Circle The Wagons
Perimeter security in the physical world and cyber realm, from 500 miles away
- By John Bartolac
- Aug 01, 2012
Remember the classic line, “Just because I’m paranoid doesn’t mean
they’re not out to get me”? If you feel your assets are in danger of
compromise, you’re not alone and your concern isn’t irrational.
Whether it’s a stock portfolio, brick and mortar property, friends
and family, business interests, campuses, public areas or government
bases, it seems just about everyone’s assets are under potential threat of attack. If those
attacks aren’t occurring at this very moment, someone could be scoping out your perimeter and
thinking of ways to breach it.
As the first line of defense, perimeter security is often the initial focus: physical barriers, deterrent
strategies, access control and intrusion detection systems, ground sensors and street patrols. Their effectiveness
can then be verified with video surveillance technology.
If a company’s business extends to remote satellite offices, global business partners and supply chains, the
concept of “perimeter” suddenly becomes a gray area. And, given today’s digital world in which our greatest
assets are now electronic data, the definition of perimeter extends far beyond a mere physical boundary. Protecting
those assets—which could reside in a server, an offsite data center, on someone’s laptop or smartphone or even
in the cloud—requires a strategic combination of physical and IT security prowess.
Pushing the Technological Frontier
Improvements in physical perimeter protection have long been driven by advancements in technology, specifically in increasing
processing power. On the heels of greater processing power came advancements in wireless mesh, satellite and 4G
LTE communications, which allow end users to extend their perimeters beyond those once limited by conventional cabling
and power supplies.
As the processing power and communication
infrastructures improved,
we not only pushed the boundaries of
our perimeters further and further, but
we also began doing more with our perimeter
protection systems. We started
to integrate multiple devices and use advanced
analytics to share intelligence and
improve the effectiveness and efficiency
of our response to perimeter breaches.
While the private sector was deploying
new security technology that fostered
coordinated responses, the government
was pursuing a parallel effort.
Various departments began looking
at initiatives such as Federal Identity,
Credential and Access Management
(FICAM) to promote and facilitate interoperability
across agencies and jurisdictions
to ensure a rapid response to
heightened threats to homeland security.
A prime example of this interoperable
initiative in action is in the city
of Chicago where Operation Virtual
Shield has demonstrated how a federation
of multiple agencies can extend the
city’s perimeter protection through the
use of PODS (Police Observation Devices).
The success of the program is in
the statistics: since January 2011, the
city of Chicago has credited the federation
with 1,446 POD-related arrests.
This success is being driven by three
main advances in IP video:
Image quality. Security professionals
now use HDTV-quality and multi-megapixel
video cameras (780p and 1080p)
coupled with advanced H.264 compression
for superior clarity and full-color
fidelity at up to 60 frames per second.
The advanced compression minimizes
bandwidth consumption and
storage without degrading image quality.
This means a user captures greater
detail and more fluid motion and can
view the perimeter at further distances
than ever before. This achievement is
in sharp contrast to the choppy, fuzzy
quality of video we had to settle for in
the past when processing and storage
limitations forced us to compromise
surveillance frame rates and resolution.
Light sensitivity. Nonexistent or
weak lighting surrounding perimeter areas
has always presented a challenge to
security professionals. But today, companies
can deploy digital video cameras
that deliver full-color images at night using
only the ambient lighting available,
including starlight and moonlight.
More sensitive light sensors not only
provide better detection in less-thanoptimal
lighting conditions, they also
eliminate the cost of installing additional
artificial lighting to illuminate
the field of view.
Processing at the edge. With computer
chips becoming smaller yet more
powerful combined with thumbnailsize
SD cards storing 32 GB and higher,
we have the technology to push processing
power and storage to the edge
of our security solutions. Distributing
power across edge devices gives companies
a wealth of advantages, such as the
ability to analyze raw footage in-camera
at the point of capture to improve
surveillance intelligence and the ability
to mitigate the risks associated with
centralized server failures.
Pushing Perimeter
Security into the Digital
and Cyber Realm
As we look beyond the physical perimeter
to the digital and cyber realm, we
start to discover problems and risks
that require a completely different response
to attack.
Technology solutions and policies
in the digital sphere are often playing
catch-up against malicious yet brilliant
minds in a frontier many people can’t
even begin to fathom. For instance, the
FBI readily acknowledges that cyberterrorists
operating in the digital realm
routinely steal and launder money in
an effort to finance their operations. In
fact, FBI Director Robert Mueller recently
told the House Appropriations
Committee he was concerned about the
possibility of a “cyber one-two punch,”
in which intellectual property is stolen
and used to interfere, jam or disrupt
operations on the battlefield.
It’s these kinds of attacks that have
prompted us to rethink what we consider
the perimeter and how we combat
and prevent incursions.
