Sunday, February 18, 2018

The Marriage of Cyber and Physical Security is Not a
Match Made in Heaven

Megatrend #2 from Security Megatrends, The 2018 Vision for the Security Industry, produced and published by the Security Industry Association (SIA) is, “Cyber Meets Physical Security, Threats Magnify with Digital Innovation[1]  hits the proverbial nail on the head.   With the connectivity of electronic devices to the internet, more and more of the different technologies we use in our daily lives are susceptible to compromise.  I read an article about a year back that talked about how in theory your new toaster could get hacked by someone with nefarious intentions and through that connectivity could steal your personal identifying information (PII).  While I believe that scenario to be a little far-fetched, I do believe the point was made.  The point being, that my smart phone, smart TV and even my smart refrigerator, especially if I had it set up to automatically order milk or bread for me directly with the store, is highly susceptible since I would most certainly have payment information in my stored profile.

The connectivity to the IoT is inherently vulnerable.  Since there’s an electronic connection, eventually given enough time, a “bad guy” will figure out a way to breach whatever security systems are in place.  Just ask Equifax, Sony Pictures, Target, etc.

The only absolute way to keep a breach from happening is not to connect to the IoT.  Unfortunately in today’s world that is just not possible.  We cannot function without being connected.  Now even my wife’s Jeep’s telling her she need servicing, before it was, “Hey, Honey, there’s a red light on on  the dashboard.  What’s that mean? “  Now, she gets a message on her phone that tells her  the tire pressure’s too low.

This convergence of cyber and physical means that physical security must be much tighter than it’s been in the past.  We can’t rely on the good guys to build a strong enough firewall, while vitally important, equally important is the physical security piece.  We need to teach our folks and ourselves how to spot vulnerabilities and how to protect those vulnerabilities from being exploited in a language they can understand.  I know a software engineer and whenever I talk with him, I have no idea what he’s talking about.   Listen if it’s a burden – I can’t understand it – I won’t do or use it. 

The vetting process, to ensure the right folks are working on our systems has to be comprehensive and continual.  Just because a person gets the job, it doesn’t mean the vetting process stops.  The vetting process must be continuing.  Physical security measures must also make sure that only people that have been cleared can physically access systems that they’ve been cleared for and not have a general run of the place.   I believe the DIY days are over.  Sure, there are some things any person should be able to do, like follow the tutorial on setting up a TV but other things that are in the Settings should probably be left up to an expert to change.  There is a tremendous assumption that just because I can read I can also understand the code being spoken.

Cyber security focuses on cyber-threats and the ability to detect and mitigate ransom ware attacks, especially as they’ve become a popular mechanism to extort businesses, will become more and more important.  I’m beginning to understand less and less about computers, how they work and what they can do to make my life simpler, because I have to do more and more of what use to be done by that weird guy down the hall.

I’m not sure I’m ready to have a micro-chip make all of the decisions of my daily life for me.  I have a feeling, it’s going to be a “rocky” marriage because I can't divorce her.
Next month:  If Data is the New Currency of the Modern World Then Why Is My Account Overdrawn?

Sunday, January 21, 2018

Security Opportunities within the Booming IoT Market

The Future is Bright for Non-electronics, Too

The term Internet of Things was coined back in the late 90’s.  The somewhat official definition is “A network of dedicated physical objects that contain embedded technology to interact internally or externally”.  I think we can all agree that is a very broad brush definition.  I would rephrase it to be, basically “an ecosystem that includes electronic things, and the communications and data analysis between them”.

With that in mind, let’s look at where we are today and where we’re going.

Today there are an estimated 7billion devices connected via the internet and applications that use the internet.  That’s a device for every human on the planet.  In just five years that number will increase to over 50billion.  The use of The Cloud is fueling this increase.

What does this mean for the security profession?  Simply put lots of openings and an unlimited number of chances.  In other words, if you can think it, you can make it happen. 

