This is the 27th article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress, also published on SecurityInfoWatch.com.
By Ray Bernard, PSP, CHS-III
Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
All-in-one RWOB
MAXIMIZE YOUR SECURITY OPERATIONS CAPABILITIES
Upgrade your security operations effectiveness through Security Technology Strategic Planning. Provably get more for your company's security technology investment.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
#51 H.264 - Part 3: Once seen as just a marketing term, ‘smart codecs’ have revolutionized video compression.
#52 Presence Technologies: The proliferation of IoT sensors and devices, plus the current impacts of the COVID-19 pandemic, have elevated the capabilities and the importance of presence technologies.
#53 Anonymization, Encryption and Governance: The exponential advance of information technologies requires an exponential advance in the application of data protection.
#54 Computer Vision: Why a good understanding of the computer vision concept is important for evaluating today’s security video analytics products.
#55 Exponential Technology Advancement: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#56 IoT and IoT Native: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#57 Cloud Native IoT: A continuing look at what it means to have a 'True Cloud' solution and its impact on today’s physical security technologies.
#58 Bluetooth vs. Bluetooth LE: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#59 LPWAN - Low-Power Wide Area Networks: Emerging IoT smart sensor devices and systems are finding high-ROI uses for building security and safety.
#60 Edge Computing and the Evolving Internet: Almost 15 billion personal mobile devices and over 22 billion IoT devices operating daily worldwide have shifted the Internet’s “center of gravity” from its core to its edge – with many implications for enterprise physical security deployments
#61 Attack Surface: (Published as a Convergence Q&A Column article)An attack surface is defined as the total number of all possible entry points for unauthorized access into any system.
#62 Autonomous Compute Infrastructure: We’re on the brink of a radical new approach to technology, driven by autonomous operations.
#63 Physical Security Watershed Moment: We have reached a juncture in physical security technology that is making most of our past thinking irrelevant.
#64 Access Chaos: For 50 years we have had to live with physical access control systems that were not manageable at any large scale.
#65 AI and Automatiom: Will engineering talent, business savvy and capital investment from outside the physical security industry bring technology startups that transform reactive security to proactive and preventive security operations?
#66 Interoperability: Over the next five years, the single greatest determinant of the extent to which existing security industry companies will thrive or die is interoperability.
#67 AI Model : One key factor affects the accuracy, speed and computational requirements of AI
#68 Interoperability – Part 2: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#69 Interoperability – Part 3: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#70 Operationalizing AI: AI is not a product, but a broad category of software that enables products and systems to do more than ever before possible. How do we put it to good use?
#71 Shallow IT Adoption – Part 1: It’s not just about being IT compliant, it’s also about leveraging IT capabilities to properly serve the needs and wants of today’s technologically savvy customers.
#72 E-waste – an important security system design issue: Now e-waste is an important design issue not just because of growing e-waste regulations, but because educated designers can save enterprise security system customers a lot of money.
#73 LRPoE - Long Reach Power over Ethernet: A dozen factors have improved the business attractiveness of network cameras, making it more desirable to place cameras further from existing IT closets than the 328 foot limitation of standard Ethernet cable.
#74 NIST Declares Physical Access Control Systems are OT: Does it really mean anything that OT has joined the parade of labels (IT, IoT, and then IIoT) variously getting applied to security systems?
#75 Future Ready: Google sees the term "future-ready" trending up across many subject domains. But does that term apply to the physical security industry and its customers?
#76 Data KLiteracy: AI needs data. Thus, the ability of any department or division in an organization (including security) to use AI effectively depends on its ability to effectively obtain and utilize data – including security.
#77 Security Intelligence (upcoming): AI brings two kinds of intelligence to physical security systems – people bring the third.
More to come about every other week.
This, the final article in the series on situational awareness, takes a look at the overall security system capabilities for SA that are needed to support – for example – the Hospital Incident Command System (HICS) and the Incident Command System for Schools (FEMA free interactive web based course).
