ePO platform. In addition, BeyondTrust also integrates with McAfee Enterprise Security Manager (ESM) and McAfee DXL to provide a real-time view of potential security threats and speed customers’ ability to proactively respond to these threats.

Ping Identity, the pioneer in Identity Defined Security, announced that its Ping Intelligent Identity Platform powers the engine behind HP Identity (HP ID), an enterprise-wide unified identity management ecosystem. The HP ID initiative is designed to up level customer and partner experiences by providing them with a single identity across all of their HP applications, whether in the cloud or on-premises.  With a focus on driving customer experiences, HP selected the Ping Identity platform deployed in Amazon Web Services (AWS). This achieved its goal of instituting a single and highly secure identity and access management (IAM) platform across its entire global customer and partner-facing platform. Single sign-on for 150 million customers Ping’s customer IAM platform provides performance and scalability that can keep pace with HP’s continued innovation and growth"The HP ID platform is used by more than 100 business applications and enables single sign-on for over 150 million customer and partner identities across the world, plus thousands more being added each day. Before HP ID, the company was managing more than a dozen separate legacy IAM and authentication systems. User identities were previously housed across disparate data silos, creating a disjointed customer experience. Reinventing customer experiences HP Product Manager Jared Meier sums up the success of HP ID, “Ping’s customer IAM platform provides performance and scalability that can keep pace with HP’s continued innovation and growth. Now, customers have a seamless experience when they authenticate across our digital properties.” “Ping and HP share a common vision of innovation, great customer experiences and technology that makes life better for everyone, everywhere,” added Andre Durand, CEO, Ping Identity. “We’re proud to support HP in reinventing customer experiences through identity.”

Premier League football club Everton FC has deployed SureCloud’s GDPR suite to manage and monitor its data and GDPR compliance, enabling the club to work towards GDPR compliance, optimise internal processes and position it strategically for the future. The solution replaced Everton FC’s manual data mapping and processing methods. Manual data mapping and processing Everton FC’s databases are extensive, containing details on over 32,000 season ticket holders and over 600,000 registered fans, with details on around 360 employees, players, agents, suppliers, and individuals associated with the club’s community charity and partner school. Much of this information is sensitive. This data and all of the processes associated with it were being manually managed and tracked in a series of Excel spreadsheets. With multiple requests and queries to respond to every day, the club’s Data Protection Officer was struggling to record and manage smaller ad hoc queries, incidents, and tasks. With GDPR due to place much tighter restrictions on how the club processed, managed and shared its data – as well as on the reporting of any incidents that did occur – the club needed a more comprehensive and reliable tool in place before 25th May 2018. SureCloud platform The club approached its long-standing IT support provider NCC to find a solution. NCC recommended the SureCloud GDPR Suite, delivered on the SureCloud platform. After SureCloud had successfully demonstrated the ability to provide full visibility for management and automation of GDPR processes across the organisation, Everton FC selected its cloud-based suite of solutions. Two dashboards were created according to Everton FC’s specific needs Two dashboards were created according to Everton FC’s specific needs: one to show all data mapping and transfers, including where data is being held and who it is being shared with; and one showing incidents and requests, including a subject request register and incident tracker path. This gives an immediate overview of which requests are still outstanding, such as a request for an individual’s personal information to be erased from the database. SureCloud GDPR Suite The five applications Everton FC chose to deploy from the SureCloud GDPR Suite were: GDPR Program Tracker - to enable the club to map all its disparate data and workflows using intelligent risk-based questions GDPR Management – to provide all mandatory GDPR business-as-usual processes Information Asset Management - to record and maintain the club’s entire data inventory Compliance Management for GDPR - to help Everton FC speed up their process of attaining compliance and on-going real-time risk remediation Incident Management for GDPR – to meet the GDPR requirement to log, track and notify the ICO of any data breaches, should an incident arise Ian Garratt, Data Protection Officer at Everton FC said: “The penalties for not achieving GDPR compliance are severe – up to 4% of our revenues, or €20 million. It was imperative that we got a solution in place that could not only help us achieve GDPR compliance but would also make it quick and easy for us to demonstrate that compliance at any point, on request. SureCloud’s GDPR Suite fit the bill.” Centralised data management Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralised system “We are now tracking and recording every single data request in a centralised way. With NCC’s support, SureCloud’s solution has brought a comprehensive clarity to our data processing that was impossible to achieve with manual spreadsheets. The system is so intuitive; it has helped us streamline multiple processes and undertake impact assessments that we couldn’t handle before.” Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralised system. All changes and requests are automatically tracked so that activity records and data audits can be produced at the click of a button. Should an incident like a suspected data breach occur, it is identified and reported immediately and automatically. The club’s data protection team can select which asset has been affected and immediately determine the severity of the incident and whether it needs to be reported to the ICO. Should it need to be escalated, the report is available instantly. Data processing, documentation and risk management Ian Garratt added: “The SureCloud GDPR Suite isn’t just a compliance tool; it’s a comprehensive management tool. We now have a continuous, real-time status of where we are and what we need to be doing in terms of data processing, documentation and risk management. It would have simply been impossible to achieve this manually. SureCloud has not only helped us to work towards GDPR compliance they have optimised our internal processes and positioned us strategically for the future.” In addition to deploying five applications within the GDPR suite, SureCloud is currently adapting its Incident Assessment tool to meet Everton FC’s specific requirements.

