Company Reveals Guidance for How to Use AI Responsibly in Physical Security

July 19, 2024 Pete Cavicchia

While much has been made about how AI can bolster physical security, concerns remain over privacy and data safety. As the AI boom churns on, the world will most likely face a new era of tech regulations and policies enacted to safeguard the public from AI tech that could be misused by bad actors.

It’s also the time for private companies to reckon with how they can best make use of this ever-evolving technology. Security Sales & Integration recently reported on new guidelines for how companies can best use AI from professional security solutions provider i-PRO CO., Ltd.

“Recognizing the profound impact of AI on society, i-PRO has always placed paramount importance on fostering an environment of responsible and ethical AI usage,” reports Security Sales & Integration of the i-PRO announcement.

The tech company released its Ethical Tech Principles for AI as a guiding light for itself but also something of a blueprint for industry peers as AI continues to be integrated seamlessly in day-to-day practices.

Here’s a look at i-PRO’s recommendations:

Making society safer and more secure: While it’s important that new and ever more advanced AI tools are developed, they have to be created with their impact on society — and safety — in mind. After a new AI product is released, i-Pro writes that “we continue to evaluate their impact on our customers’ lifestyle, society, and the environment, and continue to reflect the results of such evaluations in our products and services.”
Enshrine human dignity: Throughout history, the tech innovations that flourished never lost sight of the humanity of those who used it. Think of car safety protocols for automobiles. For i-PRO, “AI is based on the premise that people are central, and that AI should be used, developed, and deployed, to expand human capabilities and promote the pursuit of happiness.”
Be transparent: Transparency is always central when it comes to rolling out new tech. The company writes that any new AI product has to “strive to eliminate discrimination and unfair influences.” This means aspects of one’s identity like gender, religion, or race should always be considered, respected, and protected. The company said they will “consider social justice” when using and developing AI tools, providing “appropriate information to our customers” about how this information will be used.
Privacy is key: AI tech being used for physical security must focus on privacy. This means having top-of-line security measures in place that are in line with legal regulations, company policies, and make sure an individual's personal data is secure.
Train the team: Everyone on a team must be trained. This involves provider, operator, and customer. This can apply to a number of fields but is especially important for individuals in the physical security sector. If the entire team — not just managers — isn’t well versed in how to operate AI-driven tech and how it integrates with existing tools, there is no way that a company’s security will be ensured.
Cooperation and collaboration: There are so many stakeholders involved when it comes to security and any time a new AI tool is implemented, it means that conversations must be had where those invested in a company’s success have a say about how tech is used. If there is feedback or concerns about a new AI program or device, listen to the stakeholders and consider their advice.

“As the physical security industry continues to embrace the promise of AI, we look forward to working together with our industry colleagues, partners, and customers to foster a culture of responsible AI development and usage,” Masato Nakao, CEO at i-PRO, said in the company announcement, as reported by Security Sales & Integration.

It’s a brave new world of AI technology, and for physical security professionals, safeguards must be put in place to use it ethically and safely.

How a Revamp of London’s Heathrow Airport Points to Future of Airport Security

July 18, 2024 Pete Cavicchia

Routinely, whenever top physical security priorities are mentioned, airports number at the top of the list of major concerns. Over the past two decades, the post-9/11 world has emphasized innovations in security protocols for major airports — this includes everything from shifting protocols for how people are screened before going on a flight to shoring up safety once aboard.

Now, a leading security tech provider is partnering with London’s Heathrow Airport — the busiest airport in Europe — to pave the way for a future of security innovations to keep the leading transportation hub’s passengers safe.

A piece for SecurityInformed.com, outlines how Genetec Inc. is launching a multi-year initiative with the airport to offer Heathrow a “unified view across large-scale airport operations to secure people and assets.” This is all being done while “bringing efficiency and enhancing the passenger experience while ensuring data privacy and cybersecurity compliance,” reads the article.

