SecurityInfoWatch.com Blogs

The other week an investigation by Nordstrom’s and police revealed a theft ring working out of the King of Prussia mall store, located in the greater Philadelphia area. This in itself is not unusual news. What’s shocking about this case is that four of thieves were either former or current Loss Prevention Department employees of Nordstrom’s. Read the Times-Herald.com article.

During my career, I’ve investigated, interviewed, prosecuted and terminated several loss prevention employees that had decided to turn to the “dark side.” It’s a fact, not everybody is honest.  Whenever theft or dishonesty by loss prevention staff was detected, I always took it as an attack on my credibility as these people in some way reported to me.Back to the story.

Most of the thefts at Nordstrom’s occurred from the mailroom as packages mailed to legitimate customers were redirected to the thieves. I’m not sure how the thefts were discovered, but these cases normally become known by checking the shipping records of packages leaving the store. The sad part of this story is employees hired to protect the assets of Nordstrom’s committed the thefts.

Curtis Baillie - Security Consulting Strategies, LLC

Professional Security Technologies, an integrator in NJ, was recognized by Security Technology & Design magazine’s 2008 Security Innovation Awards for first prize. The integrator worked with a Dunkin’ Donuts franchise company, partnering with Brivo for a remote security/access control system at multiple franchise locations. The award was presented during ASIS 2008 at the Cygnus Security Media booth; a report on the award also appeared on NJ.com [see NJ.com ST&D Innovation Awards report].

-Geoff

I doubt anyone honestly thinks that DHS, DARPA and other such groups are using the same technology that you can buy at your tradeshows, but this article from the New Scientist online magazine shows just where DHS is pushing in technology.

Called the FAST program (Future Attribute Screening Technologies), this concept is a sensor array designed to find people who might be planning an attack or crimes. Yes, it certainly does sound a bit like the whole “pre-crime” concept out of the Minority Report movie. From the little we know, it sounds like such a system could study heart rates, facial expressions, breathing rates, etc.

While it seems that most citizens reading about this technology are alarmed by it, I think that it’s not that much different than what security professionals already look for in places like airport security queues. Especially nervous, fidgety persons who keep muttering under their breath “death to America” are likely to be pulled out of line for further questioning and more in-depth screening.

The way I see this system is that it’s just an automated, robot-like version of what we as humans do all the time. I believe we, as humans, are constantly studying expressions and attributes of others. If you are walking through the city back to your car at 11 p.m. and you see a mean-looking guy dressed in a hoodie hanging out in an alley, I’ll venture to bet that you will avoid that alley and go around the block to reach your car. In essence, you’ve done a complex analysis of trying to guess what some person’s intentions were. That, it seems is all this system does. You’re not assuming the man must be a criminal just because of how he looks. Right or wrong, what you’re doing is saying that his profile/appearance matches your experience with criminal appearances.

In the same way, part of the reason that terrorist Ahmed Ressam was caught before he could attack the Los Angeles airport is that a U.S. Customs inspector noted how nervous he was. Here’s how nervous Ressam was: When asked to show ID he reportedly handed over a retailer’s club membership card.

Here’s what the New York Times wrote about this case:

“The inspector, Diana Dean, now retired, said later that she sensed Mr. Ressam was extremely nervous and that the convoluted route he described taking from Canada to the city he called “Sattle” made no sense to her.” [see full NYT article]

This was admittedly a very long post for a short article, but as we push forward into advanced technologies beyond motion sensors, fire detectors and simple camera-recorder systems, we are obviously going to start facing more and more ethical and privacy-related issues. But keep in mind that such technological feats are only designed to automate what we are already doing to protect our nation’s security.

-Geoff

I don’t know the company name, but while at ASIS 2008, I received two reports about a booth that was giving away fake grenades. Reportedly, these things even had a pin you could pull and they would vibrate. I was lucky at this tradeshow and could drive down for the show, but for those of you who picked one of those booth giveaways up, I sure hope you didn’t put that in your carry-on for your flight back home. Let’s give the marketing director a big old Homer Simpson “Doh!”on that idea. Back to the drawing board for booth chotchkies…

-Geoff

This is definitely not the complete review of technologies I saw at the 2008 ASIS show, but the following companies were making news, so let’s break it here: 

Matrix Systems 

Matrix Systems, which has been around since 1979, was on the show floor with its access control solutions. The company is unique in that it is both an integrator and a manufacturer. Most impressive from this company is its vector graphics based user interface for facility security maps. Most access control software solutions tend to use image-based maps, so that when you focus in on a particular area, the software needs to load a new image to demonstrate that part of the facility. Matrix, on the other hand, allows for instant, scalable zooming into facilities as you zoom in/out to look at different areas of the facility. That also allows 3D imaging, so you can do a bird’s eye view, a fly-over and other angles for using the facility map interface. It really makes the interface with this part of the software very nice. The company was also showing that it has fail-over options for its access system controllers, such that if one part of the network goes down, you don’t lose control of that door, because it can be set to automatically to fail-over to another controller on another part of the network. Almost 40 years later, this company is still proving that innovation is in its blood.

