As security professionals we need to explore the myriad benefits which can be derived from the marriage of security with the powerful IT sector, and work with clients to not only develop a more integrated approach to security but also leverage the ever-increasing importance of business intelligence to an organisation.
Without doubt, today’s successful companies and organisations need to be more secure, robust, resilient and efficient. Clearly, information and data are key drivers towards the success of any enterprise. At the end of the day it’s all about delivering tangible benefits.
Integrated security is a rapidly growing field. Indeed, there has been a lot of talk recently about integration and interoperability, but how do you realise an effective integrated or interoperable system given the huge range of equipment and technology now available?
Moreover, what do we really mean by integrated or interoperable?
Does one plus one equal three?
Clearly, experience tells us that integrating a number of security systems should be a one plus one equals three equation. In other words, a completely integrated solution should be greater than the sum of its parts.
Where systems have not been integrated then security gaps naturally emerge. This would render an environment or business a little more vulnerable and increase the workload on security and facilities management teams.
True integration should deliver return on investment very rapidly because it reduces the manpower required while at the same time improving response times, enhancing operator efficiency and providing accountability.
An important point this brings up is how do we capitalise on the benefits of converged technology? Is there an existing model we can emulate to speed up the learning curve in order to derive maximum positive results? Could we, for example, use C4i principals to focus the mind on delivering holistic, balanced ‘man and technology’ solutions and provide the design framework to achieve these business objectives?
C4i is a military term which started life as C2 Command and Control. It refers to the ability of military commanders to direct and control forces. C4i extends this principal to command, control, communications, computers and intelligence. It’s a complex ‘system of systems’ generally using high technology commercial ‘off the shelf’ equipment and devices (COTS) which can be applicable in both military and civilian life.
C4i is one of a number of acronyms that emphasise different aspects of military command and control functions. The latest in UK military parlance is C4iSTAR: C4 (command, control, communications, computers), I (military intelligence), STAR (surveillance, target acquisition and reconnaissance) in order to enable the co-ordination of operations and C5i (command, control, communications, computers, combat systems) and I (intelligence).
Definition according to the Joint Chiefs of Staff
C4i is defined by the Joint Chiefs of Staff as:
- Command and control (C2): The exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission. Command and control functions are performed through an arrangement of personnel, equipment, communications, facilities and procedures employed by a commander in planning, directing, co-ordinating and controlling forces and operations in the accomplishment of the mission.
- Command: The authority that a commander in the Armed Forces lawfully exercises over subordinates by virtue of rank or assignment. Command includes the authority and responsibility for effectively using available resources and for planning the employment of, organising, directing, co-ordinating and controlling military forces for the accomplishment of assigned missions.
- Computing and communications: Two pervasive enabling technologies that support C2 and intelligence, surveillance and reconnaissance. Computers and communications process and transport information.
- Control authority (which may be less than full command exercised by a commander over part of the activities of subordinate or other organisations). Physical or psychological pressures exerted with the intent to assure that an agent or group will respond as directed.
- Intelligence: The product resulting from the collection, processing, integration, analysis, evaluation and interpretation of available information concerning foreign countries or areas. Information and knowledge about an adversary obtained through observation, investigation, analysis or understanding.
In simplistic terms, C4i is about information superiority and the ability to use this information advantage to elicit the maximum efficient and appropriate response in a given situation. Technology and human resources are used to gather relevant information and accurately communicate this information to appropriate human and technology assets, thereby increasing situational awareness in order to realise the application of appropriate responses and control measures to an event based on up-to-date intelligence.
Put simply, it’s all about delivering timely and comprehensive information to commanders and enabling them to disseminate it expediently to troops on the ground.
Real-time visual intelligence and response
Situational awareness can be summed up as: “Knowing what is going on so you can figure out what to do” (Adam, 1993) or alternatively: “What you need to know not to be surprised” (Jeannot, Kelly and Thompson, 2003).
Today, C4i principles are applied in civilian life, particularly for those Government agencies liable for national security. That said, any authorities and organisations responsible for providing and ensuring the safety and security of people and property (such as town and city centre Control Rooms, hospital security staff and university police) can benefit.
Equally, the principles can be adopted by any business enterprise to develop integrated systems which provide real-time visual intelligence and associated response procedures to address risk, manage resilience and improve efficiency.
It’s all about what information we need to collect, when and where we need that information, who needs access to the information, how does that information get processed and what do we do with it and what decisions does it lead us to make?
Moreover, who has the authority to make the decisions and ensure they are carried out correctly?
Again, to use military parlance ever since the end of the ‘Cold War’ the world has become a less safe place. New risks and threats are self evident – crime, terrorism and austerity. The world has changed and global events have created a need for more sophisticated security systems and an increase in public demand for safer environments.
That being the case, today’s security systems need to combat not just crime and terrorism but also raise situational awareness in the spheres of critical risk management and business continuity.
Yesterday’s technology cannot address today’s issues
Since the 1990s the UK has placed great emphasis on the use of CCTV to meet this demand, and it’s clear that video surveillance plays a key role in fighting crime and protecting public spaces. It’s a valuable aid to ‘operational management’ of urban spaces, such as town and city centres, industrial parks, hospitals and universities where it’s designed to improve community safety and work towards the early identification of crime and emergency situations as well as other disruptive incidents.
