Saturday, June 28, 2008

Auto Sentry

When was the last time you were in an urban setting when some enterprising youth offered, "Hey, buddy, watch your car for you?" Consider the march of progress. Soon, according to this article, your car and its parking lot mates will be watching themselves.

Cars watching each other


What happens when you automate security this way? Invariably, there are vulnerabilities to address along with the perceived benefits. One hurdle is likely to be the perceived or actual capacity that such a protective cordon would give to anyone interested in tracking the vehicle -- and its owner. What about liability? In our litigious society, it might be very likely that if your car is supposed to be linking to others and sending out a distress signal through its parking lot peers, someone somewhere who loses a car to theft will look to sue a car owner who failed to maintain his car's alert system properly, thereby contributing to the loss event. Nuisance alarms will also be a likely barrier to user acceptance. Surely, rejection is ample in this world without having to face a cabal of cars apparently conspiring against a driver by sounding the alarm and failing to recognize him.

The ramifications are endless, at least for the beta site. Yet this technology may well offer promise in a world where neighborhood watches and looking out for each other seem out of fashion.

- Nick Catrantzos

Thursday, June 26, 2008

Whom Do You Trust?

Any security professional with scar tissue from working in a hierarchy soon learns to view overseers of any kind with at least one part suspicion for every two parts of esteem. Corporate investigators reserve some of their best war stories for tales of abuses by people who are supposed to performing a watchdog function, and no business unit is exempt from the archives: audit, human resources, information technology, and security practitioners themselves. All have the propensity to stray.

Here, just recently, is an article from ABC News that ultimately traces to PC World.

IT snooping on e-mail

The source is important because it represents an industry tattling on itself. Next time you wonder who might be snooping on your e-mail, consider: Do you really want to ask IT for the answer?

- Nick Catrantzos

Wednesday, June 25, 2008

Brave New World of Video Surveillance

Digital video surveillance is beginning to shake up three market sectors where dumb analog cameras have been mounted for years: public spaces like airports and airbases, colleges and schools, and retail – which include banks and those quick service restaurants and stores.

We spoke with research director Stan Schatt at ABI Research about his recent study “
Watch this Space” highlighting the coming boom in digital video surveillance software and equipment.

______________________________

Why is ABI looking into video surveillance?

We believe in connectivity. The focus at ABI is everything wireless. Surveillance video is rapidly moving to wireless technologies as are we all, so that is why it is interest to us. It is an emerging technology that will fundamentally change global consumer and business markets.

Surveillance video isn’t exactly new.

Video surveillance systems have existed for many years. But until recently, extracting useful information from them was labor-intensive, time-consuming and tedious.

Now, the quickening transition from analog to digital video has made it possible to use software for detection and analysis. This can free humans from the drudgery of slamming through hours of tape, while improving accuracy and the ways video can be use – ways that were just not possible before.

I am particularly excited by the potential of digital video for analyzing and improving business processes. Once the retail sector sees the potential for business analytics, budgets for video surveillance, which now mostly come from the IT department, will begin to flow from the much more generous pockets of Marketing.

Video surveillance software was the particular focus of your study?

Yes. Because we can effectively massage digital records, the potential for intelligent use of software is enormous. Already the link between current physical security applications and what wireless, digital video and its movie-like rich images can do is dramatic.

There are many small software companies in this market, and some big ones such as IBM, which has released software that is largely platform-agnostic, increasing pressure for others to follow suit. While most systems today are sold to end-users, IBM Global Services sees potential in a managed service model, and it would not be surprising to see HP jump in as well, particularly following its EDS acquisition.

There are a number of smaller players who impress. Object Video, which was founded by some DARPA types, stands out with 800,000 licenses.

Some other small companies are quickly becoming familiar names: Axis Communications on the IP-based camera side. PMSC of South Carolina on large storage.

How about airports?

Airports are an obvious application, but you can set the rules with this stuff if you have digital images and digital storage and let it do much of the work. If a bag is left unattended for a number of minutes, the software can quickly, even automatically pick that fact up and set off an alert. If a passenger in an airport corridor suddenly reverses direction or makes an abrupt approach to an exit when the standard flow of traffic across is in the opposite direction, towards an entrance of gateway, there can be an instant alert and intervention.

Smart software can also trigger mechanical consequences – for example, instantly locking down escape routes in an airport when an individual is behaving erratically or takes off at a run.

Any human monitors needed in that digital future?

