Daily Archives: 26/03/2013

Access control: what happens next?

For some time now, an ongoing drive for converged solutions has dominated the security debate across corporate management. A simplistic version of events is that task consolidation helps to realise reduced costs. While that may be an undercurrent bolstering the convergence movement in these austere financial times, there’s far more to it than mere pounds and pence.

Converged solutions actively assist companies in meeting their regulatory requirements and obligations while helping to enforce consistency of policy.

At least in part, the convergence movement is motivated by due recognition that business assets are increasingly information-based. In today’s commercial landscape, information assets demand every bit as much attention – if not more, some would argue – as do their physical cousins.

One need only converse with recognised experts from ASIS, ISACA and ISSA – co-founders of the Alliance for Enterprise Security Risk Management – to support and develop that statement.

This overriding desire for convergence is mirrored in the access control solutions market. For operational convenience, end users now increasingly crave a single credential that will allow – in the first instance – access to buildings, followed swiftly by an ability for personnel to log on to the company network with that same credential and, subsequently, access remote networks without the necessity for any one-time password tokens or key fobs.

Such solutions are not just about convenience, either. Importantly, it’s a more secure response to the situation. Why? Converged access control permits far stronger authentication throughout a given company’s IT backbone and doesn’t solely focus on defence at the perimeter.

By extension, organisations are able to leverage their existing credential investment, appending logical access control for network access on the way towards energising multi-layered and fully-interoperable security solutions that truly span their network, systems and physical facilities.

Trends in the access control sector

That’s one trend in the access control space, then, but what of the others as we rapidly approach the 40th Anniversary edition of IFSEC International?

Card technologies are themselves continuing to evolve from prox to magstripe and on to ‘smart’ variants. Contactless smart cards founded on open standards are viewed by many as the ‘Holy Grail’. More and more layers of additional security are being added, be they purely digital or visual. Meantime, card storage capacities are expanding to accommodate the latest biometrics as well as other multi-factor forms of authentication.

One of the $64,000 questions here is: ‘Will Near Field Communication (NFC)-enabled smart phones come to replace physical smart cards in the years ahead?’ Received wisdom suggests the answer is: ‘No’. It’s more likely the case that the two will co-exist as part of overall physical access control solutions.

In terms of developing NFC-enabled projects, the security sector spent much of 2012 laying a solid base from which to build mobile access control solutions.

If widespread adoption is to take place, though, a distinct ecosystem has to continually evolve and include widely-available and secure handsets, readers and locks that can recognise digital keys embraced by those handsets and service providers able to deliver and manage mobile credentials duly created.

Outsourcing traditional ‘badged’ solutions

Speaking of mobile credentials… One trend witnessed of late is that some organisations have begun to outsource what might best be described as traditional ‘badged’ access control solutions to those offering services in the Cloud. Put simply, mobile devices could be connected to the network via, for example, a link that’s WiFi-enabled.

A further approach is derived by making use of mobile network operators ‘over the air’. New applications can be farmed out to the NFC-enabled phones in much the same way that Apps and music may be downloaded by consumers in the social environment. The idea is that multi-factor authentication is then transformed into a managed service run in the real-time arena.

Last, but not least, what about Bring Your Own Device (BYOD)? Companies may save money on technology while employees can work with chosen systems that might just boost staff productivity and/or morale. However, key company information could be rendered somewhat less secure.

With a recent Logicalis study suggesting that only 20% of employees surveyed had signed a BYOD policy, there’s clearly much work still to be done here.

Advertisements

Leave a comment

Filed under IFSECGlobal.com News

CCTV: is it really spiralling out of control?

1987 wasn’t a great year, to be frank, what with the Stock Market crash in the States (how ironic that the movie Wall Street hit our cinema screens at the same time), the King’s Cross London Underground fire, special envoy Terry Waite’s kidnapping in Beirut and the horrific Zeebrugge ferry disaster.

On a more positive note, 1987 witnessed my first year at university and, lest I forget – and possibly incur the wrath of millions of Bart, Homer and Marge disciples – The Simpsons made its TV debut.

In terms of what transpired in our security world, 1987 was pretty monumental. Why? We witnessed – no pun intended – the very first UK town centre CCTV system installed across King’s Lynn with a view towards protecting its 40-odd thousand citizens.

Since then, of course, CCTV’s presence in the public domain has burgeoned both in terms of the number of cameras involved and the quality of the technology that lies within them (which is quite superb). Positively, specific systems operators are now licensed and regulated by the Government.

These regulated operators in unison with top quality cameras have given rise to myriad success stories of more and more criminals being brought to justice by way of all-seeing ‘Eyes in the Sky’.

Buy-in from members of the public

Key to the ongoing success of CCTV has been, is and always will be buy-in from the public – the people being watched. As citizens, we all need to know that surveillance is both appropriate and proportionate in its deployment.