This increase in the realm of possibilities will affect every aspect of our daily lives.  So whether you’re involved in the residential, small business or corporate security market, you can make it.

I usually think of security solutions as following into one of two spheres – electronic or non-electronic.


Electronic technologies are just that – technologies that are electronic.  Kind of a no brainer, don’t you think?  These technologies run the gamut from intrusion detection systems to access control to surveillance and beyond.  They’re becoming ever more sophisticated and complex.

Unfortunately, as technology evolves it will probably become more invasive.  It will collect more and more data about you. 

These invasive technologies already assault our daily lives.  Just imagine how that will change in the future.  While there is tremendous resentment about governments collecting data on individuals.  Companies, such as, Google, Amazon, Microsoft and other major retailers are doing it and no one really seems to care.

The use of cellphones will become almost an extension of ourselves.  We will be able to do everything from or with our phone.  I suspect someone is going to develop a security app that will read your blood pressure or your heart rhythm to authenticate that you are the correct user, instead of the fingerprint reader or PIN code of today.  Your phone will become your “Mini-me”.  It will know your behavior patterns well enough to “help” you make choices.

If you’re a dealer, distributor, integrator, system installer or work in a parallel vertical the opportunities abound, as you provide solutions for your customers.  It really won’t matter which product or service you provide, as there is a place and need for all of it, and combining technologies will provide even more opportunities.

The development of “predictive analytics” based on data collection will allow companies to forecast their customers buying habits better.  My personal opinion is that “predictive analyst” will become a job title and many security companies will hire them to determine future sales projections and to forecast their future markets.  With that in mind, there is already some technology out there that can analyze behavioral patterns.  Does this mean that access control will be determined by a biometric sensor and as a back-up analysis app that says, this is you because you always show up for work at this time or an even more sophisticated analysis by the pressure you apply to the pin-pad as you type in your PIN code?


Non-electronic technologies on the other hand don’t use electricity to function. They can range from windows and doors to landscaping or even the way a particular building or inhabited area is designed. 

Fortunately, to counter the invasiveness of the electronic age, non-technologic innovation will become less invasive as we develop better materials and strategies as we design inhabited space. 

I believe we can “socially engineer” inhabited space.  We can incorporate specific urban design strategies that cause positive behaviors so that there is less reliance on the invasive use of electronic means to keep us safe.  Ultimately citizens don’t want cameras that watch their every move; instead they want space that is functional and free of crime and unwanted behaviors.  By increasing the effectiveness in controlling the social behaviors of the people using or transiting the space, the environments will become safer and need fewer electronic gadgets.

We are at the cusp of an explosion in technologies, both electronic and otherwise.  Whether you are in the business of providing solutions directly in the form of a product or service or in the business of providing solutions indirectly, i.e., architect, engineer, security consultant or government official strap yourself in and hold on to your hat because it’ going to be a great ride with lots of opportunities for all to excel.

