June 24, 2009
My Top Security Blogs
The great thing about the Internet is that it’s so easy to find people that know everything there is to know about the security industry - the latest technology, new laws, regulations, market trends, etc. There is a vast world of learning and knowledge that’s out there for there for the taking. One day maybe I will be the “go-to” expert in something besides how to make a rockin’ peanut butter sandwich (btw, my secret ingredient is plain M&Ms).
I have found that there are lots of blogs out there dedicated to cyber security, but not so many that look at things from the physical security aspect. I have found blogs that are specific to the physical security industry written by editors for the top industry publications such as Security Systems News (On the Editors Desk) and Security Director News (SDN Editor’s Notes). I find these blogs particularly informative since the writers are really in the middle of the industry buzz.
Being in Southeast Texas amongst some of the biggest petrochemical plants in the country, I keep a watchful eye on the CFATS regulations and all of the changes (or lack thereof) to them. By far, the best of these blogs is Chemical Facility Security News written by P.J. Coyle. This guy really knows his stuff. And thank goodness for him. He does a really good job of taking government laws and regulations and breaking them down into a language that actually makes sense.
The Department of Homeland Security and The Federal Bureau of Investigations news websites are not blogs, but are good resources for crime statistics as well as the latest DHS news and events. DHS has a couple of blogs that are very useful covering topics such as counter-terrorism, airport security, disaster preparedness, and border security as well as Secretary Napolitano’s latest activities (The Blog @ Homeland Security) .
I would welcome any suggestions of security blogs that I should add to my repertoire. Please feel free to email me your suggestions.
Malisa’s Top Security Blogs:
- Chemical Facility Security News
- FBI in the News
- Department of Homeland Security News
- The Blog @ Homeland Security
- DHS Leadership Journal
- On the Editors Desk
- Public Matters Blog
- RTP PhySec
- SDN Editor’s Notes
- This Blog’s on Fire
Comment or question about this blog? Please email me at mvincenti@infrastructsecurity.com
Malisa Vincenti, Marketing Manager
June 2, 2009
CFATS Update
I attended the 2nd Annual Regulatory Briefing in Houston last week – a detailed update of CFATS (also TWIC and Rail). This conference was very informative and easy enough for the average person to understand. Thankfully, it lacked all of the legal jargon that induces sleep faster than the tryptophan in a Thanksgiving turkey.
As I sat listening to all of the presentations at this conference, the one factor that seemed consistent throughout was that CFATS was slow-moving, and that the rules set forth were subject to change (or not – depending on who is setting rules). Basically, legislators are making it up as they go, leaving those whom the regulations affect without solid clarity or direction at this point in time.
The problem stems from political wrangling between two entities as to who should have oversight over CFATS – The Committee on Energy and Commerce or The Homeland Security Committee. Given that CFATS is set to expire at the end of October 2009, there are varying opinions of what should be done about it. It is this political jockeying on jurisdictional issues that is delaying reauthorization of CFATS. There is legislation that would do nothing more than extend the CFATS sunset (to either October 2010 or October 2012 – depending on which legislation being presented) and allows for CFATS to continue on its present course. But there is also legislation that would significantly re-vamp CFATS – especially the addition of Inherently Safe Technology (IST) provisions. IST would require the affected facility to modify its processes in order to utilize safer technology (i.e. safer chemicals). This has the possibility of being a great cost to the facility, to the point where the changes may not even be feasible. Additionally there are other provisions such as mandating the involvement of unions and whistleblower protections, all of which may be deemed as a detriment to the industry and thus would be opposed by those lobbying for the industry.
There is also the question of whether water treatment facilities should fall under CFATS. Water treatment facilities are currently exempt from CFATS regulations. Some water treatment facilities possess some of the same chemical of interests (COIs) that are above the CFATS screening threshold quantity (STQ). It is very likely that legislation will be introduced that will remove the water treatment facility exemption, however, there will also most certainly be issues with IST provisions.
The lack of resolutions to these conflicts makes it very unlikely that legislation will make it to the Senate before the August recess, thus making a stand-alone CFATS bill very unlikely this year. Complicating the matter is the change in administration whose agenda is far more focused on the immediate issues such as the economy.