One of the big pieces of this robust security program is Genetec’s Security Center, which will strengthen the airport’s ability to manage the roughly 14 million tons of goods and 80 million people who pass through its doors and onto its planes each year. Additionally, the article states that 76,000 people work at the airport each day. Genetec’s security hub will help Heathrow manage all these disparate moving parts to ensure that not only operations run smoothly but also respond to the multi-factor threats the airport faces every day.

“Heathrow initially deployed Genetec Security Center to bring all its IP security systems on to one unified platform. What began as a 2,000-camera deployment in 2016 has since more than quadrupled in size, incorporating everything from video and access control to LIDAR, analytics, automatic license plate recognition (ALPR), and more,” the article states.

Danny Long, IT Product Owner for physical security products at Heathrow, told SecurityInformed that “we’re essentially running a small city operation that happens to be called Heathrow.” He states that the massive airport is responsible for keeping tabs on its retail space, surrounding roads, a bus terminal, three train stations, offices, a church, a high-voltage electrical network, and fuel stores in addition to monitoring internal and external threats.

Part of Genetec’s capabilities include tools to monitor passenger flow and provide real-time notifications “when security lines grow too long,” according to the article.

The partnership between Heathrow and Genetec is in many ways a test case for other major airports and transit stations. Travel security means more than just metal detectors and passenger background checks today. For locations as complex and sprawling as Heathrow, security stakeholders must make use of every modern tool at their disposal. This could entail private partnerships with entities like Genetec, as well as beefing up existing systems so that they don’t get out of date.

The security and safety of the world’s travelers depends on it.
For the full article, head to the link here.

Why Companies Need to Zero in on Employee-Tied Threats

July 12, 2024 Pete Cavicchia

Often, external physical security threats are the focal point when news comes out about physical security threats facing modern companies. The focus is often on active shooters, for instance.

In a recent article for Security Magazine, Alan Saquella writes about a range of employee-specific threats that often go under the radar but cause legitimate day-to-day problems for many companies. Disgruntled former employees — whether laid off or fired on bad terms — pose a range of threats from physical violence to vandalism of a company’s office complex.

A broad range of threats

“The prevalence of non-violent acts perpetrated by former employees is often underreported and underestimated, yet their impact can be just as devastating, if not more so, both financially and in terms of public safety,” Saquella writes. “For example, consider the case of a terminated telecommunications employee who sabotaged a fiber trunk line, resulting in a catastrophic communications outage that not only incurred millions of dollars in damages and fines but tragically led to the loss of a life due to the inability to reach emergency services. Similarly, deliberate tampering with natural gas distribution lines by a former employee of a gas company led to unsafe conditions and significant financial losses.”

In addressing this very broad range of rather complex, employee-specific security threats, Saquella explains that a holistic approach must be embraced — there isn’t a one-size-fits all way to handle these kinds of threats. Key among them is fostering a supportive and positive workplace environment in the first place mitigating any potential for future employee-directed violence.

Some concrete solutions

Saquella points to “post-termination monitoring” as one key component to making sure these kinds of retaliatory ex-employee threats don’t escalate further. This refers to discreetly monitoring former employees who might exhibit “red flag behaviors” on social media, for one example.

Beyond this, he points to “robust softeners” like generous severance packages, continuation of benefits, and available counseling services to prevent resentments from forming. It’s better to end an employer-employee relationship positively — even if the staffer in question was far from ideal — than create a situation that can spiral out of control.

As with any physical security threat, vigilance is key.

“By adopting a proactive and comprehensive approach to addressing workplace violence, organizations can better safeguard their employees, assets and reputation. Collaboration between security, human resources and leadership is essential in identifying, assessing and mitigating potential threats at every stage of the employment lifecycle. From pre-termination assessments to post-termination monitoring, it’s imperative to remain vigilant and responsive to evolving risks,” he concludes.

For more of Saquella’s recommendations, check out the full article here.