Living in the era of global village, everything is rapid change. To keep up with the pace, the large-scale enterprises need to take every movement of branches in control, ensuring every policy has delivered well. HQ-Branch management, including central control, alarm synchronisation, data retention and protection is becoming a great important challenge to enterprises nowadays. Without integrating lots of systems and management tools, Surveon HQ-Branch security solutions provide VMS with easy remote deployment, advanced VA for alerts and post events search, storage with large capacities for 365-day recording, and local /remote replication through NAS or ISCSI, supporting headquarters (HQ) to easily manage all branches. Surveon Control Center and Enterprise NVRs Surveon Control Center provides enterprises with an easy remote deploymentUnlimited number of cameras, users, NVRs, and monitors are supported in one domain architecture, Surveon Control Center (SCC), which provides enterprises with an easy remote deployment. Its monitor wall can be set up with any combination of camera views, making HQ can be easier awarded every branch's movements. Surveon NVR embedded 12 Video Analytics which can identify and initiate alerts for various user-defined events, offering effective monitoring, detections, alerts, and responses to events for enterprises. For example, intrusion detection can prevent uninvited people from entering the sensitive areas. Moreover, the advanced Post VA Search provides enterprises an efficient tool to quickly identify useful information and relative footage from hundreds of hours of video recording, reducing the time and efforts of HQ security manager, making HQ-branch surveillance system more efficient. Data retention and storage Surveon Enterprise NVRs provide large capacities for 365-day non-stopping recordingThe data retention of recorded videos and the system which can support hundreds of camera records are of great importance to the planning of enterprise surveillance. Surveon Enterprise NVRs provide large capacities for 365-day non-stopping recording, fulfilling the long-time storage requirements from enterprises. Surveon NVR supports remote replication through NAS or ISCSI. Enterprise can keep 1st copy in local branch and 2nd copy in remote HQ. If the source data fails due to system malfunctions or disasters, enterprise can leverage the remote copy to restart services in a few minutes. Software integration Agribank, the largest commercial bank in Vietnam, and House Green, a home improvement retail chain in Taiwan, has adopted Surveon HQ-branch solutions. “Different from PC-based NVR solutions, Surveon adopts a system design fully customised for surveillance applications. This offers higher value for SIs, including advanced levels of integration and stability.” said the Sales Director of Surveon partner in Vietnam.

