Security Squared

The future of industry is in convergence

AT the most basic level, there are just two types of security: physical security to protect people and assets, and information security to protect bits and bytes in data systems. And, information security products are generally more intelligent than physical security products.

Last year, a Booz Allen report estimated that the information-centric part of physical security was a $1 billion a year business, growing to more than $10 billion annually in less than a decade.

The future of physical security is in convergence. Smart networks should make smart devices talk while making dumb devices smart so both collectively function as intelligent, useful networked security systems. The future is in physical security systems that integrate a wide array and large number of highly disparate devices -- systems that are ubiquitous, imbedded, highly configurable, scaleable and transparent in utility. This is a familiar trajectory for experts of recent IT history. And there is an instructive metric to borrow from the IT world known as Metcalfe's Law.

Metcalfe's Law
Somewhere there's a derivative Metcalfe's Law for information-centric physical security -- a rule-of-thumb that establishes the value of the security network in terms of the character and connectivity of the devices on the network.

Robert Metcalfe, inventor of the Ethernet and founder of 3Com, hypothesized the value of a communications network increases as the square of the number of users connected. Double the number of computers or any CPU-based device on a network and its value quadruples. Rising value entices others to join the network, thereby creating a cycle of growth in value for users and markets for suppliers. The introduction of wide area networks (the Internet, soon WiMax) and local area networks (wired and wireless Ethernet) was the driving force in the explosive growth of devices on the edge of those networks, an ever rising value to end users.

Similarly, the value of a networked security system grows non-linearly with the number of smart devices on the network, including collateral connections with other networks and devices. Assuming the devices in the security networks are smart, an additional metric may be needed to postulate an IT-type scaling law in security systems -- one that counts the lines of code in the firmware and the number of network interfaces in the security devices.

Devices on the edge of the networks, regardless of scale, from vehicles or buildings to entire cities and countries, collect information that is or should be routed, processed, stored, analyzed, compared and cross-correlated, and re-routed to automatically initiate actions or provide transparent information to support decisions. This is what operators want. This is what is so often called, but rarely provided, "a solution."

The software and networks needed to manage, analyze and rationalize security data flows are remarkably similar to those that manage business and entertainment data flows. Thus, increasingly visible in the security world are venerable IT players such as Cisco, Microsoft, EMC, IBM, Qualcomm, Harris and Motorola. But there is one central difference between the two worlds.

The devices on the edge in the IT world are phones and similar devices with embedded microprocessors -- from PCs to PDAs and cameras. In the security world, devices on the edge are more varied, and some are only now emerging. There is a vast array of complex information-gathering devices and sensors, frequently with embedded microprocessors. There are few standards and highly variable outputs, performances and purposes.

Security sensors are designed to detect, identify and track objects, chemicals or people. These sensors range from widely distributed cameras to exotic infrared and laser imagers, acoustic and radar-based surveillance. Sensors also include all manner of biometric, chemical, biological, explosive and radiological tools emerging from remarkably compressed and refined renditions of basic instruments once only familiar in scientific and medical settings. Some of the devices already have embedded software and plenty of native smarts, feeding massive data streams into local, rarely networked, software-driven analytic systems. Others are barely sentient.

Light of Day
From Doha to Detroit, the general architecture of what a security system should look like is often articulated and only now beginning to see the light of day. Information is ideally gathered and correlated on an intelligent, analytic basis in real time from a large number of security technologies.

There are plenty of examples of the technology at work. A shipping container's origins and signature can be linked to people that interact with the container and there are sensors designed to sniff it along its journey. A radiological spectrum at an interstate truck weigh station can be designed to take an automated license plate reading just as facial biometrics can correlate with material missing in inventory from another country. Accomplishing such feats requires sophisticated networks linked usefully on the front lines.

You might say the CCTV crowd has figured this out, increasingly offering not just IP-enabled cameras, but an array of software to control, route, store and process video information. Video has come first to the network paradigm in part because the core product, the visible imaging sensor, is a mature commodity. The camera is often the first and sometimes only step in many security deployments, and it is an essential part of nearly any security system. Also, CCTV benefits from product maturity (reasonable prices, transparent metrics and standards) and the ready availability of directly relevant software and communications networks from non-security uses of video.

Incorporating IP connectivity with a video camera is not exactly a revolutionary idea, nor is it deeply insightful to add Bluetooth to a biometric card reader or to a handheld radiation sensor. There are many examples of how IT features prove useful in security products. The trend will doubtlessly extend to adding smart sensors and communications to nearly everything, including stanchions used to form security lines, bollards outside buildings and even the manhole covers in surrounding streets. Incorporating IT-centric capabilities in all devices and locations is now possible by three core factors.

Enabling IT-Centric Security
First, there is the inevitable and ongoing decline in device/sensor cost and increase in effectiveness -- cheap and useful is a winning combination. Second, the cost of network connectivity, bandwidth, storage and processing power are all low and still declining. The third determinant is the ability to design and implement useful network architectures using the first two. The network design task is daunting given the complexity of the physical, geographic, regulatory and psychological environments.

Network design requires a concept of operation, which determines not only the nature of the networks, software and related items, but also frequently the design and nature of security devices on the edge of networks. Ultimately, a security system that works is measured by its utility -- transparency, ease of use, accuracy -- for the people on the front line. For the military, this is the war fighter, for governments, first responders and in civilian domains, this is the ubiquitous, if underappreciated, security guard.

The DOD's net-centric warfare efforts are nearly monomaniacal in the focus on the frontlight war fighter. Somewhat less attention has been focused on humans on the civilian security frontlines. It is not surprising that much of the pioneering work in info-centric security has been undertaken by the likes of Northrop, Lockheed, Raytheon and Boeing. The companies take practices developed for military force protection to find application in civilian domains -- from borders to airports and large cities. A more telegraphic trend for the expanding field is the early steps taken to enter the physical security market by more generally info-centric companies such as IBM, SAIC, CACI and Booz Allen -- and of great promise, the entry of a flurry of small companies and entrepreneurs.

Perhaps the best bellwether of the emergence of this new paradigm for security is the appearance of new trade and professional societies. The Network Centric Operations Industry Consortium has a military-civilian focus and convergence. The Open Security Exchange is working to accelerate the widespread convergence of physical security with IT. The Alliance for Enterprise Security Risk Management, ASIS, the Information Systems Audit, along with the Control Association and Information Systems Security Association are all playing parts in the new security world. The ISSA was created "to address the integration of traditional and information security functions and to encourage board and senior executive-level attention to critical security-related issues and the need for a comprehensive approach to protect the enterprise."

Last year, a Booz Allen report estimated that the information-centric part of physical security was a $1 billion a year business, growing to more than $10 billion annually in less than a decade. If Metcalfe's Law holds in the security world, and there's every reason to believe it will, the growth may be much faster -- a happy outcome both for the nation's security and the engaged companies.

This article originally appeared in the February 2007 issue of Security Products, pg. 8.

Featured

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3