It must also be the case that camera system operators, and those who use the information duly captured, demonstrate integrity in doing so at all times – and are held to account.

All of which is why the current UK coalition Government is committed to the further regulation of CCTV by way of the Protection of Freedoms Act 2012, and is presently seeking views on a draft Code of Practice focused on surveillance.

That Code is built squarely upon 12 guiding principles. Interestingly, and for the first time, the notion of ‘surveillance by consent’ is brought into play. There’s an obvious parallel here, then, with the ethics behind ‘policing by consent’.

The consultation period – which closes on 21 March – takes place while surveillance commissioner Andrew Rennison’s comments (reported in The Independent just before Christmas) remain fresh in the memory.

If you’re not committing a crime, what’s the problem?

The commissioner has stated that the proliferation of HD surveillance systems – and facial recognition technologies – in public spaces could result in a backlash from citizens.

“The technology has overtaken our ability to regulate it,” said Rennison in the broadsheet. HD cameras are “popping up all over the place”, asserted the commissioner, with the exponential growth of high power megapixel cameras potentially becoming an issue around Article 8 of the Human Rights Act (relating to the protection of family and private life).

Of course, discussions around ‘The Surveillance State’ have surfaced time and again. They’re not likely to disappear. Indeed, across the years I’ve chaired numerous industry debates on this topic – all of them impassioned affairs.

At one of those debates I suggested that the proliferation of CCTV cameras in public spaces isn’t an issue if – like myself – you happen to be a law-abiding citizen and are behaving appropriately. Some would assert that such a suggestion is perhaps a touch naive.

In all honesty, I would argue that neither the number of cameras monitoring us nor the inevitable advance of technology is the crux of the matter. Rather, it’s what subsequently happens to the images, data, information – call it what you will – gathered as a result of that process that really matters.

The Protection of Freedoms Act is to be welcomed, as is the draft Code of Practice on surveillance.

Certainly, the balancing act that has to be struck for CCTV – between the need to enhance public space safety and, at the same time, safeguard privacies – is far from an easy task, but those two outcomes are not mutually exclusive.

Let’s never forget the vital information gathered by CCTV during 7/7 and the London riots of August 2011. Properly regulated, deployed and used CCTV is one of the very best crime-fighting tools at our disposal.

Leave a comment

Filed under IFSECGlobal.com News

NGNs… and The Future for Intruder Alarms

Whether you’re talking landline or mobile-based networks, it’s fair to say the UK’s communications infrastructure is evolving.

For their part, members of the general public continue to clamour for ‘super fast Broadband’. The Government is actively supporting that desire, in turn setting specific targets for its roll-out right across the board.

Evolution of the aforementioned communications infrastructure is all bound up in the terminology of the ‘Next Generation Network’ (or NGN if you prefer acronyms). Such networks are already operated by the ‘Big Boys’ in communications, among them Sky and BT.

NGN: what lies beneath?

The general idea behind the NGN is a simple one: a lone network is designed and configured to transport all information and services (voice, data and myriad other media such as video content) by encapsulating it into ‘packets’. Packets similar in nature to those employed on the Internet.

With NGNs commonly built around IP, it’s not surprising that the terminology ‘all IP’ is also sometimes used to describe the transformational period that leads to the fully-fledged NGN.

So what does all of this have to do with the security and fire sectors? Well, it’s very much the case that many security, fire and indeed social alarms absolutely depend upon the telecommunications network for processing alarm signals. That being so, does this evolution pose potential difficulties for those who work with such alarms (not to mention the end users of same)?

An overriding fear is that any fundamental, unchallenged changes to the communications status quo could result in signal failures. That would be a wholly unacceptable scenario for all involved.

BSIA: leading the charge

To its great credit, the British Security Industry Association has been leading the charge in addressing this key issue.

For instance, the Trade Association has actively worked with Sky to test the latter’s Voice Broadband Network (SVBN) – itself an IP technology-based NGN. At the same identifying an issue affecting digital communicators, the test procedures highlighted the extent of the problem and Sky duly reconfigured its software by way of resolving the issue.

Good news all round, then, you’re thinking. Yes, but – and there’s always a ‘but’, isn’t there? – this episode does highlight the potential for the wider problem of NGN providers changing their network designs without first consulting professionals operating in the security, fire and social alarm sectors.

Positively, Sky has continued to involve the BSIA in sample testing of communications equipment whenever the company’s all set to launch new software upgrades.

Moving forward, it will be imperative all communications solutions adopt the same attitude. That way, member companies of organisations like the BSIA, the Fire Industry Association (FIA) and the Telecare Services Association (TSA) will have the necessary lead time to adequately prepare their solutions for change and cut back on the potential for any signal failure.

