Sunday, April 15, 2018


THE EVOLUTION OF RISK MANAGEMENT,
WAS DARWIN RIGHT?



In the Theory of Evolution, Darwin suggests that evolution is about survival of the fittest.  Was he right?  While he was talking about the natural world, his theory also applies to the security business.

In order to survive in today’s world businesses must adapt to their environments.  The threats that were around twenty years ago have changed.  They’ve become more sophisticated and must be adapted to.  What worked before won’t necessarily work in today’s world.  Not only have threats scenarios evolved but with the increase in technologies so have a new variety of threats come about. 

It used to be that a person who wanted to commit a breach of security had to be physically present in the space in order to carry out the attack.  That is no longer the case.  Since just about everything that has a moving part to it is somehow connected to the Internet of Things (IoT), a hacker does not have to be present in the physical sense in order to disable a closed circuit television (CCTV) camera, for example.  This means, a new way of thinking about threats, vulnerabilities and risk is necessary.

Threats used to be pretty much two-dimensional.  That no longer is true.  Those involved in the risk management business must think in three-dimensional terms.  In fact, they need to think about security as if it were a cube or box.  It’s six-dimensional and the approach to risk management must be carried-out that way.  This will require, pardon the pun, “outside of the box” thinking.

Additionally, without the “it’s part of the culture” way of doing business threat scenarios will continue to be played out with varying degrees of impact – and, some will be catastrophic.  Since we cannot prevent threats from occurring one hundred percent of the time we have to get the results down to a level that we can accept and handle with available resources.  This requires us to include scenario that are improbable but the results will overwhelm resources.  I call this “impact centric planning”.   I know most of us will not encounter an active shooter situation within our lifetime but active shooter threats must be planned for wherever high concentrations of people gather.  The adage, it won’t happen here cannot be the flavor of the day.  You’re right it probably won’t happen here, BUT if it does?  What will be the impact?

Not only must we deal with threats that are likely but we also must deal with threats that would be catastrophic even though very unlikely.   An excellent example of a highly unlikely event is the Las Vegas shooting incident.  That event was so improbable that if I would have brought it up during a planning session those in the room would have thrown their coffee at me. 

In order to survive, we must ensure we are the fittest.  So, Darwin was absolutely right.

Sunday, March 18, 2018


If Data is the New Currency of the Modern World Then Why
Is My Account Overdrawn?



According to a recent report in Security Megatrends: The 2018 Vision for the Security Industry published by the Security Industry Association 99.5 percent of all data collected via electronic devices goes unused.  Let that sink in for a second.  99.5% is wasted.  Less than .5 percent is accessed, analyzed and used in some type of constructive way.  I can’t imagine any other industry or area of life where less than one-half of one percent is good return on investment (ROI).



Here’s some data provided in the article "Accessing and Analyzing Smart and Big Data, Moving into Artificial Intelligence and Augmented Reality", using 60 seconds as the baseline, on just the social media platforms that I use:



·         Google – more than 3.8 million searches

·         Twitter – more than 350,000 tweets

·         Facebook – more than 243,000 photos uploaded and 70,000 hours of video content viewed

·         Linked-In – 120 new accounts created



So, why does this occur.  Well, it has to do with automation and the progressive nature of technology.  We’ve all heard the standard clichĂ© that your phone has more data processing capability than the spaceships that went to the moon.  There have been surprising advancements in just about every sector of society.

I read an article some time back, that said your bank account could be hacked through your toaster.  At the time, I thought it a bit far-fetched,  But now the home improvement stores are selling refrigerators that can order food for you, if programed properly.  While, I think that was a little exaggerated but the point the author was making was, if your toaster has a microchip in it and that sensor report data somewhere, there is the potential that a person with malicious intent could through that sensor get to my bank account.



But is this a good thing?  For the most part yes.  I mean, think about it, only a few decades ago, if you were diagnosed with the big “C”, you started counting your days.  Now, more people survive and overcome the disease than don’t.  But on the other hand, let’s not get too carried away.  Technology is a tool and should be used as such; a tool that allows us to make better decisions about life choices.  Let’s remember that technology is not the solutions but it can be used to find the solution.