Sunday, December 17, 2017

Question You Should Ask Before Getting a
Home Security System For Christmas

Is a home security system on your wish list from Santa?  If so, here are a couple of things you need to ask before Santa puts your system in his bag.
The first two questions to ask yourself are, “What am I going to protect by buying this type of system?" Then, "Will it do what I want it to do?”  These sound like no-brainers don’t they?  Most of us would say, “I want it to catch the bad guy”.  Well, not really, because it won’t catch a bad guy.  It will let you know when there is behavior inside of your house or when your perimeter is breached. But it won’t tell you if the behavior is good or bad.  YOU have to do that.  YOU have to assess the behavior and determine if it's good or bad.  So, you want to be able to analyze the behavior, like your kids coming home from school or the mailman delivering a package and determine if it is friend or foe.  Which brings us to the next question, which is, “Who will monitor what the system 'sees' and who will respond when there is unwanted behavior?”
If you are relying on your local 911 or a police department response, then you need to find out what the local policy is for home invasion.  Some departments don’t respond immediately for a variety of reasons; sometimes due to competing priorities and sometimes because they don’t want to get there when the bad guy is still on the premises which may cause a “stand-off”.  They don’t want that and neither do you.
If you are relying on a service provider for response, you need to ask, “What is the guaranteed respond time?”  If it’s less than seven minutes the good guys will catch the bad guys.  If it’s more than that, the bad guy will get away with your stuff.  Actually you don’t want the good guys to get there while the bad guy is still there, as it increases the likelihood that someone is going to get hurt.
The National Institute of Justice reported a couple years ago that perpetrators of housebreaking/ burglary usually stay on site less than seven minutes.   I doubt it’s changed much in the last couple of years.
Many professional installers will swear up and down that home owners cannot do this alone.  But let’s face it.  Just about anybody can do just about anything, given the right tools and knowledge.  Most home kits include instructions, so they’re pretty simple.  Tab A goes into Slot B.  If you can put together IKEA furniture you certainly can install a couple of cameras and sensors around your house.  That’s the tools part.  Now for the knowledge part – where to put cameras and where to put sensors?  Think of your house as an onion.  Start on the outer skin (property line) and work your way in.  Use a combination of sensors and camera that overlap so that all areas are covered by at least two components of your system.  Say a sensor and camera, or two cameras.  By using a combination of different technologies and creating an overlapping system you will, in all likelihood, get notified that something’s going on.  The chances of both systems failing simultaneously is very low.  Make sure you get "real time" notification.  The ability to talk into the system and tell the perpetrator that you're watching him or her (sorry ladies) is a plus.  However, it also let's the bad guy or gal know you are not at home.  So make sure you system covers the perimeter and you can engage before they ever get to the house.
When Amazon recently announced that they would place your parcels just inside your front door if you signed up for this service many security folks cried “foul”.  They cited this service as basically allowing an intruder to enter your house.   Well, not really.  Amazon vets their delivery folks/employees during the hiring process.  If Amazon trusts them then why shouldn’t you?  Sure, there are always a few bad apples, but I see the risk of the delivery person rummaging through your house as a very low possibility since they don’t know if you’re going to come home suddenly and find them in the bedroom.  That just doesn’t make sense.  There are really two factors that are in play here that make this a good idea.  First, Amazon vets their employees and secondly the door lock and code is specific to your home. Additionally, the kit comes with a closed circuit television camera that you can set up to see if the person does more than deliver the package(s).   Plus there’s an electronic record of when the lock opened and when it closed.  Anything more than a minute or two, the amount of time to place the packages inside, would be cause for alarm and indicate something out of the ordinary happened.
If I ordered stuff on line and wasn’t home all day I’d use this service.
Just remember that no system no matter how sophisticated is fool proof or offers one hundred percent protection one hundred percent of the time.  There will always be some risks involved.  The goal is to reduce the risks as much as possible and accept some risk.   

Sunday, November 19, 2017

First Responders Require Specialized Training to Deal with

 Special Needs Individuals

By Patricia O’Connor (Guest contributor)

Death of individuals with alleged disabilities through the actions of law enforcement has been reported in the media and has contributed to citizens of the United States protesting and seeking changes in methods used by law enforcement agencies.

NBC News reported on March 14, 2016 that almost half the people who die at the hands of police officers have some type of disability. According to an investigation conducted by Portland Press Herald in 2012 approximately half of the 500 people killed each year by police were mentally ill.

Police officers have become the default responders for incidents, including those involving mental health calls. They often find themselves in situations where urgent medical care by trained and certified professional practitioners would be more appropriate.

Misdiagnosis of symptoms or the misinterpretation of displayed behavior as being aggressive, resisting arrest, or threatening by law enforcement and by medical responders has resulted in the unnecessary injury or death of persons with special needs. Communities are ultimately legally liable. The question for community leaders has to be, “Why is this misunderstanding occurring and how do we fix it?”

So let’s examine this phenomenon – lack of training for first responders.


