Cybersecurity is more than just a headline associated with attacks on critical infrastructure assets, such as utility companies or our nation’s repository of its personnel records of employees with the highest security clearances.
Before November 2009 little attention was paid to the silent threat cultivating inside of the U.S. Army. That all changed when a common U.S. Army officer, Major Nidal Hasan, killed 13 soldiers and injured 30 others during a shooting spree in the morning hours of November 5, 2009, at Fort Hood, Texas. The significance of insider threats has been reiterated with the shooting at the Washington, D.C., Navy Yard, and the intentional crashing of a Germanwings jet into the French Alps.
Businesses have listened to staff and abandoned in-house developed tools in favor of consumer products and ubiquitous software-as-a-service (SaaS) capabilities. They want to exploit the benefits that extensive R&D and manufacturing can bring and are willing to trade off the minor compromises that come with standardized solutions. Also, security managers are starting to ask why sites can’t be secured in the time it takes to add a Dropcam to their home network…
The ISIS-inspired terrorist attacks in Paris in January and the threats against shopping malls in the U.S., Canada and the UK by Al-Shaabab highlight threats that call for more fully integrated surveillance solutions to enhance security. The horrifying Paris attacks demonstrated that, while various forms of video were available to record the attackers’ movements during and after the attack, the video wasn’t being made available in real time or near real time to help law enforcement’s response to the attack.
In recent years, “cyber” has monopolized most of the serious coverage in the security industry, and rightly so, given the underprepared stance of many government and commercial organizations in the face of persistent “leakage” of information and malicious attacks. Yet too often, the equivalent dialogue around physical security has been disappointingly predictable. The industry fixates on pixel counts and IP versus analog. The more enlightened may debate the benefits of the latest breakthrough technology or an attempt at greater industry cooperation. At this point, insert “video analytics” and “ONVIF interoperability,” or any one of a hundred themes.
If the revelations by Edward Snowden proved anything, it is that the U.S., its allies and its enemies possess tremendous capabilities to know as much about individuals, groups, companies, and virtually any other entity, as they want. While Snowden’s revelations give specific insight to U.S. capabilities, many of the same technologies our intelligence apparatus use are either commercially available or within the ability of nations or non-state actors to acquire on their own.
Risk management too often is perilously fragmented and insufficiently funded. Managing the overall risk equation is assuredly a CEO-level and management team obligation. But the design and execution of effective strategies to identify and moderate risk is, of necessity, complex and typically spread among numerous organizational silos.
Security countermeasures, such as surveillance, address threats and if done effectively eliminate them; this is more likely the case when an integrated solution is deployed. In looking at integrated security solutions, there exists an opportunity to move beyond a view of providing countermeasures to threats toward a new perspective of security as a means of delivering critical business value.
Safe City initiatives typically start with the integration of security video. In most cases the cameras are operated by the police department or other local government entities such as Departments of Transportation, or Emergency Operations Centers.
For the next generation of enterprise security leaders, is there a clear path forward to success? Enterprise security leaders discuss mentorships, education, certifications and the skills new CSOs and CISOs will need to succeed in their evolving roles and bring value to the business. But the problem is: with existing security leadership roles varying so widely, is the development of a uniform skill set even possible?