What is the Most Reliable Biometric Technology?

I was recently asked which biometric technology I thought was most reliable. This is a relatively easy question to answer until I considered the wider issues of using it as a form of identification for access management and then trying to work out which technology is best.

Physical biometric identifiers are the distinctive and measurable characteristics used to identify individuals such as facial recognition, fingerprints, palm vein, iris and retina patterns etc.

The reliability of a technology tends to be the inverse of the social acceptance of that technology. Fingerprints are socially accepted with some resistance from those that associate them with criminal behaviour but they have a relatively high false positive or rejection rate. Which may be fine on a small access control system to a comms room but in an airport with thousands of passengers passing through on an hourly basis, a high percentage failure rate is unacceptable. Facial recognition is quite uncontroversial but equally has relatively high failure rates.

It is generally regarded that eye scans are the most reliable form of biometrics. However, technology such as iris and retina scanning appears to have more social resistance due to its perceived intrusive nature. For this reason iris scanning is now more prevalent than the deeper retina scan. The reliability of iris scanning was born out in a study carried out by the National Physics Laboratory some years ago, where is competed against six other technologies and won with the best false match and rejection ratios.

The problem is compounded by the fact that biometric systems provide”probabilistic results”. It is possible to get variable results due to technical issues and degradation of data, such as fingerprint damage for example. There is also evidence of ethnicity, age, sex and medical conditions affecting rejection rates. Having poorly installed and maintained systems combined with the deployment of biometric technology at airports and other high volume portals without understanding the biology of the population being screened could lead to long queues.

In conclusion, no single biometric trait has been identified as fully stable or distinctive and biometric reading technology should only be deployed with this in mind. False positives and reject rates need to be considered in line with the number and the biology of the users of the system.

Are varifocal lenses zoom lenses?

I recently realised that although I knew that there is a distinct difference between varifocal and manual zoom lenses, I did not know the mechanics of that difference.

When designing a system where a range of fixed lenses is just not suitable, one has to turn to manual zoom lenses to get the best field of view. By manual zoom lenses, I mean as opposed to motorised zoom lenses.

Most “manual zoom” lenses are marketed as varifocal but there is a difference between these and a true manual zoom lens. A verifocal, as the name suggests, shifts its focus with every zoom adjustment. Whereas a true manual zoom lens adjusts the optical array so that the focus is fixed to an acceptable sharpness throughout the zoom range.

One element of the optical array moves either closer together or further apart as the zoom is adjusted another element also adjusts to compensate for the focal shift. A true zoom lens uses between three and five moving groups comprising of up to twenty individual optics.

In a varifocal lens there is no attempt to maintain a sharp focus through mechanical or optical compensation. This produces a cheaper zoom lens with the disadvantage of not being able to maintain a constant focus throughout the zoom range.

In most applications, a varifocal lens will be adjusted and “locked off” at the best setting to provide a permanent fixed field of view. However, in a system where each camera interacts with the next and fine adjustment of the field of view is necessary to get the optimum overlapping views, a manual zoom lens is a far more useful tool.

These applications are probably not encountered often but large high quality systems such as one covering the perimeter of a high security establishment, for example may need fixed focal length lenses that can only be achieved using manual zooms being finely adjusted and then locked in to position. To set up such a system with varifocal lenses would be unnecessarily difficult.

In any CCTV system, the preference from a quality point of view would be to get the survey right, do the calculations and provide a CCTV system with fixed focus lenses.

I would like to thank the members of several groups on LinkedIn for pointing me in the right direction about the mechanical difference between these two types of manually adjusted zoom lenses.

Choosing a CCTV Camera

There are many styles of CCTV camera available but depending on the operational requirement, the best-suited camera should be selected. Fixed cameras in housings offer the ability to have larger lenses and wipers to clear away rain, whereas cameras in domes look more tidy and are generally cheaper. The same applies to pan, tilt and zoom (PTZ) cameras where an overt version has the ability to have larger lenses and have bolt on equipment such as a wiper and illumination that rotates with the camera. The dome versions have the same advantages as the static domes, i.e. tidy and generally cheaper but are limited if they have a tough operational requirement.