JVC

At the ASIS 2008 show this week in Atlanta, Ga., JVC introduced its V.Networks branding. The company, which is a maker of analog and IP video surveillance cameras, introduced the V.Networks brand along with the new VN-V lines of IP-based surveillance cameras (as an aside, the cameras use the Verint protocol, which includes network transmission fail-over and redundancy features) and the V.Networks line of branded monitors for surveillance video monitoring.

The company also has a megapixel line and was showing its newest NVRs (which have an embedded Milestone Systems software interface).

NICE Systems

Over at the NICE Systems booth, I caught up with Moti Shabtai. The company has restructured and re-organized its company to create a security group with individual teams focused on specific verticals such as gaming, transportation, public safety and a combined group for educational facilities, healthcare and critical infrastructure. The company is doing 80% of the public safety/emergency operations center call center management solutions in the U.S. and is really showing how it has the ability to integrate the necessary solutions for major control centers.

Moti has a unique take on the steps of security, which he defines as the following:

1. Detect
2. Verify
3. Resolve
4. Investigate
5. Prosecute & Improve

The company’s technology offerings, he said, are designed with those steps in mind for the security, law enforcement and first responder communities. Really, what the company is doing is a PSIM  type of solution (physical security information management) by correlating different sources of security/safety information and correlating the events so that you can detect, verify, resolve, investigate and improve your security.

Bioscrypt/L-1

If you recall, Bioscrypt was purchased by L-1 in March, but the firm is still very much operating as an independent business unit. If you’re not familiar with the company, this is one of the leaders in fingerprint and facial recognition (the facial recognition was brought in with the Bioscrypt acquisition of A4 Vision). Their product line hasn’t changed much, except that the architecture and system running the 3D facial recognition system has been gutted. The user would never know, but they’ve changed the architecture such that each unit no longer requires a dedicated, standalone PC — it’s a move that Bioscrypt’s Peter Morgan says really improves the system while lowering the cost and easing the installation process. The 3D face systems are strongest in the financial sector, but they also cite casino security deployments and uses anytime a company “wants a visual representation of how seriously they take security.”

The company is coming along very strongly in the HSPD-12 market with its PIV station unit and is actively watching the TWIC market to see how the firm’s biometric solutions can play in that area.

The last time I had the chance to sit down with the Bioscrypt team, they were actively promoting their logical access solutions, but this time it’s clear that Bioscrypt recognizes that their strengths are in physical security solutions. Nonetheless, Morgan said that the firm is not leaving that space, but as part of L-1, they’ve been able to do really strong partnerships with L-1 subsidiaries like Identix that are even stronger in logical access solutions.

Samsung | GVI  Security

There are two Samsung branded companies doing business in the U.S. now that Samsung Techwin has entered the market and GVI’s Steve Walin says that can admittedly be somewhat confusing. He explains that the push is indicative of the fact that Samsung, as a global business, wants to do a billion dollars in security sales worldwide in the next three years. And even though his branding became a little more confusing with addition of Samsung Techwin, Walin notes that it can’t hurt that there are now two firms representing the Samsung security line-up here in the U.S. That’s twice as much promotion for the Samsung name, he notes.

GVI is of course a Samsung partner; The company (Samsung Electronic) invested in Samsung | GVI Security over a year ago, and with Walin at the helm, the company has seen six straight quarters of profitable growth. Walin notes that the growth isn’t solely in the U.S.; he notes that South America has been a very strong growth area for the company (they’re supplying video surveillance for municipal surveillance systems in Bogota, Columbia).

 Sony

Here’s the Sony update, and as you might expect for the top image sensor provider for all surveillance cameras, the company is always pushing forward with new technologies. Their cameras are showing the new ExWavePro image sensor, which is a very responsive, versatile sensor from what I saw in their video. Mike McCann also was noting that they’ve managed to reduce latency even more in the IP PTZs (networked PTZ cameras have been notoriously slow in responding over networks), and having taken the joystick controls on one of these cameras, I must say that the latency is getting very close to being imperceptible.

You can’t talk IP video surveillance without talking bandwidth, and as those of you who understand bandwidth know, bandwidth usage can jump around greatly when you start dealing with IP camera controls and a lot of motion in the scene. Sony has some solutions for mitigating bit-rate (for MPEG-4) and stabilizing file sizes (JPEG) so that you don’t see your bandwidth jump all around the chart. Here’s a tip, says McCann: Use the free NetPerSec software from PC Magazine to study your network connection; it’s a handy tool when it comes to watching bandwidth. 

