Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11:00 AM
Ken Mills
Ken Mills
Connect Directly
E-Mail vvv

Building a Safe, Efficient, Cost-Effective Security Infrastructure

The Industrial Internet of Things allows organizations to address both physical and digital security concerns.

With more than 327,000 robberies occurring last year in the United States, and with firearms used in roughly 40% of those incidents, security continues to be a key concern for businesses, governments, schools, and the general public. Gun control continues to be one of the most debated topics, and while the nation stands divided, according to the Brady Campaign there are 93 deaths from gun violence each day. However, despite prevailing security threats, there are still many issues such as infrastructure constraints, cost, access to data, and other barriers that result in ineffective safety.

So, how can organizations address these ever-growing security concerns — both digital and physical? That's where the Industrial Internet of Things (IIoT) comes in. Many organizations, such as the police, are turning to data analytics and IIoT technologies to protect citizens in an efficient and cost-effective way. For example, if someone is vandalizing a public space or property, IIoT technology can alert law enforcement officers by sending real-time alerts, so the perpetrator is caught in the act while crime remediation costs are reduced. As a result, IIoT devices and platforms are being deployed in a greater number of public safety programs.

Implementing an IIoT Security Solution
If you're part of an organization looking to redefine security infrastructure, there are several steps to consider when planning and implementing a solution.

1. Assess potential security risks in outdoor spaces. When assessing outdoor security, remember that different environments have specific requirements. For example, for transient events — such as fairs, festivals, and marathons — rapid deployment and easy redeployment of next-generation security is especially relevant. In fixed locations, such as parks and business campuses, speed of deployment and cost efficiencies are also important considerations. Meanwhile, mass transit systems and critical infrastructure must be reviewed for their unique security risks.

The assessment should be conducted as early as possible, so that all factors can be taken into consideration, including the need for video, gunshot, and chemical detection, in order to allow law enforcement or the security teams to be proactive and initiate a rapid response. It's also imperative to determine how much data customers should archive, how long they should store it, and how they want to interact with that data. 

2. Assess the deployment location and identify implementation challenges. Assess the strengths and weaknesses of video and audio sensors, along with ideal deployment locations. The number of devices required to address the security risks must be determined. Look at camera angles, fields of view, lighting conditions, and bandwidth usage. Decide whether to deploy streaming video only over video analytics for object detection in a zone. Additionally, consider leveraging an organization that can validate your hardware and software solution within a lab environment in order to reduce your deployment risks and increase reliability.

3. Plan for IT and OT collaboration. Importantly, information technology (IT) and operational technology (OT) teams need to collaborate to ensure a successful deployment. For example, IT must assess networking options, storage requirements and determine the optimal configuration, while also supporting how insights from the surveillance solution are integrated into existing IT systems, if relevant. In contrast, OT will likely assess how to facilitate power and connectivity to the outdoor locations. The teams must also decide ownership of the video management system.

4. Identify video and data storage requirements. Storage is the foundation layer of any surveillance solution. However, many organizations purchase body-worn and other surveillance devices before they consider storage requirements or cost. This foundation layer must support an open platform capable of managing disparate data sets (from multiple devices) while addressing the challenge of scale head-on. It's important to understand the differences among the three major surveillance storage architectures — edge, core, and cloud — and what option would be most suitable to your specific organizational needs and requirements. (Full disclosure: Dell is among a number of companies that provide these services.)

Edge architectures typically support several hundred surveillance devices. They store video and surveillance data locally and then periodically transfer the digital data set to the central platform. For example, a "satellite" police station may store data locally in office, then periodically transfer it over to headquarters — the centralized location. Edge architectures often integrate the data with applications, such as access control and intrusion detection, without engaging a central server. The resulting architecture reduces single points of failure and distributes processing requirements over many, smaller sites.

Scale is the primary consideration with core architectures. Commonly used by police headquarters, schools, federal/government, airports, and energy companies, centralized surveillance architectures host high camera- or device-count environments (typically hundreds of surveillance devices) and can support large amounts of surveillance data. Storage must be made efficient and utilization rates must be high to prevent price creep, while migration time must be extremely low to seamlessly apply changes in resolution or pixelation. 