The guidance for both incident command systems have two new elements that earlier incident command system (ICS) guidance lacked:
- Flexible Application. Adjusting the application of the ICS to fit the incident rather than filling all the positions on the incident command system chart mechanically, without regard to the nature of the incident, its dynamics, and the need for the availability of resources.
- Everyday Use. Using the incident command for non-emergency events. This solves the problem that occurs with most emergency planning: the emergency management system is documented and drilled maybe once, the manuals sit on the shelf gathering dust, while the initial training fades from memory. When an incident occurs, few people remember what to do.
These two points are great advice and constitute a very significant improvement in the way incident command systems are used. The HICS Guidebook 2014 states:
- Some hospitals only see HICS as a system to manage emergency incidents. However, the modular design and flexibility of HICS lends itself to managing non-emergency incidents or events, such as moving patients within the facility, dispensing medication to hospital staff, annual influenza vaccination programs, or hosting a large hospital or community event.
- HICS is not meant to replace the everyday organization design. The HICS organization structure frequently does not correlate to the daily administrative structure of the hospital. This practice is purposeful and done to reduce role and title confusion.
- The application and adaptation of HICS to the individual hospital requires education and training to produce proficiency and competency. Once mastered, it provides an easy-to use framework to manage any incident.
Similarly, the Introduction to the Incident Command System for Schools (online at FEMA, downloadable PDF format) says:
“ICS for Schools can be used to manage any of the following types of incidents:
- Disasters, such as fires, tornadoes, floods, ice storms, or earthquakes.
- Disease outbreaks and prevention measures.
- Search operations for a missing student.
- Hazardous materials accidents in chemistry labs.
- Hostile intruders or other criminal acts.
- Planned events, such as school drills, festivals, sporting events, and graduations.”
Using the ICS framework for non-emergency events would be a snap if it didn’t require a significant mental leap because the ICS organization structure often does not correlate easily to the daily administrative structure of hospitals, schools and other organizations. To date, training has been the only means for overcoming that hurdle, and that factor has constrained the application of incident command systems. This was understandable 20 years ago but is inexcusable today, given information technology capabilities.
Situational Awareness, ICS and Today’s Technology
Here we are more than two decades after the birth of the World Wide Web, a decade after Apple reinvented the smartphone and a decade after Google’s CEO Eric Schmidt coined the term “cloud computing”. Every day in the U.S., over 200 million smartphone users work and live differently than they did a decade or so ago, thanks to the power of intelligent automated systems that make what used to be difficult, time-consuming and memory-dependent tasks quick and easy. Today, modern-day analytics and information technology systems bring situational awareness to many aspects of an organization’s daily operations.
Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
What roles would technology play if we updated our “thinking caps” for modern-day application of the Incident Command System?
Multi-Point Situational Awareness
Situational awareness for major incident response must address the roles, responsibilities and objectives of the response team members, in the context of the incident timeline of their response actions. Each individual team member has decision-action response steps to perform, nearly all of which have situational awareness elements that are not in direct sight.
This is why I assert that the objective for security system situational awareness capabilities should be “Full SA” – which means that everyone involved has the full level of situational awareness that they need to evaluate, decide and take action according to their own response roles, responsibilities and objectives.
Follow along with me below as we take a close look at the situational awareness support required across the scope of the Hospital Incident Management Team (HIMT) members – each of whom will need one or more dashboards to depict at-a-glance the current status of impacted people and assets, incident response efforts, and response resources as they relate to their responsibilities and objectives.
- Look closely at the situational awareness factors involved as shown in this diagram, introduced in the first article of this series, which shows the three aspects (levels) of situational awareness that must be supported relating to the responder’s roles, responsibilities and objectives.