Tips for Bolstering Physical Security in Corporate Spaces

July 7, 2024 Pete Cavicchia

Having a clear physical security strategy is crucial for any corporation in today’s environment. Threats from a range of bad actors endanger modern businesses. By being physical security-compliant, companies can minimize risk and bolster success.

In a new piece for SecurityInfowatch.com, two industry leaders — Cathal J. Walsh, VP and CSO at Guidepost Solutions, and John Bekisz, associate VP of physical security at Guidepost Solutions — outline best practices for how companies can mitigate physical security risks in their corporate spaces, like branch offices and headquarters. The two security executives point out that “security lapses in regulated industries can have severe consequences.” If security isn’t shored up, it can radiate out to impact the company and its clients and customers at large. This means robust security practices must be embraced from the executive level all the way down to staff on the ground.

“Amidst the myriad tools available to evaluate threats and risks, it's empowering to know that contemporary security risk management practices have evolved. These practices now emphasize proactive measures, including coordinating with internal and external parties to ensure a compliant risk-based solution is deployed and regularly maintained,” they write. "This enhanced approach to risk management bolsters our ability to stay ahead of potential threats, giving us a sense of control in an otherwise unpredictable environment.”

Walsh and Bekisz explain that security systems have to be centralized. Large-scale video surveillance camera systems need to be centrally connected, which means that remote access and cloud computing systems should be put in place. Disconnected, scattered technologies that fail to have any cohesion can result in major vulnerabilities and blind spots.

A major component of a unified approach involves staff training. At all levels of a given corporation, proper security protocols have to be hammered home. Staff at one facility can’t be familiar with one element of a corporation’s security approach that varies from the expertise of staff at another location.

“Although there is no prescriptive solution to mitigate all forms of physical security risks in the corporate environment, a security program can be deployed in alignment with the organization’s risk appetite with adequate planning. A layered approach starting at the perimeter and moving inward, incorporating a defense-in-depth strategy with various detection zones, aids the organization in its risk reduction efforts,” Bekisz and Walsh conclude. “Referencing industry-accepted frameworks anchored in asset protection principles, including operational, technology, and physical security elements, guides the practitioner to ensure a comprehensive program is incorporated into the design.”

Read the full article — which includes use case examples — here.

Report: Some Clients Are Still Slow to Adopt the Cloud

June 13, 2024 Pete Cavicchia

Over the past decade, integrated cloud solutions have been central to any modern security system.

Now, a recent deep dive report from Craig MacCormack in Security Sales & Integration reveals that there are still some holdouts among end-point users to turn over their data and embrace the cloud. Leading security integrators are making these holdouts come around to the tech, which is indispensable to any effective physical security approach.

MacCormack writes that, despite some stubborn hesitance, security systems integrators “are starting to have more success in getting their clients to transition to cloud-based access control and video surveillance services.” This may entail systems that are located on site, offsite, or a hybrid combination of the two. MacCormack speaks with a range of experts in the field, who offer a comprehensive snapshot of where the industry is today with cloud adoption.

A growing trend

“People are seeing that you’re starting to use cloud solutions for their operations, so they’re more open to it…having a Software-as-a-Service (SaaS) offering from Genetec on the market could help Infynia’s quest to increase its penetration into cloud-based installations,” says Alexander Reid, president of physical security firm Infynia, based out of Montréal, Québec. “We were kind of missing that in the past…Now, we’re leading with cloud when we do a pitch, so we’re getting more traction than we used to in the past. We’re seeing more opening, but there’s still some resistance from our client base.”

One way that the company has been able to convince clients that the cloud is the way to go is to provide concrete evidence that cloud-based, integrated security systems “will be separate from the customer network.”

Some of the resistance stems from today’s increasingly more complicated tech-centric world. Rob Hile, director of commercial business for GC & E Systems Group, tells MacCormack that when discussing integrated cloud systems, the industry has moved beyond just “passing data packets.”

Instead, it’s about leveraging high-frame-rate video, analytics, and other AI-fueled data. All of this requires very robust cloud systems.

