The security week that was: 09/26/08

A weekly surveillance of news shaping your profession


Researcher questions emergency notification solutions

Even as a number of universities gravitate toward the latest generation of emergency alerting/notification solutions, the Associated Press is reporting on new research that doesn't take an especially favorable view of such systems.

In our news this week, we noted that in Utah, universities are rapidly adopting cell-phone based notification systems, and also that the University of Arkansas has rolled out a campus-wide notification system. Utah and Arkansas certainly aren't alone; university security expert Dr. Adam Thermos (who appeared on our recent webinar) has told us that many schools are bolting these onto their existing IT and security infrastructure.

So what's the problem with such systems? Well, according to the AP story which sourced Patrick Traynor of Georgia Tech's Information Security Center, the problem is not that these systems don't work. Rather, the problem is that such systems (being voluntary) don't meet a federal goal of 85 percent notification within 10 minutes. Traynor also pointed to the fact that hackers could spoof or hack such systems, leading to fraudulent messages. An additional concern was that such systems could contribute to phone or cellular network overload in the case of a widespread emergency, thereby hindering 911 communications.

We just started reading Traynor's full research on emergency alert systems (PDF format), and his main point is that "We show that current systems not only can not widely disseminate such messages quickly, but also that the addition traffic created by third party EAS may disrupt other traffic such as voice communications, including that of emergency responders or the public to 9-1-1 services."

Nonetheless, I don't see these limitations as any reason not to use such a system. Traynor's research, however, should make us be realistic about our expectations.

Biometrics update
Growth drivers explored at Biometric Consortium Conference

Security Technology & Design's publisher/editor-in-chief Steve Lasky attended the Biometric Consortium Conference this week in Tampa, Fla., and filed a report from this research-focused biometric conference. According to Steve and a number of people who he spoke with at the conference, the government market is still the driving force in the world of biometrics, with underlying factors being the US VISIT program, HSPD-24, HSPD-12/FIPS 201, TWIC, and wider usage of the FBI's IAFIS system. The consortium is heavily attended by government security and defense personnel, but it's obvious that as biometric adoption increases in the government market, the commercial sector should see a "trickle down" in adoption.

Sunny days for home automation?
Researchers say "yes", but I'm not so sure

Even as the economy hits a slump and the housing market tanks (home prices are down 5.3 percent according to the goverment), the folks at ABI research are predicting very big gains for home automation product sales in the next five years. It sounds like the folks at ABI research think the housing slump isn't going to last long. I hope they're right, but until middle America escapes from its problem of being caught upside down in mortgages, I doubt people will be ripping open drywall and snaking wires for expensive automated control systems.

Many of the new mainstream systems range in price from $5,000 to $15,000 (as opposed to $30,000-plus for the custom systems in high-end homes). That is a substantial drop from what you could expect to pay even a few years ago, but are middle-income consumers really willing to drop up to $15,000 when they're concerned about equity in their homes? My guess is that they're not ready yet, and unless we have a significant economic rebound, the answer will continue to be "No" for the foreseeable future.

In other news...
Less explosive fertilizer, School buys 1,500 cameras, Mysterious cyber crimes

This content continues onto the next page...