Circle The Wagons

Perimeter security in the physical world and cyber realm, from 500 miles away

Remember the classic line, “Just because I’m paranoid doesn’t mean they’re not out to get me”? If you feel your assets are in danger of compromise, you’re not alone and your concern isn’t irrational. Whether it’s a stock portfolio, brick and mortar property, friends and family, business interests, campuses, public areas or government bases, it seems just about everyone’s assets are under potential threat of attack. If those attacks aren’t occurring at this very moment, someone could be scoping out your perimeter and thinking of ways to breach it.

As the first line of defense, perimeter security is often the initial focus: physical barriers, deterrent strategies, access control and intrusion detection systems, ground sensors and street patrols. Their effectiveness can then be verified with video surveillance technology.

If a company’s business extends to remote satellite offices, global business partners and supply chains, the concept of “perimeter” suddenly becomes a gray area. And, given today’s digital world in which our greatest assets are now electronic data, the definition of perimeter extends far beyond a mere physical boundary. Protecting those assets—which could reside in a server, an offsite data center, on someone’s laptop or smartphone or even in the cloud—requires a strategic combination of physical and IT security prowess.

Pushing the Technological Frontier

Improvements in physical perimeter protection have long been driven by advancements in technology, specifically in increasing processing power. On the heels of greater processing power came advancements in wireless mesh, satellite and 4G LTE communications, which allow end users to extend their perimeters beyond those once limited by conventional cabling and power supplies.

As the processing power and communication infrastructures improved, we not only pushed the boundaries of our perimeters further and further, but we also began doing more with our perimeter protection systems. We started to integrate multiple devices and use advanced analytics to share intelligence and improve the effectiveness and efficiency of our response to perimeter breaches.

While the private sector was deploying new security technology that fostered coordinated responses, the government was pursuing a parallel effort. Various departments began looking at initiatives such as Federal Identity, Credential and Access Management (FICAM) to promote and facilitate interoperability across agencies and jurisdictions to ensure a rapid response to heightened threats to homeland security. A prime example of this interoperable initiative in action is in the city of Chicago where Operation Virtual Shield has demonstrated how a federation of multiple agencies can extend the city’s perimeter protection through the use of PODS (Police Observation Devices). The success of the program is in the statistics: since January 2011, the city of Chicago has credited the federation with 1,446 POD-related arrests.

This success is being driven by three main advances in IP video:

Image quality. Security professionals now use HDTV-quality and multi-megapixel video cameras (780p and 1080p) coupled with advanced H.264 compression for superior clarity and full-color fidelity at up to 60 frames per second.

The advanced compression minimizes bandwidth consumption and storage without degrading image quality. This means a user captures greater detail and more fluid motion and can view the perimeter at further distances than ever before. This achievement is in sharp contrast to the choppy, fuzzy quality of video we had to settle for in the past when processing and storage limitations forced us to compromise surveillance frame rates and resolution.

Light sensitivity. Nonexistent or weak lighting surrounding perimeter areas has always presented a challenge to security professionals. But today, companies can deploy digital video cameras that deliver full-color images at night using only the ambient lighting available, including starlight and moonlight. More sensitive light sensors not only provide better detection in less-thanoptimal lighting conditions, they also eliminate the cost of installing additional artificial lighting to illuminate the field of view.

Processing at the edge. With computer chips becoming smaller yet more powerful combined with thumbnailsize SD cards storing 32 GB and higher, we have the technology to push processing power and storage to the edge of our security solutions. Distributing power across edge devices gives companies a wealth of advantages, such as the ability to analyze raw footage in-camera at the point of capture to improve surveillance intelligence and the ability to mitigate the risks associated with centralized server failures.

Pushing Perimeter Security into the Digital and Cyber Realm

As we look beyond the physical perimeter to the digital and cyber realm, we start to discover problems and risks that require a completely different response to attack.

Technology solutions and policies in the digital sphere are often playing catch-up against malicious yet brilliant minds in a frontier many people can’t even begin to fathom. For instance, the FBI readily acknowledges that cyberterrorists operating in the digital realm routinely steal and launder money in an effort to finance their operations. In fact, FBI Director Robert Mueller recently told the House Appropriations Committee he was concerned about the possibility of a “cyber one-two punch,” in which intellectual property is stolen and used to interfere, jam or disrupt operations on the battlefield.

It’s these kinds of attacks that have prompted us to rethink what we consider the perimeter and how we combat and prevent incursions.