“Traditionally, I can get your access control events to go to the cloud. I can get your basic video to go to the cloud. But when you start layering on the AI and the advanced analytics and third-party plugins and integrations. That’s not ready yet,” Hile says of one reality of currently available systems.

How to sell the cloud to clients

From the vantage point of firms trying to sell clients on adopting these cloud systems, Hile tells MacCormack that a very specific skill set is required to get the deal done.

“When you talk about an on-prem system, you’re talking about sizing the server accordingly, making sure that the server has enough horsepower for the analytics and the cameras, making sure everything is on prem,” Hile adds. “When you look at the cloud and you look at a cloud deployment, you kind of take that whole model and you turn it on its head…The server infrastructure is infinitely scalable. You don’t have a prem server, so you don’t have to have rack space. You don’t have to have a lot of this stuff that we have to design into the premise-based system.”

It may seem like a brave new world for the physical security industry, but to keep a company’s data safe and secure and make the most of access control systems and connected security cameras, the cloud is the way to go.

For MacCormack’s complete article, with insights from additional industry leaders, read the full piece here.

Researchers: Malware-Fueled Blackouts in Ukraine Offer a Physical Security Warning

May 30, 2024 Pete Cavicchia

Right now, Russia’s war in Ukraine dominates much of the world’s headlines. Not only is it a pressing global concern, but the conflict also illustrates troubling realities that physical security stakeholders are reckoning with.

A report that was presented May 20 at the IEEE Symposium on Security and Privacy examines the physical security implications of malware attacks in Ukraine by bad actors. The research was led by a team of UC Santa Cruz students who shed a spotlight on “Industroyer One and Two” — two infamous malware attacks that took place in 2016 and 2022, respectively.

That first 2016 attack saw Ukrainians live through what is believed to be the first known blackout caused by pernicious malware. That attack targeted the country’s power grid, resulting in one-fifth of Kyiv citizens to live in total darkness. The second 2022 attack took place during the current war.

“Malware attacks against physical infrastructure have long been a looming threat in the realm of cybersecurity, but these two in Ukraine were the first attacks of their kind, and have received little attention from the academic community,” reads a UC Santa Cruz press release announcing the research.

Alvaro Cardenas is an associate professor of computer science and engineering, who advised the student research team. He says in the release that, while current physical infrastructure systems are very vulnerable, not much is said about the threat malware can pose. This is a problem that should worry every country, not just Ukraine.

“When you see a nation state designing malware to take down the power grid of another country, that seems to be a big deal. Our critical infrastructures are vulnerable to these kinds of attacks, so we need to be better prepared to defend,” Cardenas says.

Cardenas and his team of student researchers say bringing attention to these attacks can help governments and private entities know how to fortify their systems against future attacks. The researchers point out that malware attacks are only becoming “stealthier.”

This means that not only do security stakeholders need to be more educated on how these cyber-attacks can directly impact physical safety and wellbeing, but they also must think outside the box to devise advanced systems to halt these bad actors in their tracks.

To that end, Cardenas and his students are creating a “honeypot” decoy software that will give off the impression that it is a “working system” and could attract malware attacks, alerting security officials that an outside hacker is trying to target their systems. While the conflict in Ukraine might seem a world away, Cardenas says that this is something people in the United States must be aware of.

“The attacks could happen here [the U.S.], or pretty much anywhere in the world,” he says in the release. “Systems are now all controlled by computers and have pretty much the same technology.”

Physical Security Market Report Shows Surge in Global Terror Attacks 2024 to 2032

May 1, 2024 Pete Cavicchia

A new report on the projected overall outlook of the global physical security market shows that escalating threats that have been brewing in recent years will sadly only continue. This reality is bleak, but it also means there will be great gains for the physical security industry. New innovations will only continue to be developed to address these shifts.

The new report from Research and Markets was just released, according to a press release published by Yahoo Finance.

Among the top-line findings, the report shows that, while the physical security market scaled to a high $123 billion in the year 2023, look for that number to hit an astonishing $211.4 billion within the next decade — by the year 2032.

