Convergence of Physical Security and Building Automation

June 15, 2017
Not unlike sailing the seas, security has redefined navigation from stars to geolocation

Over the past 30 years, and certainly, in the past five years, we have seen the alignment of technology driven by the trends of interconnection of IP to even analog cameras for connectivity, moving toward the Internet of Things (IoT). Convergence from the 1980s onward has steered us toward this software-based, even cloud-based resource for security, communications and protection needs, with what are often disparate systems.

Convergence: Both Crests and Waves

In the 1980s there were two types of integration, the first was the use of relays to monitor the status of devices in the field. The other was to cluster different workstations from disparate systems into one control room and call it integration. Seldom was the system so complicated that computers were used, and even then, they were usually 1/10,000th the power of today's PC. By the 1990s, touchscreen integration using computer control was commonplace.

 Computer coding using the best of Microsoft's offerings provided the ultimate control as long as custom software was affordable and programmers were available. But it was really the Microsoft server, the forerunner to ‘server in a cloud’ or SaaS (Software as a Service), that propelled application-oriented operating systems in your PCs, nestled in your computer space or housed in security space(s). Many security executives will remember the frustration in dealing with system defragmentation, reboot uptime, software patches, and connectivity issues. Now that these hurdles have been addressed, what now? Is it simpler? Perhaps, although we believe 'trust but verify' is the term of the day.

Define System: What's your Port-of-Call?

In today’s world, “bigger is always better”, is sold as a selling point for services but is not always the way to proceed. It is true that a large company has the resources and tenure to complete large projects, but it is also at the cost of the large company’s overhead. In many cases the smaller will have fewer levels of infrastructure making the project potentially cost less and take less time. One thing to remember is to research the company prior to engaging them for a job, making sure they are established and have the technical expertise to accomplish the goals you have set forth for your project.

Another term often used is “too big to fail.”  We have found in a time of acquisitions, is not always the case. Many well-established companies are “big” are now being bought by conglomerates to diversify/augment their enterprise. Soon after their acquisition, some of these so-called “big” companies are dismantled or absorbed into the parent corporation and, for all intents and purposes, no longer exist. This will lead to the “big” company that has been absorbed failing its clients as a residue of acquisition. Engaging a company for a project requires consideration of the company’s longevity in the business and its plans for growth.

Levels of Control - Turning on the Radar

 The evolution of available monitoring and control within the last 40 years has gone from the physical controls of the 1970s to the unified controls of today. From physical controls (security guard), to integrated controls (devices reporting, to a control panel) to computer controls (computers controlling devices), to software and network control (software driven system using the network to disseminate information and control), to unified control using a graphical user interface (GUI) to command and control the system.

The industry has transitioned from security guards to lights indicating doors were opened, to unified systems that can observe a breach in a matter of milliseconds. GUIs can display the site, the building, and the alarm locations within the building, not to mention video and sound. In some systems, a GUI can be implemented as a Java applet. The user interface applet then establishes a separate TCP/IP connection (local, intranet, or internet) to control the system. The GUI then transmits data requests or user commands to control the system base and display data received from control system base. Users can employ this type of system to notify administrators of a breach in security and to notify the police of the exact location and time of the breach, aiding them in the shortest possible response time.

Charting Your Course to Connectivity

Today, convergence is only limited by two things: connectivity and programmability. Virtually every device that needs to be connected, whether by RS-232, relays, or serial communicators, even analog to digital stream conversion, but only as long as a software interface exists or can be coded. Physical security at its core foundations is being penetrated by convergence technology every day including Bluetooth locks, network connected locks powered over the Ethernet, license plate and facial recognition. Despite the obvious benefits, we are left with unintended consequences such as connectivity gaps, communication errors, lost storage, and technical bugs, along with delays and occasional overdue promises.

Having a Fish Finder is the Easy Part

It takes more than a vendor’s scheduled implementation and available labor to ensure a project’s success. Often it is the lack of project management and oversight by technical personnel that endangers a project, not the equipment.  Years of experience is needed in preparing specifications, writing code for specialized integration software routines -- whether in PLC language, computer coding, APIs/SDKs (specialized routines), or network integration -- or requiring standardized software platform implementation.