One of the areas where there is promise, within the security industry, is the area of “augmented reality” or AR.  We’ve all heard of “virtual reality” where the user is immersed in a fictional environment.  With AR the data augments the natural environment.  A simple example would be the ability to super-imposed a data screen on the visor of a motorcycle policeman that presents him or her with information about traffic up ahead, including accidents or breakdowns.  Or data information relayed to first responders during active shooter events.  This ability will undoubtedly save lives.



Estimates are that the Internet of Things (IoT) will mushroom in the coming years to between 34 Billion and 58 Billion devices connected to the data grid in some way by 2020.   Even if the world population doubles in the next two years (which is highly unlikely) that’s more than two devices per person.  


The hard part, in all of this is, will be figuring out what data to analyze, what to keep for the future and when to give it to someone to use now.    

Sunday, February 18, 2018


The Marriage of Cyber and Physical Security is Not a
Match Made in Heaven








Megatrend #2 from Security Megatrends, The 2018 Vision for the Security Industry, produced and published by the Security Industry Association (SIA) is, “Cyber Meets Physical Security, Threats Magnify with Digital Innovation[1]  hits the proverbial nail on the head.   With the connectivity of electronic devices to the internet, more and more of the different technologies we use in our daily lives are susceptible to compromise.  I read an article about a year back that talked about how in theory your new toaster could get hacked by someone with nefarious intentions and through that connectivity could steal your personal identifying information (PII).  While I believe that scenario to be a little far-fetched, I do believe the point was made.  The point being, that my smart phone, smart TV and even my smart refrigerator, especially if I had it set up to automatically order milk or bread for me directly with the store, is highly susceptible since I would most certainly have payment information in my stored profile.

The connectivity to the IoT is inherently vulnerable.  Since there’s an electronic connection, eventually given enough time, a “bad guy” will figure out a way to breach whatever security systems are in place.  Just ask Equifax, Sony Pictures, Target, etc.

The only absolute way to keep a breach from happening is not to connect to the IoT.  Unfortunately in today’s world that is just not possible.  We cannot function without being connected.  Now even my wife’s Jeep’s telling her she need servicing, before it was, “Hey, Honey, there’s a red light on on  the dashboard.  What’s that mean? “  Now, she gets a message on her phone that tells her  the tire pressure’s too low.

This convergence of cyber and physical means that physical security must be much tighter than it’s been in the past.  We can’t rely on the good guys to build a strong enough firewall, while vitally important, equally important is the physical security piece.  We need to teach our folks and ourselves how to spot vulnerabilities and how to protect those vulnerabilities from being exploited in a language they can understand.  I know a software engineer and whenever I talk with him, I have no idea what he’s talking about.   Listen if it’s a burden – I can’t understand it – I won’t do or use it. 

The vetting process, to ensure the right folks are working on our systems has to be comprehensive and continual.  Just because a person gets the job, it doesn’t mean the vetting process stops.  The vetting process must be continuing.  Physical security measures must also make sure that only people that have been cleared can physically access systems that they’ve been cleared for and not have a general run of the place.   I believe the DIY days are over.  Sure, there are some things any person should be able to do, like follow the tutorial on setting up a TV but other things that are in the Settings should probably be left up to an expert to change.  There is a tremendous assumption that just because I can read I can also understand the code being spoken.

Cyber security focuses on cyber-threats and the ability to detect and mitigate ransom ware attacks, especially as they’ve become a popular mechanism to extort businesses, will become more and more important.  I’m beginning to understand less and less about computers, how they work and what they can do to make my life simpler, because I have to do more and more of what use to be done by that weird guy down the hall.

I’m not sure I’m ready to have a micro-chip make all of the decisions of my daily life for me.  I have a feeling, it’s going to be a “rocky” marriage because I can't divorce her.
Next month:  If Data is the New Currency of the Modern World Then Why Is My Account Overdrawn?