There was a second area that I learned seemed to lack direction or clarification. The first of the new risk designations to Tier 1 facilities went out on May 15th to 140 facilities (Tier 2, 3, and 4 are still awaiting determination). Those facilities now have 120 days to submit their Site Security Plans (SSPs). I am no expert in this, but it made sense to me that the purpose of the SSP was to provide some direction as to what steps should be taken next in actually securing a facility. Neither the SSP nor the RBPS provide a solid plan that spells out exactly what high risk chemical facilities must do to secure itself in order to be compliant with CFATS.
The SSP and the supporting RBPS guidance documents are very extensive and detailed. Hundreds of hours must be dedicated to researching and completing the SSP. Expending this much time, effort and resources on completing the SSP without any clear solution or result is enormously inefficient for both those implementing the rules, and to those impacted facilities. It’s a very one step forward, two steps back approach.
It will be interesting to see if the conflicts can be resolved and a workable solution can be established some time in the near future.
Malisa Vincenti, Marketing Manager
Question or Comment about this blog? Please email me at mvincenti@infrastructsecurity.com
May 18, 2009
Port Security in a Recession
I recently read that the Obama administration was cutting funding available to the Port Security Grant Program. Ports have always been a major area of focus as possible targets for terrorism. Hence, the TWIC regulations that have recently gone into effect. TWIC went into effect on April 14th of this year. The program has only begun to roll out and eventually, card readers will need to be installed that can read the card. The purchase and installation of the card readers can be of significant cost to those public ports. There are some ports, such as the Port of Los Angeles who are testing biometric card readers already. There is a great need for adequate funding and federal support.
With the administration slashing funding to assist public ports with security improvements, those ports will either have to find a different path for securing funding for security improvement, or do without. Of course, we know that the economy is in a crunch right now, and the administration has the daunting task of keeping the budget down. But not committing fully to port security could have dire consequences. Certainly, waiting for something to happen and taking a reactive approach would cost much more than being proactive and taking steps to prevent a tragedy before it even occurs.
Malisa Vincenti, Marketing Manager
Have any questions or comments about this blog? Please email info@infrastructsecurity.com
May 11, 2009
Megapixel Cameras for Dummies
Last week, I had the pleasure of meeting with our reps from IQinVision to talk about some of their new products. They are a leader in megapixel IP video and they offer their own security camera line. They offer complete surveillance systems, including day/night, vandal resistant and weatherproof IP cameras. Check them out at http://www.iqeye.com/
Being that I’m a marketing gal, not necessarily a technical one – I was forced to once again, and unashamedly ask them to break it down for me like I’m a 5 year old. What’s a megapixel camera, and why do I care? The first thing that I needed to know was - what the heck is a pixel? A pixel is the smallest discrete component of an image or picture on a CRT screen (usually a colored dot). The greater the number of pixels per inch, the greater the resolution (definition from www.wordnet.com) But of course I had to have broken down to even simpler terms – as in “YouTube.com” terms. For example, you have a low resolution video you are watching on YouTube, you try to blow it up to full screen and it gets pixilated (becomes a big blur). There are not enough pixels in the image. However, if you take a small image or video, and you enlarge it without losing the sharpness in the image - now you’ve got a high resolution image with no pixilation (i.e. there are a high number of pixels). The same concept applies with older digital cameras. When you take a picture on an older digital camera, and you try to blow it up, you get pixilation. However, with the newer 5 megapixel cameras available today, images can be blown up without losing the sharpness and resolution in the image.
Now that I understand what a pixel is, and what exactly megapixel means, why do I care? I think that this is the same question that our customers would ask. Why megapixel instead of analog? What most impressed me about the megapixel camera solution was the “field of vision” that the camera can cover. For example, in a parking lot where it takes 4 analog cameras to cover the entire lot, a customer would use just one megapixel camera - that’s one camera, one cable pull, one installation. With an analog solution in this situation that would be 4 cameras, 4 cable pulls, 4 installations. The installation alone of the analog cameras takes significantly more labor hours and equipment.
