The security week that was: 09/26/08

Researcher questions emergency notification solutions

Even as a number of universities gravitate toward the latest generation of emergency alerting/notification solutions, the Associated Press is reporting on new research that doesn't take an especially favorable view of such systems.

In our news this week, we noted that in Utah, universities are rapidly adopting cell-phone based notification systems, and also that the University of Arkansas has rolled out a campus-wide notification system. Utah and Arkansas certainly aren't alone; university security expert Dr. Adam Thermos (who appeared on our recent webinar) has told us that many schools are bolting these onto their existing IT and security infrastructure.

So what's the problem with such systems? Well, according to the AP story which sourced Patrick Traynor of Georgia Tech's Information Security Center, the problem is not that these systems don't work. Rather, the problem is that such systems (being voluntary) don't meet a federal goal of 85 percent notification within 10 minutes. Traynor also pointed to the fact that hackers could spoof or hack such systems, leading to fraudulent messages. An additional concern was that such systems could contribute to phone or cellular network overload in the case of a widespread emergency, thereby hindering 911 communications.

We just started reading Traynor's full research on emergency alert systems (PDF format), and his main point is that "We show that current systems not only can not widely disseminate such messages quickly, but also that the addition traffic created by third party EAS may disrupt other traffic such as voice communications, including that of emergency responders or the public to 9-1-1 services."

Nonetheless, I don't see these limitations as any reason not to use such a system. Traynor's research, however, should make us be realistic about our expectations.

Biometrics update
Growth drivers explored at Biometric Consortium Conference

Security Technology & Design's publisher/editor-in-chief Steve Lasky attended the Biometric Consortium Conference this week in Tampa, Fla., and filed a report from this research-focused biometric conference. According to Steve and a number of people who he spoke with at the conference, the government market is still the driving force in the world of biometrics, with underlying factors being the US VISIT program, HSPD-24, HSPD-12/FIPS 201, TWIC, and wider usage of the FBI's IAFIS system. The consortium is heavily attended by government security and defense personnel, but it's obvious that as biometric adoption increases in the government market, the commercial sector should see a "trickle down" in adoption.

Sunny days for home automation?
Researchers say "yes", but I'm not so sure

Even as the economy hits a slump and the housing market tanks (home prices are down 5.3 percent according to the goverment), the folks at ABI research are predicting very big gains for home automation product sales in the next five years. It sounds like the folks at ABI research think the housing slump isn't going to last long. I hope they're right, but until middle America escapes from its problem of being caught upside down in mortgages, I doubt people will be ripping open drywall and snaking wires for expensive automated control systems.

Many of the new mainstream systems range in price from $5,000 to $15,000 (as opposed to $30,000-plus for the custom systems in high-end homes). That is a substantial drop from what you could expect to pay even a few years ago, but are middle-income consumers really willing to drop up to $15,000 when they're concerned about equity in their homes? My guess is that they're not ready yet, and unless we have a significant economic rebound, the answer will continue to be "No" for the foreseeable future.

In other news...
Less explosive fertilizer, School buys 1,500 cameras, Mysterious cyber crimes

Honeywell is out with a new ammonium-nitrate based fertilizer that doesn't have the explosive properties of the traditional ammonium nitrate fertilizer. The classic fertilizer, of course, was used in the 1995 Oklahoma City bombing at the Murrah Federal Building. ... Chemical sensing companies are lobbying the government to allow for the inclusion of such sensor networks into homeland security grants; so far, the DHS grants have not been allowed to cover such early-warning chemical threat detection systems. ... At least some markets aren't slowing down. Georgia's Richmond County school distric just announced its intention to install a 1,500-camera surveillance and recording system, and they're also buying walk-through metal detection technologies. ... PC Magazine did an interesting round-up on the "10 most mysterious cyber crimes", and speaking of computer security, the ISC2 certification organization for IT security staff has developed a certification for software programmers who want recognition that their wares have security as an intrinsic design component.

In the forums
Uniforms for covert LP?

Our forum members were busy discussing loss prevention tactics, and some were pointing out the foolishness of a "uniform" for undercover LP associates. Sure, just go ahead and try to blend in as a customer in a gritty urban retail environment when you're wearing a freshly pressed button-up, collared shirt and nice slacks.

Finally, we close with a look at our top-read stories of the week (I recommend you read about how Tim Bohr manages surveillance at one of the world's biggest casinos if you haven't done so yet):