port security gets proactive - 1105...

April 2008

April 2008 Supplement to Security Products

26

8

COMES THE STORMTHE CRITICAL ROLE CSOS AND CISOS

HAVE IN BUSINESS CONTINUITY PLANNING20ANOTHER FINE MESHIP ARCHITECTURES SPUR WIRELESS SOLUTIONS

Virginia Port Authority’s situation management software pulls together data from video surveillance and access controlVirginia Port Authority’s situation management software pulls together data from video surveillance and access control 1414

Port SecurityGets ProactivePort SecurityGets Proactive

PLUSRSA APP POSES QUESTIONS (LITERALLY!)

0408_secSup_Cover_v2.qxd 3/17/08 2:58 PM

ContentWhere Physical Security & IT Worlds Converge

© Copyright 2008, all rights reserved. Network-Centric Security is a supple-ment to Security Products, an 1105media, Inc. publication, and is published 6 times a year: February, April, June, August, October and December.

The information in this magazine has not undergone any formal testing by1105 Media, Inc. and is distributed without any warranty expressed or implied.Implementation or use of any information contained herein is the reader’s soleresponsibility. While the information has been reviewed for accuracy, there is no guarantee that the same or similar results may be achieved in all environments. Technical inaccuracies may result from printing errors and/ornew developments in the industry.

APRIL 2008 VOLUME 2 NO. 2

Network-Centric Security welcomes vendor information and briefings. To arrange a briefing, pleasecontact our editor, Steven Titch, via email at [email protected]. Our agreement to acceptor review product material or backgrounders is not a guarantee of publication.

6EnterSeizing laptops, cellphones and iPods inthe name of bordersecurity is no way to protect U.S.infrastructure and data assets.

8InnovateAn RSA hostedapplication performsauthentication bycross-tabulating data from publicrecords to produce a series of questionsan identity thief isunlikely to know. Also, how to stop an IP camera hack.

30LaunchNew applications,strategies andsolutions.

32ExitJust because someorganizations have no plans to combineIT and security func-tions doesn’t meanbusinesses shouldn’tprovide unified over-sight of risks.

FINDING THEDANGER IN THE DATABy Sharon J. WatsonThe Virginia Port Authority gets pro-active with a situation managementsystem that pulls together data from its disparate security systems, includingaccess control and video, to provideport police with an integrated view ofwhat’s happening in the facility.

APRIL 2008 | SECURITY PRODUCTS

EDITORIAL

EditorSteven Titch281-571-4322

[email protected]

Art DirectorDale Chinn

Associate Art DirectorWendy Byle

PublisherRussell Lindsay

[email protected]

Associate Publisher/Editor-in-ChiefSecurity ProductsRalph C. Jensen

[email protected]

SALES

District Sales ManagerWest/Southwest /Central

Barbara Blake972-887-6718

[email protected]

District Sales ManagerSouth/Southeast /Midwest

Brian Rendine972-687-6761

[email protected]

District Sales ManagerNE/Eastern Canada/International

Randy Easton678-401-5543

[email protected]

District Sales ManagerCalifornia/Central and Western Canada

Ben Skidmore972-587-9064

[email protected]

District Sales ManagerEurope

Sam Baird+44 1883 715 697

[email protected]

District Sales ManagerChina

Jane Dai. New Buddy Limited86-755-82925229

District Sales ManagerTaiwan

Peter Kao–Idea Media+886-2-2949-6412

[email protected]

1105 Media5151 Beltline Road, 10th Floor

Dallas, TX 75254

Editorial services provided byExpert Editorial Inc.

www.experteditorial.net

features

departments

1414

2020

SECURITY FOR THOSEHARD-TO-REACHPLACESBy Steven TitchGreater demand for remote surveillance prompts new wireless architectures.

2626

COMES THESTORMBy Frank BarbettaWorking together, CSOs and CISOs canbe the catalysts for an effective, com-prehensive business continuity plan.

0408secSup_04_TOC_v4.qxd 3/17/08 3:00 PM Page 4

S6

Under the Fourth Amendment to the U.S. Constitu-tion, no federal, state or local enforcement agencycan demand you turn over the information on your PC or other personal technology devices without asearch warrant. At least that was true until the fedsfound a loophole.

U.S. Customs and Border Protection (CBP) does have the authority to open and inspect luggageat border entry points. So, in a remarkable stretch, CBP has declared laptops, cell phones, Black-Berrys and iPods to be equivalent to the average Samsonsite suitcase. For more than a year, accordingto the Washington Post and other media outlets, customs agents have been seizing consumer electronicdevices and demanding owners provide the passwords so they can inspect and copy emails, websearches, phone directories, call logs and documents of all types. They need not provide a reason. Todate, however, CBP says not a single charge has been brought in conjunction with seized equipment.

The searches are becoming common enough that a number of companies are advising employeeswho travel internationally to wipe their hard drives before leaving the country to prevent disclosureof proprietary or highly secure information.

The Asian Law Caucus, with support from the Electronic Frontier Foundation, plans to file a law-suit sparked by some 15 CBP searches and seizures of laptops, cellphones, MP3 players and otherelectronics. Almost all involved travelers of Muslim, Middle Eastern or South Asian background, butwho were either U.S. citizens or foreign nationals employed by U.S. companies, including Internet in-frastructure powerhouse Cisco Systems and Radius, a leading corporate travel management compa-ny. In some cases, travelers have had to wait weeks for their property to be returned. An executivefrom Radius is still waiting for CBP to return a laptop seized more than a year ago.

This government overreach presents an opportunity for security profes-sionals to be heard. Since 9/11, Congress has never missed a chance todemonstrate how clueless it is about addressing the country’s real securityvulnerabilities. That’s why instead of policies for shipping containerinspection at our ports, we get policies for toddler sippy-cups at airports.Instead of demands to investigate what knocked three Florida powerplants offline in February, we get demands for our MP3 playlists.

Major corporations need to get their CSOs and CISOs in front oftheir senators and representatives to communicate that while the U.S.infrastructure and information assets are vulnerable, seizing laptops isno way to protect those assets.

Playing at Securityby Steven Titch, Editor

0408secSup_06_Enter_v3.qxd 3/17/08 3:02 PM Page 6

APRIL 2008 | SECURITY PRODUCTSS8

It is a conundrum that enterprises and organizationsthat need to protect their customers’ secure informationoften must access that secure information to authenti-cate the identity of a customer. In other words, to pre-vent a breach, they must risk a breach.

The use of customer service representatives, on whom banks, brokerages, credit card issuers andphone companies commonly depend to assist customer phone queries, presents two security vulner-abilities. First, the very nature of the job means they are often the first point of contact for identitythieves attempting to use a stolen driver’s license, social security number or credit card to set up afraudulent account. How does an institution validate the identity of a new customer with whom it hasno prior relationship?

Conversely, who verifies the verifiers? In most cases, when a legitimate customer calls an enter-prise with an issue related to sensitive personal information, the customer service representativemust access that very information to ensure authentication. For example, a credit card customer call-ing to dispute a charge would be required to provide account name, number and perhaps a social

security number or “password” like a mother’s maiden name. So, in the end, the rep has access to keypersonal identifiers as well as the customer’s account details.

The ease with which credit accounts can be created and changed, legitimately or not, is one reasonidentity theft is the fastest growing crime in the U.S. That makes any personal information as goodas cash to an unscrupulous rep. Institutions may make an effort at background checks, but theunfortunate truth is that thoroughness must be balanced against cost. Rep positions, particularly inphone banks, are often low-pay, high-turnover jobs.

Simple Security Questionsby Steven Titch

?RSA IdentityVerification offers a simple process to authenticatecustomers acrossmultiple touchpoints.

Client controls and modifies business rules and risk threshold throughout process

UnknownConsumer

Locate Relevant

Data

MatchData to

Consumer

BuildKnowledge

Profile

GenerateCustomizedQuestions

Deliver &Score

Questions

ReportResultsto Client

VerifiedIdentity

Processcompletedin seconds

0408secSup_08_12_Innovate_v6.qxd 3/17/08 4:14 PM Page 8


Enter RSA Identity Verification, a host-ed application that performs authentica-tion checks by cross-tabulating data frombillions of public records and producing aseries of questions that require answersthat an identity thief is unlikely to know.Atthe same time, at the customer rep side, thesystem provides no context for the ques-tions. The rep merely enters the responseswithout knowing whether they are corrector not. At no point does the rep accesspersonal information like social securitynumbers or account numbers to performthe identity authentication.

“When you’re establishing a relationshipyou have nothing,” says Bryan Knauss,senior product manager-identity verifica-tion solutions at RSA, Bedford, Mass.. “Atthe same time, when you want to verify IDon an existing customer involving a lostpassword or other credential, you canresolve it in an efficient way.”

SUCCESS AT BNY MELLONBNY Mellon Shareowner Services, JerseyCity, N.J., a division of Bank of New YorkMellon, has been down this road.

In its first attempt to strengthen IDauthentication, BNY Mellon replaced theuse of client social security numbers with aunique “Investor ID” it assigned to everycustomer. BNY Mellon customers had tovisit the bank’s Web site, input theirInvestor ID and create a PIN. The PIN-creation process initiated a mailing of aone-time user authentication code. Theuser then returned to the Web site to enterthe authentication code and complete theactivation of online account access.

A secure process, to be sure, but itproved inconvenient for customers whowanted immediate access to their onlineaccounts.As a result of what was a three- toseven-day delay in waiting to receive an au-thentication code via mail, call center vol-umes spiked as clients repeatedly soughtthe status of their authentication code. Toimprove customer satisfaction, BNY Mellonadopted the RSA Identity Verificationsolution as a new method for customeridentity authentication.

The bank declined to comment on theRSA solution. Through documentation onits Web site, RSA provided information onBNY Mellon’s experience. Other usersinclude three of the top six wireless phonecompanies, Knauss says.

HOW IT WORKSThe RSA Identity Verification solution,which can be used by a customer rep or in-corporated as a Web-based application us-able with any browser, presents the queryingindividual with a series of questions culledfrom an instantaneous scan of billions ofpublic records held in databases owned byaggregators with which RSA has contracted.

The identity verification system willprompt the user to enter his or her name (or,if it’s a call, the customer rep will enter it onthe user’s behalf). An RSA server will thenrun a query on the name through these data-bases. In the process, the system may alsocross-reference the name of the user withthose of other individuals and companiesthat public records associate with the user.Based on the data retrieved, the RSA serverwill then generate the questions.These ques-tions might ask if the user recognizes an oldhome address or phone number. They maypresent the first name of a spouse or sibling

and ask to specify that person’s birthday.They generally are multiple choice, with“None of the Above” among the options.

Whether the inquiry is made on the Webor through a customer service rep, thesystem simply indicates whether thecustomer’s identity is authenticated or not.Because questions are generated on thespot, are presented in almost no context andtheir answers are not easily found bysearching the Internet, the odds are slimthat someone other than the genuine usercould guess correctly. In addition, thesystem has the ability to dynamically adaptthe difficulty level of questions based oncertain high-risk events or business rulesand adjust for inconsistencies in public data.

Perhaps the only disquieting aspect forconsumers who have an opportunity to usethe system is that such a wealth of informa-tion exists about them and can be broughttogether so easily.

Knauss emphasizes, however, that the in-formation sources are all from the publicrecord—birth certificates, marriage licenses,real estate transactions, phone directoriesand such—that are available through anundisclosed number of data aggregators.“Wedon’t use credit file information,” he adds, orany other data held by private sources.

Stop an IP Camera HackBy John Verity

How’s this for a nightmare scenario? Stealthy bad hats sneak up on anIP video camera attached to a remote fence and unplug it from its Eth-ernet cable. In its place, they jack in a laptop computer and—voila!—they’re now inside that surveillance network where they can manipulateother cameras, reprogram door locks, fiddle with access credentials andperhaps wreak havoc all over the target organization’s intranet.

Or maybe not. If that branch of the network is secured by a new appliance developedby Waterfall Solutions Ltd., a Tel Aviv-based startup, these intruders might find them-selves staring at what amounts to a virtual wall situated just a few meters down the net-work. Waterfall claims its appliance, employing a clever combination of hardware andsoftware, can isolate network segments in a way that’s completely impenetrable.

“I can give you full control—password, administration rights, and more,” says LiorFrenkel, chief technology officer and co-founder of Waterfall. There’s no way through,

Network Protection, continued on page 12


he adds. “Standard firewalls and gatewaysare vulnerable to hacking or misconfigura-tion. Our appliance is not.”

Waterfall’s IP Surveillance Enabler ex-ploits the fact that IP networks rely on aconstant two-way flow of information.Data packets, containing images from acamera, for instance, flow one way. Trafficcontrol signals—short data bursts that ac-knowledge that the originating data pack-ets have been received or, if not, request a

resend—flow the other way. By blocking allof that downstream traffic control data andpassing only upstream data packets, Water-fall’s box makes sure that any device locat-ed on the other side of the box will be un-able to acknowledge packets sent to it by

the intruders’ laptop.As a result, the laptopwill be unable to engage with, much lessmanipulate, any device beyond the localnetwork segment.

What stops hackers from receiving a sin-gle bit of downstream data? Within Water-fall’s box, inbound packets get turned intopulses of light, sent down a short piece ofoptical fiber, and then turned back intoelectronic pulses to continue their journeyas usual. And it’s absolutely impossible,says Frenkel, for any data to travel the op-posite direction across this electro-opticaldivide.Waterfall says it also has worked outmethods, based on a proprietary protocol,to keep the camera none the wiser about itsisolation from the broader network. Thecamera will still be addressable from themanagement system, remote polling andcontrol will continue to work and managerscan even upgrade the device, all with nosacrifice in security.

Frenkel declines to quote specific prices,but says the company’s goal is to make sureits device costs no more than 10 percent ofthe overall investment a customer is mak-ing in surveillance, including cameras, soft-ware and networking. For now, the Water-fall device will likely be deployed only toprotect certain cameras and other devicesthat are remotely located and thereforeparticularly vulnerable to physical attack.Waterfall has begun shipments, has severalpilot projects in the works and has signedone customer, in Israel. Privately financed,the firm is now scrambling to make itsproduct smaller and less costly to produce,qualities that enabled once-costly and ar-cane network firewall products to take offa decade ago. Says Frenkel: “Today’s high-end solutions always become tomorrow’scommon solutions.”

John W. Verity is a free-lance writer based inSouth Orange, N.J. He can be reached [email protected].


• Smart Solutions: NVR, IP software, hybrid systems• Powerful monitoring features included

• Megapixel IP cameras and analog cameras• Open integration with other systems

• Simple, cost-efficient IP camera licensing• One easy to use, powerful interface

www.exacq.com • 317.845.5710

Circle 358 on card.

Waterfall claims its appliance can isolate network

segments in a way that’s completely impenetrable



Finding the Danger in the Data

PORT GETS PROACTIVE WITH SITUATION MANAGEMENT SOFTWARE

VPA’s Norfolk operations:

Orsus software pulls together

data from access control and

video surveillance to monitor

port activities.

By Sharon J. Watson

0408secSup_14_18_Watson_v5.qxd 3/17/08 4:54 PM Page 14

“The events of that day were fresh in the heartsand minds of everyone on my staff,” he said.

Merkle’s staff and crew, most of whom had wit-nessed the 9/11 attacks, were emotionally invest-ed in their work. They were united in a key con-clusion: to prevent further attacks, they had tomake sense of more security data more quickly.

“It’s not enough to know after the fact,” Merkle said.“You haveto put together so many pieces.”

To detect dangers lurking in its security data, Merkle and the VPA are implementingSituator, situation management software from Orsus. Situator pulls together data fromthe VPA’s disparate security systems, including access control and video, to provideMerkle and port police an integrated view of what’s happening in the facility. It alsoprompts them to follow their own defined procedures for handling various situationsand ensuring consistent responses and detailed records.

“I wanted a company that understood the world of terrorism but also knew that youneed to keep operating,” Merkle said. Orsus, with dual headquarters in New York andOr Yehuda, Israel, he said, got it. “They understood the world of terrorism. They un-derstood the world of response.”

BALANCING COMMERCE AND SECURITYThe key challenge isn’t the amount of information; it’s the question of what to do withit. Merkle must provide the best security without disrupting the flow of commerce.Thatis a critical balancing act for the VPA, a state agency that owns and operates threegeneral cargo marine terminals: Norfolk International Terminals, Newport NewsMarine Terminal and Portsmouth Marine Terminal. A fourth, the Virginia Inland Port,

WWW.SECPRODONLINE.COMS15

Serving as the Coast Guard’s Senior OperationsCaptain in the Port of New York and New Jerseyimmediately following the attacks of Sept. 11,2001, profoundly influenced how Ed Merkleapproaches his current job as director of portsecurity and emergency operations for theVirginia Port Authority (VPA) in Norfolk.

Ed Merkle

Merkle must provide the best security without

disrupting the flow of commerce



is 200 miles inland, in Front Royal. Com-bined, these four terminals constitute thePort of Virginia.

The Port and the maritime industry builton it are responsible for 340,000 jobsthroughout the state and more than $41billion in total revenue. Last year, the Porthandled 2,289 ship calls and 366,739 tons ofbreak bulk cargo.

Each terminal is a welter of round-the-clock activity: they are hubs for interna-tional shipping lines, shipping and logisticsfirms and agents, stevedores, motor freightand delivery services, rail freight, and portcrew and employees.

By the time Merkle arrived in 2004, theagency had spent about $22 million on a

video surveillance network and an accesscontrol system to comply with the Trans-portation Safety Act of 2002 and to securethe port. It also had built a new securityfacility, leaving within it space for a newcommand center.

Merkle’s goal was for the command cen-ter to support proactive security measuresas compared to general policing and foren-sic analysis of events.

“I wanted to stop anything from hap-pening,” Merkle said, “and there’s a differ-ent set of things you have to do to makethat transition.”

He said even a simple deterrent, such asa fence, takes on a new role when preven-tion is the goal. Under a policing strategy,a physical patrol could find a section of cutor torn fence. But with 10 miles of fence atthe Port, such patrols would take too longto find the opening, then figure out who

came through it and why.“You need to know immediately,” Merkle

said,“and that pushes you into technology.”

RULES-BASED KNOWLEDGESpecifically, it pushed Merkle and the VPAtoward situation management software tohelp them make sense of their data streamsand to get more from the resources they had.

For instance, Merkle notes that theVPA’s access control system monitors wellbut doesn’t differentiate the severity ofalarms it generates. He points out that afront door breach is more critical than anopen closet door on the sixth floor—unlessthe closet is suddenly opened in the middleof the night.

“You need a rules-based system to dothose differentiations,” Merkle said. “Other-wise, every one of your sensors winds upbeing on the same level.”

Bringing more sense to the Port’s hugesecurity data streams would be a formida-ble task. For example, the Port’s access con-

trol system, from Lenel Systems Interna-tional Inc. of Rochester, N.Y., processesmore than 5,000 transactions daily. In addi-tion, the Port will implement the federallymandated Transportation Worker Identifi-cation Credential program this summer.

The Port also operates a network of 250IP-based video cameras. But the existingvideo control room was geared towardforensic use, and the plan for an emergencyinvolved being able to add manpower toview incoming feeds.

“But that only works if you know thethreat is coming,” Merkle said.

In finding software that would help iden-tify threats hidden in his data streams,Merkle wanted “state of the market, notstate of the art,” he said.

Merkle also wanted a company largeenough to have the expertise required tobuild a robust, flexible system, yet small

enough that he personally would know thepeople working on his implementation.

“Situation management is a long-termrelationship,” he said.

The VPA selected Situator for its func-tionality and open architecture. Orsus has agrowing library of interfaces to securitysystems and software, as well as computingand mobile devices. Merkle said the cost ofSituator is covered by his $2.1 million bud-get to outfit his control room, which in turnis largely covered by a $3 million Depart-ment of Homeland Security grant.

EASY TECHNOLOGY, HARD RULESImplementing the Situator software, in-cluding integrating the Lenel access controlsystem and the video network, took abouttwo days, said Lung Cheng, technology ser-vices division supervisor for Virginia Inter-national Terminals Inc., the port operatingcompany owned by VPA.

Orsus provided a custom interface tothe Lenel gateway. Integrating that systemand the video went quickly because bothsystems are IP-based, Cheng said. Further,Situator required no additional band-width, running on the Port of Virginia’swide area network, based on a synchro-nous optical network-based (Sonet) doublering fiber solution from Verizon and Ciscoswitches and routers.

“The whole implementation was pain-less,” Cheng said. “The most time-consum-ing part was entering the security policiesand procedures.”

That task is handled by the end users,though, not IT.

“It’s a very easy-to-use interface,” Chengsaid.

With Situator, users must clearly definewhat type of incoming data constitutes anincident requiring a response. Then usershave to determine how they would respondin that situation. They then write these pro-

cedures into Situator,so if or when such anincident occurs, thesystem can promptthe user through theprocedures they’vealready defined, suchas sending a page,

Merkle’s goal was a command center that would

support proactive security measures as compared

to general policing and forensic analysis

Rafi Bhonker



making a phone call or dispatching officers.“Situator requires a precise definition of

what a trigger event is,” said Rafi Bhonker,vice president of sales and marketing atOrsus. “You can create these triggers andcombine them with logic to create more so-phisticated triggers.”

PLAYING BY THE RULESTo define rules for Situator, Merkle assem-bled an implementation team that includ-ed a dispatcher, whom he called the firstinformation filter; the senior operationscaptain; the facilities security captain; an

IT professional and two consultants, one aCoast Guard command center veteran andthe other a police officer to work with theport police.

Merkle said some rules decisions arevery clear while others require thought anddebate about what an appropriate securityresponse would be. Does a door proppedopen always indicate criminal activity andmerit an intense response? Or did an em-ployee leave the door open because heneeds two hands to bring in a heavy box?

“We’ve found nuances,” Merkle said. Forexample, one shredder room had an accesscontrol device on the door and was creatingalerts because employees could enter, shredtheir papers and exit in under a minute. Yetdisabling the alarm would be a problem.

“You have to think through every possi-ble scenario because you don’t want to missone,” he said.“But you don’t want to createa burden of alarms so you miss what’s im-portant. You also don’t want to build a sys-tem so complicated that you do keystrokesfor what people can do in their heads.When you need to follow a certain set ofsteps, that’s when you use the system.”

Situator also enables VPA to meet itsregulatory requirements with greater ease.Merkle said VPA is bound by local, state

and federal regulations, so it must makesure its responses are consistent. He said if maritime security (MARSEC) levelsincrease, say, from MARSEC 1 to MAR-SEC 2, VPA has to meet certain action andreporting obligations. Further, if an inci-dent does occur, reports must be filed.

“It’s very hard to go back and recon-struct what you did and when you did it be-cause so much is happening in the first 60minutes,” Merkle said. Situator providesthe necessary audit trail.

Merkle said the software’s user interfaceis intuitive, a big benefit to dispatchers who

are used to working with a simple radioand phone dispatch system.

“You’re trying to minimize the amountof training time on software designed to im-prove productivity,” he said. The softwareprovides a graphic view of the security com-ponents, down to individual elements, suchas a door. Functions, such as opening thedoor remotely, are generally accomplishedwith a mouse-click. Operators usually needto see a procedure just once to learn it.“That’s a powerful asset,” he added.

FUTURE VIEWSSituator now overlays the Port of Virginia’saccess control and video networks, and firesafety system integration is under way.Merkle would like to bring in the HVACsystems functions as well.

His immediate goal is to bring smartervideo analytics into Situator.VPA’s existinganalytics had been causing too many falsealarms. Merkle said accurate alarms will bea challenge for any analytics package, giventhat the ports are open 24/7, with a greatdeal of movement.

“Change is a constant here,” he said.In addition, Merkle foresees a day when

Situator could send alerts to other portpersonnel, such as notifying maintenance

workers that pressure is rising in a piece ofequipment. Situator also could tie intoother security systems in use at the Port,such as RFID-based container and logisticssecurity systems. But such data would haveto be vetted for meaningfulness. Merklelikens the various security systems in useby various entities to skyboxes in a largesports arena.

“A door open in our skybox might notbe important to the rest of the arena,” hesaid. “Still, there are endless possibilities ofwhat you can build under a commonframework.”

But fully exploiting Situator’s abilitiesrequires a mindshift.

“We security directors have been hesi-tant to give up control,” said Merkle, whosaid his team worked as partners with ITstaff on Situator. Giving control to IT per-sonnel or sharing cameras and data withlocal law enforcement agencies and possi-bly even VPA customers enables connec-tions among all types of systems.

Those connections will help his depart-ment’s role evolve, Merkle said.

“We’re becoming much more opera-tionally intertwined,” he said, explainingthat security personnel are the firstgreeters at the Port as well as the last facesseen. “We have a role in port operations, inpromotion, in marketing.”

Yet despite the power of the technologyto make those connections and help theVPA prevent security problems, Merkleemphasizes that effective security stillcomes down to the brains behind it.

“Situator’s a great piece of software,” hesaid, “but we still have to write all the rulesthat go into it.”

Sharon J. Watson is a journalist based inSugar Land, Texas. She can be reached [email protected]

Situator could tie into other security systems

in use at the Port, such as RFID-based

container and logistics security systems



Using a mesh radio network from Fire-tide Inc. of Los Gatos, Calif., Phoenix po-lice deployed discreet surveillance camerasas part of their investigations. In August,the Serial Shooter case came to an end withthe arrest of two suspects. A month later,police arrested a suspect in the BaselineKiller case.

At the time of the arrests, police cited acombination of legwork, forensic investiga-tion and tips from citizens as instrumentalin the apprehension of the three suspects.

The department’s embrace of quickly de-ployable video surveillance technology alsoplayed a role, suggests Pamela Valentine,Firetide’s vice president of marketing, as itwas part of a mandate by Phoenix law en-forcement “to do what it takes” to catch thekillers. Since then, Valentine said, remotevideo surveillance has become an impor-tant element in the department’s law en-forcement efforts.

The explosion of interest in remote ac-cess and monitoring is a direct function of

the growth of Internet Protocol (IP) net-working in security. The open nature of IPand Ethernet allows for greater scalability.Free from proprietary jail, which oftenisolates security systems by application andlimits their reach, networked security isencouraging users to place not just videocameras but access control systems andsensors, no matter how far-flung their loca-tions, on a common wide area network.

While hard-wired techniques have notbeen overlooked (see box), the IP trend

In the summer of 2006, Phoenix was in the grip of two serial killing sprees.In both cases, victims were being targeted in outdoor areas. The first case,the Baseline Killer, involved eight rapes and murders near a stretch of Base-line Road at the southern edge of the city. The second case, known as theSerial Shooter, involved 36 random shootings—six of which were fatal—ofpedestrians and bicyclists throughout the metropolitan area.

GREATER DEMAND FOR REMOTE SURVEILLANCE

PROMPTS NEW WIRELESS ARCHITECTURES

By Steven Titch

Security

PlacesHard-to-Reachfor Those

0408secSup_20_24_Titch_v4.qxd 3/17/08 3:18 PM Page 20


has sparked interest in the use of varioustypes of wireless techniques as cost-effec-tive methods of extending surveillance andmonitoring. Still, the quirky aspects ofradio engineering, plus persistent ques-tions about wireless reliability and band-width, force end users and integrators toconsider carefully what type of radio net-work architecture might best serve theirparticular requirements.

“With microwave, whether licensed orunlicensed, there are issues as to line-of-sight, interference and weather,” said Ben-jamin Butchko, president and CEO ofButchko Security Solutions, a Houston-based systems integrator. “With mesh net-works, you need to think about the geomet-ric and geographic aspects.”

WIRELESS CONFOUNDS THE BEST“Wireless is intrinsically unreliable,” saidCosimo Malesci, director of Fluidmesh Net-

works, a Boston-basedmanufacturer of IP-based mesh radio sys-tems for video surveil-lance. “You configurea network. Six monthslater someone puts ina [wireless] hot spot

near your access point, and suddenly youhave to go to a new frequency.”

“It can take a couple of years to get com-fortable with wireless,” Malesci added.“There are aspects to engineering thatseem illogical to some not used to workingin the wireless world.”

Indeed, rain, seasonal changes in foliage,nearby bodies of water and buildings canall affect radio performance. These vari-ables have wireless vendors doing theirbest to differentiate their equipment.

A further complication is video. Meshnetworking essentially was developed foruse in municipal wireless networks usingthe 802.11 WiFi protocol for wireless Inter-net connection. Unlike a stand-alone ac-cess point—or hot spot—that might exist ina coffee shop, hotel lobby or corporate of-

fice and connect directly to a wired broad-band Ethernet network, mesh networks aredesigned to relay a signal across a numberof access points before reaching a wirelineconnection. So, at any given time, a hot spotin a mesh network may be backhaulingtraffic from other hot spots, as well as re-ceiving signals from client devices within itsown transmission range.

The advantage of mesh is that line-of-

sight antennas are not required. Also, thenumber of potential transmission pathsacross the mesh allows for instant reroutingof signals should a hot spot go offline.

BANDWIDTH CONGESTIONThe principal drawback of mesh network-ing is that greater amounts of bandwidthare consumed as radio connections hopfrom hot spot to hot spot. For example, a

When is 100 feet not 100 feet? When you’re extending an Ethernet network.Wireless may be workable for numerous remote access situations, but

there are still applications where users require hardwired networks usingcoaxial and Category 5 cable. Casinos, for example, have such enormousvideo requirements that they need the bandwidth and reliability cable con-nections provide.

Companies such as Veracity USA Inc. and VideoProtein provide equip-ment for expanding the reach of Ethernet and IP networks. Veracity USA ofDallas and its sister unit, Veracity UK Ltd. of Ayer, Scotland, offer a line of de-vices that extend Ethernet connections—and power—up to at least 1,000feet. The effective distance of an Ethernet link for adequate power is 330 feet.Many users find a common problem when they want to extend the networkout to this distance, said Scott Sereboff, CEO of Veracity USA. While it mightbe 330 feet from point A to B, cable can’t always be run in a straight line.

Veracity manufactures Outreach, a 100 megabit-per-second (Mb/s)midspan local area network and power over Ethernet (PoE) extender. Eachdevice can extend a Category 5 connection an additional 330 feet, up to1,000 feet for Class 2 PoE and 2,000 feet for Class 3 PoE. The units are pricedat $199 each, but distributor pricing may vary, Sereboff said.

Meanwhile, VideoProtein will formally unveil what it claims is the indus-try’s first plug-and-play IP video server at ISC West in April. The DelrayBeach, Fla.-based manufacturer has been previewing the device at variousvenues, including the IP User Group’s IP-in-Action Live conference Feb. 12 inLakeland, Fla.

The product, VideoRouter, is the industry’s only auto-discovering, self-configuring video server, Paul DiBerardino, VideoProtein’s executive vice pres-ident of sales, told attendees in a presentation dur-ing the conference. Upon introduction, the device,which operates as a 2 terabyte NVR/DVR and PoEswitch, will support IP cameras from Axis, IQinVi-sion, Mobotix and Sony. Users and installers simplyplug remote cameras into the VideoRouter, and thedevice automatically configures the network andcommunicates that information back to the host VideoProtein Web server.

The VideoRouter represents a major addition to VideoProtein’s productline. The company manufactures browser-based IP video management soft-ware designed to run on open-source platforms such as Linux and Sun So-laris, as well as Windows and Mac.

Extending Wired Security Networks

Cosimo Malesci

VideoProtein's plug-and-play router



typical access point may be capable of han-dling 15 megabits per second (Mb/s).That’sfine if the devices are aggregately consum-ing 2 Mb/s. But in a mesh configuration, thesame hot spot could easily start receivinganother 2 Mb/s of traffic from a nearbyaccess point in the mesh. Now it’s handling4 Mb/s. It then might have to relay that 4 Mb/s of traffic to another hot spot in themesh, which itself already might be han-dling 4 Mb/s from other users. That thirdhot spot is now at more than half-capacity,handling 8 Mb/s. Should it receive an addi-tional 8 Mb/s from another hot spot in themesh, it would have overfilled its availablebandwidth. Data traffic would slow or stallas packets fail to get through.

Bandwidth use on PC Internet connec-tions fluctuates enough that this rarely hap-pens. But introduce bandwidth-intensivevideo surveillance applications to themesh, and there is an instant congestionproblem. That’s why most mesh network-ing vendors, while committed to standardsthat permit cameras and terminal equip-ment to plug-and-play, tout proprietary

methods to manage bandwidth.“We are a backhaul solution,” Michael

Dillon, Firetide’s vice president of businessdevelopment-municipal markets, said flat-ly. “We use all channels available to us. Wecan deliver 35 Mb/s across large environ-ments and distances.”

After the experience with mesh wirelesssurveillance in the two serial murder cases,the Phoenix Police Department’s DrugEnforcement Bureau (DEB) began usingFiretide equipment, deploying “covert mesh-es” in as little as two weeks to observe areaswith a heavy amount of drug dealing. Be-cause the wireless cameras were small anddiscreet enough to be hidden, the DEB oftenwould mount visible dummy cameras to en-courage dealers to group in spots that wereunder actual surveillance, Valentine said.

Phoenix’s covert surveillance becameovert when the police deployed a 40-cameramesh system in downtown Phoenix for theweek of Super Bowl XLII. Phoenix policemanaged the network and monitored videofeeds alongside a second wireless mesh atthe game site, University of Phoenix Stadi-um in suburban Glendale, Valentine said.

Firetide also supplies radios to DigitizeInc., Lake Hopatcong, N.J., which special-izes in remote alarm monitoring. Enter-prises and government agencies can use aFiretide mesh, controlled by Digitize’s 3505alarm management system, to integrate

alarms, sensors, VoIP call boxes and cam-eras over a “radio superhighway,” saysAbraham Brecher, president of Digitize.

Once the mesh is in place, Brecher saysapplications integration is easy. IP sensorsand cameras from different manufacturerswill connect right to the radio network,which can use 802.11 or other protocols andfrequencies (see diagram). “It’s all plug-inEthernet. You don’t need to get the IT de-partment involved.” Digitize, which claims6,000 customers, will begin marketing itsmonitoring system with radio capabilitywhen it receives Underwriters Laboratoriesapproval, which Brecher says is pending.

AVOIDING WIFIFluidmesh, while also a mesh networkvendor, eschews 802.11 for a proprietarytransmission protocol. Regardless of the con-

tent, “802.11 will trans-mit packets the sameway,” Malesci said. TheFluidmesh protocol“will look at what typeof packets you aretransmitting across thenetwork [e.g., video,voice, data] and opti-mize the transmission.It doesn’t stack pack-ets up. Therefore thereis less latency, such as

Diagram of a mesh wireless network integrating video, alarm monitoring, VoIP and mass notification.

FluidMesh 2200

Mesh networks go vertical, as well ashorizontal: Samsung deployed a Firetidemesh network for video surveillance andVoIP at the construction site of the DubaiTower, United Arab Emirates.


on pan-tilt-zoom commands.” Fluidmesh net-works also run simultaneously on 2.4 and 5.1to 5.8 GHz bands, minimizing the chances ofinterference problems.

Viewpoint CRM, a Lowell, Mass.-basedsolution integrator that operates a remotevideo operations center on behalf of anumber of clients, is a Fluidmesh user. “Weweren’t sold on wireless for a long time,”said Bill Reilly, Viewpoint sales manager.“It took some time before we found aproduct out there.”

Others aren’t as sold on the mesh con-cept. Ray Shilling, vice president of salesand marketing at AvaLAN Wireless, saidhe thinks the architecture is too complicat-ed for a majority of installations and nomatter what protocols or bit-shaping tech-niques they use, mesh networks ultimatelyrun into the bandwidth constraint endemicto multi-hop transmission.

“You still face the fundamental laws ofphysics,” he said. Mesh network technolo-gy, he added, ultimately will give way tomore efficient wide area radio solutionssuch as WiMax, which can transmit and re-ceive longer-range, high-bandwidth radioconnections over larger areas.

The AvaLAN approach, Shilling said, isdesigned for the lower two-thirds of themarket looking for equipment that canconnect quickly without fuss.

“Most products have a special interfaceand software drivers, require users to learna new suite of management tools and some-times require a course or manual,” he said.

The AvaLAN line of 5.8-GHz point-to-point line-of-sight and 900 MHz point-to-multipoint radios requires no networking orwireless skills. “All you do is plug it in andaway it goes,” Shilling said. Sony and Axisboth bundle AvaLAN radio gear with theircameras for wireless installation, he said.

AUTHENTICATION INTEGRATIONAvaLAN installations include the U.S. Ma-rine Station at Cherry Point, N.C. Cameras,as well as access devices such as entry key-pads and card readers, have been combinedon radio links, Shilling said. The stationmanages these remote security and surveil-lance tools from a central control center.At

Cherry Point, access points require keypadcode entry and identity authentication withbiometrics. When an individual enters anygate at the base, authentication and videoare transmitted back to the control centervia radio using the Ethernet protocol. Theauthentication information is checked withinformation in the access control server.Entry is then permitted or denied. Theexchange takes place in .55 of a second.

Servers also can be configured to auto-

matically download information to each key-pad or access point on a programmed basis,such as every 24 hours. In this case, the au-thentication data is resident on a chip in theremote device. The card or keypad accessentry process is then reduced to 1/1000th ofa second, a virtual instant, Shilling said.

Steven Titch is editor of Network-CentricSecurity. He can be reached at [email protected].


Network-centric systems have an important role in the design and operationof effective perimeter security, according to two Houston-based securityprofessionals.

Speaking at a breakout session on physical security and access control atthe Industrial Fire, Safety and Security 2008 Seminar and Solutions Expo inearly February in the Bayou City, Benjamin Butchko, president and CEO ofButchko Security Solutions, a systems integrator, and Walter Hansen, presi-dent of Scepter Security, a consultant, discussed ways to incorporate net-work platforms into perimeter and access security, which must be seen ascomponents of a sound risk mitigation strategy.

While protection measures incorporate management processes, includingrisk assessment, business continuity and training, the technology compo-nent must effectively combine situational awareness, access control and in-trusion detection, Butchko said.

Networked security automates and combines functions that were ineffec-tive because they were isolated or subject to human error, Butchko said.These include alarm systems without methods to immediately assess thenature of the problem, the use of people as “detection devices” and cameraswithout triggers.

To a greater degree, enterprises are combining access control, alarm sys-tems and surveillance to provide rapid detection, assessment and response.This can be as simple as connecting an outdoor sensor to a camera. Thecamera does not even have to be on at the control center. In fact, Butchkosaid he prefers the screen to be blank in default mode. “But as soon as thereis an alarm, the picture comes up,” immediately grabbing the attention ofsecurity personnel, Butchko said.

When deployed correctly, the technology enables users to assess thesituation, dispatch appropriate responders and coordinate and communi-cate among responders in the field and commanders at the control center,Hansen said.

More sophisticated systems combine video, access control and forensics.Butchko related the example of a parking lot of a high-end country club thatwas being plagued by car thefts. The club installed infrared and thermalimaging cameras with onboard analytics. These were networked with park-ing lot access systems. The system is able to detect a car thief, track thestolen vehicle as it reaches the gate, read the license plate, mine the data,then transmit all that information to the local police, who are usually able torespond before the car gets off the club property.

Networked Security and Perimeter Protection



In these plans, IT and physical securityplay major roles—but security isn’t alwaysthe centerpiece or the exclusive factor, ex-perts say. Instead, they say an effectivebusiness continuity strategy must accountfor a larger mix of considerations, includingall affected personnel, corporate physicalstructures and individual business unitsthat may feel profit and loss effects.

Despite growing awareness of the needfor business continuity planning, expertssay executive management support forthese critical plans is still spotty, often be-cause of cost pressures. Further, the marketfor business continuity products and plan-ning is still only nascent.

Nevertheless, physical and informationtechnology (IT) security professionals with-in an organization can drive the creation ofsound continuity policies, demonstratingthe time and money spent on business con-

tinuity ought to be an accepted, recurringcost of doing business—somewhat akin toinsurance in the contemporary world.

RECOGNIZING THE NEEDBusiness continuity experts say periodicoperational disruptions due to headline-grabbing natural disasters such as hurri-canes, floods, tornadoes and earthquakesprovide dramatic catalysts that drive busi-ness continuity activity. But they also saythe more commonplace technical down-times, power outages, fires and even crimi-nal behavior provide stronger, longer last-ing motivations.

“Sept. 11 certainly was one of the mainbusiness continuity catalysts—a lot ofvisibility—and some of the pressure helpeddrive market awareness,” said John Linse,director of business continuity services atEMC’s Infrastructure Consulting Group of

Hopkinton, Mass. “But people simply havebeen starting to wake up to overall risks.Aswe talk to customers, the bigger catastro-phes bring it all into the light, but it is themore common everyday events that almostalways hit home.”

“Business continuity in countries withthreats and vulnerabilities has always beena problem, mainly for companies with oper-ations overseas,” said John M. McCarthy, amanaging partner for the Minneapolis-based Business Security Advisory Group(BSAG) consultancy. He also is a formerFBI agent and former Texaco security chief.

“You have to be prepared for what couldhappen and how to re-establish a business,”he said. “It has always been in the forefrontinternationally, but domestic companieswere different. Sept. 11, however, changedeverything, and business continuity becamemuch more important domestically.”

More than six years after the Sept. 11, 2001, terrorist attacks shocked

American enterprises over potentially catastrophic asset and financial losses,

enterprises have raised their level of understanding and sophistication when

it comes to formulating and executing business continuity plans to counter

and overcome sudden and destructive man-made or natural events.

CSOS AND CISOS ARE CATALYSTS FOR EFFECTIVE

BUSINESS CONTINUITY PLANNING

By Frank Barbetta

ComesComes thethe StormStorm

0408secSup_26_28_Barbetta_v7.qxd 3/17/08 4:22 PM Page 26


Still, McCarthy notes, actual continuityplanning and execution is a complex andcostly process.

“There’s a lot of focus on disaster recov-ery and less on business continuity, butthere’s also a growing recognition—especial-ly if there’s a bad event experienced—to talkabout it and realize what to do,” Linse said.

Business continuity implementationsvary by customer and vertical markets, hesaid. But, on the whole, business continuityremains slightly immature.

BRINGING IN THE TEAM “Executives know how to go about it, butone change in thinking—not as quickly as Iwould like—is that they can’t do it alone,”said Radford W. Jones, a security consultantand academic specialist at Michigan StateUniversity in East Lansing, Mich.

“Business continuity is really a teameffort,” the former Secret Service agentand former Ford Motor Co. security chiefsaid. “IT people definitely have a big role,but they can’t do it in isolation. They needcommitments from the top. Business con-tinuity plans can’t be put together in silos.And security people need to be told thebusiness priorities.”

EMC’s Linse characterized businesscontinuity as a “three-legged stool” consist-ing of disaster recovery, people andprocesses. Business continuity approachesmust stratify the levels of seriousness ofdisruptive events and have appropriate re-sponses, and there should be assignmentsfor people as well as the business continu-ity processes in place.

“The key things that we are seeing areawareness, rebuilding culture and the strati-fication of events, and it’s not just the bigevents that can affect a business,” he said.“Acultural change is necessary in most compa-nies. Disaster recovery is owned by IT andnetworking, but business continuity isowned by the business units at various levelswho must understand their own plans.”

BEYOND THE CIO AND CSO“I think one challenge is understandinghow all teams play a crucial part in imple-mentation,” said Jame-Ane Ervin, productmanager for multiple operating units of

Hayward, Calif.-basedDynamic NetworkFactory (DNF), in-cluding DNF Storage,DNF Security andStonefly.

“In many waysbusiness continuity isseen as an IT func-

tion, not an overall operation function.Conventional wisdom said ‘make a copy ofthe important files and stash it somewhereelse.’ But business continuity is not just IT-intensive,” she said. “Each departmentplays a key role in a well-defined plan. Awell-designed plan defines how each de-partment will react in any of the businesscontinuity scenarios.”

Although BSAG’s McCarthy said hesees a central role for security officers in-creasing within business continuity andknows IT resources are always a top prior-ity, he also emphasizes the necessity ofbusiness continuity planning overseen byexecutives and the inclusion of multiplesubsidiaries and operating units withinbusiness organizations.

Security officers, however, are integralmembers of the tactical team for businesscontinuity initiatives, Ervin added.

“They are essential to controlling accessto key resources and ensuring a smoothtransition into ‘emergency mode’ for theorganization,” she said. “It is essential forsecurity officers to be well aware of thebusiness continuity plan, and the steps thatare required for implementation: whetherthis means opening up the server room tothe IT staff to remove key hardware equip-ment or tape backups, or ensuring thebuilding perimeter is secure if the facilitieswill be abandoned due to an emergency.”

INITIAL CONTINUITY CONCERNS“[Companies] are still trying to figure outwhat is absolutely essential to run the busi-ness,” Ervin said. “In our experience, organi-zations in the early stages are looking at dataavailability but haven’t gone too far alongthe path of thinking about data usability.”

The most important part of businesscontinuity planning is determining objec-tives, and the second most critical part isdry-run practice.

Companies have done a lot of thinkingbehind business continuity and what ittakes to have maximum uptime for the

business process, saidVal Oliva, director ofproduct managementat the enterprise busi-ness unit of FoundryNetworks, a trafficmanagement solutionvendor in SantaClara, Calif.

“Companies today are employing manydifferent solutions. In networking anddata centers, this involves redundant in-frastructures that support higher avail-ability,” he said.

In a business continuity scenario, Olivasaid IT security has to extend not just to thedata center, but all the way to the wiringcloset and users’ points of access.Traffic, ser-vices, applications and databases all need tobe watched in business continuity scenarios,while security also must apply to ID badgesas well as building ingress and egress.

The criticality of user identification inbusiness continuity planning is a recurringtheme among experts.

“In terms of business continuity, our viewof the world involves user IDs,” said GeoffHogan, senior vice president of businessdevelopment and product management/marketing at Imprivata, a Lexington, Mass.,vendor of digital ID/single sign-on manage-ment systems. “And what we’re findingregarding the bigger trend is organizationsof all sizes have a variety of IDs and usersthey are trying to cope with.”

Hogan said over the last six months hiscompany has had discussions with dozensof chief information officers and chiefsecurity officers who are concerned about“silos of ID” among corporate users.

Jame-Ane Ervin

Despite growing awareness of the need for

business continuity planning, experts say

executive management support is still spotty

Val Oliva


“They are verymuch involved in thisID subject from abusiness continuitystandpoint, and thesekinds of issues comeup all the time,”he said. The mainbusiness continuity

issue is that they need a coordinated way tolink IDs together and provide commonaccess pooling.

A ROLE FOR THIRD PARTIES McCarthy said outside companies—likebusiness partners and contractors—shouldbe brought into the business continuityfold. Another important approach inbusiness continuity planning is to formliaisons with local communities and differ-ent levels of government, including politi-cal leadership, law enforcement, fire andemergency response.

“We’re now seeing more harmoniousways for public and private sectors to keepin touch regarding business continuity pre-paredness,” he said.

Michigan State’s Jones also advocatesthat third parties providing a wide varietyof services to enterprises—including tele-com and networking functions—should beincluded in the business continuity mix.

“Some 95 percent of contracts havenothing in them regarding emergency re-sponses and recovery,” he said. “Like inter-nal personnel, you just can’t expect [third-party contractors] to know what to do.”

Imprivata’s Hogan also sees partnersand third parties playing an increasing rolein business continuity design and imple-mentation and agrees that companies of allsizes are shopping around for business con-tinuity solutions.

“When it comes to the size of enterpris-es, everyone fundamentally wants the samebusiness continuity capability 24/7,” Hogansaid. “Smaller companies also want morecost-effective technical solutions out of thebox—less customized or consultative.”

THE COST ISSUE Given the recognized need for continuityplanning, the question becomes whyhaven’t more companies made greaterprogress on creating and practicing com-prehensive contingency plans.

Effective planning can often be over-

shadowed by profit margin concerns, Jonessaid. “Executives know they really have todo [business continuity planning], but asthe day goes on, other priorities take over,”he said. “Unfortunately, the intent is goodbut the implementation is often delayed.”

“Yes, there are dollar signs attached tobusiness continuity,” Oliva said. “Businesscontinuity is based on how much enterpriseswant or need to protect and sustain their

businesses.The tolerance is equivalent to thecost and loss. The catalyst at the end of theday is very simple: it is all about maximizingthe most out of money spent, and spendingless means more return on investment. But abig loss only needs one big disaster.”

Frank Barbetta is a journalist based in LittleFalls, N.J. He can be reached at [email protected].


A poll of 1,000 information technology (IT) executives suggests there’s wide-spread high awareness about business continuity—especially due to securitythreat concerns—but great diversity in action.

Business continuity planning is seen as a “priority” by 69 percent of ITexecutives; 40 percent indicate business continuity has always been a priorityfor their businesses and 29 percent indicate business continuity became apriority in recent years due to natural disasters, security and terrorist threats.Some 30 percent of executives surveyed said business continuity planningis “not a priority.” The poll was conducted last year in 10 metro/regionalareas by telecom network carrier AT&T, which periodically does surveys onbusiness continuity readiness in the United States.

According to AT&T, all the companies had at least $10 million in revenue,and 70 percent had revenues exceeding $25 million; 64 percent had 100 ormore employees. Some 60 percent were managers or directors of IT or in-formation systems, and 44 percent provided oversight and project manage-ment for business continuity plans.

AT&T said the poll revealed companies were more diligent about updatingthan testing business continuity plans. A majority (57 percent) had plansupdated in the past 12 months, but fewer (41 percent) had plans tested dur-ing the same period. Very few indicated their plans have never been updated(1 percent) or tested (12 percent). Other major findings—at least as of oneyear ago—are as follows:

�Eight out of 10 executives (82 percent) indicated cyber security is part of their overall business continuity plan; 56 percent view cyber security as a concern.

�Of four possible business continuity measures, companies are most like-ly to have implemented Internet security (68 percent); other measures takeninclude redundant servers and/or backup sites (59 percent), educating em-ployees (57 percent) and using service providers for outsourcing (35 percent).

�Concerning future efforts, companies plan to educate employees (16percent), establish redundant servers and/or backup sites (16 percent), im-plement Internet security measures (13 percent) and use service providersfor outsourcing (10 percent).

�Experiencing a disaster increases the priority placed on business conti-nuity, although only 24 percent suffered natural or man-made disasters;companies that experienced disasters are more likely than those that haven’tto view business continuity planning as a priority.

�Nationally, 34 percent of all companies implement specific protectiveactions when the federal government or state governments issue alerts foran impending disaster.

IT Execs Rate Continuity As Growing Priority

Geoff Hogan


Extreme CCTV’s EX85 megapixel IP Imager is compatible with the On-NetSurveillance Systems Inc. (OnSSI) video surveillance control platform (pictured),OnSSI has announced. Extreme CCTV’s imager provides HD-quality images inlow-light conditions, boosting the functionality of OnSSI’s video analytics software.

The deal allows OnSSI to benefit from Extreme’s Bit-Reduce technology, which,as the name suggests, reduces bandwidth utilization, thereby improving transmis-sion control management across the networked surveillance system. In addition, Extreme’s IP infraredimaging design and active-infrared night-vision technology provides OnSSI’s push technology with high-resolution images around the clock.www.onssi.comwww.extremecctv.com


2 AirVisual Mobile Content Management Software

1 Extreme CCTV Links with OnSSI

AirVisual Inc. has deployed its TransViewer mobile content management software for useby first responders in Michigan’s Oakland County Office of Emergency Response andPreparedness. The system can deliver pre-recorded and live video and other critical infor-

mation to computer terminals and mobile devices to and from theresponding vehicles over hardwired and wireless networks.

The system gives Oakland County’s hazardous materials responseteams the ability to collect critical information and share it on a peer-to-peer platform from one vehicle to another and with one or moreremote command centers. Built to reside specifically on vehicles, thesoftware can send and receive sensor information, GIS/GPS, video,audio, SMS, alarms and user updates.Additionally, the platform con-nects to remote video sources, access control and RFID, and per-forms adaptive routing, optimization, distribution and delivery ofcontent based on a rules- and permissions-based system.www.airvisual.com

0408secSup_30_31_Launch_v2.qxd 3/17/08 3:20 PM Page 30


4 Bellevue Mall uses Mate Intelligent Video

Mate Inc. and ACJ Technology Solutions have completed the first phase of a wire-less, automated, real-time shopper counting network at Kemper DevelopmentCo.’s Bellevue Square Shopping Center in Bellevue, Wash.

ACJ Wireless Networking Solutions, the integrator on the project, selectedMate’s iSense, an embedded video analytics appliance with an on-board camera, toprovide bi-directional counting of shoppers in real time. Counting data from theiSense appliances is delivered to Mate’s Web Reporter database via a wireless net-work. Shopping center managers are now able to access real-time shopper trafficdata via a Web browser or have reports e-mailed to them on an automatic basis.www.mateusa.netwww.acjts.com

5 Imprivata Access and Authentication Software

Cisco Systems has joined Axis Communications’ Application Development Partner(ADP) program. As a member of this program, Cisco will be able to integrate support forAxis network video products and collaborate to bring complete and fully integrated IPvideo surveillance solutions to the marketplace.

Companies that qualify for the Axis ADP program have active development of video ap-plications and market presence and serve important and relevant segments of the physicalsecurity industry. Once selected,ADP program participants collaborate with Axis on co-mar-keting opportunities and share software and market intelligence that helps meet the needsof vertical markets, including education, finance, government, retail and transportation.www.axis.comwww.cisco.com

3 IndigoVision IP Dome Camera

IndigoVision’s new internal and external vandal-resistant fixed IP domecameras offer a guaranteed frame rate of 25/30 fps, incorporate SonyEXview HAD CCD sensors and use H.264 compression. The built-insupport for Power over Ethernet allows the camera to be powered directlyfrom the network for lower installation costs. The discreet, IP-66 enclosurecan be ceiling- or wall-mounted and provides maximum protection fortough environmental conditions.

The cameras are part of a suite of IP video gear IndigoVision will unveilat ISC West this month. Other new products include a four-channel trans-mitter/receiver rack and a major upgrade to its NVR capability.www.indigovision.com

Information in this section has been supplied by the respective vendors. Network-Centric Security magazine does notaccept responsibility for the timing, content or accuracy of the product data or for the quality or accuracy of the photos.

0408secSup_30_31_Launch_v2.qxd 3/17/08 3:20 PM Page 31


In spite of the growing convergence of networksecurity and physical security, it’s clear that manyorganizations have no plans to combine their ITand corporate security functions under a singleCSO. That doesn’t mean those of us in non-con-verged businesses shouldn’t—or aren’t expectedto—provide unified oversight of risks.

CEOs and their boards of directors have realized, in the wake of front-page scandalslike Enron and high-profile losses of customer information, that enterprise risk is biggerthan just physical or corporate security. They are encouraging security to work with otherbusiness units such as human resources, legal, compliance and information technology (IT)to ensure the whole risk picture is addressed in a unified way.

The relationship between physical and IT security is a growing part of this unifiedapproach. We need to partner effectively with our physical security or information securitycounterparts to provide comprehensive security that’s in line with the goals of the business.

Numerous sources will tell youthat the best way to accomplishthis is to communicate.That’s true,but getting on the phone to sayhello now and again isn’t enough.Neither is arranging an urgentmeeting in the moments after a

crisis. You should actively collaborate before an incident occurs to learn about one anoth-er’s departments, their responsibilities and structures and to develop plans for respondingto various types of incidents that cross physical and information security boundaries.

WHO DOES WHAT?Ask about the structure of your counterpart’s department. Map it out to give yourself agood understanding of who does what. Find out about all the duties performed; some ofthese may have close cousins in your own department, which may provide you unexpectedopportunities to work together.

Then identify risks that apply to both functions and discuss collaborative options for mitigating those risks. To mitigate the risks associated with lost or stolen laptops,

A Unified ApproachBy Bob Pappagianopoulos

continued on page 34

Actively develop plans for responding to

various types of incidents that cross physical

and information security boundaries

0408secSup_32_34_Exit_v7.qxd 3/17/08 3:21 PM Page 32


for instance, physical security may providelaptop locks and cables and an acceptableuse policy, while IT may install automatedencryption, tracking or remote erasure soft-ware. Determine the strongest combinationof countermeasures appropriate to the risk.

Create a list of potential incidents thatwould require a response from both ofyour departments.Then develop a responseplan and process map for each incidenttype. Document which department will ini-tiate the response, who will be responsiblefor each phase of response and at whatpoint the other department should be con-tacted or brought in.

CEMENT WITH DOCUMENTATIONIf you have a very strong working relation-ship with your counterpart, you may al-ready have an unspoken understanding ofwho will do what and when. But putting itin writing will help you in several ways.

�If your counterpart should leave thecompany, it will make it easier for you tointroduce the plan to his or her successor.It may also serve as an icebreaker to helpyou initiate a good relationship with yournew partner.

�It can be disseminated among the em-ployees in a standard, consistent format.This way you’ll know that everyone in bothdepartments has been apprised of his or herrole in an incident, and you can fall back onthe documentation if an employee dropsthe ball and claims ignorance as the excuse.

�It can serve as a resource during post-incident analysis, which may help youidentify where things went wrong in theevent of a problem or a breakdown incommunication.

�You can use it to show your executivemanagement that you are a forward-think-ing leader who is reaching out to other de-partments to help meet the needs of the

business. This will help them to see securityas an asset to the overall organization.

�You may be able to use it as a datasource for metrics that further increase the value of security in the eyes of uppermanagement.

Communication with your counterpartin physical or information security is key toeffectively protecting the enterprise as awhole. But don’t just stop at hello. Makeyour counterpart a true partner by workingtogether actively to plan your protectionstrategies before you’re put to the test.

Bob Pappagianopoulos is corporate direc-

tor of technical services and operations and

CISO of Partners Healthcare System in

Boston and a member of the Security Exec-

utive Council, an international professional

organization for leading senior security

executives. For information, visit www.

securityexecutivecouncil.com

Network-CentricSecurity e-newsNow available in your in-box

twice a month

Join over 30,000* integrators, end users,

installers, contractors and IT professionals

who get the most up-to-date

network-centric security news delivered to

their desktops twice a month.

Sign up now at

www.secprodonline.com/mcv/newsletters/

*Publisher’s Own Data

Circle 367 on card.

0408secSup_32_34_Exit_v7.qxd 3/17/08 3:21 PM Page 34

port security gets proactive - 1105...

Documents