Sunday, January 21, 2018


Security Opportunities within the Booming IoT Market

The Future is Bright for Non-electronics, Too






The term Internet of Things was coined back in the late 90’s.  The somewhat official definition is “A network of dedicated physical objects that contain embedded technology to interact internally or externally”.  I think we can all agree that is a very broad brush definition.  I would rephrase it to be, basically “an ecosystem that includes electronic things, and the communications and data analysis between them”.



With that in mind, let’s look at where we are today and where we’re going.



Today there are an estimated 7billion devices connected via the internet and applications that use the internet.  That’s a device for every human on the planet.  In just five years that number will increase to over 50billion.  The use of The Cloud is fueling this increase.



What does this mean for the security profession?  Simply put lots of openings and an unlimited number of chances.  In other words, if you can think it, you can make it happen. 



This increase in the realm of possibilities will affect every aspect of our daily lives.  So whether you’re involved in the residential, small business or corporate security market, you can make it.



I usually think of security solutions as following into one of two spheres – electronic or non-electronic.



ELECTRONIC TECHNOLOGIES



Electronic technologies are just that – technologies that are electronic.  Kind of a no brainer, don’t you think?  These technologies run the gamut from intrusion detection systems to access control to surveillance and beyond.  They’re becoming ever more sophisticated and complex.



Unfortunately, as technology evolves it will probably become more invasive.  It will collect more and more data about you. 



These invasive technologies already assault our daily lives.  Just imagine how that will change in the future.  While there is tremendous resentment about governments collecting data on individuals.  Companies, such as, Google, Amazon, Microsoft and other major retailers are doing it and no one really seems to care.



The use of cellphones will become almost an extension of ourselves.  We will be able to do everything from or with our phone.  I suspect someone is going to develop a security app that will read your blood pressure or your heart rhythm to authenticate that you are the correct user, instead of the fingerprint reader or PIN code of today.  Your phone will become your “Mini-me”.  It will know your behavior patterns well enough to “help” you make choices.



If you’re a dealer, distributor, integrator, system installer or work in a parallel vertical the opportunities abound, as you provide solutions for your customers.  It really won’t matter which product or service you provide, as there is a place and need for all of it, and combining technologies will provide even more opportunities.



The development of “predictive analytics” based on data collection will allow companies to forecast their customers buying habits better.  My personal opinion is that “predictive analyst” will become a job title and many security companies will hire them to determine future sales projections and to forecast their future markets.  With that in mind, there is already some technology out there that can analyze behavioral patterns.  Does this mean that access control will be determined by a biometric sensor and as a back-up analysis app that says, this is you because you always show up for work at this time or an even more sophisticated analysis by the pressure you apply to the pin-pad as you type in your PIN code?



NON-ELECTRONIC TECHNOLOGIES



Non-electronic technologies on the other hand don’t use electricity to function. They can range from windows and doors to landscaping or even the way a particular building or inhabited area is designed. 



Fortunately, to counter the invasiveness of the electronic age, non-technologic innovation will become less invasive as we develop better materials and strategies as we design inhabited space. 



I believe we can “socially engineer” inhabited space.  We can incorporate specific urban design strategies that cause positive behaviors so that there is less reliance on the invasive use of electronic means to keep us safe.  Ultimately citizens don’t want cameras that watch their every move; instead they want space that is functional and free of crime and unwanted behaviors.  By increasing the effectiveness in controlling the social behaviors of the people using or transiting the space, the environments will become safer and need fewer electronic gadgets.



We are at the cusp of an explosion in technologies, both electronic and otherwise.  Whether you are in the business of providing solutions directly in the form of a product or service or in the business of providing solutions indirectly, i.e., architect, engineer, security consultant or government official strap yourself in and hold on to your hat because it’ going to be a great ride with lots of opportunities for all to excel.