This is partly due to the increased presence of threats like terror attacks, which have reached a fever pitch around the world.

Attacks have escalated in nearly every region of the world. That means governments and private entities alike have had to make investments in improved video surveillance and access control systems, according to the report. They cite advanced drones, smart fence sensors, as well as “mass notification systems” (MNS) at large communal events and official government proceedings as being drivers for growth and innovation in the physical security sector.

“Apart from this, the integration of artificial intelligence (AI) to identify potential areas of compromise while analyzing images, videos, and other data to differentiate threats from standard activities are providing an impetus to market growth. Moreover, the increasing awareness about physical security solutions in residential spaces owing to the increasing theft and robbery incidences is acting as another growth-inducing factor,” reads the release. “Furthermore, the installation of automated home security solutions for door locking and intruder, fire, and LPG gas leakage detections are positively influencing the market growth.”

These high-tech physical security responses also mean more personnel must be hired and trained. Essentially, the necessity to better respond to terror threats can be an economic and workforce driver.

The report also spotlights the implementation of cloud-based data storage and the “rising demand for video surveillance” technology as factors that are contributing to the current — and future — physical security boom.

In a world where global threats to everyone’s safety and wellbeing become ever more sophisticated, private, and public stakeholders have to do everything they can to harness the most advanced tools available to them. Reports like this one only underscore how innovative and creative physical security solutions are driving a revolution in how people, cities, and even governments at large stay safe and secure.

For Physical Security Managers, It’s Time to Embrace a Hybrid-Cloud Model

April 24, 2024 Pete Cavicchia

When it comes to modern physical security approaches, the necessity of the cloud can’t be minimized. Tried and true traditional models for on-site security options are needed, too.

This is where modern innovation enters the conversation.

In a new piece for Security Magazine, Laurent Villeneuve writes that cloud technology has created “faster, easier, physical security deployments,” which have meant that hybrid-cloud programs are becoming the norm. Villeneuve, of Genetec, points to research from his firm that reveals 60% of today’s companies “are moving towards a blend of on-premises and cloud-based solutions.”

The benefits of hybrid models

This blended approach has several benefits. First, hybrid-cloud models give companies flexibility in bringing their plans for security to fruition. Villeneuve writes that businesses that have several locations must harness the cloud to offer tailored approaches to each building’s unique needs.

“They might run some larger density sites on local infrastructure, monitor global deployments in a. Fully hosted environment, and set up smaller remote sites with direct-to-cloud devices,” Villeneuve adds.

If there are multiple systems stemming from local devices or tethered to the cloud, companies can streamline them all — connecting everything to a “central head end.” This improves efficiency and gives security managers a greater sense of control and peace of mind, knowing everything goes back to one central hub.

“With hybrid-cloud solutions, security teams no longer need to travel to various locations to manage infrastructure or check system health. Cloud-based physical security software providers invest significant time and resources in cybersecurity, upholding various standards and certifications around the world,” Villeneuve writes. “They monitor the latest threats and initiate regular third-party penetration testing and auditing. Thus, operators get immediate access to the latest updates and benefit from continuous innovation. This helps teams quickly address issues and strengthen their organization’s cyber posture.”

Yes, the cloud is safe and secure

Among the many myths and concerns potential cloud adopters have is the inaccurate perception that the cloud just isn’t safe. Villeneuve writes that this isn’t the case.

“Cloud solutions come with myriad built-in cybersecurity features and tools that help automate processes and stay on top of threats,” he writes. “Hybrid-cloud systems allow organizations to leverage their investment in [on-premises] security devices and infrastructure, while adopting cloud technology such as video and access control as-a-service at their own pace, and to accommodate specific sites or use cases. They provide a cost-effective way to leverage the benefits of both technologies and stay flexible to changing requirements across an organization.”

For more of Villeneuve’s recommendations for applying a hybrid-cloud approach to modern physical security, read the full article here.