Despite the concerns raised by the events of Sept. 11, 2001, total spending by U.S. firms on terrorism-driven security has shown only a 4% median increase in the past two years, according to a Conference Board study sponsored by ASIS Int''l. "There are legitimate concerns about corporate vulnerability," states Tom Cavanagh, the report''s author. According to Rolando Rosas, director of Global Teck Worldwide Inc''s Information Security Div: "The challenges are different for each industry but several common themes keep recurring: Safeguarding critical infrastructure and information systems. . . Most business will continue to struggle with cyber threats because upper level management at large corporations are uncommitted or misinformed." (For more, click here.)
From the customer''s point of view, the "most compelling issue is that most manufacturers still refuse to embrace open solutions and drive interoperability," notes Kevin Wine, vp marketing at Lenel Systems Int''l Inc. (For more, click here.)
"Today''s corporate security needs a combination of cops and smart information technology experts," says Steve Martyn, CEO at GRSI. "If a company is serious about security issues, it needs a mentor -- a top executive with the active support of HR, logistics, IT, security, and finance." (For more, click here.)
Looking at Security in New Ways
Steve Thompson, director of marketing-Fire & Security Solutions/Johnson Controls Inc, has observed some progress. "For many companies, risk management used to be about insurance coverage. More recently, there has been a trend to a more comprehensive view of risk management -- inclusive of a wide range of potential threats to a facility or business. Security systems are designed from rigorous threat/vulnerability/risk assessments. Fire alarm systems look beyond minimum code compliance. And the time/cost for recovery from a range of incidents is increasingly incorporated into an overall risk management plan."
Emergency response planning shows greater sophistication, too. Companies have moved from basic evacuation plans to best practices training and drills "for a wide set of emergencies ranging from natural disasters to workplace violence," Thompson tells IEN. Management has increasingly turned to the Incident Command Structure (ICS), a method that brings a standardized approach to emergency procedures "so that building occupants, company management, and first responders can effectively coordinate under the pressures of an emergency situation." ICS has moved planning from "three-ring binders to interactive websites with audited training schedules." Centralized command and control is often augmented with offsite support. (For more, click here.)
However, the Homeland Security initiative has brought turbulence to the industry, observes Steven Turney, solution manager at TAC Americas, "putting into play a massive amount of mergers and acquisitions as well as bringing new security companies into existence including Cisco, Lockheed Martin, EDS, and various Silicon Valley players." On the other hand, numerous forums in recent years "have helped the integrators and manufacturers to develop much-needed systems and skills, " Turney believes. (For more, click here.) (Building shown here has integrated security/HVAC system, installed by TAC.)
The rise of Ethernet on the factory floor and online collaboration expose industry to "hacking, email viruses and internal network breaches," comments Victor Chang, vp/technology at RSA Security, risks that mandate a flexible "identity and access management strategy." As the role of wireless on the plant floor expands, do so security risks. Notes Chan: "WLANs wouldn''t be a concern -- or would be less of a concern -- if the people installing them used available security measures. Unfortunately, the overwhelming evidence suggests they do not. A survey by INT Media Research found that many early users deployed WLANs without secure solutions, with more than half of them subsequently reporting WLAN security breaches. And even after these breaches, a third of the companies failed to strengthen WLAN security policies after the fact." This trend continues -- a January 2003 study by RSA Security showed that 60% of the wireless nodes are unencrypted. (For more, click here.)
Where Advances Are Being Made
Bernie Cowens, CISSP/VP of security services at Rainbow Technologies, thinks the "most visible advances are probably being made in computer security, partly because the awareness level is so centered on computer security. But it''s the physical access to facilities, systems, and data that''s probably more at risk . . . We like to use the term, ''If I can touch it, I can break it.''" Cowens sees some progress in "recognizing the need for physical security around critical infrastructures like SCADA systems." (For more, click here.) (Pictured, Rainbow''s iKey confirms user ID and helps protect plants from computer security breaches.)