Sunday, December 17, 2017

Question You Should Ask Before Getting a
Home Security System For Christmas


Is a home security system on your wish list from Santa?  If so, here are a couple of things you need to ask before Santa puts your system in his bag.
The first two questions to ask yourself are, “What am I going to protect by buying this type of system?" Then, "Will it do what I want it to do?”  These sound like no-brainers don’t they?  Most of us would say, “I want it to catch the bad guy”.  Well, not really, because it won’t catch a bad guy.  It will let you know when there is behavior inside of your house or when your perimeter is breached. But it won’t tell you if the behavior is good or bad.  YOU have to do that.  YOU have to assess the behavior and determine if it's good or bad.  So, you want to be able to analyze the behavior, like your kids coming home from school or the mailman delivering a package and determine if it is friend or foe.  Which brings us to the next question, which is, “Who will monitor what the system 'sees' and who will respond when there is unwanted behavior?”
If you are relying on your local 911 or a police department response, then you need to find out what the local policy is for home invasion.  Some departments don’t respond immediately for a variety of reasons; sometimes due to competing priorities and sometimes because they don’t want to get there when the bad guy is still on the premises which may cause a “stand-off”.  They don’t want that and neither do you.
If you are relying on a service provider for response, you need to ask, “What is the guaranteed respond time?”  If it’s less than seven minutes the good guys will catch the bad guys.  If it’s more than that, the bad guy will get away with your stuff.  Actually you don’t want the good guys to get there while the bad guy is still there, as it increases the likelihood that someone is going to get hurt.
The National Institute of Justice reported a couple years ago that perpetrators of housebreaking/ burglary usually stay on site less than seven minutes.   I doubt it’s changed much in the last couple of years.
DO-IT-YOURSELF (DIY) SYSTEMS
Many professional installers will swear up and down that home owners cannot do this alone.  But let’s face it.  Just about anybody can do just about anything, given the right tools and knowledge.  Most home kits include instructions, so they’re pretty simple.  Tab A goes into Slot B.  If you can put together IKEA furniture you certainly can install a couple of cameras and sensors around your house.  That’s the tools part.  Now for the knowledge part – where to put cameras and where to put sensors?  Think of your house as an onion.  Start on the outer skin (property line) and work your way in.  Use a combination of sensors and camera that overlap so that all areas are covered by at least two components of your system.  Say a sensor and camera, or two cameras.  By using a combination of different technologies and creating an overlapping system you will, in all likelihood, get notified that something’s going on.  The chances of both systems failing simultaneously is very low.  Make sure you get "real time" notification.  The ability to talk into the system and tell the perpetrator that you're watching him or her (sorry ladies) is a plus.  However, it also let's the bad guy or gal know you are not at home.  So make sure you system covers the perimeter and you can engage before they ever get to the house.
HOME DELIVERY SERVICES
When Amazon recently announced that they would place your parcels just inside your front door if you signed up for this service many security folks cried “foul”.  They cited this service as basically allowing an intruder to enter your house.   Well, not really.  Amazon vets their delivery folks/employees during the hiring process.  If Amazon trusts them then why shouldn’t you?  Sure, there are always a few bad apples, but I see the risk of the delivery person rummaging through your house as a very low possibility since they don’t know if you’re going to come home suddenly and find them in the bedroom.  That just doesn’t make sense.  There are really two factors that are in play here that make this a good idea.  First, Amazon vets their employees and secondly the door lock and code is specific to your home. Additionally, the kit comes with a closed circuit television camera that you can set up to see if the person does more than deliver the package(s).   Plus there’s an electronic record of when the lock opened and when it closed.  Anything more than a minute or two, the amount of time to place the packages inside, would be cause for alarm and indicate something out of the ordinary happened.
If I ordered stuff on line and wasn’t home all day I’d use this service.
NO SYSTEM IS FOOL PROOF
Just remember that no system no matter how sophisticated is fool proof or offers one hundred percent protection one hundred percent of the time.  There will always be some risks involved.  The goal is to reduce the risks as much as possible and accept some risk.   




Sunday, November 19, 2017




First Responders Require Specialized Training to Deal with

 Special Needs Individuals





By Patricia O’Connor (Guest contributor)


Death of individuals with alleged disabilities through the actions of law enforcement has been reported in the media and has contributed to citizens of the United States protesting and seeking changes in methods used by law enforcement agencies.

NBC News reported on March 14, 2016 that almost half the people who die at the hands of police officers have some type of disability. According to an investigation conducted by Portland Press Herald in 2012 approximately half of the 500 people killed each year by police were mentally ill.