Cameras can produce colour images but colour viewing is limited by the amount of light that it needs to operate. There are digital signal processing techniques that allow a colour camera to see in relatively low light conditions but this processing has a price attached, which is often quality of image. Monochrome cameras see at much lower light levels and are sensitive to infrared illumination, which makes them ideal for night operation. To overcome the need for a colour camera during the day and a separate monochrome camera for nighttime, colour/mono or day/night cameras automatically switch from one mode to the other dependant on the available light.

Cameras can be categorized by their image sensors; the Charge Coupled Device or CCD chip is a light sensitive plate that converts the light focused by the lens into an electrical signal for processing. CCDs come in a range of technologies but the more basic criteria for categorizing a camera by its CCD chip is the diagonal size of the receptive area. The larger the CCD chip, the more light it can gather. In closed circuit television system CCD chip sizes are generally1/4”, 1/3” or 1/2”. The larger chips generally mean that the camera is more expensive.

The resolution of any CCTV camera is the key to the performance of the system. Resolution is the measurement of the picture quality in terms of how much electronic information is gathered. An analogue CCTV camera measures its resolution in Television Lines (TVL). These horizontal scans make up the video signal. The more horizontal scans there are in the image, the more detail the system captures and the clearer the resultant picture. The resolution is directly related to the number of pixels within the CCD chip. A low resolution camera would typically be around 330 Television Lines (TVL) and a high resolution camera would be from 480 to 540 TVL.

CCTV cameras also vary in the amount of processing that they do to the image before transmitting it to the control equipment. A high quality camera would have a range of processing features such as backlight compensation, which reduces the effect of silhouetting and automatic gain control to boost the video signal when light levels drop. For more demanding fields of view there are features that allow manual override of the shutter speed and wide dynamic processing. Wide dynamic processing allows the camera to produce high quality images in challenging conditions such as high contrast lighting produced by flood lights.

For true night vision there are thermal imaging cameras which detect very low heat sources and displays the image in a useable format.

When it comes to choosing the best CCTV camera the important considerations are around what you need to achieve based on the operational requirement.

Where do you start when designing a CCTV system?

To get value for money and an effective CCTV system you must have an understanding of what you need and how to achieve the desired results. The design process for a CCTV system can be quite complicated. I have been called in to many systems and asked why has it had little to no impact on the original problem. The answer is usually because the original problem was not clearly identified and the performance requirements of the CCTV system were not considered. The end result is a pile of CCTV equipment installed that does not do what is supposed to.

Before considering the implementation of any CCTV system, it is important to understand what the problem is and whether CCTV is the most appropriate solution. The production of an operational requirement document will ensure that the key points are considered, such as why do I want CCTV, what is its purpose, what will it achieve and what will the performance criteria be.

Firstly make a statement of need that defines the problem and assesses the potential impact of CCTV upon it. I.e. will the introduction of CCTV alleviate the problem?  This statement shall clearly define the problem and the solution.

The second part of the operational requirement will detail specific problem locations and the required performance specification, both technically and operationally. For example, a camera on the perimeter of a site may need to be able to “Detect” a person engaged in a particular activity under low light conditions. The performance of a CCTV camera, in terms of operational requirement, can be defined within five surveillance categories.

Monitor and Control – A person occupies at least 5% of the overall CCTV image height.

Detect – A person occupies at least 10% of the overall CCTV image height.

Observe – A person occupies at least 25% of the overall CCTV image height.

Recognise – A person occupies at least 50% of the overall CCTV image height.

Identify – A person occupies at least 100% of the overall CCTV image height.

This part also details the operational issues of who monitors the system, where and when. A recording archive quality and duration must be established and high-level Standard Operational Procedures produced to determine the appropriate response to any given scenario. It is also important to establish a method of transmitting the procedures to the response team to ensure that the correct response is initiated, bearing in mind that some scenarios will be rare and procedures may not be instantly familiar to the team.

With the operational requirement document in place, it is necessary to consider the technical specification to fulfill the requirement. A detailed specification should be produced that can be used for the purchasing process and a system for commissioning and validation of the system should be documented.

What is transient suppression and do I need it?