"The security industry is developing a wide variety of standards and guidelines to assist industry with the risk management process," according to Northrop Grumman Information Technology. "State and local governments are beginning to adopt the DoD concept of system security ''Certifications and Accreditations'' that formally evaluate and document the risks from a security perspective and maintain a security baseline throughout the system lifecycle." (For more, click here.)
IR Recognition Systems director of marketing Bill Spence points to biometrics as a key security tool. This technology can "verify who a person is by what they are, whether it be their hand, eye, fingerprint or voice." With declining costs and increased use, "biometrics devices can leverage their secure data storage," says Spence. Smart cards "store both the user''s ID number and hand geometry template on the card. Because of this, there is no need to distribute hand templates across a network of hand readers or require the access control system to manage biometric templates." Integration to legacy applications is "greatly simplified," avoiding investments in additional network infrastructure. Privacy issues are lessened because the "template only resides on the card." (For more, click here.) (Employee shown here is using biometric ID scan.)
Camera technology continues to advance, too. "Color cameras of today cost less than their black-and-white peers of three years ago," explains Darren Nicholson, vp of marketing, GE Interlogix Video Systems Group. "Today, because of their low cost, greater resolution, bandwidth, and even day-night functionality, most facilities specify and select color." And dome cameras "switch automatically between a color mode for daytime and a more light sensitive monochrome for nighttime, providing 24-hour coverage in all light conditions." (For more, click here.)
Computer-managed locking systems provide "features found previously only with online, networked systems," adds Jeff Koziol, director/marketing, software-managed locking systems at IR Security & Safety''s Electronic Access Control Div. Operators can control "both users and access points based on time of day, day of week, credential needed and/or period of time," using PDAs or laptops. (For more, click here.)
"One of the hottest areas of R & D is taking military-grade security systems and making them available for the commercial market," NetBotz CEO Tom Goldman states. "Expect to see developers of military systems working with commercial partners to deliver improved security for corporations and government agencies at a fraction of the cost of existing proprietary technology." Goldman also sees breakthroughs in "cost-efficient physical security appliances; portable first-warning systems and sensors that integrate with safe haven networks; consolidated security; management tools, and identity management products and policies." (For more, click here.)
A combination of improved networking and sensing will enhance security systems and building systems in general, comments Kevin Osburn, head of product marketing & development at Siemens Building Technologies. "Wireless networks and shared networks have the potential to save significant space, time, and money for buildings," he says. "Better sensing and networking will combine to bring more data together that can be analyzed and converted to information for better decision making." The resulting analysis can enhance preventative maintenance, increasing a "building''s uptime and extending the life of equipment." (For more, click here.)
Cypress Computer Systems'' Tony Diodato provides a long list of innovations: "In communicating with field equipment, wireless, Ethernet, 802.11, Blue Tooth, fiber optics, will all be utilized where copper was the only solution before . . . Reduced installation labor costs due to alternate means of linking field equipment with head-end processors . . . cards, readers, biometrics, EAS formats can be easily integrated using off-the-shelf black boxes that perform protocol and format translation." (For more, click here.)
And Northrop Grumman Information Technology points to "quantum encryption and information security forensics."
Remote sites can be more easily protected, according to Martin Baeck, marketing communications manager at Everest VIT. "With strides in robotics, vision systems, alternate light sources like UV and IR, shrinking cameras and increased resolutions, law enforcement and security agencies will benefit from the ability to gather better surveillance in difficult situations and environments," Baeck says. (For more, click here.)
While there has been a surge in x-ray screening at airports and elsewhere, the capability of the equipment has improved only "in secondary ways such as throughput," comments Jonathan Clymer, director of marketing at Glenbrook Technologies Inc. "Higher quality x-ray inspection equipment exists. This quality is measurable, both in terms of resolution and sensitivity." Inertia is a major roadblock to adopting this technology, however. "It is very difficult for a new technology, such as high resolution x-ray inspection systems, to make inroads in an industry that is, for the most part, constrained by governmental procedures and restrictions," Clymer explains. (For more, click here.)