Were you at the show? If so, post up some of your own ”show notes” in our comments field. 

-Geoff

While at ASIS 2008 earlier this week, I had a chance to attend a seminar regarding illegal immigration and what type of impact it has on security professionals.

The speaker was former INS Agent Neville Cramer, who now runs a security consulting firm in his home state of Arizona.

In addition to speaking about the threats posed by illegal immigrants working in what he referred to as “minimal threat” positions, such as agriculture and landscaping, Cramer brought up several problems posed by the issue that very few people think about when the topic is discussed.

Cramer said that those companies who employ illegal immigrants to work in such industries as security guard services, building maintenance, health care, daycare, data entry, hotels, and trash collections are leaving their customers and themselves extremely vulnerable to crimes like identity theft, being that many of these type workers have unfettered access to sensitive information.

He said that one of the reasons that illegals in these positions are not deterred from stealing personal information is that the harshest penalty they face is deportation.

As such, Cramer added that these companies are leaving themselves open to civil liability lawsuits.

Another interesting point posed by Cramer was the fact that many illegal immigrants are being utilized by communist or terror states and organized crime to carry out espionage or other nefarious activities.

 Among the state sponsor’s of illegal immigrants Cramer listed included China, North Korea and Iran.

The bottom line of Cramer’s presentation was that businesses and their security directors need to wake up to the fact that illegal immigration has much more of an impact than that of the social irresponsibility of a corporation. It also plainly has an impact on the security of companies, their customers and our nation as a whole.

Cramer urged businesses to use the Department of Homeland Security’s new eVerify program, as well as non governmental or private security measures such as credit bureaus and background investigations.

“Hopefully we can try to bring some semblance of responsibility to how we handle our illegal immigrants,” Cramer said of the U.S. government. “It is really security professionals that have to… learn your vulnerabilities and discuss them with your company’s executives.”

I agree with Cramer. Companies need to be more aware of the dangers posed by illegal immigrants, as well as others who may have something to gain by compromising sensitive data. It would be better to take the time to verify the identity and background of an employee now, rather than have to invest more time and resources in court after someone finds that the company was liable in hiring illegal personnel.  

 -Joel Griffin

From end-users to dealers, distributors to integrators, ASIS 2008, Atlanta, was already under way Sunday afternoon as many scrambled in finishing the setup of their booths. HID helped kick off Sunday night with a customer appreciation party at the Georgia Aquarium. A definite hit, take a look below at some of the pictures from the event.

Just jellyfishing around…

Mingling at the HID Customer Appreciation event…

Swimming sharks overhead…

Nancy, Locksmith Ledger publisher, braving the waters with the stingrays…

-Natalia

Nothing to see here, really, but some sneak peek shots inside the tradeshow floor. Watch out for the forklifts and the union guys rolling in the yellow carts. Everyone’s hooking up cameras, access control panels, bomb detection systems, rolling out the carpet, and trying to find that one wrench they need to bolt together the booth… Alas, here’s the peak at what’s unfolding at the Georgia World Congress Center this week in Atlanta, Ga., for the ASIS International 2008 Seminars & Exhibits.

-

Above: Already by 3 p.m., some of the complex booths were close to finished. Shown: Vicon’s stand at the ASIS 2008 exhibits.

Above: Crates and boxes pack the aisles; they’ve been shipped from around the world with expensive camera and access control technologies (and a whole lot more). Don’t even think of trying to head down this aisle until the guys clean it up.

Above: A sneak peek at Pelco’s booth. They’re unveiling the Sarix surveillance technology. Highlights include new imaging capabilities, possibilities of embedded analytics, different architectures and more. Check them out; we will!

Above: The first thing you’re going to notice about the Georgia World Congress Center is that there are more levels than you can shake a stick at. Ever read Dante’s Divine Comedy? Think about Virgil guiding Dante as they descend through the nine levels of hell and you start to get an idea. Fortunately, it’s not hell. After all, there are escalators. Lots of them. Exhibitors are at the bottom. Registration is at the top. Purgatory (oops, I meant to say the educational sessions) are somewhere in between. SecurityInfoWatch.com and the Cygnus Security team are in booth 1042. Come say hello; propose an article, drop off your card, check out the site. We promise not to bombard you with ink pens and marketing materials (unless you want them).

-Geoff

Dallas, Texas has passed a new Convenience Store (C-Store) safety ordinance. Houston passed a similar law not long ago. Some of the Dallas requirements include: cameras, mandated storage requirements, alarms with “panic systems” and drop safes. Read the “Dallas City Hall blog”.

What do you think about this? Is this just more “big brother” government in action?

