This is the 24th article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress, also published on SecurityInfoWatch.com.
By Ray Bernard, PSP, CHS-III
Situational awareness is critical to the management of networked computer systems, but the security industry to date has only applied the term to the design and operation of security operations centers, not the design and maintenance of networked electronic security systems.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 LegacyHow you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2A look at the different H.264 video frame types and how they relate to intended uses of video.
More to come about every other week.
So, what will we do with these technologies in the physical security industry? To begin with, I believe that we should consider the new technological capabilities for situational awareness from two perspectives:
- Managing electronic security technology infrastructure
- Providing operational support for security and life-safety incident, emergency, crisis and disaster response
These are mission-critical perspectives for our industry. They are also areas where our industry lags what is being done in other fields.
Fortunately for our industry, we do not have to invent the emerging technologies – we only need to understand and apply them well. However, our industry does not have a good track record of understanding and applying emerging technology.
Only two years ago did we seem to realize that we should be doing many of the things that the IT world was doing 15 years earlier in placing devices and systems on an organization’s network. Most of the leading electronic security technology companies came from the IT world, including names that you know like Axis Communications, Lenel Systems, Milestone Systems, On-Net Surveillance Systems, and many others. Many security industry incumbent companies laughed and derided their objectives, as did many of their customers whom they failed to correctly educate about technology.
In 2012 our industry declared that IT convergence was dead, only a few years after it had arrived and without really having gotten started. Ours was the only industry to have been so lame about convergence – which now, of course, is the basis for all our current technology efforts.
It is safe to say that understanding and applying emerging technology has never been an industry strength. Yet now, it needs to be, because bad threat actors are utilizing new technologies to expand their nefarious capabilities—and our customers are ill-prepared to deal with that.
In this article I’ll discuss the first perspective, managing electronic security technology infrastructure, and in the next article we’ll take up operational support for incident, emergency, crisis and disaster recovery, along with the Hospital Incident Command System.
Managing Electronic Security Technology Infrastructure
In the previous articles on situational awareness, I have presented the concept of evolvable intelligent technology infrastructure (illustrated here). It’s what we are building with today’s electronic security technology. It is complex, and there are many possible points of failure or low performance. Corporate networks only became reliable when the IT world developed and deployed automated tools for IT infrastructure management. Such tools provide situational awareness for the state of the network and its component parts.
Situational Awareness for Technology Systems
Initially, situational awareness research and development was focused on critical control systems for which a failure could result in a significant catastrophe, such as a nuclear reactor or an electrical power grid control system. The first job of situational awareness for control systems was to make sense out of high quantities and velocities of system status data that were too great for the human mind to handle. Situational awareness is critical to the management of networked computer systems, but the security industry to date has only applied the term to the design and operation of security operations centers, not the design and maintenance of networked electronic security systems.
Technica Corporation provides a good explanation for the situational awareness services it provides to its network operations customers: Real-time information sharing, gathering of metrics for trend analysis, and other activities relating to IT system availability and performance . . . are the heart of situational awareness and facilitate true command and control over customer systems and networks.
Initially, Technica – a 27-year-old company – primarily provided professional services and products to national and global commercial telecommunications carriers. Today, Technica supports some of the largest networks in the world—those owned and controlled by the U.S. Department of Defense, Federal Law Enforcement and Intelligence Agencies.
Here is Technica’s list of its situational awareness services for networks and networked systems:
- Strategic Planning and Management
- Systems Operation and Maintenance
- Systems Engineering
- Systems Security
- Systems Implementation
- Program Management
- Command and Control (C2)
- Network Operations (NetOps)
Technica knows that without a high degree of command and control over computer and network infrastructure, information and control systems can’t be cyber secure. Yet within the security industry, most electronic security system deployments are extremely weak on the above bullet items. IT infrastructure management practices have not been well understood or widely applied.
System Performance and Cyber Security
As was plainly evident at ISC West 2018, there is a new and intense focus on cybersecurity in the physical security industry. It is historically understandable that people in the security industry think of situational awareness as a security operations capability, and don’t apply the term to electronic systems infrastructure management. It is probably one reason why the security industry is weak on the bullet points above when it comes to network system design and deployment, especially regarding video surveillance systems.
Two years ago, my company informally surveyed a dozen organizations whose camera counts exceeded 2,000 cameras. Their security investigators all reported that between 10% and 20% of the time, investigators could not find recorded video that should have been available. Missing video, as well as other security system problems, results from a lack of true situational awareness about deployed infrastructure.
Proven practice has shown that establishing and maintaining high system performance and cybersecurity require well-documented and well-maintained system deployments. This is why the Center for Internet Security lists inventory and control of hardware and software assets as its #1 and #2 security controls and lists maintenance, monitoring and analysis of audit logs as the #6 security control among its top 20 security controls. Such controls are required to establish real-time situational awareness for technology deployments.
Context is Key
Situational awareness is information in context. One of the reasons why generic IT system and network management tools are hard to apply to security technology deployments is that they are lacking an appropriate system design context to relate their data to. This is very clearly pictured in a diagram that I was shown by Viakoo at ISC West, from their newly released white paper titled, Video System Cyber and Performance Assurance. Understandably, Viakoo doesn’t use the term “situational awareness” to describe the insights that their system provides, because that would cause confusion given the way the term is used today. However, this diagram is the perfect illustration of what I mean when I say “system design context.” All Viakoo’s data about video systems and their components is provided in the context of how it relates to each camera’s video stream and the video stream’s path through a dozen or more network and system components. It’s a complex situation, because the network and component path along which video streams travel varies from one camera to another, although we tend to think of them as being identical or nearly so. Conceptually they are identical, but in deployment it’s a much more complex picture.
Viakoo is the first tool that I’ve seen that provide situational awareness for deployed electronic security systems infrastructure. The different between that, and what you get from generic IT tools, is clearly evident in the diagram.
Automation is Required
The IT industry learned long ago that automation is required to have a well-managed IT infrastructure. The security industry is decades behind in applying situational awareness to managing electronic security technology infrastructure – both at the situational awareness level, and at the detailed component diagnostics level. Although from some of the upcoming tools that I saw at ISC West 2018, that is beginning to change.
One such tool is Eidola, soon to be released by IDmachines, which captures and examines the technical correctness of network messaging between electronic security system components, such as card readers and access control panels. Sal D’Agostino, the founder and CEO of IDmachines, calls it “a multi-meter for 21st century networked systems.” I don’t see how a security integrator, or a security design consultant, could verify the correct functionality and cybersecurity of a deployed security system without such a tool.
Security industry personnel are now gaining awareness of the importance of IT-style tools. After all, our security systems are built using information technology and it is high time that we used the appropriate tools to give system deployers and maintainers of security systems the technical situational awareness that gives them command and control over the systems for which they are responsible.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.