This is the 26th article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress, also published on SecurityInfoWatch.com.
By Ray Bernard, PSP, CHS-III
Situational awareness is an important element of organizational resilience, which most of today’s organizations are striving to achieve – yet our tools for establishing and maintaining situational awareness are still being designed for the most part per 20th century thinking and requirements.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 LegacyHow you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2A look at the different H.264 video frame types and how they relate to intended uses of video.
More to come about every other week.
Originally, SA technical capabilities were designed with a fixed scope and to be utilized by a small set of SA information consumers (sometimes just one consumer, such as a fighter-jet pilot), because they were part of a fixed system. In the physical security world, SA capabilities have been confined to Security Operation Centers (SOCs) and Emergency Operation Centers (EOCs). Thus, the technical attributes described below have not previously been included in security system or emergency management system requirements.
Situational Awareness in the 21st Century
Real world expectations for organizational awareness, thinking and response have grown far beyond what they used to be, given the digital connectedness of living and the technological advancement of personal and organizational information systems as well as social media. Due to this new and permanent level of interconnectedness, there is no longer any excuse for organizations not to be aware of situations that affect their own personnel and the members of various related communities, both physical and cyber. Situational awareness is an important element of organizational resilience, which most of today’s organizations are striving to achieve – yet our tools for establishing and maintaining situational awareness are still being designed for the most part per 20th century thinking and requirements.
Today, situational awareness tools must be:
- Highly-scalable as to SA scope and SA consumers
- Time-centric regarding situations, plans, activities and shared awareness
- Highly-analytical and self-learning to minimize success dependency on human expertise and experience
- Distributed and resilient to persist despite communications interruptions
- Highly-contextual to appropriately support personnel and teams with defined roles, responsibilities and objectives
- Flexible to account for situation-related fluidity in roles, responsibilities, communication links and information sharing
- Maximally-automated to support not just awareness but also the execution of response plans and management of related activities
- Compliant with regulatory and organizational requirements for data and personal privacy
- Auditable across all integrated elements
Article space constraints don’t permit delving deeply into all nine of these requirements in this article, but in the next article I will use material from the Hospital Incident Command System to provide an operational context for each of them.
These capabilities can only be achieved by the integration of an array of applications that each contribute as a part of the awareness and response picture. The information technology exists to achieve this now. The security design thinking doesn’t – yet, but thinking is starting to move in that direction.
Pieces of the technology puzzle are emerging. Milestone, Lenel and Eagle Eye Networks have system architectures that support distributed and resilient operation. Eagle Eye is already fully in the cloud. Milestone and Lenel are moving there. Maxxess provides its Ambit product, a cloud-based managed messaging system that adds new situational awareness capabilities to existing security systems. Register here for a May 24th webinar on Ambit and school emergency preparedness by threat assessment specialist Victor Rocha.
I could see at ISC West that other companies are also starting to move in directions that relate to the situational awareness capabilities listed above.
Cloud and APIs are Needed for Full Situational Awareness
The integration required to provide situational awareness to the level described in this article involves two things whose use has not been fully understood yet within the security industry: the cloud and APIs. The level of scalability and resilience required for many aspects of the integrated SA capabilities described above can only be done with true cloud systems. Scaling up to thousands of simultaneous users is simply not doable from a premises-based server, but with a system well-engineered specifically for cloud deployment, it’s a piece of cake.
While APIs (application programming interfaces) have been around the physical security industry for a while, many of them lack the depth and robustness needed to support integration for purposes of situational awareness capabilities listed above. Product APIs from Lenel, Milestone, Eagle Eye, Verint and others come very close – but currently no products support SA-related compliance and auditability requirements, although many companies are committed to including such requests in their development roadmaps.
In the next article we’ll take a close look at the system-related specifics of those SA capabilities, using the Hospital Incident Command System as our frame of reference.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.