The BSIA is continuing to raise awareness of NGN and call-routing issues through regional and technical meetings, seminars and other dedicated events. Crucially, a support service is available to member companies who have experienced (or are now experiencing) signalling failures.

Links have also been nurtured with the communications industry forum NGNuk, a debating focal point established to provide communication providers and OFCOM with a central point of contact for addressing issues linked with NGNs and Next Generation Access (NGA) across the UK.

The BSIA is still seeking an answer to the maximum network delay expectations – a fundamental issue addressed over the past few years.

Memorandum of Understanding

Just prior to Christmas, the BSIA, the FIA and the TSA agreed to work together on ensuring that members of all three trade bodies are represented and supported in discussions focused on telecommunication changes.

By dint of a Memorandum of Understanding, these organisations are looking at a joined-up approach for communicating with OFCOM and the telecoms providers to ensure consistency of message between all three organisations. The ‘one voice’ tactic also puts the full weight of the collective memberships behind those communications.

It’s a development that can only be a good thing for the alarms sectors in the security, fire and telecare/telemedicine spaces.

Leave a comment

Filed under IFSECGlobal.com News

Project Griffin: a milestone in counter-terrorism awareness

Thursday 17 January 2013 was memorable but not wholly for pleasant reasons. From a negative perspective, the World Bank cut its growth forecast for the global economy while yet another UK High Street institution – this time DVD rental specialist Blockbuster – was hurtling towards administration.

That sad news was prefaced by horrifying breakfast time drama engulfing London’s Wandsworth Road as a helicopter crashed into a tall building in the midst of fog-laden skies. Two deaths would be confirmed by the emergency services. A tragic start to the New Year in central London.

Thursday 17 January 2013, though, also witnessed the City of London Police’s 100th Griffin Awareness Day – undoubtedly a magnificent milestone for a groundbreaking counter-terrorism awareness initiative, the influence of which has spread far and wide since its inception in 2004.

Project Griffin: the background

Project Griffin was devised by the City of London Police and brought forward as a joint venture with the Metropolitan Police Service. The remit was simple yet vital: to educate and advise security managers, security officers and the myriad employees of public and private sector organisations based across the capital on counter-terrorism, crime prevention and security issues.

In essence, Project Griffin provides an official channel through which the police service can share and update crucial information relating to security and crime prevention. There’s an ongoing desire to raise awareness of current terrorist and crime issues, gather intelligence and share information, build and maintain effective working relationships and seek Best Practice solutions to defeat would-be terrorists.

As a by-product of all this, a key goal is to maintain trust and confidence in the police and other authorities while at the same time empowering members of the community to be bold in reporting what they believe is suspicious activity. Laudable goals one and all, I’m sure you’ll agree.

In the wake of rightly being dubbed “an unqualified success” in London, Project Griffin earned recognition as representing national Best Practice and was rolled-out by a host of police forces (Merseyside and North Yorkshire among them) to benefit cities and communities the length and breadth of the UK.

Griffin’s influence even spread overseas, with plaudits emanating from as far afield as the United States and Australia.

The Awareness Days are one of four main strands comprising Griffin’s operational framework – the others being online refresher modules, regular Bridge Calls and emergency deployments of registered personnel.

Awareness Days are staged locally by participating police forces to introduce ‘Concept Project Griffin’, establish relationships and facilitate networking forums. They focus on how people can recognise, respond to and report suspicious activity and behaviour.

Importantly, they also assist and prompt all those taking part to think about their own procedures when dealing with certain types of incidents and emergencies in a given locality.

Cross-Sector Safety and Security Communications programme

Let’s not forget that Griffin provided a base point for the concept around which the hugely successful Cross-Sector Safety and Security Communications programme was built to serve the London 2012 operations. From a law enforcement perspective, the latter stands as a shining legacy of the Olympics.

With all of this in mind it was only right that, on the evening of this milestone day for Project Griffin, an awards event was orchestrated by the City of London Police to honour those who’ve actively furthered the scheme’s credentials.

Deserving of so much credit are Don Randall MBE – current chairman of the Project Griffin Executive Committee and co-founder of the whole initiative – as well as Jim Busby (executive head of NaCTSO) and senior police officers Ian Dyson, Richard Morris and Paul Crowther. As the new chairman of the London Project Griffin Board, Graham Bassett will also be a tremendous force for good.

Project Griffin is all about the police service, the business community and private sector security companies working in genuine partnership. A partnership underpinned by co-operation, of course, but also that commodity which is most priceless – absolute trust.

It’s the very embodiment of convergence. The convergence of like-minded souls. Like-minded souls determined to protect us from harm.

Here’s to Griffin’s next milestone.

Leave a comment

Filed under IFSECGlobal.com News