Faced with the blank canvas of a facility in need of protection, it is tempting to apply that first splash of paint by locating a bunch of cameras in problem areas and at facility access and egress points. But before you make that bold stroke, there are several questions you may wish to consider:
- What are my security needs?
- What currently available technology can help me to mitigate my problems?
- What support infrastructure-lighting, power, network, space-will I need?
- What staffing issues will be raised by this project?
Thoroughly analyzing your security needs, designing appropriate solutions, and planning for their implementation will ensure that you are addressing your current problems in a cost-effective manner with an eye toward minimizing future obsolescence.
What Are My Security Needs?
The most often overlooked concept in security system design is, perhaps, also the simplest: You cannot apply meaningful solutions to problems until you know and understand the nature of those problems. Sherlock Holmes said it best in The Adventure of the Speckled Band: "I had come to an entirely erroneous conclusion, which shows, my dear Watson, how dangerous it always is to reason from insufficient data."
The classical approach to understanding security needs is first to identify what requires protection-the assets-and then to determine from what the assets need to be protected-the threats. To put the threats in perspective, the risk of occurrence should also be assessed.
Let's look at a data center as a sample asset. This asset may be of importance to your organization on many counts; it encompasses the value of the data-processing equipment, the value of the data itself, and the value of the transmitted data as a management tool to its recipients.
Threats against the data center could come from trusted sources such as employees (by accident or because disgruntled) or equipment vendors (sabotage to the equipment or other vendors), or from outsiders such as hackers or competitor industrial espionage. Other threats could include fire or natural disasters, or, depending on the nature of your organization, terrorism due to the iconic stature of the building or the target status of neighboring buildings.
The means and methods of attack should also be considered. You may need to protect a data center from physical break-in through doors, windows, drop ceilings, or raised floors, as well as from damage to support elements such as HVAC systems, electrical power cables, and telecommunications infrastructure. These physical safeguards may need to be augmented by protections against hacking and denial-of-service attacks as well.
Risk is looked at in different ways by different organizations. One way is to prioritize threats by their likelihood or frequency of occurrence, much in the same way as is done with natural disasters. Is this an incident that could happen daily, weekly, monthly, annually, or once every 10 years, 50 years, or 100 years?
More commonly, risk is looked at as the magnitude of effect that a successfully orchestrated threat could have on the organization or on a business unit of the organization. This is generally measured in days: How many days can the organization survive if a particular asset is not available? Security is charged with mitigating only man-made threats, so it must join forces with contingency planning and disaster recovery to look at risk in this broader context.
There is another category of baseline information that should be explored before looking at possible solutions: constraints. The most obvious constraint is cost, but equally important are any negative impacts that solutions could have on normal productive operations, the availability of space for back-room equipment and real-time monitoring, and any approvals that may be required by other design professionals. For instance, an architect may need to have a say on the aesthetics of overt equipment like cameras.
What Can Current Video Technology Do For Me?
This article is not intended to be a review of current technology, but it is important to understand the capabilities and limitations of technology before trying to mitigate any security problems. So let's go into a brief overview of what's out there today.
The capabilities of video equipment and, in particular, digital video equipment are advancing faster and with more impact than any other security technology area. The intelligent data processing of digital signals is creating this revolution. Video systems can now tell you
- if something has been added permanently to a scene-e.g., a bag has been left unattended
- if a fixed item has been removed from the scene-e.g., a painting from a wall
- if an object is moving fast or slowly-e.g., a person is walking or running
- the direction that an object is moving-e.g., a vehicle moving the wrong way on a one-way street
- if an object moving in the scene is large or small-e.g., a truck on a road restricted to non-commercial vehicles
- the estimated distance to an object and if it crosses a predefined boundary
- the classification of an object, such as a person, a car, a truck, a boat, or an animal.
This list is not exhaustive but illustrates that video cameras are no longer just for surveillance or alarm assessment. They can now be the field sensors that capture primary data that, when processed, annunciates off-normal conditions.
Another area that should be understood is the design of the complete video system and the availability of functional interfaces of other security systems, such as access control, alarm monitoring and intercom. A decade ago, a camera was connected to a video switcher that controlled at which monitor its image was viewed. A video multiplexer also may have been used to display multiple images on a single screen; a time-lapse VCR was used for recording; and an interface to an alarm monitoring system may have been used to select camera views to be displayed based on associated alarm conditions and to select recording mode and/or recording speed.