However, it’s also clear that yesterday’s technology cannot address today’s issues. Traditional CCTV technology no longer meets the needs of today’s organisations which require more data, accurate information and accountability along with secure (but shared) event monitoring and recording.
It’s imperative that those who require this crucial visual intelligence have access to easy and speedy retrieval of recorded information using database-type access methods.
This is where the convergence of security and IT technologies gives us the opportunity to look at CCTV or, to be more accurate, given today’s technology we should be looking at ‘video surveillance in new ways’.
In the traditional CCTV Control Room, the CCTV operator sat in front of a ‘spot’ monitor with a CCTV control keyboard. That same operator would call up an individual camera for display on the screen and control via the keyboard, enabling the user to pan and tilt the camera in order to visually sweep the area for any signs of impropriety. A zoom facility allowed the operator to gather close up action.
The spot monitor is supplemented with an array of monitors or video wall displaying all the system cameras in various configurations: 4 split, 9, 16 etc, etc, providing the operator with a general overview of the areas under CCTV surveillance.
This typical CCTV set-up has proven over time to be a pretty powerful crime management tool producing huge amounts of visual data, with some providing valuable intelligence which can lead to successful prosecutions.
However, most CCTV successes are retrospective after the event rather than being proactive. It’s very much one-dimensional, placing huge responsibility on the CCTV operator who’s the focal point for this data (which he/she then has to decipher and process before taking the appropriate action at the correct time even if they’ve never had to take such action before).
Allowing the organisation to ‘see everywhere’
It’s obvious to anyone who has visited a busy CCTV Control Room that the operator has a stressful role in a demanding environment. They’re often doing a multitude of tasks: phones are ringing, radios are on, there’s something happening on screen, a report to log, etc.
Clearly, Control Room operators must be given every opportunity to do their job to the very best of their abilities. This means the correct training in both the operational use of the equipment and the wider remit of the role, supervision to cover lapses of human nature, procedures to ensure correct and consistent levels of response and reporting, an environment conducive with their duties and, of course, the correct technology.
Undoubtedly, a well-designed video surveillance system and operational strategy is a valuable aid, providing monitoring, surveillance and intelligence gathering to enable pre- and post-event assessment of an incident, the latter where its use is in evidence gathering and forensic analysis.
It’s all about enabling an organisation to ‘see everywhere’, providing real-time visual intelligence or post-incident analysis from which informed decisions can then be made.
Therefore, how do we maximise the huge potential offered by the convergence of technology and learn quick lessons about how to use and deploy it to its best advantage? After all, there’s a lot of hype around integration and interoperability.
Closer ties with the system end users
First off, we need to develop much closer ties to the system users and garner a far better and deeper understanding of their objectives and awareness of what it is they want to ultimately achieve.
So, can we use 4Ci to provide a focus for this?
If we go back to 4Ci we can see that each element is valid in ‘civvy street’ use. Command and control is applicable to any incident, be it a simple crime, public demonstration or an explosion, terrorist act or natural disaster or even a business process ‘going wrong’.
In any given situation, it’s always the case that someone needs to ‘take charge’ of overall command and ‘do something about it’ by organising resources and the appropriate responses. This is highly relevant in the case of security, of course.
Gathering as much information as possible and communicating this information to relative parties is vital towards realising the correct and appropriate responses. This is where the right technology comes into its own.
Control of devolved responses
Control of devolved responses needs to be delegated to persons of authority within their own particular area or sphere of expertise (for example, the production manager) should a business process go wrong and perhaps the had of PR to inform customers and mitigate any negatives around potential problems.
In a major incident such as an explosion this could be the police commander assuming overall command, with control delegated to a senior paramedic to deal with any injured party and the fire chief (to make an area safe), etc.
Finally, input from the people involved and the information gathered by the various technological systems should deliver a high degree of intelligence on which informed decisions can be made and ‘after event’ lessons learnt.
Computing and communications equates to the data gathering and processing technologies. In our case this equates on one hand to cameras to gather visual images from target areas, preferably in full HD or better and ideally supplemented by video analytics configured to instantly detect and report exceptions to the norm (ie build-up of crowds, entry/trespass to forbidden areas, left object detection, etc) or to recognise known faces or vehicle identification plates.
Equally, other relevant data gathering devices should be deployed. For example, intruder and fire detection devices, access control, flood warning sensors and even CBRNE (Chemical, Biological, Radiological, Nuclear and Explosives) detection systems. The list goes on.
These data gathering technologies make the system multi-dimensional and place fewer onuses on the Control Room operator by automatically drawing his or her attentions to specific events or issues.
Identifying real situations and their priority
On the other hand it’s all about the software that collects, correlates and analyses data, events and alarms from the disparate security and information systems and then manages the incoming information in order to identify the real situations and their priority.
The modern Control Room approach will be more proactive in that the system will alert the operator and provide him/her with the ‘intelligence’ gathered by the various systems and devices. In other words, all of the relevant situation information needed to make informed decisions, which will be presented in a consistent and logical format (along with set response parameters for verification and resolution of the situation at hand) to the various Control Room operators.
Not to mention the field operatives via portable display devices (tablets) providing them with ‘on the ground’ intelligence.
To coin an old phrase: “Man and machine in perfect harmony.”
This article was first published in IFSEC Global at http://www.ifsecglobal.com/c4i-focus-on-integration-and-interoperability/