Modern societies rely heavily on electronics for every aspect of life. From health and economy to entertainment and security. The basic fact about electronics is that it uses wires or cables to transmit power and signals. Let’s put wireless to one side for now because there is not yet a viable wireless power transmission technology, which means that even wireless systems rely on connection cables at some level.

This fundamental reliance on metal conductors means that one rule of physics is unavoidable. This is that electromagnetic fields can induce electricity into an adjacent metal conductor without physical connection. Therefore, an intense burst of power near a cable can induce a damaging spike of electricity into that cable without being in contact with it. This spike is likely to damage or disable the electrical systems that the cable serves.

So what causes these spikes? Lightning is the big one given its strength and the amount of cables that are lying across the planet but lightning is not the only source of damaging spikes. Spikes are more likely to be caused by heavy machinery switching on; motors and appliances such as air conditioning can also cause damaging transient spikes.

Another name used in connection with these spikes is overvoltage. The term transient overvoltage literally means a momentary electrical spike. These spikes can overheat components in the electrical system or breakdown the insulation that contains the signals. Either way, system damage can be catastrophic.

You may have designed the best security system ever but without adequate defence, it is at risk of problems or complete failure if you don’t consider transient protection. The difficulty for the system designer is to keep the amount of protection proportional with the risk of induced overvoltage. You may consider that a domestic property in a low lightning area would need far less protection than an industrial process plant in a high risk lightning area. This assumption is probably correct but the risk assessment for how much protection is required needs to consider the potential should a system fail as well as the hazards that may cause the voltage spike.

Considering the domestic property again. The property does not have heavy machinery turning on and off but it does have air conditioning, which is quite old. It also has domestic appliances such as refrigerators etc. The wiring in the property is also old and is bunched up as it runs around the house. It’s a large house that belongs to a very wealthy person that doesn’t trust the banking system so keeps a quantity of bullion on the premises in a safe. Although the property is in a low lightning risk area, it is not unheard of that lightning strikes the ground occasionally. This person is often away on business and leaves the house empty for days at a time, relying upon the security system to alert him and the authorities if anything unusual occurs. The risk of transient overvoltage affecting this security system is quite low but the potential for loss is quite high. So the question is now, does this domestic property in a low risk area need transient suppression to protect the security system?

A DAY OUT IN LONDON - COUNTER TERROR EXPO

I spent the day yesterday at the Counter Terror Expo in London. There are very few exhibitions that I enjoy because generally I am "salesman intolerant" or indeed, sales woman intolerant. I would not want to be accused of being sexist with my prejudiced opinions of people whose job it is to sell a product and not let a few minor negative points get in the way of a sale such as "this really isn't the technology I am looking for" or "that doesn't actually work, does it?"

The CTX in London was different to my usual experience at exhibitions in that none of the technology was "being launched" or "on the road map for development". One or two stands grabbed my attention as I wandered past trying to take everything in and as I approached I was set upon with the sales patter of a seasoned professional. But generally I was unhindered in my quest to get familiar with the technology that is available and who is manufacturing it.

There was a vast array of heavy security equipment on show. When I say heavy, I mean blast resistant, bullet proof and solid as opposed to all of the whizzy gadgets that you may see at other shows; no names of course. There were very few conventional CCTV cameras and very little network feature rich products such as access control or video management. The show was packed with solid and proven technology that is fit for purpose. Remembering that you have to first establish what that purpose is in your operational requirement.

I guess the tag "Counter Terror" suggests that we cannot afford to mess about with new gadgets, which really came through in the show. It is a shame that some people don't take the same view when dealing with security that doesn't have the "Counter Terror" tag.

This show is possibly not for the everyday security project and does concentrate on the more unique or specific issues associated with terrorism. Thermal imaging, robust video content analysis, robotics, security screening, armoured vehicles and more 358 weldmesh fence than I care to mention were amongst the exhibitors. Although why there was so much 358, I am not sure.

A good day out in London, I met some friends and made some new ones. I might even go again next year.

