It is often thought that the purpose of a perimeter security system is to detect intruders, but it's real function is part of an overall strategy to prevent business losses. Many also fail to consider the potentially devastating damage to business continuity or reputation which might result from an incidence of theft, vandalism or even arson. Here are the 10 most important functions that should be considered when planning a well thought out perimeter protection solution:

1) DETER- Most organisations would prefer potential intruders to think twice and go looking for a software target. This needs to be balanced against the preference of some organisations not to “advertise” their security. CCTV cameras can be a deterrent but sometimes it's hard to beat a big fence in this respect.

2) PREVENT/DELAY- Generally achieved by physical security measures designed either to prevent unauthorised entry or to delay intruders pending the arrival of an on-site presence. Even if people have easy access to your site controlling vehicle access can make a big contribution to minimising loss.

3) DETECT- A core function of a perimeter security system is to detect unauthorised activity. The ability to filter out normal activity is key to minimising false alarms and improving performance. Relatively dumb motion detectors are being overtaken by sophisticated video analytics because of this

4) ALERT- An appropriate person (i.e. someone with the means, motivation and authorisation to respond) needs to be alerted to the issue in real-time. The key to minimising the loss is to be able to intervene straight away, which for those without their own control room means an RVRC (remote video receiving centre). An email/text to your iPhone might seem sufficient but can you be relied upon to read your emails and texts immediately?

5) ASSESS - That appropriate person needs to be given the information to determine whether the alert is genuine and to gauge the nature of the threat. For this there is no substitute for seeing it with your own eyes and here it's hard to beat an image from a CCTV or thermal detection camera.

6) RESPOND - Alerting the intruders to the fact that they are being watched is often all that is needed to prompt a swift change of plan. Typically this is done by switching on lights or audio challenge. It's a good idea to have a reputable guarding company who can respond in person in case this doesn't work, and potentially to check the integrity of the site even if it does. Depending on workload, the Police will normally respond quickly to a confirmed alarm with video evidence but there is no guarantee of this. A skilled thief can be in and out of a property surprisingly quickly with some of your most important IT equipment.

7) MONITOR- What happens once an operator has intervened? Does the unauthorised activity cease or continue and if there are intruders where are they now? If a guard is investigating how will he find them, and how do the intruders then react?

8) EVIDENCE - It is crucial that the system provides evidence of what happened and how it happened. Even if the organisation or the Police choose not to prosecute then video evidence can provide valuable information that can help lessons to be learned.

9) CONTROL - How is the system to be set and unset? What other measures might an operator need to control that could minimise losses, such as identity management/access control.

10) AUDIT - If something goes wrong it's important to know who knew what and when, and what they did about it. This can be a vital tool to learning lessons and preventing future losses.

I had a demonstration today of a new biometric reader and it really opened my eyes. Thankfully it wasn't iris recognition - I'm not sure the “pun-ometer” could stand that.

To be frank I have tended to steer clear of anything to do with fingerprint reading in the past, as it has had a reputation for being unreliable.

The issue is that the optical sensor technology used looks at the surface of the fingerprint, which is easily altered by dirt, dust, grease and other common substances.

Today I witnessed a reader reliably recognising a finger through a layer of latex gloves which adds a whole new dimension of convenience and robustness.

Multi-Spectral Imaging

Multi-spectral imaging captures radiation at a range of different frequencies, not just visible light which optical sensors are confined to.

Just as radio telescopes allow us to see deeper and deeper into space, multi-spectral fingerprint sensors allow us to see deeper into the surface of the finger - up to 4mm deep in this case - so the reader is not just looking at the surface fingerprint.

The results of this are low false rejection rates (about 1 in 1000) and extremely low false acceptance rates (around 1 in 10 million) well suited to high security applications.

Resistance to Spoofing

ATEC have had a lot of experience with hand geometry readers, a technology popular on construction sites as it deals well with dirty hands. It is however quite bulky, needs an inconvenient housing when fitted outside.

More importantly to some it can be easily spoofed - we managed to fool one in our lab with a false hand made for the purpose. Because the multi-spectral technology allows us to see deeper inside the finger, it allows for some robust anti-spoofing measures, including looking for oxygenated blood which would be difficult to fake.