Many companies opt to go on-premises for their primary storage but use cloud architectures for deeper, longer, "cold" storage. Cloud provides an elastic storage platform that easily expands as data volumes grow. For surveillance-specific industries, this means expanding volumes in a centralized private cloud or even leveraging public cloud storage for more rapid capacity expansion in order to scale rapidly at the appropriate times. Ultimately, cloud storage can improve storage efficiencies and help reduce the costs associated with storing inactive data on more expensive storage solutions. However, using the cloud for surveillance data involves many different availability, security, and cost decisions.

5. Automate alerts to gain optimal ROI. The final step is to provide end users with hands-on training to ensure that they're capable of operating a security system. The training should include user-interface training mobile access and mobile app training.

Many applications will include automatic functions, including real-time alerts, that can be integrated into the system. Detections are automatically configured onto the platform and requires no setup.

The Next Generation of Security
Traditionally, video surveillance and sensors would have been implemented as separate solutions. Despite all the time and effort involved in setup, fixed solutions create sunk-in costs because they're not redeployable. That's why moving to a cloud-based IIoT security system makes sense. With increasingly powerful IIoT solutions, users can connect directly and seamlessly, plus analyze data faster to respond quicker or prevent a criminal act from occurring.  

Here's to a safer world!

Related Content:

A leader in the video surveillance industry for over 15 years, Ken Mills is the General Manager & Chief Technology Officer (CTO) at Dell EMC for the Surveillance and Reconnaissance business, and is regarded as one of the company's top surveillance and public safety experts. ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
7/16/2018 | 2:25:10 PM
Re: hi

Thank you taking time to read my article. You are right that IoT is all about communication between things, people and the data. The challenge is how to manage all this new data and to determine what is important and what is not. I do not beleive we have that figured out yet but I am excited about the future of machine to machine communications and the edge compute architectures that it drives. This combined with 5G should make for an exciting time in tech over the next 10 years. 

Thanks again for the reply.

User Rank: Ninja
7/13/2018 | 4:10:36 AM
Real-Time Video/Audio Scanning w/Shape Detection & Adaptive Pattern Recognition
One of the things we see often in suspense thrillers is the "eye in the sky" concept. In fact, IoT is absolutely at the heart of what is possible in terms of securing public and private safety. By putting focus on Internet and Cellular infrastructure to increase bandwidth, accessibility and interoperability, security specialists utilizing specialized software can bring a true sense of real-time security not based on intel (a slow process often taking years to gather, months to analyze and response times to events often too late) but based on shape detection and pattern recognition, for a start, that suggest or conclusively identify risk. Putting AI behind access to real-time video feeds may reveal illegal activities not obvious to the naked eye, or hidden from view to human eyes but captured in cell and camera video feeds or even audio feeds.

Such an infrastructure meets the 1) "safe" and 2) "efficient" criteria. Such technology is no longer just in the hands of the military or agencies like the CIA. One need only scan papers written in 2017 and 2018 on IEEE or Springer, for instance, to see the technology is already here, in some cases in piece-meal spread across different projects and disciplines, but ready to bring together. Often only policies and laws are keeping such a fully realized security system from coming to fruition. However, one element that could be preventing it is the "cost-effective" factor. For, even if privacy laws were adjusted and put into effect to allow such a system to be properly designed and implemented, cost could delay it.  A good portion of that cost would be divided between hardware (of course) and security - yes, such a system would need to be incredibly secure to prevent it from being turned from a safeguard into a weapon.

There are options, of course. One of the early projects I admired related to the "Internet anywhere" idea was FreedomBox. Acting as a wireless access point, you could theoretically plug this in anywhere and give access to anyone to WiFi for free. Imagine a distribution of video/WiFi access point units strategically placed throughout cities and camouflaged such that 90% of the boxes would remain untouched annually. These would then be accessible to AI-driven apps that would scan live video and in real-time perform the functions previously described. Add to that scans of live news broadcasts, Facebook and Instagram live feeds, and so on. Here would be one component of a security infrastructure that could become essential to future public security.

Now, how to solve the myriad privacy concerns that would slow down such a project?
User Rank: Strategist
7/12/2018 | 10:59:12 PM
Right now, the most important commodity in the world is the ability for swift and efficient communication. Not just amongst people but amongst things to, and that's why this whole internet of things thing has come about isn't it? I'm sure that people will figure out a way to get better at collecting data from different points in a system and when that happens, you'll be surprised at what we can achieve with everything moving smoothly from process to process.
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-14
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).
PUBLISHED: 2021-05-14
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.