THE IMPORTANCE OF FACTORY ACCEPTANCE TESTING

When trying to establish why an installation or individual products don’t perform as they should I have to consider which step of the design and delivery process has failed. Very often the problems are created in the early stages of design. The operational requirement document is the key to getting a project set on the right track. However, there are many other stages in the project delivery process that can negatively impact the end result if due diligence is not paid at the right time.

Whether you are designing  a complex system that involves new technology, high levels of integration, multiple levels of programming or a system that you have deployed many times before it is important to consider the role of the Factory Acceptance Test (FAT) in the project delivery process.

A factory acceptance test is a documented procedure that is carried out prior to system deployment to determine whether the system will operate to its performance specification. This test procedure should cover all aspects of the system functionality under all scenarios.

Many of the systems that I review have obviously not been fully tested prior to deployment. When I am asked to evaluate a system to determine "what went wrong" I often receive a project history that lists problem after problem during installation, commissioning and then through the defects period. I don't think that I have ever visited a system that has suddenly started to play up.

When I look in to the details of such a project history, I find that the installer had problems getting system A talking to system B or that a certain piece of equipment struggled to achieve what it was there to do. Camera 27 has never had a usable image etc. etc. All of these problems could have been eliminated prior to installation with a good factory acceptance test.

The FAT does not only eliminate the risk of design or interface issues, it is an opportunity to pre-program systems and let engineers get familiar with the project long before it hits site. After a good factory acceptance test a project installation should be smooth without unexpected problems. This fact does not only ensure that the system meets its operational requirements or performance specification, it has the potential to save a lot of money. Installation programmes can be reduced, on site commissioning can be reduced and loads of expensive time and resource used up by reacting to problems can be eliminated.

Spending a little time and money on a factory acceptance test prior to installation can save you a lot of time and money during (and after) installation.

Of course, the FAT is only part of the project design and delivery process but in my experience it is one that reaps many benefits if carried out correctly.

THE BASICS OF DESIGNING A CCTV SYSTEM

In order to maximise the benefits of your CCTV system it is important to establish some basic criteria as a starting point for the system design. The first of which is to define the problem and consider if CCTV is the most appropriate response. Given that the answer is “yes”, it is critical to establish the Operational Requirements (OR) of the system.

The basic model for an OR is to establish the following information.

• Site Plan – to identify areas of concern.
• Statement of the Problem.
• Stakeholder Liaison.
• Risk Assessment.
• Success Criteria.
• Determine the Technical Solution.

With the OR in place it is then possible to design the most appropriate CCTV solution. The second level of the OR must identify observation category of each camera. I.e. is it to monitor the area, detect a figure or recognise a known individual. There are five surveillance categories.

• Monitor and Control
• Detect
• Observe
• Recognise
• Identify

When this has been established, other factors need to be taken into considerations such as image quality, target speed, lighting and environmental conditions etc.

Finally, the response to CCTV information needs to be considered. Who will monitor it, where from, will they be dedicated to it. What training do they need and are there any legal issues associated with privacy and data protection.

With the Operational Requirements in place, it is important to establish the most appropriate technology to use. Does it need to be wall or ceiling mounted, vandal resistant, static or fully functional? Does it need to work in low light conditions or are there challenging lighting conditions such as high contrast areas?

Dependant on the camera choice a suitable lens needs to be selected. What size lens is required to achieve the surveillance category detailed in the OR? Does it need to be IR cut to work with infrared illumination?

It is important to establish which methods of signal transmission most suit the Operation Requirement. For example, fibre optic for long distance and secure transmission or IP on a LAN for integration.

Lighting is one of the fundamentals of CCTV design. Although with the advent of wide dynamic processing it is possible to get usable images in a range of challenging conditions, it is essential the scene illumination and reflectance is understood to achieve the best possible results.

The display monitors need to be selected to best display the received images. The size and position needs to be selected to enable the operator to use the system both safely and comfortably.

Finally the recorded evidence needs to be established in terms of image rate, quality of compression, resolution and duration. How is the data to be exported, should it be required in a criminal case?

A NOTE FROM ME

I wrote the following blog about control room design after another frustrating visit to a facility asking “why does my security system not work very well?” All too often I find system interfaces, monitors, computers etc. shoe horned in to rooms that should only really be used as a cupboard. Or possibly even worse, on a reception desk where nobody is tasked with or trained to operate the system. The best you are going to get from this situation is a chance notice of something untoward going on.