I mentioned the “field of vision” that a megapixel camera can cover. Additionally, the end-user has the ability to crop that “field of vision” and see only what needs to be seen, without taking up any additional disk space. For example, in that parking lot that is being covered by the one megapixel camera, if you do not need to see the buildings and the sky in the distance, then you can crop that image and see only what’s going on in the parking lot.
Moreover, the ability to zoom in on an image is most impressive with the megapixel camera. For example, in that parking lot that you are covering with the one megapixel camera, you will be able to drill down in the image to see a license plate, or to see more details of facial features of people in the parking lot. Because analog cameras lack the resolution (i.e. not megapixel), they do not have this drill down capability.
Of course, there is more to a megapixel camera than just what I’m talking about here. A megapixel camera is an IP camera, therefore there is licensing involved. They are also more expensive than an analog camera. The installer also needs to have an understanding of the customers IT network and how the camera is going to interface with that network. The IQinVision cameras can be integrated with existing DVR, NVR, access control or alarm systems or they can operate as stand-alone systems. I am only touching the tip of the iceberg here with the capabilities, applications and uses of the megapixel camera. If you would like more information, please feel free to contact me at mvincenti@infrastructsecurity.com
Malisa Vincenti, Marketing Manager
Have a question or comment about this blog? Please send an email to info@infrastructsecurity.com
April 15, 2009
iPhone has an App for that too!
I still continue to be amazed at how quickly technology has changed in the past few years. With the creation of the iPhone, the cell phone has become so much more than a phone. It’s such an invaluable tool not just for communication, but it’s a gateway to the infinite information superhighway.
While on Twitter (by the way you can follow Infrastruct on Twitter at twitter.com/infrastruct), one of the “tweople” I was following was talking about a meeting he just had with a company that created an iPhone/iTouch application for mobile video surveillance monitoring. I was very intrigued so I visited the website. (www.lextechlabs.com) With this iPhone app you can not only monitor your cameras from a remote location, the app also allows for PTZ functionality. ). With technology available is such a mobile form, such as the iPhone, mobile video surveillance would be a natural progression in the state of security.
One can certainly see the advantage to this kind of mobility. Security personnel can move around while still having the ability to monitor cameras should an alarm be set. Having the physical presence throughout a building or facility, rather than chained to a desk and monitors certainly is more effective. The mobile capability would allow Security Directors to monitor facilities, buildings, and even employees more effectively. The applications are definitely there.
We have yet to have a customer ask us for this yet. But, as technology continues its progression in going mobile, it’s only a matter of time.
Malisa Vincenti
Marketing Manager
If you have any questions or comments about this blog, please email info@infrastructsecurity.com
April 15, 2009
Chili Cook-off Success
You know how when you are a kid, and you plan a birthday party. You invite all of the popular kids, all your friends, your neighbors and even that annoying cousin that your mom “made” you invite. You get the cake, put up the streamers, put your party clothes on…and then, you pray. You pray that people actually show up to your shindig, and that you won’t be the laughing stock of your school on Monday – the big loser that didn’t have anyone show up to your birthday party.
Well, now that I’m all grown up and I am tasked with pulling off a successful company event – the old fears are still there. What if no one shows up? What if I am just a big fat loser that no one wants to hang out with. And I find myself repeating the same prayer, “please let someone show up, please let someone show up”. I know it’s irrational, because I KNOW that people are coming, but still there’s that crazy little fear that has stayed with me since middle school.
I am thrilled to say that our Houston’s First Annual Chili Cook-off was a great success. Our Oklahoma City office has had many of these cook-offs in the past, so they have created a time honored tradition and a loyal following. Two things are certain in Oklahoma – tornadoes and the Annual Chili Cook-off at Infrastruct’s OKC office. We hope to accomplish the same feat in Houston.
I found that in our Houston office, we are all pretty darn competitive. The trash talking was at an all new high. Luckily, we managed to stave off any chili sabotage, however, it did seem that some off the crock pots switches “mysteriously” got turned off when the extension cords they were plugged into also “mysteriously” got switched off. And I must say, that we should have had a contest for the most creative chili name. It definitely would have gone to “Raiders of the Lost Fart and the Temple of Boom”, followed closely by “My Butt’s on Fire”. Yes, references to flatulence, humor that can only be appreciated by 13 year old boys AND Infrastruct-Houston employees. We are a funny bunch!