Data Protection Concerns

Fingerprints are a sensitive data protection issue. People are quite rightly concerned if their biometric data is going to appear on a database in readable form. Often this is addressed by putting the biometric data an access control card in encrypted form.

In use the template is loaded from the card and the reader performs a 1:1 match. This requires less processing than a 1:many match and is more secure because it requires two credentials (card and finger) but is fundamentally less convenient for the same reason (it's difficult for most of us to forget to bring our finger to work).

This reader uses the 1:Many matching principle, but crucially doesn't store a fingerprint as such. It takes key points from the finger print and stores those.

Also the finger data is never stored in the same place as the personal details - the two are only associated with a card number. This should address privacy concerns but sometimes perception can get in the way of the facts and there may still be some barriers to overcome.

Summary

A good biometric reader should offer convenience and robust performance in the designated environment. With the help of multi spectral imaging fingerprint reading technology seems set to leave it's flaky reputation in security applications behind.

When providing CCTV for clients, agreeing the camera views is of upmost importance. Often these are dictated by a client's Operational Requirements (OR's) and will govern what degree of the scene is occupied by a target.

This 'communication' of OR's can often be achieved with a schedule, written description, or drawings. A drawing provides the most meaningful and easy to understand method of communicating what a camera will see at design stage, and allows for a much simpler approval and final installation and commissioning process.

There are many drawing applications to choose from, and once you have chosen, you need to be able to represent the camera view in plan and elevation forms. This can be tricky to the uninitiated.

There are a number of off-the-shelf products that allow you to create visuals for OR's but their interoperability with your chosen drawing application is going to be limited.

Here at ATEC, we saw the need for a synergistic approach to drawing application and OR representation. So, we developed a bespoke, editable Camera Tool that works within our drawing application providing the means for us to communicate our interpretation of the clients OR's.

This ensures that the right cameras/lenses are selected, positions agreed and the correct views are determined before a drill is picked up on site.

Today I consigned my ATEC hat to the cupboard and put on my CCTV Industry peaked cap to represent the BSIA at the Global MSC CCTV conference in Newcastle. The afternoon session was a Question Time style panel where members of the audience fired questions at us, mainly focussed on the themes of the conference, which were the Protection of Freedoms Bill and use of CCTV in the recent riots.

The Freedom Bill is currently passing through the House of Lords on its way to Royal Assent next year. It is the manifestation of the coalition government's commitment to "Further regulate CCTV". It provides for the appointment of a CCTV regulator and the introduction of a Code of Practice for the Implementation and Development of CCTV schemes but it is vague on what these are to contain.

The Code of Practice itself will have the real detail, and is scheduled for publication at the back end of 2012. Initially the Code of Practice looks likely to apply only to public space CCTV schemes such as town centres and transport hubs.

There is a mood of disappointment amongst CCTV professionals that the government is targeting legislation at operators who already (by and large) operate compliant and effective schemes, and who have a good awareness of existing CCTV legislation and standards such as the Data Protection Act.

Initially the least compliant 95% of CCTV cameras won't be covered it seems. The practical issues of non compliance are many and varied but the headlines are that the Police struggle to obtain useable evidence from many systems and this needs to be addressed.

It is only through my active involvement on BSIA committees that I manage to keep up with best practice and bring that practice back to ATEC. Given the competitive pressures in our industry it is no wonder that the small installers and the non-specialists are largely non-compliant. It worries me that there is already a substantial body of standards and legislation which are not effectively enforced (take the Data Protection Act for example), and that we are going to take the same approach with the Freedoms Bill.

Is the CCTV Commissioner going to have the powers and the resource to enforce compliance? Given the coalitions murmurings about "light touch regulation" I doubt it. Andrew Rennison was until recently the interim CCTV Regulator and is now the Forensic Science Regulator. He spoke of the public's confidence in CCTV being high but fragile.

It is easily undermined by reports of inappropriate use and management of CCTV - such as last year's Project Champion debacle in Birmingham. A recent survey reports that 73% of people feel safer due to CCTV and 63% want more of it, a position that is said to have improved following the recent riots so you might think that support for CCTV is strong.

Consider though that neither the technology nor the operators have changed significantly in recent months and you realise that in the public's mind CCTV is only as good as its last spate of news stories. So we wait with interest to see what will be in the Code of Practice.