Hoverfly Technologies Inc., global supplier of tether-powered aerial drone systems, is pleased to announce it has engaged retired Deputy Chief of Los Angeles Police Department Mike Hillmann to consult and provide expertise to Hoverfly and public safety officials of cities, counties and special law enforcement agencies who are considering the use of Small Unmanned Aerial Systems (sUAS) to assist in keeping their cities safe. Small Unmanned Aerial Systems (sUAS) When incidents and/or events happen, having ‘real-time, situational awareness’ from above the scene is critical to managing risk and upholding public safety “With 24-hour news cycles, a never-ending stream of social media posts, mid-term elections and potential threats to the public at large, getting fast, accurate situational awareness from the air during an incident has never been more important when it comes to keeping the public safe. We are thrilled to have Chief Hillmann advising on use cases and how best to implement and integrate this new technology,” says Hoverfly SVP of Systems, Lew Pincus.  When incidents and/or events happen, having ‘real-time, situational awareness’ from above the scene is critical to managing risk and upholding public safety and the safety of those who serve our communities. Aerial/Drone surveillance He adds, “We typically have relied on manned aircraft to provide aerial coverage over a variety of incidents. On occasion, those assets have not always been available, deemed too disruptive or too expensive to deploy in certain situations where an aerial view clearly could have helped an incident commander better understand the situation. Deploying small tether-powered, highly portable, unobtrusive persistent cameras positioned high above the scene can now be used as either a standalone capability or integrated system with existing networks, security infrastructure and even manned aircraft.” Hoverfly tether-powered sUAV (Small Unmanned Aerial Vehicles) systems solve short battery-life problems associated with free-flying drones Today, Mr. Hillmann is helping chiefs of police, local city and county officials and other public safety personnel understand how Hoverfly’s tether-powered LiveSky systems can be deployed from police or EMS vehicles providing incident commanders with actionable intelligence from high above the scene within minutes of arrival. “Tactically, having the ability to stay in the air monitoring the situation from above for hours, days, even weeks at a time represents an amazing capability we never had before. During my career, I can think of hundreds of situations where having a drone in the air to provide real-time intelligence, surveillance and reconnaissance would have helped keep my officers and the community much safer. It’s a force multiplier that should be exploited by public safety,” says Hillmann. Hoverfly’s LiveSky systems Hoverfly tether-powered sUAV (Small Unmanned Aerial Vehicles) systems solve short battery-life problems associated with free-flying drones because they operate using a standard 120VAC power source or vehicle inverter. The power, command and control information and video are transmitted over the tether making the entire system completely secure from jamming, hacking or spoofing, ensuring the privacy of the data and improving safety. Perhaps the biggest benefit of Hoverfly systems is they are autonomous and require no piloting skills. The CEO of Hoverfly likes to say, “if you can operate an elevator, you can operate our LiveSky system.” 

Hospitality businesses work to provide a safe and pleasant customer experience for their guests. Hotels offer a “home away from home” for millions of guests every day around the world. These are businesses of many sizes and types, providing services ranging from luxury accommodations to simple lodging for business travelers to family vacation experiences. Hospitality businesses also include restaurants, bars, movie theaters and other venues. Security needs are varied and require technologies that span a wide spectrum. We asked this week’s Expert Panel Roundtable: What are the security challenges of the hospitality market?

Finding the exact right technology to solve an end user’s problem is challenging, but the rewards are great when an integrator gets it right. A wide range of available product types, price levels and added features increases the likelihood of identifying a technology to solve any problem. But with so many technology and product choices in the marketplace, identifying that one solution can be akin to finding a needle in a haystack. We wondered whether a vast range of product choices is always a good thing. We asked this week’s Expert Panel Roundtable: Are security integrators and end users overwhelmed by “too many choices” related to security equipment and systems? How can they make sense of it all?

Consolidation – a decrease in the number of companies in a market achieved through mergers and acquisitions (M&A) – has been an important trend among manufacturers in the physical security market for many years. More recently, the trend has also appeared to extend to the integrator market. Larger integrators have been buying up other large integrators; in some cases, they have also been buying up smaller, regional integrators to expand their geographic coverage area. We wondered if this week’s Expert Panel Roundtable has noticed the trend. We asked: Has consolidation among security companies shifted to the integrator/installer market? What is the impact?