These systems are little more that evidence gathering machines. By this I am referring mainly to CCTV but unless you are monitoring an access control system you will not see a door held or door forced alarm.

The current thinking is to avoid banks of monitors displaying all of the CCTV images. This is partly due to space allocation and energy efficiency but mainly due to “operator blindness”. This is not a health and safety issue but psychological problem that may lead to an operator missing the glaringly obvious due to constantly looking at the same images. Si if you don’t have loads of monitors and an operator that can attentively watch each and every one of them, how do you make the system proactive? Video content analysis and PSIM go a long way to resolving these issues but the control room needs to be designed with a proactive security approach in mind so that operators have all the tools they need to receive and act on information pertaining to the security of the facility. I have seen many discussions on the pros and cons of integrating other disciplines in to the control room such as BMS, Fire etc. In principle this is a good idea if the control room is properly designed but could be a disaster if the equipment sits in the corner and the operator has other distracting duties.

It is horses for courses when it comes to control room design. If all you need is an evidence gathering machine then fine, locate it in an equipment room somewhere. If you need a fully managed and proactive system then consider the most efficient methods tailored to your needs.

My final point for this note is to consider the Data Protection Act when you have the control equipment on the reception desk!

CONTROL ROOM DESIGN

A suitable and proportional control room along with its associated areas is essential to the implementation of a robust security strategy. Operators will undertake a mixed range of tasks from VDU/GUI operation to producing reports and documentation. In order to achieve the most success from a security system, the control room must be designed with the operators in mind. Consideration should be given to the following.

• Security Policy
• Security Procedures
• Security Mechanisms
• Task Identification
• Time and Motion Analysis
• Sociotechnical Interfacing
• Proportional Accommodation
• Resilience
• Disaster Recovery
• Compliance with regulation and standards
• DDA Assessment

The control room suite should be located in a position where it cannot be isolated or compromised, as it must be able to continue to operate in the event of a serious disturbance. A Briefing Room may be necessary for management during a serious disturbance. The location of this room needs to have safe access for emergency personnel and services.

Access to a restroom/kitchen should be available. The staff toilets should ideally be separate male and female, but unisex toilets may be considered when space is at a premium.  A disabled toilet facility should be available as required by the DDA assessment. A staff shower room should ideally be provided incorporating sufficient dry area for changing and storage of clothes whilst showering.

Adequate space must be provided for the services that are essential for the operation of the control room. Adequate height must be provided to allow for raised floors. Raised floors and ceiling voids must be secured within the envelope of the control suite.

Lighting should be appropriate for all the tasks being performed. However, consideration needs to be given to reflection and glare on monitor screens.

The control room should be designed as a low noise environment with sound absorbing ceiling tiles, etc. The use of cross talk attenuation may need to be considered where ducts pass between separate rooms.

The ergonomics of the room needs careful consideration with respect to the positioning on monitors and display technology in relation to the operators. Headaches can result from and signle or combination of the following.

• Screen Glare
• Poor Image Quality
• Stress and Anxiety
• Long Periods of VDU use
• Poor Posture

The sociotechnical interfacing considerations should take in to account all of the above along with issues relating to watching images that don’t change very often, which can lead to “change blindness”. Black screen technology and PSIM solutions increase operator efficiency.

Control room design has many facets of consideration, from ergonomics to integration. Control room design, whether large or small must form part of the overall security strategy and mechanism.

JAILBREAK CHALLENGE

On Friday we spent the day raising money for charity on behalf of Crimestoppers Sussex. Fantastic day out, fun, team building and exhausting. Team c-hq came through and rescued me from a cell in the Brighton Police Museum. A huge thank you to our sponsors that generously gave up some of their hard earned cash for Crimestoppers.

DIGITAL SWITCH OVER

The UK switch over to digital TV has prompted an increase of burglaries by using the distraction to commit the offence. An increased number of legitimate engineers in the area may lead vulnerable people into a false sense of security when somebody knocks on their door.

