Standards: The superglue for security systems

Dec. 10, 2014
Examining different standard types, who creates them and how they are being used

If you think about it, without standards to govern the products and services we manufacturer and buy, whole industries would collapse. Cars wouldn’t run. Buildings would crumble. Service people would be at a loss as to how to fix things or even get the correct replacement parts.

The electronic security sector is no different. Without standards, cameras and video management software couldn’t communicate with each other. Integrators wouldn’t know how to install systems and end users wouldn’t be able to view and search their video for forensic evidence.

So, who decides which standards should be adopted and how do those standards permeate the various industries that depend on them to protect their businesses?

Normative vs. Informative Standards – Requirements vs. Recommendations

Before we delve into those questions, it’s important to understand that there are two kinds of standards. Standards with a capital “S” – also known as normative standards – contain specific requirements that must be followed. Standards with a small “s” – also known as informative standards – are best practices guidelines for achieving a specific security goal.

Both types of standards can be found in just about every major industry. In the healthcare industry, privacy Standards like HIPAA govern the handling of patient data while a best practices standard might advise healthcare professionals on some of the best ways to triage patients. Another standard might include the use of ultra-lowlight, full motion video capture or “Lightfinder” technology to monitor patients in sleep centers or neonatal intensive care units (NICU) where visual acuity and color reproduction can indicate when infants have apnea (breathing difficulty) or jaundice (oxygen deficiency, yellowing skin).

For critical infrastructure, operational Standards like CIP-014-1 address the physical security of energy facilities. Best practices guidelines, on the other hand, might clarify ways operators can more rapidly and efficiently diagnose malfunctions before full failure. An energy provider in the Northeast uses thermal imaging to remotely detect hot running transformers and switch gears.

In the wake of recent events, public safety professionals are now closely examining surveillance video retention policies, best practices and agency Standards.  Are we keeping enough video content to perform a comprehensive investigation?  Do we have a policy in place to discard video storage after a period of time?  This was a recent topic of discussion at a Public Safety Summit held by the Video Quality in Public Safety (VQIPS) working group of the Department of Homeland Security Science and Technology Directorate.  It was discovered that some agencies in the Los Angeles area require at least 90 days of digital multimedia content (video plus metadata), while an agency in Little Rock, Ark. must dispose of video kept longer than 120 days. A newly formed public safety policy team for VQIPS will be working together in 2015 on this very topic, which will no doubt positively impact the safety of our cities.

In electronic surveillance equipment manufacturing, vendors rely on technology Standards like H.264 compression and HDTV resolution when developing products to ensure component interoperability. A best practices standard, on the other hand, might be a recommend guideline to integrators on how best to optimize system performance. Another example of a normative Standard would be the specifications published by the Society of Motion Picture and Television Engineers (SMPTE) that outline what qualifies as an HDTV camera. The image must conform to a 16:9 widescreen format, contain 720 or 1080 scan lines, be able to stream at 30 or 60 frames per second, and generate video in high color fidelity. An example of an informative standard would be the recommendation to install redundant local archiving as a fail-safe in case network connectivity to the remote server is disrupted.

Who Creates Standards?

Normative Standards are created by accredited standards developing organizations (SDOs). Informative standards are usually published by industry-specific associations. There are a host of other SDOs that play an important role in shaping electronic security. Here are just a few of them:              

ASIS International. In the physical security and security applied sciences end-user community, the largest global accredited SDO is ASIS International. It bases its comprehensive educational programs as study for the CPP (Certified Protection Professional) and PSP (Physical Security Professional) credentials on industry Standards and guidelines. ASIS has organized its membership into regional chapters, as well as vertical markets and councils to apply each domain’s Standards. In the retail market, both the National Retail Federation and ASIS International work together on interpreting the significance of the PCI-DSS Standard which governs the payment card data security process - including prevention, detection and appropriate reaction to security incidents.

Physical security, facility security and advanced security solutions like explosives detection have resulted in ASIS focusing members into the Physical Security, Security Architecture & Engineering and the newly formed Security Applied Sciences Council (SAS). SAS and the IT SDO, ISC(2), are working together now to deliver advanced guidance on trending solutions. At the recent ASIS Annual Seminar and the co-located ISC(2) World Congress, ASIS International education generated high interest during sessions on mobile device forensics, explosives and contraband detection and active shooter response.