At the BSIA we will influence it for the better where we can. Let us hope that the scope is extended beyond just public space. That is what's needed to drive up standards within our industry and eliminate the poor quality systems and practices that damage our industry's reputation.

Filenames: What does ATECQ17867 mean to me?

When it is the name of a file I have been sent the answer is very little, and yet this is typical of the file name that my suppliers might use when sending a quotation or proposal to me. So what is wrong with it?

Well, consider what I'm going to do with it?

Assuming it is of value I will save it on our server in the appropriate location. I might come back to it in a couple of weeks time and without opening it I have no idea who it's from, or what it relates to.

Every organisation should have a convention for naming files so that:

• It is clear which organisation originated the document
• It is clear what type of document it is
• It is clear what contract or service it relates to
• Where a number of versions exist, it is easy to identify the most recent
• The file name is not excessively long (long file paths cause problems with windows, especially in file synchronisation)

There is a deeper problem here. Using your reference number and your customers name as a filename indicates a failure to think see things through your clients eyes or at the very least a missed opportunity.

If you are missing this trick, what else are you missing? The good news is that this is relatively easy to rectify, and that in doing so you will stand apart from the crowd as a business that actually thinks about things from their customers' standpoint.

Two years ago almost no-one in the UK had heard of PSIM far less knew what it was. I was introduced to the concept around this time by a strategic security consultant whilst bidding for a regional assembly building. Now it's the new buzz technology and every access control and video management system wants to be tarred with the PSIM brush.

Part of the problem is the phrase behind PSIM. After all what does Physical Security Information Management actually mean, and what self respecting piece of security software couldn't claim to help you manage your physical security information?

PSIM is also slightly limiting because the scope of the software need not be limited to Physical Security. If you invested in this software, wouldn't you want to use it to report on attempts to defeat your logical security, or issues that affect your 'security' in the wider sense, such as health and safety breaches that could lead to big fines, repetitional damage or lost contracts?

The concept as it was originally explained to me was far more than just a security management system. The key distinguishing feature of PSIM is that the system itself could be used to develop and document an organisation's security procedures. When an incident occurs the system guides the operator through an interactive workflow, asking questions and responding to the answers, and this workflow is actually developed using the software.

The principle aims of PSIM as I see them are:

• To provide a common platform into which information is automatically fed and processed in accordance with pre-defined rules
• To collate that information and present to users in a way that makes sense. In other words if two or more alarms are related then the system should present them as a single situation so that they can be managed accordingly
• To ensure that decision making is aligned with corporate policies, procedures and values (difficult when the decision-maker is under pressure and the procedure is at the back of a 200 page book.)
• To facilitate effective communication. Your PSIM system should ensure that the right people have the right information at the right time, from operators to managers to the board
• To log all actions and decisions in an auditable format

What would this look like in operation?

ALARM 1 - An external intruder alarm is received on a relatively low risk section of the perimeter. The system identifies that this is in a low security area of the site, and that this specific alarm has been raised a number of times recently due to wildlife. The system is programmed to raise a low priority incident (POSSIBLE INTRUDER) which the operator notices but does not action.

ALARM 2 - The guard tour system identifies that a guard failed to check in on time, in the same area. Normally this might raise a medium priority incident but because of the perimeter alarm this is immediately more suspicious.

The system logs this as an update to the POSSIBLE INTRUDER incident, and raises the priority of the incident to HIGH. The operator opens the incident and is asked whether there is anything suspicious on the CCTV footage from the intruder alarm. He checks and answers yes.

At this point the threat level for the site is raised to SEVERE, and notifications are sent to the head of security and the Plant Manager. Note that the SEVERE threat level impacts how other sensor inputs are treated.

The operator is asked if he wants to notify the response team. He answers yes. A contact list is displayed. The operator selects 'notify all'. Messages are sent to each responder requiring a response.

The incident continues to play out with the operator free to take decisions within predefines parameters. Everything the operator sees and does is recorded for later review.

If all of the product offerings currently being touted as PSIM can accomplish that level of management then they have earned the right to use the acronym "PSIM". Whether PSIM is the right label to apply to this class of software remains open to debate.