Police officers have become the default responders for incidents, including those involving mental health calls. They often find themselves in situations where urgent medical care by trained and certified professional practitioners would be more appropriate.

Misdiagnosis of symptoms or the misinterpretation of displayed behavior as being aggressive, resisting arrest, or threatening by law enforcement and by medical responders has resulted in the unnecessary injury or death of persons with special needs. Communities are ultimately legally liable. The question for community leaders has to be, “Why is this misunderstanding occurring and how do we fix it?”

So let’s examine this phenomenon – lack of training for first responders.

FIRST RESPONSE

First, let’s admit first responders do not face the daily challenges of their jobs with intentions of hurting, maiming or killing individuals with special needs. They are merely faced with circumstances which are unfamiliar to them. These circumstances require specialized training and knowledge. So often initial training has not been conducted and certainly, on-going training isn’t provided either.

First responders are required to have specialized training in other areas of their complex duties; i.e., weapons training, first aid, social behavioral skills, etc. in their particular field in order to serve their communities and respond appropriately to the needs of those whom they serve. Individuals with exceptional needs require exceptional care. First responders must have knowledge and training with the appropriate skill sets to deal with specific disabilities and needs so that their response is suitable. Interaction with people afflicted with mental disabilities requires specific and focused interaction just as interactions with people having other medical disabilities require special treatment.

TRAINING, TRAINING AND MORE TRAINING

As they say in the real estate industry, it’s all about “location, location, location”, well in dealing with mental health issues it’s all about “training, training, training”. Training must be relevant, engaging and consistent. Training sessions including both theoretical application and practical “role playing” exercises work best. Training is a continuous occurrence. It needs to occur routinely but not so often that it neither detracts from everyday duties nor develops into something so mundane that it becomes stale and ineffective. Training would save lives, both for the individuals encountered by first responders and the first responders themselves, especially those arriving on scene first – law enforcement officers.

THE WAY FORWARD

Whether responding to a scuffle at a convenience store or a major natural disaster as witnessed recently in northern California those responding need to be equipped not only with the physical tools needed for the job but also with the mental tools for resolving these highly charged situations. People with mental disabilities present special challenges during these extreme emotionally events. First responders should be equipped to deal with them. We can prepare for these situations through a serious of preventive measures; such as, placing placards on doors or windows indicating that special needs individuals are inside, creating communication systems with access to databases that first responders can “call up” while responding in order to ascertain what they might find at the incident scene and to alert them to obstacles or challenges they may encounter upon arrival. Just knowing when and where won’t be enough. Responding units will need to have skills sets that de-escalate the situation and resolve them in an appropriate manner. Additionally, it is essential for communities (civil authorities, medical, fire, law enforcement and citizens) to come together to address these issues.

A humane society is measured by its care for those who are most vulnerable. How will we be judged?

AUTHOR BIO

Patricia is a Doctoral student in Educational Administrative, with emphasis on Special Needs Education. She regularly provides insight and input to the Department of Homeland Security as they prepare Federal Emergency Management Agency (FEMA) guidance for dealing with special needs issues during times of crisis.  She is the founder and CEO of SirenUSA, an on-line training tool for first responders. 

“I can do things you cannot, you can do things I cannot; together we can do great things” – Mother Teresa


Sunday, October 15, 2017

Is the Defeat of Terrorism Linked to Hidden Security?


Truly Effective Security Is Hidden

Image provided courtesy of Marshalls Landscaping Products

I’m truly amazed when I travel around the country and see closed circuit cameras everywhere; airports, shopping malls, street intersections – everywhere!   I read recently, that my image is captured several hundreds of times a day.  That’s scary.  So I guess, Big Brother is watching!  At least, that’s what I’m thinking and that's how I'm feeling.  The space makes me feel uncomfortable.  But should I be?

If I'm using the space shouldn't I feel comfortable while using it?  If the answer is, "Yes", and I believe it is, then the question is, “What makes good space?”  The factors range from access and linkage to other services, uses and activities within the space, comfort and image, and sociability.  All of these factors come in to play.  I'd like to focus on the comfort and image part of the equation.