Curtis Baillie - Security Consulting Strategies, LLC

Mmmmm, fried chicken. Maybe not good for your heart, and definitely not good for your waistline, but it’s still one of America’s favorite foods (and mine as well).

So, the security angle on this post is that KFC (Kentucky Fried Chicken, even though in this heart-healthy age they’ve been trying to distance themselves from the word “fried”) is moving its secret recipe.

While probably more hype than substance, Kentucky Fried Chicken is taking “Colonel Sanders’ Famed Secret Recipe” from its former storage location to a new storage location as it does some modernization at its Kentucky location. They’ve hired on Brink’s and the local police in Louisville to help out on the wagon train of security as they seek to protect their recipe of 11 herbs and spices. In the end, it’s just another recipe for fast food, but KFC is calling it one of “America’s most valuable trade secrets”.

“My first security recommendation to keep this high-value asset safe is to move it to a top-secret, secure location until new corporate security upgrades are in place,” said former New York City Police Detective Bo Dietl, who was hired on by KFC as a security consultant for its project.

Here’s their full press release:

KFC to Showcase Historic Safe & Move Colonel Sanders’ Famed Secret Recipe Via High-Security Motorcade

KFC Unveils Plans to Temporarily Relocate Original Recipe and Modernize Security for the Brand’s Iconic Blend of 11 Herbs and Spices as it Launches New Original Recipe Chicken Strips

LOUISVILLE, Ky., Sept. 9 /PRNewswire/ — The secret’s out. Or, at least it will be later today. After being locked in a safe for 68 years, Colonel Harland Sanders’ handwritten Original Recipe(R) will temporarily be relocated to a secret-secure location as KFC modernizes the safekeeping of one of America’s top corporate trade secrets.

The move comes as KFC launches its Original Recipe Boneless Chicken Strips, the first-ever line extension carrying the flavor of Sanders’ secret blend of 11 herbs and spices.

“With our Original Recipe Strips, KFC is putting a first-ever modern twist on our historic Original Recipe,” KFC President Roger Eaton explained. “The addition of these new boneless strips to our menu will greatly complement the Colonel’s signature Original Recipe fried chicken in a form that fits consumers’ on-the-go lifestyle.”

As a long-standing cornerstone of the world’s most popular chicken restaurant chain, Sanders’ Original Recipe ranks among America’s most valuable trade secrets.

“The concept of having a secret recipe is priceless and it provides KFC with a meaningful point of difference and a competitive advantage,” said Ron Paul, president of Technomics.

Today’s Historic Relocation

For the first time in 68 years, KFC is moving the Colonel’s most prized possession. To help keep its most valuable asset safe, KFC has hired national corporate security expert and former New York City Police Detective Bo Dietl to consult on its security modernization project and oversee the temporary relocation of Sanders’ Original Recipe.

“My first security recommendation to keep this high-value asset safe is to move it to a top-secret, secure location until new corporate security upgrades are in place,” said Dietl.

With the help of the Louisville Metro Police Department and Brink’s, Incorporated, an armored car and a locked briefcase handcuffed to Mr. Dietl, the Original Recipe will be transported from KFC corporate headquarters to an undisclosed location for safekeeping while Dietl’s recommended security upgrades are evaluated.

Original Recipe for Safekeeping

It takes many moving parts to keep the secret Original Recipe under wraps. Only two KFC executives know the finger-lickin’ recipe of 11 herbs and spices. A third executive knows the combination to the safe where the handwritten recipe resides. Less than a handful of KFC employees know the identities of the three executives, who are not allowed to travel together on the same plane or in the same car for security reasons.

The specific details of the secret recipe of herbs and spices are shrouded in secrecy, even among the suppliers who produce and blend it. Multiple suppliers are involved in the process, bound by strict secrecy agreements, and none of the individual suppliers know the entire formula. To further safeguard the secret recipe, KFC does not identify the suppliers involved in producing and blending the recipe.

Successful Secret

Colonel Harland Sanders created the now-famous Original Recipe in 1940, and it hasn’t changed since. While Sanders’ Original Recipe fried chicken is a mainstay of the KFC menu, the world’s most popular chicken restaurant chain is also giving the Original Recipe a modern makeover, by introducing Original Recipe Strips. The new product combines the home-style taste that America knows and loves with the innovation of KFC’s popular boneless chicken strips.

KFC Can Protect Your Secrets Too

The same company that has kept the Colonel’s Original Recipe a secret for decades will now keep your secret safe! To celebrate the introduction of Original Recipe Strips and the Colonel’s closely guarded secret, we encourage you to share your secret for safekeeping. Submit your secret to our all-new, high-tech virtual “Secret Safe” at http://www.kfc.com/secretsafe.