But cyberattacks aren’t exclusive to
government entities, nor are they a recent
phenomenon. The Hampton Roads
Business Journal published a 2008 survey
regarding employees who left their
jobs. Conducted by Symantec Corp.
and the Ponemon Institute, the study
presented some sobering findings: Fifty-
nine percent of ex-employees surveyed
admitted to taking some of their
employer’s confidential information
when they left. Much of the information
taken was electronic. Fifty-three
percent of respondents downloaded information
onto a CD or DVD, 42 percent
onto a USB drive and 38 percent
sent attachments to a personal email
account. The overwhelming majority,
79 percent of respondents, took data
without their employer’s permission.
While the frontier of cyberspace
may be invisible, it is no less real than a
brick and mortar boundary. But unlike
a wall or a fence, cyberperimeters need
to be somewhat permeable to allow us
to share information with our satellite
facilities, business partners, customers
and supply chain if we’re to conduct
business in this global economy. While
conventional physical security systems
can address the safety of the hardware
sitting in the data center, protecting the
digital content as it travels through cyberspace—
beyond the traditional four
walls—requires a new approach.
We live in a world where IT is king,
and the backbone of everything is the
transfer of data across the network, be
it LAN, WAN, VPN or Internet. Devices
outside the corporate offices, including
laptops, video surveillance cameras,
access control card readers, IP-based
intrusion devices and other information
technology systems, become targets
for attacks because they offer intruders
a portal into your facility and
an accessible point to hijack or corrupt
intellectual data inside your perimeter.
To address this potential breach
point, the federal government enacted
the Federal Information Security
Management Act (FISMA). This act
requires federal agencies to develop,
document and implement information
security programs for government information
technology systems. FISMA
also requires regular risk assessments:
formal testing and evaluation of those
devices and systems. In conjunction
with FISMA, the Department of Defense
(DoD) and many other high-level
early adopters have established their
own DoD Information Assurance
Certification and Accreditation Process
(DIACAP) that requires users to
maintain their IT systems, devices and
ability to operate while protecting data
linked across these systems and devices.
The National Institute of Standards
and Technology (NIST) also has statutory
responsibilities under FISMA to
provide those standards and best practices
for federal information systems.
The regulations, standards and certification
programs set forth by FISMA,
DIACAP and NIST offer valuable
guidelines for the private sector to
build upon as it continuously redefines
and redesigns its own perimeter protection—
both in the brick and mortar
world and in the cyber/digital realm.
Finding the Right
Technological Balance
Local and national industry tradeshows
and seminars offer great opportunities
to get a peek at the latest technologies,
but oftentimes it’s difficult to
figure out which options on the market
really work best for a particular security
application. This is when an industry
consultant can be of immense value.
A consultant has extensive knowledge
about security systems and can
weed out those extraneous technologies
or solutions that won’t help solve the
problem at hand. He or she will warn
against technologies that are notoriously
unreliable or that will lock you into a proprietary system, while recommending
solutions to create a strong,
long-term strategy to navigate this everchanging
landscape.
Here are some shopping tips:
- Go with mainstream and standardsbased
technologies, solutions and
services. This will ensure you have
the ability to change and grow as
technology improves and the definition
of your perimeter changes.
- Watch the trends and see what direction
the big companies are taking.
Not all good solutions are in
it for the long haul. Remember the
battle between Betamax and VHS?
VHS became mainstream, while
Betamax fell by the wayside. In the
security world, it’s digital, IP-based
technology that’s phasing out the
analog world of old. IP video and
wireless-based connectivity are replacing
analog CCTV’s costly cable-
anchored solutions. HDTV and
megapixel network cameras support
H.264 compression for better image
quality and bandwidth savings.
IP-based thermal imaging and lowlight/
Lightfinder imaging technologies
have conquered the problem of
conducting perimeter surveillance in
extremely low-light conditions.
- Choose devices that support higher
encryption methodologies beyond
user names and passwords. Consider
solutions that employ credentialbased
certificates for authentication
of actual system devices. These will
provide the highest level of protection
against cyberthreats and ensure
that only trusted users (“entities”)
have access to your network devices
and the data from those devices.
It’s a way to foster interoperability
across multiple departments, business
partners, agencies and customers
without compromising the security
of your digital assets.
Circling your Perimeter
with Smarter Wagons
The reality is that today’s perimeters
extend far beyond physical boundaries.
You have to understand where you’re
most vulnerable to identify who is most
likely to launch an attack. While investigating
ways to shore up your defenses,
seek advice from industry consultants
and participate in industry association
events and online discussions with
ASIS, SIA, PSA, (ISC)2 and the entire
security community to learn about current
technology advancements and future
trends.
Gather knowledge from multiple
fronts and you’ll not only protect yourself
from threats but avoid getting stuck
with expensive proprietary systems or
dead-end technology and solutions.
It’s okay to be paranoid. It’s better to
anticipate the possibility that someone
might be out to get you—and your assets
and your data. By circling your perimeter
with smarter wagons, you’ll be
able to fend off the threat.
This article originally appeared in the August 2012 issue of Security Today.