There’s always room for human judgment. You will see more large institutions – corporations, college campuses – setting up much more elaborate video monitoring centers that go beyond alarms and observation, allowing a shift leader or incident commander to react to what they see happening … or about to happen. Banks already do that.

The metadata procedurals the software designers are playing around with – there are about 13 different detection directions, by my last count – include any number of different characteristics.

What are the most demanding of these?

The most ambitious are automated face recognition programs that banks can use, say, at an ATM – not just to identify bad guys as criminals but to identify you so no one but you can use your card. Smart cameras can also survey the parking lot and tip the central control room to any break-pattern activity, such as leaving a car too long in a particular space … or moving it to a space where it doesn’t belong.

You said in an earlier interview that it reminded you of the futuristic film, Minority Report.

Yes. All this, of course, raises profound questions of civil liberties – and they play with those issues in the film Minority Report, which has Tom Cruise intercepting criminals before they commit their crimes. We have a pretty conservative court system at the moment, so I don’t think you will find much support there in blocking the initial deployment of these software recognition and tracking systems. And who knows what classified smart video applications are already in use in the skies above Iraq that will be coming our way?

What about China? Have the Olympics created any technology leaps there?

I expect there to be some advances, using the Olympics as an excuse for upgrades, but nothing dramatic. The China market is attractive, but a continuing concern, particularly on software, is the potential in that nation for software hacking which is right down doing major damage to the mobile phone market.

Most of the video surveillance equipment in China right now is cheap analog stuff. On the other hand, they have no shortage of people in China who can roll the analog tape back and forth to find what they are looking for. Britain, which began aggressively putting up outside analog video monitoring as far back as the IRA bombings twenty or more years ago, is now aggressively going digital. Most of the British equipment is installed and monitored by local municipalities.

Do you expect industry consolidation in the next year or so?

I do. The video surveillance area in general is so busy with new companies and small firms that I do anticipate some mergers and acquisitions. There are any number of products and platforms in the market, but very little interoperability yet.

The camera companies are also trying to get together, but more by establishing common technology standards than on merging. Canon, Samsung, and Panasonic – not sure why there are all Japanese – are in some sort of dialog on tech standards. North American camera manufacturers tend to focus on the high end. Lumenara from Ottawa is one of those with an 11 megapixel camera coming out soon. You could shoot a respectable motion picture or TV show on a camera that advanced. It’s broadcast quality.

A video stream that rich must take up a good deal of storage.

It does. But once all that information in storage, you can do some very smart things with it. Intelligent processing can begin right inside the camera itself. For example, the digital signal processing chips that are essential to advanced video are faster than ever. They are now able to put some fundamental video analytics into the chip itself. An Israeli firm, Mango DSP, seems to be making some remarkable progress to that end.

Where’s the quickest growth?

The steepest growth curves we see are in the government, retail, and educational sectors. Growth in the government sector is still driven by heightened security concerns since 9/11, of course. We are now seeing video installations in transport systems that keep an eye not only on external surroundings of the vehicles, but on the people inside – including trains and buses.

There’s a popular trend to jump on board a bus after it crashes and then claim whiplash – so come cities are trying to add video to fight that. We’ve all seen the popularity of police video cameras that capture not only police responses, but the provocations that precede the response. The ports are another area where very little of consequence has been accomplished.

How about education and retail?

The video market in the education sector has gone from a trot to a gallop since the campus killings at Virginia Tech – and elementary schools are also now adding video when they can find the budget to do so.

Retail will take the lead, however. It just beginning to appreciate the possibilities of business analytics in all this. Retailers have traditionally low margins, so they are reluctant to take on equipment costs. But if some of this smarter software, backed up with smart chips, can tell them how customers respond to a display and what they like, it justifies the cost to elevate video surveillance equipment and systems – and reduce stock shrinkage by the employees and customers who are stealing them blind.

Tom Goff

Wednesday, June 18, 2008

Social Science and Security?

Social scientists and humanitarians take note: the Pentagon is willing to buy you lunch and a good bit more if you’ll just give Secretary of Defense a bit of help on a few nagging global security problems.

Defense Secretary Bob Gates, himself a former university president, is funding the so-called “Minerva” research initiative (MRI) to explore issues of Chinese military technology, change in the Islamic World, Iraqi public opinion, and, well, global conflict in general. Seems his generals are a bit busy these days with other problems.

