How the Internet of Things Impacts Surveillance

If the revelations by Edward Snowden proved anything, it is that the U.S., its allies and its enemies possess tremendous capabilities to know as much about individuals, groups, companies, and virtually any other entity, as they want. While Snowden’s revelations give specific insight to U.S. capabilities, many of the same technologies our intelligence apparatus use are either commercially available or within the ability of nations or non-state actors to acquire on their own.

There isn’t a day that goes by that I don’t get a call about or an email from a technology company that has the next greatest technology that with revolutionize the security industry. Typically the software or widget has been developed by former intelligence community types from the U.S., Israel, India, or you name the country with advanced technical intelligence capabilities. The technologies range from advanced image analysis software that can identify insider threat behaviors to cellphone tracking software that can remotely switch on the camera of your smartphone without you even knowing it, to capture images of where you are and what you are looking at – in real time.

Combine those capabilities with free commercial smartphone applications such as Waze, the recently Google-acquired social media/navigation app that provides traffic data including locations of road hazards and police radar traps – in real time. With more than 50 million users, it ranks and rewards users who accurately and promptly report information that anyone on its system can immediately access to update their driving route. Think about the power of that for a moment. Many major criminals or even terrorists are caught by luck. Like the stopping a car for speeding or a broken tail light that results in the arrest of a killer or a lone wolf en-route to conduct a mass casualty event. But with today’s technology, empowered by the information available from millions of unsuspecting, innocent technology users, bad guys can avoid detection and even arrest and tip the scales in their favor.

If that isn’t a wake up call, think about this – just try to live for a day, or even a couple of hours without leaving any electronic trail, of any kind. Your phone, watch, car, sports and health monitor, thermostat, and office light keep you connected and keep you “monitorable.”

So now the question – How do you, the security professional, think about all this technology in the context of your world? How do you harness this power responsibly, effectively and with the intent of creating a safer and more secure environment without the specter of becoming “big brother?” How do you protect your people and your enterprise from the same technology that can be used to steal secrets and cause potentially catastrophic harm? These are important questions with no easy answers given the concerns about privacy and employee rights.

All this technological power is truly amazing – it does provide significant tactical capabilities that if properly harnessed will can enhance and improve our lives. However, like most tactics, without thoughtful and carefully implemented strategy more harm than good could result. Tactics without strategy is analogous to firing a gun with a blindfold on.

So what is your strategy? You can’t ignore the technology tsunami – so how are you going to deal with it? When I first started this column I wrote about the evolution and convergence of the physical and cyber security worlds and how CSOs need to plan for the changing security paradigm. Less than a year later, my observation is that the evolution has accelerated beyond anyone’s expectations and those CSOs still waking up to the idea have been overcome by the change – but may not even know it yet. In the cybersecurity space there is an often-used phrase about companies and their risks: there are two types of companies – those that have been hacked and those that don’t know they’ve been hacked. In the physical security world I would modify that to be: there are two types of CSOs – those that have embraced the converged world and those that don’t know the world has converged. Which one are you?

Bob Liscouski has more then 30 years of experience in security and law enforcement, and he is the Executive Vice President of Integrated Strategies Group. Liscouski and ISG have founded four additional firms — Steel City Re, Edge360, Axio Global and Convergent Risk Group.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.