Now the digital video recorder or, more recently, the network video processing system, is the center of the security video universe. It gathers the digital data from field sensors (intrusion detection and intercom devices as well as cameras), determines if there are off-normal conditions, and orchestrates the required displays, visual and audible operator alerts, and recording schemes. It may also interface with an access control system to assist its function of personnel identification and verification by augmenting its display with live video of someone seeking access.
What Support Infrastructure Do I Need?
Connectivity. The first area of focus is connectivity. The trend is to use the same cable as is specified for the voice and data telecom systems, and this is supported by current video technology. TCP/IP addressable cameras now connect, via Category 5 (Ethernet) cable, to a node on an existing corporate network or a dedicated security video network, or even the Internet. The video servers, DVRs or NVRs, are also network compatible.
Alternatively, the video signal is converted to communicate over unshielded twisted-pair cable with transmission distances far greater than the traditional coaxial cable, even in high-EMF areas such as elevator machine rooms.
Digital video, despite ever-improving data compression engines, is a bandwidth hog. Not all security video applications require a lot of bandwidth; for instance, not much is used if you're displaying single camera images only associated with an alarm or an access control validation. However, any application that plans to use existing corporate network capacity should be cleared with the network "owner"-often the IT department.
Lighting. The next support area to review, particularly if you plan to use exterior cameras, is lighting. Traditionally, black-and-white cameras have had the edge in producing a better picture under low-light conditions, while color technology, which requires higher light levels, provides a superior image for security identification and incident evaluation. Many camera manufacturers now offer units with the benefits of both: dual elements that can automatically switch between modes depending on ambient lighting.
However, different cameras perform best under different lighting conditions, and it is important to determine if there is not only a sufficient level of nighttime light, but also if the type of lighting is optimum for the cameras being considered. Additional or different luminaries may be required, or the budget may be better spent on higher-quality cameras capable of producing adequate video under existing conditions.
Space. At the other end of the system is either a video recording system or a monitoring station, or both, and space is needed to accommodate these. DVRs and NVRs take up little physical space and, being computer systems, may be best mounted in a vertical rack in a computer room or LAN/IDF closet. Monitoring usually requires multiple video screens that are traditionally housed in a console. Since the displays are now more often flat, thin, LCD screens, special tables with screen support columns-more commonly seen in IT help desks-are starting to replace the older multi-bay consoles.
What Staffing Issues Will Be Raised?
Discussion of monitoring equipment and its space requirements should be preceded by serious questions regarding real-time monitoring and recording schemes. Real-time monitoring is defined as a trained individual watching the camera scene as the original image is being displayed; any image that is recorded/archived can be viewed later but not while the action is occurring. The options available for monitoring and recording of video images are many, and they're not exclusive. For example, an image can be recorded only on "alarm" activity but monitored at all times. However, "No monitoring" and "No recording" indicates a dummy camera, which is not recommended under any circumstances. Indeed, if any camera is overt but not monitored, signage should be used to remove patrons' expectations of responsive security. The word "alarm" is in quotes because the activity may be automatically initiated by an off-normal sensor signal, such as a perimeter intrusion detector, or by digital processing of the video image itself, as described above.
Calculating the quantity of cameras, the time required to monitor them, and the time required to review recorded security incidents will provide an indication of staffing requirements. Of course, this is in addition to other security officer duties such as patrol and response. Typically, monitoring video scenes is very boring-imagine the worst TV show with almost no action and the sound turned off-and consideration should be given to frequent rotations at the monitoring desk.
We can only skim the surface of security video system design in a single article. The intent is to provide some direction and indicate areas of future research. In the last decade video systems have evolved from the connection of a few simple components to an integral piece of the information technology world. The IT professionals control the networks that may be needed for video signal transmission, and they control IP addresses required to connect to their media. Where CCTV system layouts required the designer to know the transmission limitations of coaxial cables, video system design needs someone who speaks the IT language of bandwidth, chokes, Category 5, and fiber.
The end user should understand the design process and the skill sets needed to develop the technology solutions, but, as in other areas of IT, the application software is the driver. The security practitioner needs to keep abreast of current, off-the-shelf capabilities, and of the exciting new capabilities that are being developed each day.
David G. Aggleton, CPP, is president and principal consultant at Aggleton & Associates, the New York City-based security consulting firm. Mr. Aggleton has been gaining experience in the security industry since 1978 and as a security systems consultant since 1985. He has taught the principals of the security technology design process at ASIS workshops, at ASIS, IFMA, and other industry conferences, and at John Jay College of Criminal Justice.
This article was published in the March 2005 issue of ST&D magazine.