We had a good turn out of customers, and some of our key vendors here and in OKC – AMAG, Bosch, Aiphone, SC Black, Fike, Resource Corp. We had some great door prizes too.
But to the most important part – the winners of the competition:
Houston:
1st Place: Hell, Fire and Brimstone
2nd Place: My Butt’s on Fire
3rd Place: Party-In-Your-Mouth (yes, someone really named their chili this)
OKC:
1st Place: Slow Burn
2nd Place: Steve (yes, someone named their chili “STEVE”)
3rd Place: Mr. Caleb’s Chili
By the way, I must mention – Hell, Fire and Brimstone? That’s my baby. I did my Happy Chili Dance and my rendition of “We are the Champions” by Queen while everyone held up their lighters (old school style) and swooned in the glory of my victory. Okay, so that last part, I just imagined. But it would have been really cool had it happened.
Malisa Vincenti
Marketing Manager
If you have any questions or comments about this blog, please email info@infrastructsecurity.com
March 26, 2009
SC Black - Great Product – Great Price
I had the pleasure of meeting with Rob Leef of SC Black today. First, let me say that he demonstrated a tremendous amount of tenacity in getting and appointment with our General Manager. Somehow, our GM managed to avoid his phone calls for the better part of a year. Which is why I am such a proponent of social networking and inbound marketing. Had we began our social networking campaign sooner, Rob would have had some other avenues for getting in contact with us besides the old-school cold call. But I digress. SC Black is a division of Super Circuits. They are a separate and independent business entity focused on security integrators. They have a full line of video surveillance products including cameras – day/night, IP and analog and DVRs, including a hybrid as well. We have been quoting SC Black products to our customers and the response has been very good. Their technical support and customer service has been impressive. But what is most impressive is the quality of products that you get for the price. Bottom line – great quality/low price. Works for us! Visit them on the web at https://www.sc-black.com/
Malisa Vincenti, Marketing Manager
Have any questions or comments about this blog? Email info@infrastructsecurity.com
February 13, 2009
Economic Stimulus Package and Security
As you may know, the new administration has been working hard to pass an economic stimulus package aimed at creating jobs, giving a much needed boost to the economy. This may be good news for the security industry. Much of the new administration’s emphasis has been on building and modernizing our national critical infrastructure. Protecting critical infrastructure is part of Obama’s Homeland security agenda http://www.whitehouse.gov/agenda/homeland_security/
- Create a National Infrastructure Protection Plan: Develop an effective critical infrastructure protection and resiliency plan for the nation and work with the private sector to ensure that targets are protected against all hazards.
- Secure our Chemical Plants: Work with all stakeholders to enact permanent federal chemical plant security regulations.
- Improve Airline Security: Redouble our efforts to adequately address the threats our nation continues to face from airplane-based terrorism.
- Monitor our Ports: Redouble our efforts to develop technology that can detect radiation and work with the maritime transportation industry to deploy this technology to maximize security without causing economic disruption.
- Safeguard Public Transportation: Work to protect the public transportation systems Americans use to get to work, school and beyond every day.
- Improve Border Security: Support the virtual and physical infrastructure and manpower necessary to secure our borders and keep our nation safe.
While proponents of security funding are urging congress to include security as part of the economic stimulus, these provisions have yet to be adopted. Ideally, security would be built into construction and modernization plans from the beginning thus ensuring critical assets are protected from the start. Physical security could very well become part of the legislation. Good news for the industry.
May 23, 2007
From Fingerprints to Facial Recognition
It is common today for a crime scene investigator to collect fingerprint evidence. The first publication about the potential use of fingerprints as a means to identify an individual was in 1823 by a professor from Breslau University. In 1892 Sir Francis Galton published a detailed statistical model of fingerprint analysis and identification and encouraged its use in forensic science in his book Finger Prints. In the same year, 1892, Juan Vucetich, an Argentinean police investigator, made the first use of fingerprints to solve a crime. Vucetich, who had studied Galton's Pattern types for a year, successfully proved that Ms. Francisca Rojas was guilty in a murder after he presented a bloody fingerprint from the Crime scene that tied her to the crime. Since then, using fingerprints as evidence in courts become commonplace.