It may be prudent to check on people you know to make sure that they understand that the switch over team NEVER cold call and ALWAYS carry ID. There is a telephone number that anybody can call to verify a person claiming to be part of the process. 0800 40 85 900. This can be called whilst they are at the door, a legitimate caller will not mind waiting.

There is a help scheme available, for more details contact the same number above.

By way of a credit, this info has been released today on a Sussex Police Bulletin.

A REMINDER FROM ME ABOUT DISTRACTION

The wider issue here for the security community is the reminder that security can be easily compromised through distraction. Whether vulnerable people worried about their television or professional personnel that are responsible for a facility; if you become distracted by superficial events you can leave yourself open to miscreant activity.

Having focused personnel, the correct environment and supporting intelligence from technology is key to a successful security operation.

A NOTE FROM ME

The article below "DEFINING PSIM" posted on the 16th Feb was collated to try and cut through all of the "buzz" around PSIM. It seems that there are many companies out there that claim to be a "PSIM" provider. The problem I had was getting to the bottom of what PSIM actually means and how it can benefit an organisation. The term PSIM is attributed to Steve Hunt but Frost & Sullivan have done a good job of categorising three tiers of PSIM companies. In my own opinion only the top tier should be considered as PSIM because they integrate and analyse data from disparate systems to identify and categorise security events.. The other companies that claim to be PSIM tend not to be as flexible as the Tier one products because they have been developed specifically to support a core product such as CCTV video codecs or a perimeter detection system. These systems do integrate with other security systems but are very limited on the range and capability of drivers available.

The PSIM market is evolving very rapidly and various forums are discussing the capabilities and next evolution of the concept. Join me on LinkedIn for one of these groups, or if you have a comment please let me know.

I look forward to hearing from you.

WHAT IS PSIM

PSIM as a concept emerged because end user managers of security environments cried out for better management of their security information. They wanted to be able to do with security data what every other business unit does with the data from their respective business units – that is, to make intelligent business decisions.

PSIM is a better, more flexible and much more useful way of managing security events and the information needed to respond to incidents than traditional command centre solutions.

PSIM is simply the security version of the larger, more important business tool of Information Management.

THE CHALLENGE

Currently, improvisational, fragmented and off-the-cuff security management is the norm. It's common to find security operations and traditional command-and-control centres using paper-based processes and not sharing information. Business units and IT departments rarely have access to data in corporate security departments. Events are managed separately.

Access-control-related events are monitored and managed separately from intrusion detection systems, and separate also from environmental sensors and other alerting systems. Often the people and systems are not even located in the same facility, inhibiting information sharing and correlation.

THE CONSIDERATIONS

Converged security and IT networks need to be managed to mitigate any risk of negative impact through the flood of data induced by an IP CCTV system.

Ensuring interoperability across different vendors' devices/systems is a challenge. The physical security market as a whole lacks common, open standards. Thus, virtually, any deployment requires the development of new drivers to integrate various systems.

Choosing the right system. The capability to intelligently analyse and cross-reference incoming data represents a further challenge, most PSIM systems, still process individual alarms.

THE BENEFITS

PSIM principles may be used to produce better situational awareness, prompting better security and business decisions. Situation management software creates useful information out of raw video by contextualizing it (unifying video, alarm and sensor data) which improves situational awareness and makes incident responses more efficient.

Data management best practices are more pervasive now. Regulatory compliance and management best practices dictate that computer systems and data be handled in standardized ways. Security departments are, in general, not compliant with these best practices.

The PSIM system will aggregate, correlate and analyse data from various sources, including alarms, environmental sensors, intrusion-detection systems and video surveillance to ….

• Present a situational view of data.
• Guide standard operating procedures by documenting efficient best practices for every situation.
• Identify trends by searching through data from current and past events to create reports.
• Audit operator behaviour by recording all responses to all alerts for later analysis.

CONCLUSION

Physical Security Information Management systems provide specific security information based on intelligent analysis of data from a range of sensors from what would traditionally be disparate systems. It enables an organisation to manage risk and ensure that standard procedures are carried out at an enterprise level.


Credit:
Steve Hunt http://www.huntbi.com
Frost & Sullivan http://www.frost.com

chqconsulting