(Minerva is the Greek goddess of wisdom – get it?)

DoD is ignoring the conventional RFP (“Request for Proposal”) traditions and simply asking in a Broad Agency Announcement for relatively free-form proposals from the university and think-tank crowd.

The formal notice went out June 12th. White papers are due July 25 and full proposals are due October 3. At least $50 million in Federal funding is at stake. I guess there won't be much of a break for some of the hungrier professors and their grad students this summer.

Says the notice: “The MRI is a DoD-sponsored, university-based social science research program initiated by the Secretary of Defense. It focuses on areas of strategic importance to U.S. national security policy. It seeks to increase the Department's intellectual capital in the social sciences and improve its ability to address future challenges and build bridges between the Department and the social science community. Minerva will bring together universities, research institutions, and individual scholars and support multidisciplinary and cross-institutional projects addressing specific topic areas determined by the Department. MRI competition is open to institutions of higher education (universities).”

Let the games begin.

Tom Goff

Wednesday, June 11, 2008

Terrorists, Cyber Threats, and Innovation

There are times when any single fear or advertised threat can be overstated. Let's take another look at the cyber threat from terrorists. My aim is not to dismiss the cyber threat, but to keep it in context. Otherwise, we will be saying that if the ATMs are down, the terrorists win. In fact, is there any doomsday scenario that would not place us at someone's mercy if the worst case came to pass? It makes for good theatre, but bad business investments. In fact, it is precisely this kind of theatrical dimension that plays into the politics of cyber threats, a theme taken up by Swiss professor Myriam Dunn Caveltyis in her course for the Center for Security Studies, in Zurich, and related book, Cyber-Security and Threat Politics (2007). She points out that cyber threats have been touted despite having many unknowable qualities. But wait, there's more.

The very systems considered critical -- whether for air traffic control or turning valves and power systems on and off remotely -- go down all the time without plunging us wholeheartedly into chaos. As James A. Lewis, of the Center for Strategic and International Studies, pointed out in his 2002 assessment, "Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats," the nature of their targets is such that cyber terrorists "would need to attack multiple targets simultaneously for long periods of time to create terror, achieve strategic goals, or to have any noticeable effect. For most of the critical infrastructure, multiple sustained attacks are not a feasible scenario for hackers, terrorist groups, or nation states." (pp. 3-4)

This brings us to another raising of the eyebrows. Why are today's most vigorous champions of the cyber threat suspiciously identical to the same people who made careers out of Y2K preparations -- until January 2, 2000, that is, when the world as we know it failed to come to an end?

Context is the bottom line in all this. I do not pretend there is no cyber threat. I only offer the thought that there is more to this story. Information technology experts need jobs, too, and they, like most specialists, tend to see the world in terms of their specialty. Y2K ended, but they still had bills to pay and mouths to feed. As Abraham Maslow said, "If your only tool is a hammer, you tend to see every problem as a nail." So, to these people, cyber supplies a nail-rich environment of ubiquitous threats.

Let's keep the cyber hammer without making it the only implement in our toolbox. A hammer makes a lousy screwdriver, and a poor drill as well. Our most serious adversaries appear more interested in drawing blood than in perpetrating denial-of-service attacks or spamming enterprise e-mail servers. Is it possible that they will suddenly abandon their spectacular attacks in favor of cyber assaults instead?

Perhaps. Anything is possible. But, as columnist George Will (2000) said in another forecasting context , "Serious people consider serious probabilities, not idle possibilities."

My argument is that the cyber threat has yet to attain the seriousness to displace more conventional attack pathways. Nor does it seem likely to. As Lewis noted in his study, above, criminals and bored teenagers remain the most likely sources of cyber attacks (p. 8).

Connections with Innovation

I do believe that the more sustainable terrorist groups must possess some of the same learning and administrative skills as any business that survives in a competitive world. So, if a cyber tool of terror drops into their hands, they would feel some due diligence obligation to experiment with it, up to a point. But, it is a tool not an end.

My favorite innovation in war was by Philip of Macedon, the father of Alexander the Great (Lamb, H., Alexander of Macedon, date and details not recalled. Book lost from family library.) His innovation to war fighting of the time was to make his soldier's spear three feet longer than his adversary's. As a result, Philip enjoyed great success whenever one of his phalanxes met another in battle. But I suspect neither he nor his son spent a disproportionate amount of time and budget in R&D on spears.


– Nick Catrantzos