First, let’s admit first responders do not face the daily challenges of their jobs with intentions of hurting, maiming or killing individuals with special needs. They are merely faced with circumstances which are unfamiliar to them. These circumstances require specialized training and knowledge. So often initial training has not been conducted and certainly, on-going training isn’t provided either.

First responders are required to have specialized training in other areas of their complex duties; i.e., weapons training, first aid, social behavioral skills, etc. in their particular field in order to serve their communities and respond appropriately to the needs of those whom they serve. Individuals with exceptional needs require exceptional care. First responders must have knowledge and training with the appropriate skill sets to deal with specific disabilities and needs so that their response is suitable. Interaction with people afflicted with mental disabilities requires specific and focused interaction just as interactions with people having other medical disabilities require special treatment.


As they say in the real estate industry, it’s all about “location, location, location”, well in dealing with mental health issues it’s all about “training, training, training”. Training must be relevant, engaging and consistent. Training sessions including both theoretical application and practical “role playing” exercises work best. Training is a continuous occurrence. It needs to occur routinely but not so often that it neither detracts from everyday duties nor develops into something so mundane that it becomes stale and ineffective. Training would save lives, both for the individuals encountered by first responders and the first responders themselves, especially those arriving on scene first – law enforcement officers.


Whether responding to a scuffle at a convenience store or a major natural disaster as witnessed recently in northern California those responding need to be equipped not only with the physical tools needed for the job but also with the mental tools for resolving these highly charged situations. People with mental disabilities present special challenges during these extreme emotionally events. First responders should be equipped to deal with them. We can prepare for these situations through a serious of preventive measures; such as, placing placards on doors or windows indicating that special needs individuals are inside, creating communication systems with access to databases that first responders can “call up” while responding in order to ascertain what they might find at the incident scene and to alert them to obstacles or challenges they may encounter upon arrival. Just knowing when and where won’t be enough. Responding units will need to have skills sets that de-escalate the situation and resolve them in an appropriate manner. Additionally, it is essential for communities (civil authorities, medical, fire, law enforcement and citizens) to come together to address these issues.

A humane society is measured by its care for those who are most vulnerable. How will we be judged?


Patricia is a Doctoral student in Educational Administrative, with emphasis on Special Needs Education. She regularly provides insight and input to the Department of Homeland Security as they prepare Federal Emergency Management Agency (FEMA) guidance for dealing with special needs issues during times of crisis.  She is the founder and CEO of SirenUSA, an on-line training tool for first responders. 

“I can do things you cannot, you can do things I cannot; together we can do great things” – Mother Teresa

Sunday, October 15, 2017

Is the Defeat of Terrorism Linked to Hidden Security?

Truly Effective Security Is Hidden

Image provided courtesy of Marshalls Landscaping Products

I’m truly amazed when I travel around the country and see closed circuit cameras everywhere; airports, shopping malls, street intersections – everywhere!   I read recently, that my image is captured several hundreds of times a day.  That’s scary.  So I guess, Big Brother is watching!  At least, that’s what I’m thinking and that's how I'm feeling.  The space makes me feel uncomfortable.  But should I be?

If I'm using the space shouldn't I feel comfortable while using it?  If the answer is, "Yes", and I believe it is, then the question is, “What makes good space?”  The factors range from access and linkage to other services, uses and activities within the space, comfort and image, and sociability.  All of these factors come in to play.  I'd like to focus on the comfort and image part of the equation.

Security as an Enabler and Not a Tax

A British friend of mine, says, “Security has to be an enabler and not a tax”.  By that he means, the environment must allow people to transit “freely and confidently”.   I hate to say it (after all he’s an Arsenal fan) but he’s right.  People will use the space because they can move within it freely and because of this freedom they feel confident that they are safe.

Where there is good quality of life, people want to live and raise their families.  The true measure of a Smart or Safe City is a place where the grandkids want to live and raise their families!

To make this happen Smart City planners will need a holistic approach.  They won’t be able to address a certain sector of society, say utilities for instance and voila’ everything is good.  It will require good infrastructure systems, good inhabited space design, good governance and good community involvement.  The right mix of technology from all sectors and behavioral sciences will be needed. Due to this holistic approach to community planning, companies wishing to compete in this space will need to bring in a variety of specialties in order to adequately meet the consumer’s needs.  As an example, inhabited space design cannot be a function of only architects and engineers.  It must also include security professionals, transportation experts, government officials, behaviorists, and even community members, both retailers and residents.

The reliance on physical security engineering will become paramount as we use inhabited space to mitigate unwanted behaviors and reduce its effects.  We cannot lose sight of the human aspect of using new technologies as we move forward. 

Electronic vs. Non-electronic Technologies

Unfortunately, electronic technologies are invasive.  They assault our daily lives as they collect more and more data about our habits, preferences and routine.  On the other hand non-electronic technologies are not invasive.  They “socially engineer” the space so that people using the space act how we want them to act.  Not because they feel threaten that “Big Brother” is watching but because good behavior begets good behavior.  The use of invasive technologies will need to give way to non-intrusive technologies.  This will take time.  But there’s no better time to start than now.

Immediately after the vehicle attack in Barcelona, jersey barriers started popping up in pedestrian zones and near sidewalk cafes.  This use of concrete barriers systems is extremely unsightly and only limitedly effective.  Instead of using barriers that worsen the quality of the space, we should think about the quality of space we are protecting and integrate aesthetically pleasing barriers into the environment that actually blend in and keep it picturesque – complimenting instead of spoiling.  Remember, no one wants security to be a tax, even if it’s only a visual burden.  Having ugly concrete jersey barriers right next to you while sipping your Brunello di Montalcino at an outdoor cafĂ© table doesn’t project the atmosphere we are trying to achieve; however, flower planters, benches, light poles, bicycle racks, trash bins and the like that have been crash tested and proven effective against vehicle-ramming threats can enhance the atmosphere instead of hindering it.
Recently, Stefano Boeri, Architect[1] was cited by Dezeen Magazine as saying, “Cities should be redesigned to include trees with bulky planters rather than concrete barriers to prevent vehicle attack”.  He went on to say, “A big pot of soil has the same resistance as a Jersey (modular concrete barrier), but it can host a tree – a living being that offers shade; absorbs dust, CO2 and other subtle pollutants; and provides oxygen and a home for birds”.  We agree.
Hiding Security in Plain Sight

I believe we can “socially engineer” inhabited space.  We can incorporate specific urban design strategies that cause positive behaviors so that there is less reliance on the invasive use of electronic means to keep us safe. 

As an example; the use of “crash rated” street furniture.  It provides a measure of security from a ramming vehicle threat without making the space look like a threat is anticipated.  Another example, and perhaps even more hidden, is the use of furniture that incorporates ballistic materials, so people have something to hide behind during an active shooter threat.  Both solutions are currently available and in use in many unsuspecting areas.

Ultimately citizens don’t want cameras that watch their every move; instead they want space that is functional and free of crime and unwanted behaviors.  By increasing the effectiveness in controlling the social behaviors of the people using or transiting the space, and adding “passive” defensive mechanisms the environments will become safer and need fewer electronic gadgets.

As the great migration from the country-side to urban centers becomes an increasing phenomenon, community leaders must meet the challenges that lie ahead.  As systems of urbanization become ever more complex so will the solutions to resolve the problems they cause.  It’s imperative that not only will smart cities be highly functioning and efficient but they must also be, first and foremost – safe. 

[1] Boeri is known throughout the architectural and design world for his “plant and tree” covered buildings. 

Sunday, September 17, 2017

Why People Are Wrong to Think That
CCTV is a Detection Tool

When we talk detection we are talking about observing behavior – all behavior both wanted and unwanted.  It is very common within the security field, and even outside of the security field, for people to think that detection means detecting the bad guy doing a bad thing.  Well, not really.  What we are trying to do is determine if the behavior we are watching is authorized or not.  If we assess it to be allowed, then we take no action.  If it’s not allowed, the security force responds.  Again, we can use electronic and non-electronics to assist us.  The thing to remember is technology is a tool to assist and it has to be treated that way.  It is not the “cure all”. 
Just putting a CCTV camera to watch a store shelf or a gas pump will not prevent crime.  The reality is, by putting a camera we are allowing someone who is monitoring what the camera sees to assess the behavior that is being seen.  Therefore, CCTV is actually an assessment tool.  Those installing cameras must remember how the system is going to be used for assessment and not how it will capture what happened.  An article in the Chicago Tribune a couple years ago mentioned that less than three percent of crime is solved by the use of a camera system.  Recent articles about the enormous number of cameras watching the public spaces in London puts that number somewhere around 22 percent.  I think it would be fair to say the numbers somewhere in between.  Just placing the camera is not enough it has to be monitored too, and in real time.  Otherwise, the bad guy will get away.

Other facts about CCTV discussed during Free webinar 12 December

The Security Industry Association (SIA) is sponsoring a webinar at 1pm (ET) on 12 December 2017, when I'll talk about the Five Pillars of Physical Security: Misconceptions, Myths and Truths at .  I will post a direct link once we get closer to that date.  We hope you'll join us.

Friday, August 25, 2017

"Don't Make Me Come Over There."

How many times did we hear that phrase when we were growing up?  Or, "You just wait 'til your father gets home!"  I know I did.  I was scared to death, at least, until I was twelve or so and my Grandma whacked me with a wooden yard stick and it broke.  Then I knew I was too big to get a spanking any more.  Besides, by then I figured out I could blame my younger brothers and they'd "take it for me".  Love those guys!
Well, the same holds true in corporate America.  Sure, the boss isn't going to paddle anyone.  At least, I hope not.  But "unwanted behaviors" in the work place must be dealt with and it doesn't always have to be the boss or the security folks to deal with it. 
When "unwanted behaviors" occurred someone needs to step in.  That can be a co-worker or colleague.  Not that they need to "tattle" but behaviors outside of what's acceptable puts everyone at risk - from both a safety and a security perspective.
Non Security Personnel Can Play a Part
Non-security members of the organization can play a major role in identifying behavior that is unwanted.  But, they must be trained on when to interact on their own and when to keep their distance and report.  Smart leaders will develop scenario based training that includes all the members of their organization and promotes the interactions of the groups.  This can go a long way in instilling confidence in each other and creating a culture of unity and capability.  Which in turn, creates a feeling of safety and security within the organization.
But sometimes, even the best trained staff member is not capable of responding or diffusing the situation.  In this case, security force personnel should be called in.
Security Forces Compliment Non-security Forces 
Security response forces actually compliment other staff members and not the other way around.  That said, security personnel must receive additional training and have ability to accurately assess and engage the threat.  The operative word is “accurately” assess.  If they misunderstand the actions of the threat or assume aggressive behavior when there isn’t any the situation will quickly spiral out of control and actually escalate.  How many time have we heard, “I thought he had a gun”?
With that in mind, training is fundamental and paramount.  Training must be physically and mentally challenging.   Virtual, “situation based awareness” scenarios can be developed so that they stress the participants.  Role playing is always a benefit. Unless stressful conditions are trained for, guard forces won’t react properly when confronted by them.
The mindset that the responding officer must always be in control is correct.  That doesn’t mean they are superior it means they have the skills to neutralize the threat, sometime that requires force and sometimes not.  The use of de-escalating tactics is a learned behavior.  As such, highly aggressive and chaotic training scenarios serve the response forces well in learning how to deal with these types of behaviors. 
Cultural norms also play a big part is calming the confrontation between response forces and perpetrators.  What works in Los Angeles doesn’t necessarily work in Amsterdam or New Delhi. 
Responding forces must remember, the continuum of use of force is scalable and that deadly force is only used as a last resort.