DNA analysis has become one of the most important tools for human identification since Francis Galton developed the use of fingerprints for that purpose. In 1989, the National Research Council formed the Committee on DNA Technology in Forensic Science to study this new technique. The Israeli Shin Bet started using DNA analysis in 1994 to identify suicide bombers in Israel. Using DNA led the Israelis to terror cells and suicide bombers' infrastructure in Gaza and the West Bank.
Facial recognition is a tool that is also being utilized. During 1964 and 1965, Bledsoe, along with Helen Chan and Charles Bisson, worked on using the computer to recognize human faces (Bledsoe 1966a, 1966b; Bledsoe and Chan 1965). He was proud of this work, but because the funding was provided by an unnamed intelligence agency that did not allow much publicity, little of the work was published. Given a large database of images (in effect, a book of mug shots), the problem was to select from the database a small set of records such that one of the image records matched the photograph. The success of the method could be measured in terms of the ratio of the answer list to the number of records in the database, for example the FBI holds today millions of fingerprints records in its database and helps the agency to identify criminals within seconds, on the other hand police department and other law enforcement agencies have hundreds of thousands of criminals photos that can be used as a data base for the facial recognition tool. In recent years the research for this technology made some progress and it's been used as a PREVENTIVE tool using it in airports, multiplexes, and other public places to detect presence of criminals or terrorists among crowd.
The difference between using facial recognition and the two other tools is that fingerprints and DNA analysis used to identify the criminal or the victim after the crime happened. Facial recognition will identify the criminal before a crime is committed. Thus the technique becomes proactive rather than reactive. It is certainly better to stop the crime before it happens. This will save lives, not to mention assets. Facial recognition systems can help to identify pedophiles in schools, protect jewelry stores, prevent the access of unwanted personnel to workplaces, identify shoplifter in department stores, and more.
The key word is PREVENTION. Stop the criminal before a crime is committed.
April 27, 2007
One More Thing About the VT Massacre
The media coverage of the tragic shootings at Virginia Tech touched on a slew of topics; the murderer's motivations, the victims, gun control laws, and the law enforcement reaction.
The media failed to mention that since the Columbine High School shootings on April 20, 1999, there has been nothing done to address protocol for first responding to an incident or emergency. I still have in my mind the pictures of police officers hiding behind trees and waiting while the shootings were going on inside the school. In the Virginia Tech shooting, there was a two hour gap between the first shootings and the next. Why was law enforcement so slow to react?
Any place where large numbers of people converge should have emergency plans established to deal with the unthinkable. Not just school campuses, but also malls, sports venues, theaters, etc. First responders should have maximum information about the site and a means by which accurate communication can be provided about an emergency situation. Law enforcement should establish well-trained units that will be able to respond within minutes to any incident in any part of the city. Time is crucial here as a shooting incident should not last more than 5-10 minutes before law enforcement takes down the attacker/s. Most of the students were killed within 9 minutes. The shooter was able to get off 170 rounds in this time.
Law enforcement needs to address their response time and methods now. Don't wait until the next attack!
April 24, 2007
Chemical Facility Anti-Terrorism Standards.
What is the impact for my facility?
The answer to that question depends on your current security posture. If your facility has completed a Security Vulnerability Assessment (SVA), a completed Security Site Plan (SSP) that has been fully implemented or at least being implemented then you are extremely well positioned for this new rule. Those of you who have not are in for a rude awakening.
Some chemical plants have come under the jurisdiction of the Coast Guards Maritime Security regulations and therefore have undergone close scrutiny of their site security plan. But until the enactment of DHS Appropriations Act of 2007 . section 550, the federal government did not have the authority to regulate the security of most chemical facilities. Now they do! Be advised they are serious.
This entire process will begin once the list of "Chemicals of Interest" also know as "Appendix A to part 27" has been finalized, most likely by June 2007. However the "final rule" has been enacted and will become effective June 8, 2007! Once the chemicals of interest have been finalized all facilities nationwide will have 60 days to complete step one "the top-screen process". This is the beginning of a month's long process of compliance, assessment, documentation and in the end implementation. You may need help from an outside consultant to pull it all together.