- Now, open the HIMT Chart, look at the top level of the chart, and read each of the specialty areas listed in tiny print next to the Medical-Technical Specialists box. These are specialist areas whose expertise the Incident Commander may need to support his or her evaluations and decisions. Consider that each of these specialists will need situational awareness of the unfolding incident, within the timeline context – and so will the Incident Commander, to determine what specialist support is needed.
- Next, consider that there are four Section Chiefs (Operations, Planning, Logistics and Finance/Administration) who oversee and coordinate the efforts of potentially nearly 60 directors, managers, and unit leaders with their own set of responsibilities and objectives – plus the unit personnel they direct. They have their own situational awareness requirements. How much of the HIMT is applicable, and how many people it takes to adequately cover the applicable roles and responsibilities, will vary depending upon the nature of the incident and scale of the response required.
Hopefully, this little review gives you an idea of the scope for which situational awareness is required. Additionally, there are activity logs, messages, decisions, notifications, check-ins, check-outs and many other administrative dimensions of response actions and activities. These can easily be messy and incomplete with a mix of paper-based plus email/text-based data collection, but which can be exact, complete and of forensic quality when supported by appropriate information systems.
Full Situational Awareness Makes a Critical Difference
The contributions that SA can make require a bit of thinking. Full SA can make the difference between being properly prepared and under-prepared or over-prepared for critical activities. When resources are in short supply, these can make life-saving differences. The speed of many response actions can be significantly accelerated if all needed information is instantly available, as opposed to having to use email, radio, telephone and other means to get a picture of current and projected status.
If you are responsible for evacuating multiple at-risk areas of a facility, with evacuees slated to be moved to multiple safe areas so that time-critical chemical containment actions can be performed, think of the difference it will make to the speed of chemical containment execution, if the evacuation team members could all have real-time map-based location status of every evacuee and every evacuation team member.
Wouldn’t you like to know very early on that double the number of people you expected need special evacuation assistance – as opposed to learning about it because the chemical containment crew is complaining they can’t begin their work? Wouldn’t you instead like to inform the containment crew that they can begin ahead of schedule?
Across the full breadth and depth of response consider what the impact of Full SA can be at all levels of the response command hierarchy. Think of how Full SA can help external responders like police, fire, and emergency medical services coming to your facility or event area.
Automating and Time Line Support
Automated reminders – based on the planned incident response timeline – can contain progress status and resource availability status – with action buttons for requesting the exact additional resources needed. Automated notifications can inform responders dependent upon certain actions, whether those actions are on schedule, ahead of schedule, or right on time. Command-level personnel can be informed of the aggregate response risk picture, whether any critical elements of response are at risk, and whether risk factors are increasing or decreasing well before a critical limit is reached. Request approvals can be quickly routed and escalated to alternate deciders, based upon at-the-moment availability and prioritized according to critical time or risk factors. Each decision-maker can act from a well-informed understanding that includes the full incident context – and action orders can be communicated instantly to all affected parties.
After-Action Reports and Recommendations
With a fully accurate timeline of incident status and response actions, and full incident contextual information regarding response shortcomings or resource shortages, an after-action performance analysis can be quick and accurate, and the after-action report can be highly informative and insightful.
Situational Awareness Conclusion
If you consider each individual system element that is required to provide Full Situational Awareness to all security/emergency/safety response stakeholders, you can find examples of the capabilities needed within the cloud-based systems that are currently in daily use. The automotive industry has self-driving cars, but what do we have of the same caliber of innovation for the security industry? I contend that individual products whose integration capabilities can fully support the operational requirements of the Hospital Incident Command System and the Incident Command System for Schools, are the next category of innovation that will raise the security industry to a new level of real risk reduction.
The auto industry has reduced traffic accidents by more than 25% in recent years, with a target reduction of zero death on their agenda, based upon autonomous driving and assisted-driving technologies.
Let’s make a similarly significant impact in emergency response efforts by making Full Situational Awareness capabilities a reality. It’s an industry team effort worth making.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders.