Surveillance Strategies

Growing Security Complexity and Network Interdependence

July 1, 2011

Widespread adoption of IP network-based solutions within the physical security industry is creating an increasing interdependency upon an infrastructure, which in most cases is owned and operated by a department outside of physical security. This mirrors current and historical trends within video conferencing and voice communication systems. The challenge for these systems, and security executives overseeing them, is to understand the choke points, the quality of service requirements and the backup operations that are in place. If these areas are not well understood the possibility increases for minor infrastructure issues to create cascading service interruptions to a facility, or worse an entire organization. As an industry, we are building upon these technical complexities and creating interdependencies and vulnerabilities that could go unrecognized until a major failure occurs.

 

Infrastructure Assurance

Waiting for a disaster before taking action is not an acceptable strategy. We have a responsibility as an industry to develop a set of security best practices that increase our competency and capabilities with IP networking technologies. These best practices should focus on developing new risk management processes that define policies regarding infrastructure assurance. These processes of assurance should include:

  • Prevention
  • Mitigation
  • Incident Management
  • Recovery

 

Prevention

Prevention of network service outages is a critical component to include in the planning and design of physical security systems and interdependent network infrastructure. If these systems are not designed with the intention of preventing downtime, vulnerability is introduced that places increased importance on other risk management processes. New IP network-based physical security systems are frequently selected without a competent physical security system designer conducting infrastructure analysis. In addition, slow growth in the number of designers with these capabilities is outpaced by increased marketplace adoption of new technologies. This situation is creating a gap, which only time and experience can fill. Short-term strategies, such as partnering with IT departments will help, but physical security must be vigilant about identifying and understanding how the IP network design impacts the physical security systems and operations.

Mitigation

Mitigation of network service outages is more than preparing for the next accident or natural disaster. Physical security operations must develop strategies covering IP network assurance by integrating the management, monitoring and maintenance performed by network owners and operators with that of the physical security systems. Unplanned service interruptions are typically either a result of poor management and maintenance procedures, or a lack of communication. Change management procedures must be designed and implemented across departmental lines to facilitate transparency, information sharing and strict management controls.

 

Incident Management

Management of network service outage incidents, and resulting communications with physical security operations, are critical to quickly uncovering the root cause of the interruption. This enables both departments to prepare a proper incident response. Without integrated incident management processes between network infrastructure and physical security owners and operators, a lot of wasted resources can be spent trying to recover.

 

Recovery

Recovery of network service outages must be planned in advance to minimize the impact on physical security.  If a recovery plan with well-defined procedures is not followed, time and resources will be lost trying to determine root cause and ownership of the problem. Important system checks must be developed to identify the outage impact, the expected length of the outage and the interdependent security operations, which are impaired. 

 

Shared Responsibility

Rising complexity and interdependence create new vulnerabilities, shared threats and shared responsibilities between IP network owners and operators and those in the physical security department. The industry must develop the capability to apply end-to-end, or system-wide, analysis with defined responsibilities. This should include policies covering service accountability and preservation of reserve capacity. Network Convergence plus new technologies, produces better security services at lower costs and increase operational efficiency. However, in order to realize the benefits of convergence, we must assure that the network infrastructure is capable of supporting physical security.  

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Keven Marier

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

August 2014

2014 August

In the August issue of Security Magazine, read about the public-private partnerships and the future of DHS with Frank Taylor, sneak a peek at the ASIS 2014 security products, and read a special report on cyber risk and security. Also in this issue find out why America is in desperate need of a CSO and the most common mistakes in Cyber incident response. The security game has dramatically changed since September 11th, read about what enterprises are doing to keep Americans safe and sound.

Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+