Real Words or Buzzwords?: Situational Awareness – Part 4

This is the 24th article in the “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress, also published on SecurityInfoWatch.com.

By Ray Bernard, PSP, CHS-III


Situational awareness is critical to the management of networked computer systems, but the security industry to date has only applied the term to the design and operation of security operations centers, not the design and maintenance of networked electronic security systems.

There are innumerable efforts underway in nearly every industry to apply the emerging tools of big data and artificial intelligence to accomplish wonderous things. Many of those efforts are aimed at providing situational awareness capabilities for many fields of operation that are far beyond what has been done in the past. This is possible because computing, electronic communications and data storage capabilities have been on an exponential growth curve for over five decades, to the point where what can be done with them both astonishes and overwhelms the human mind.

Industry Perspectives

So, what will we do with these technologies in the physical security industry? To begin with, I believe that we should consider the new technological capabilities for situational awareness from two perspectives:

  • Managing electronic security technology infrastructure
  • Providing operational support for security and life-safety incident, emergency, crisis and disaster response

These are mission-critical perspectives for our industry. They are also areas where our industry lags what is being done in other fields.

Fortunately for our industry, we do not have to invent the emerging technologies – we only need to understand and apply them well. However, our industry does not have a good track record of understanding and applying emerging technology.

Only two years ago did we seem to realize that we should be doing many of the things that the IT world was doing 15 years earlier in placing devices and systems on an organization’s network. Most of the leading electronic security technology companies came from the IT world, including names that you know like Axis Communications, Lenel Systems, Milestone Systems, On-Net Surveillance Systems, and many others. Many security industry incumbent companies laughed and derided their objectives, as did many of their customers whom they failed to correctly educate about technology.

In 2012 our industry declared that IT convergence was dead, only a few years after it had arrived and without really having gotten started. Ours was the only industry to have been so lame about convergence – which now, of course, is the basis for all our current technology efforts.

It is safe to say that understanding and applying emerging technology has never been an industry strength. Yet now, it needs to be, because bad threat actors are utilizing new technologies to expand their nefarious capabilities—and our customers are ill-prepared to deal with that.

In this article I’ll discuss the first perspective, managing electronic security technology infrastructure, and in the next article we’ll take up operational support for incident, emergency, crisis and disaster recovery, along with the Hospital Incident Command System.

Managing Electronic Security Technology Infrastructure

In the previous articles on situational awareness, I have presented the concept of evolvable intelligent technology infrastructure (illustrated here). It’s what we are building with today’s electronic security technology. It is complex, and there are many possible points of failure or low performance. Corporate networks only became reliable when the IT world developed and deployed automated tools for IT infrastructure management. Such tools provide situational awareness for the state of the network and its component parts.

Situational Awareness for Technology Systems

Initially, situational awareness research and development was focused on critical control systems for which a failure could result in a significant catastrophe, such as a nuclear reactor or an electrical power grid control system. The first job of situational awareness for control systems was to make sense out of high quantities and velocities of system status data that were too great for the human mind to handle. Situational awareness is critical to the management of networked computer systems, but the security industry to date has only applied the term to the design and operation of security operations centers, not the design and maintenance of networked electronic security systems.

Technica Corporation provides a good explanation for the situational awareness services it provides to its network operations customers: Real-time information sharing, gathering of metrics for trend analysis, and other activities relating to IT system availability and performance . . . are the heart of situational awareness and facilitate true command and control over customer systems and networks.

Initially, Technica – a 27-year-old company – primarily provided professional services and products to national and global commercial telecommunications carriers. Today, Technica supports some of the largest networks in the world—those owned and controlled by the U.S. Department of Defense, Federal Law Enforcement and Intelligence Agencies.

Here is Technica’s list of its situational awareness services for networks and networked systems:

  • Strategic Planning and Management
  • Systems Operation and Maintenance
  • Systems Engineering
  • Systems Security
  • Systems Implementation
  • Program Management
  • Command and Control (C2)
  • Network Operations (NetOps)

Technica knows that without a high degree of command and control over computer and network infrastructure, information and control systems can’t be cyber secure. Yet within the security industry, most electronic security system deployments are extremely weak on the above bullet items. IT infrastructure management practices have not been well understood or widely applied.

System Performance and Cyber Security

As was plainly evident at ISC West 2018, there is a new and intense focus on cybersecurity in the physical security industry. It is historically understandable that people in the security industry think of situational awareness as a security operations capability, and don’t apply the term to electronic systems infrastructure management. It is probably one reason why the security industry is weak on the bullet points above when it comes to network system design and deployment, especially regarding video surveillance systems.

Two years ago, my company informally surveyed a dozen organizations whose camera counts exceeded 2,000 cameras. Their security investigators all reported that between 10% and 20% of the time, investigators could not find recorded video that should have been available. Missing video, as well as other security system problems, results from a lack of true situational awareness about deployed infrastructure.

Proven practice has shown that establishing and maintaining high system performance and cybersecurity require well-documented and well-maintained system deployments. This is why the Center for Internet Security lists inventory and control of hardware and software assets as its #1 and #2 security controls and lists maintenance, monitoring and analysis of audit logs as the #6 security control among its top 20 security controls. Such controls are required to establish real-time situational awareness for technology deployments.

Context is Key  

Situational awareness is information in context. One of the reasons why generic IT system and network management tools are hard to apply to security technology deployments is that they are lacking an appropriate system design context to relate their data to. This is very clearly pictured in a diagram that I was shown by Viakoo at ISC West, from their newly released white paper titled, Video System Cyber and Performance Assurance. Understandably, Viakoo doesn’t use the term “situational awareness” to describe the insights that their system provides, because that would cause confusion given the way the term is used today. However, this diagram is the perfect illustration of what I mean when I say “system design context.” All Viakoo’s data about video systems and their components is provided in the context of how it relates to each camera’s video stream and the video stream’s path through a dozen or more network and system components. It’s a complex situation, because the network and component path along which video streams travel varies from one camera to another, although we tend to think of them as being identical or nearly so. Conceptually they are identical, but in deployment it’s a much more complex picture.

Viakoo is the first tool that I’ve seen that provide situational awareness for deployed electronic security systems infrastructure. The different between that, and what you get from generic IT tools, is clearly evident in the diagram.

Automation is Required 

The IT industry learned long ago that automation is required to have a well-managed IT infrastructure. The security industry is decades behind in applying situational awareness to managing electronic security technology infrastructure – both at the situational awareness level, and at the detailed component diagnostics level. Although from some of the upcoming tools that I saw at ISC West 2018, that is beginning to change.

One such tool is Eidola, soon to be released by IDmachines, which captures and examines the technical correctness of network messaging between electronic security system components, such as card readers and access control panels. Sal D’Agostino, the founder and CEO of IDmachines, calls it “a multi-meter for 21st century networked systems.” I don’t see how a security integrator, or a security design consultant, could verify the correct functionality and cybersecurity of a deployed security system without such a tool.

Security industry personnel are now gaining awareness of the importance of IT-style tools. After all, our security systems are built using information technology and it is high time that we used the appropriate tools to give system deployers and maintainers of security systems the technical situational awareness that gives them command and control over the systems for which they are responsible.

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.