Internet, Wireless: The Debate Goes On
With the Internet, "software maintenance and updates are made in real-time and will probably never affect the end user," Mas Kosaka, president and CEO of PCSC, notes. "New features or ''problems'' are updated immediately without alarm to the end users." Developers benefit as well, with maintenance confined to a single venue. Although hacker phobia has limited web use to some extent, Kosaka expects better communication encryption technology to allay such fears and spur applications. (For more, click here.)
While the web plays a "more significant role in the administration of electronic security systems," comments Brian Lipscomb, executive director/sales and operations at RIMI Security Systems, it will take "advances in VPN technology or secure transmission conduits" before the Internet can be fully utilized. (For more, click here.)
And Siemens Building Technologies CTO Helmut Macht tells IEN that "innovations in wireless communications allow more and more wired communications to be replaced." Wireless now is a standard part of "fire safety and HVAC solutions," applied to such areas as "data transfer to sensor/actuators or for energy cost reading."
"Wireless will increasingly be the platform to disseminate video surveillance information, allow for remote access of database files, allow for bandwidth intensive streaming applications," according to Northrop Grumman Information Technology. "Wireless will be key to allow for information collection in the field. . .saving time, preventing errors, etc. For example, Border Patrol could collect fingerprint information in the field and police could enter information in the field regarding an incident, saving time and ensuring accuracy."
Nick Martello, director of marketing for NOTIFIER, part of Honeywell''s Fire Systems Group, sees a significant role for the Internet: "The web has become a significant factor in the industrial security arena. New fire control panels can be integrated with networked gateways, enabling operators to access information on their panels directly from their PCs and laptops. This capability allows operators to cross-examine systems on or off-site." (For more, click here.)
Radian director/business development Dan Nickell cites reliability as the major roadblock to realizing the Internet''s true promise. "Yes, the web holds considerable potential for cost-effective security applications and controls," he continues. "For the time being, however, real concerns over the stability and availability of the web temper any real efforts to embrace the potential. . . The web is an excellent communications medium for the transmission of administrative information and other non-time-critical security-related data. . . The biggest threat to this process is not interception or compromise of the data, but denial of service." (For more, click here.)
Users now demand integrated monitoring, access control, fire alarm, video surveillance, and factory alarms, claims Joy Curtiss, senior marketing communications manager at GE Interlogix Access/Integration Group: "Corporate management wants to consolidate and integrate various disconnected security and facility management systems." The availability of advanced technology -- and pressing security needs -- will drive the adoption of "smart cards, biometrics and intelligent video into their access and overall systems," Curtiss predicts, with companies facing "greater system complexity and [being] forced along the pathway of integrated business solutions." (For more, click here.)
Goldman contends that "many industrial enterprises are looking to open-standards-based physical threat management technology" to extend and strengthen security at their facilities, referring to the chemical industry as a prime example. "Over the summer, the government warned that chemical manufacturers were highly vulnerable to physical threats, which could result in homeland security concerns," he notes. "Some of the savvier chemical manufacturers responded by leveraging the advancements available in open-standards based IP physical threat management technology to protect their facilities without breaking the bank."
The integration goal can be reached, Turney believes, by using "common communication languages like LON, OPC, IP, SQL, and BACnet." Some managers already use "a mix of hardware and software" to secure physical and computer security.
"In physical security, access control and intrusion detection systems are emerging that are fully capable of providing a full range of facility monitoring and control, not just access control, but temperature, humidity, elevators, parking, and many other sub-systems," adds Nickell. "Computer security and physical security use pretty much the same language in describing threats, vulnerabilities, and solutions: intrusion detection, motion detection, access control, and so on. Not only is there a linguistic sharing, more sophisticated resource managers are using a mix of hardware and software to secure both. For example, manufacturers of iris recognition equipment can integrate access control to information systems as well as the buildings they sit in using the same enrollment and user database."