SIA. The Security Industry Association (SIA) has evolved into a significant provider of focused collaborations for industry manufacturers and solution providers. If security and safety devices are interoperable, they are more easily deployed and solutions can be scalable, agile and elastic, meeting end user requirements. SIA also provides a lobbying point, bringing policy makers and stakeholders together to address federal and state initiatives affecting the security industry. SIA Education is using trending industry Standards to deliver classes on UltraHD video and near field communications (NFC) at industry events. NFC-based Apple Pay and Google Wallet services allow consumers to “tap and pay,” while the same NFC technology is turning smartphones into electronic access control credentials.

BICSI. In the building industry, Building Industry Consulting Service International (BICSI) supports the advancement of the information and communication technology (ICT) community which covers voice, data, electronic safety and security, project management and audio/video technologies. BICSI recently published a Data Center design Standard to specify how to properly engineer a data center. BICSI also recently published an Electronic Security and Safety Standard (ESS), becoming the first SDO to unify physical security, physical infrastructure and safety in a single document.

ESA. Another important SDO is the Electronic Security Association (ESA) whose membership includes independent, national and global systems integrators. One of its charters is to provide extensive vertical industry education to its members. Recently, they’ve taken a leadership role in developing Electronic Security Guidelines for Schools to ensure the safety of children, teachers and school personnel.

CSAA. The Central Station Alarm Association (CSAA) represents protection service providers, users and bureaus certified by Nationally Recognized Testing Laboratories (NATL) like Underwriters Laboratories (UL). CSAA activities and Standards are encouraging the industry practices leading to life-saving false alarm reduction and improved central station performance. Through CSAA’s ASAP to the PSAP program, the second largest Next Generation 911 (NG911) center in the city of Houston can often process alarms in 15 seconds where previously they took several minutes.

LEVA. In the law enforcement sector, the Law Enforcement Video Association (LEVA)    not only publishes best practices guidelines for conducting forensic video investigation, but also offers a rigorous certification program for forensic video analysts and forensic video technicians. Nowhere was the value of that training more evident than during the Vancouver Stanley Cup riots in 2011 when more than 18,000 arrests were made.

SISC. In the electronic security industry, there is a unique working group known as the Security Industry Council (SISC). It reviews and coordinates the standards activities of accredited member SDOs, identifies related organization with relevant expertise for SDO assistance and coordinates with their individual standards projects.

How Do Standards Extend Into the User Community?

Standards come into play on multiple levels in a security scenario. Take, for instance, an after-hours jewelry store robbery. The robbery is detected by the near perfect processing of three alarm sensors. A glass breaking detector is activated by a breach in the glass panel of the store’s front door. A remote central station monitors the audio level at the store and is able to recognize the sound of multiple people in the store. The central station also monitors the video cameras on the premises as a third verification of the burglars in action. The operator can now call law enforcement with full details of the situation and let officers know how many suspects are on the premises so that all the robbery participants can be apprehended.

To ensure that critical systems function properly and in concert with one another requires the adherence to multiple Standards. For instance, there are Standards that govern the alarm transmission and the video verification, including bit rates and the minimum number of video frames captured before and during the event. There are protection services Standards adopted by CSAA that are certified by a CSAA-approved NRTL, such as UL and FM Approvals (formerly Factory Mutual Research Corporation). There are also image quality Standards that make it possible to identify the suspects, such as HDTV and Ultra High Definition, also known in the industry as 4K and 8K, whose specifications are governed by the Consumer Electronics Association. And there are video compression Standards such as H.264 and H.265 (also known as High Efficiency Video Codec or HEVC) that govern how the video is streamed so as to reduce bandwidth consumption without degrading image quality.

Is the Standards/standards Landscape Here to Stay?

The lack of standards is what restricted DVR users to a single vendor, since manufacturers’ proprietary systems adhered only to their unique specifications. With the move to open platforms and ever more sophisticated electronic surveillance components, Standards have become the crucial superglue that ties them all together and will continue to play an important role in all industries.

About the Author: Steve Surfaro is the security industry liaison for Axis Communications, Inc. He works closely with top industry associations as well as local, state and national law enforcement for video best practices in all vertical markets. He can be reached at [email protected].