But cyberattacks aren’t exclusive to government entities, nor are they a recent phenomenon. The Hampton Roads Business Journal published a 2008 survey regarding employees who left their jobs. Conducted by Symantec Corp. and the Ponemon Institute, the study presented some sobering findings: Fifty- nine percent of ex-employees surveyed admitted to taking some of their employer’s confidential information when they left. Much of the information taken was electronic. Fifty-three percent of respondents downloaded information onto a CD or DVD, 42 percent onto a USB drive and 38 percent sent attachments to a personal email account. The overwhelming majority, 79 percent of respondents, took data without their employer’s permission.

While the frontier of cyberspace may be invisible, it is no less real than a brick and mortar boundary. But unlike a wall or a fence, cyberperimeters need to be somewhat permeable to allow us to share information with our satellite facilities, business partners, customers and supply chain if we’re to conduct business in this global economy. While conventional physical security systems can address the safety of the hardware sitting in the data center, protecting the digital content as it travels through cyberspace— beyond the traditional four walls—requires a new approach.

We live in a world where IT is king, and the backbone of everything is the transfer of data across the network, be it LAN, WAN, VPN or Internet. Devices outside the corporate offices, including laptops, video surveillance cameras, access control card readers, IP-based intrusion devices and other information technology systems, become targets for attacks because they offer intruders a portal into your facility and an accessible point to hijack or corrupt intellectual data inside your perimeter.

To address this potential breach point, the federal government enacted the Federal Information Security Management Act (FISMA). This act requires federal agencies to develop, document and implement information security programs for government information technology systems. FISMA also requires regular risk assessments: formal testing and evaluation of those devices and systems. In conjunction with FISMA, the Department of Defense (DoD) and many other high-level early adopters have established their own DoD Information Assurance Certification and Accreditation Process (DIACAP) that requires users to maintain their IT systems, devices and ability to operate while protecting data linked across these systems and devices.

The National Institute of Standards and Technology (NIST) also has statutory responsibilities under FISMA to provide those standards and best practices for federal information systems.

The regulations, standards and certification programs set forth by FISMA, DIACAP and NIST offer valuable guidelines for the private sector to build upon as it continuously redefines and redesigns its own perimeter protection— both in the brick and mortar world and in the cyber/digital realm.

Finding the Right Technological Balance

Local and national industry tradeshows and seminars offer great opportunities to get a peek at the latest technologies, but oftentimes it’s difficult to figure out which options on the market really work best for a particular security application. This is when an industry consultant can be of immense value.

A consultant has extensive knowledge about security systems and can weed out those extraneous technologies or solutions that won’t help solve the problem at hand. He or she will warn against technologies that are notoriously unreliable or that will lock you into a proprietary system, while recommending solutions to create a strong, long-term strategy to navigate this everchanging landscape.

Here are some shopping tips:

  • Go with mainstream and standardsbased technologies, solutions and services. This will ensure you have the ability to change and grow as technology improves and the definition of your perimeter changes.
  • Watch the trends and see what direction the big companies are taking. Not all good solutions are in it for the long haul. Remember the battle between Betamax and VHS? VHS became mainstream, while Betamax fell by the wayside. In the security world, it’s digital, IP-based technology that’s phasing out the analog world of old. IP video and wireless-based connectivity are replacing analog CCTV’s costly cable- anchored solutions. HDTV and megapixel network cameras support H.264 compression for better image quality and bandwidth savings. IP-based thermal imaging and lowlight/ Lightfinder imaging technologies have conquered the problem of conducting perimeter surveillance in extremely low-light conditions.
  • Choose devices that support higher encryption methodologies beyond user names and passwords. Consider solutions that employ credentialbased certificates for authentication of actual system devices. These will provide the highest level of protection against cyberthreats and ensure that only trusted users (“entities”) have access to your network devices and the data from those devices. It’s a way to foster interoperability across multiple departments, business partners, agencies and customers without compromising the security of your digital assets.

Circling your Perimeter with Smarter Wagons

The reality is that today’s perimeters extend far beyond physical boundaries. You have to understand where you’re most vulnerable to identify who is most likely to launch an attack. While investigating ways to shore up your defenses, seek advice from industry consultants and participate in industry association events and online discussions with ASIS, SIA, PSA, (ISC)2 and the entire security community to learn about current technology advancements and future trends.

Gather knowledge from multiple fronts and you’ll not only protect yourself from threats but avoid getting stuck with expensive proprietary systems or dead-end technology and solutions. It’s okay to be paranoid. It’s better to anticipate the possibility that someone might be out to get you—and your assets and your data. By circling your perimeter with smarter wagons, you’ll be able to fend off the threat.

This article originally appeared in the August 2012 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3