Security as an Enabler and Not a Tax

A British friend of mine, says, “Security has to be an enabler and not a tax”.  By that he means, the environment must allow people to transit “freely and confidently”.   I hate to say it (after all he’s an Arsenal fan) but he’s right.  People will use the space because they can move within it freely and because of this freedom they feel confident that they are safe.

Where there is good quality of life, people want to live and raise their families.  The true measure of a Smart or Safe City is a place where the grandkids want to live and raise their families!

To make this happen Smart City planners will need a holistic approach.  They won’t be able to address a certain sector of society, say utilities for instance and voila’ everything is good.  It will require good infrastructure systems, good inhabited space design, good governance and good community involvement.  The right mix of technology from all sectors and behavioral sciences will be needed. Due to this holistic approach to community planning, companies wishing to compete in this space will need to bring in a variety of specialties in order to adequately meet the consumer’s needs.  As an example, inhabited space design cannot be a function of only architects and engineers.  It must also include security professionals, transportation experts, government officials, behaviorists, and even community members, both retailers and residents.

The reliance on physical security engineering will become paramount as we use inhabited space to mitigate unwanted behaviors and reduce its effects.  We cannot lose sight of the human aspect of using new technologies as we move forward. 

Electronic vs. Non-electronic Technologies

Unfortunately, electronic technologies are invasive.  They assault our daily lives as they collect more and more data about our habits, preferences and routine.  On the other hand non-electronic technologies are not invasive.  They “socially engineer” the space so that people using the space act how we want them to act.  Not because they feel threaten that “Big Brother” is watching but because good behavior begets good behavior.  The use of invasive technologies will need to give way to non-intrusive technologies.  This will take time.  But there’s no better time to start than now.

Immediately after the vehicle attack in Barcelona, jersey barriers started popping up in pedestrian zones and near sidewalk cafes.  This use of concrete barriers systems is extremely unsightly and only limitedly effective.  Instead of using barriers that worsen the quality of the space, we should think about the quality of space we are protecting and integrate aesthetically pleasing barriers into the environment that actually blend in and keep it picturesque – complimenting instead of spoiling.  Remember, no one wants security to be a tax, even if it’s only a visual burden.  Having ugly concrete jersey barriers right next to you while sipping your Brunello di Montalcino at an outdoor cafĂ© table doesn’t project the atmosphere we are trying to achieve; however, flower planters, benches, light poles, bicycle racks, trash bins and the like that have been crash tested and proven effective against vehicle-ramming threats can enhance the atmosphere instead of hindering it.
Recently, Stefano Boeri, Architect[1] was cited by Dezeen Magazine as saying, “Cities should be redesigned to include trees with bulky planters rather than concrete barriers to prevent vehicle attack”.  He went on to say, “A big pot of soil has the same resistance as a Jersey (modular concrete barrier), but it can host a tree – a living being that offers shade; absorbs dust, CO2 and other subtle pollutants; and provides oxygen and a home for birds”.  We agree.
Hiding Security in Plain Sight

I believe we can “socially engineer” inhabited space.  We can incorporate specific urban design strategies that cause positive behaviors so that there is less reliance on the invasive use of electronic means to keep us safe. 

As an example; the use of “crash rated” street furniture.  It provides a measure of security from a ramming vehicle threat without making the space look like a threat is anticipated.  Another example, and perhaps even more hidden, is the use of furniture that incorporates ballistic materials, so people have something to hide behind during an active shooter threat.  Both solutions are currently available and in use in many unsuspecting areas.

Ultimately citizens don’t want cameras that watch their every move; instead they want space that is functional and free of crime and unwanted behaviors.  By increasing the effectiveness in controlling the social behaviors of the people using or transiting the space, and adding “passive” defensive mechanisms the environments will become safer and need fewer electronic gadgets.

As the great migration from the country-side to urban centers becomes an increasing phenomenon, community leaders must meet the challenges that lie ahead.  As systems of urbanization become ever more complex so will the solutions to resolve the problems they cause.  It’s imperative that not only will smart cities be highly functioning and efficient but they must also be, first and foremost – safe. 



[1] Boeri is known throughout the architectural and design world for his “plant and tree” covered buildings.