Sometimes that full-building solution and intelligent buildings/systems cost savings and efficiencies can be shifted entirely to a cloud-based visual information system, or even a building hardware and lock solution, without costly subsystem integration, while the physical system can still reside on a built-infrastructure with mission-critical reliability.

This means that whether it's one facility or 30 around the nation, one can implement an enterprise strategy as long as perpetual licensing is included in the operational costs, and conversely, subtracted from capital costs. The licensing and market strategy of paying for directly connecting your sensors in the field to your computer servers or to the cloud in order to obtain the same licensed services will always increase based on the size of your platform.  The best advice for any project is to maintain a steady course, making sure you are the captain of your ship’s project costs and speed of implementation, so you can weather any unexpected storms.

Don't Sail in Uncharted Waters

So, what are some of the salient points that technical security teams and those responsible for the project should incorporate for real and cost-effective convergence? Here are seven suggestions for charting a bullet-proof plan:

  • Investigate what communications capabilities exist and investigate options, alternatives, and costs for other possibilities.
  • Opt for communications solutions that are practical. Converting existing coaxial and keeping long strings of RS-232 are practical, if possible. Account for all situations where migration will cost labor dollars. Avoid cell lines for video and watch cloud storage costs.
  • Plan for monitoring, whether an existing SCADA control room or a new network-based security center; always require a fallback position for storms, environmental actions, fire, or other activity within or outside the space -- by virtual platform or application-based viewing software.
  • Determine if your centralized monitoring system is to be custom enterprise server-based, card access-based, PSIM-based, or a SCADA add-on.
  • Determine if the operation center will be virtualized so anyone, anywhere, anytime can view it with built-in fallback capability.
  • Will enterprise servers be used? And if so, where, how many, and why? How are they administered, backed up, and monitored/serviced, and especially how are they hacking secured?
  • Define system administration, policy, electronic record keeping, metrics, and monitoring. How big is the system and what are its expectations? This may drive the solution with a well prepared comparative matrix of system, software, and operational opportunities all neatly driving costs and effectiveness while defining resilience.

Sail Away with Safety at Sea

Remember, the system you install, the communications you use to incorporate alarms and viewing, and the equipment at the comm center all end with service, licensing, spare parts, warranties, integration, and software service agreements (SSA). Each of these elements can add anywhere from five percent to  10 percent of the original cost of the installation each year. It is a widely-accepted opinion that within a three- to five-year period, most security operations will spend two to three times the cost of the equipment on staffing alone. But with the changing of security services to licensing, software service agreements, and heavy reliance on IT maintenance, these costs could actually rise significantly higher than expectations during design.

While final decision for any project should always boil down to cost, evaluating service and software after the sale is a particularly important to explore. Having a seasoned pilot who has decades of experience implementing successful network-based security systems on a national scale can help navigate your project through even the tightest ports -- keeping those critical schedules intact and reducing risk to the project owners.  Enjoy a safe voyage.

Notes: Additional references and information with permission from  http://www.profsyseng.com/tech-bulletins/bulletins/technical-bulletin-08.html

About the Authors: Jerry ‘Dutch’ Forstater has been involved with law enforcement and public safety systems design and management for thirty-five years. He founded Professional Systems Engineering, LLC (PSE) in 1986 focusing on technology design and consulting for government, justice, law enforcement, schools, and cultural institutions. He is a professional engineer in 14 states, NICET-certified in both fire alarm and fire protection, a Board Certified Physical Security Professional, a former Board Member of the International Association of Professional Security Consultants, a former Chair of the Philadelphia Chapter of ASIS International, and a Director of the Delaware Valley Society of Fire Protection Engineers. He can be reached at [email protected].

Dennis DePuy is with Pennoni and has been involved with security systems, fire alarm systems, hospital systems, educational systems, and public safety systems design and management for forty years. He has designed systems for the military, the government, hospitals, schools, ports, bridges, commercial, and industrial projects. He has worked closely with homeland security and all other agencies both public and private. He can be reached at [email protected].