VRI is committed to advancing the interests of the law enforcement and homeland security communities. VRI participates in select media, non-profit, government and industry events that help our country become stronger, safer and more prepared.
The number one requirement of security technology is that it works. As new threats, challenges and funding foster the creative innovation of products and systems to protect lives and assets, the competitive race to the “leading edge” can sometimes be described as the “bleeding edge” — where conceptual promise does not equal actual result. This week we’re going to focus on emerging security technologies that have not yet met their full potential in addressing the needs that spawned their development. In so doing I hope to draw your attention to what these technologies may be able to do in the future and the practical realities of what can and can’t be done with them now.
Let’s consider video analytics:
The idea of a camera functioning as an intelligent sensor on a network is entirely logical.
In the not-so-good-old-days cameras worked as after the fact “what happened” devices with real-time surveillance capabilities limited to the availability and talent of individuals monitoring static camera feeds (and digging through tapes). Great improvements in the speed, accuracy, control, searchability and efficient management of the data captured by cameras (video and audio) has for some time now made cameras useful in preventing, detecting and addressing security incidents.
The ability of a camera system to determine what something is (and is not) — a “package left behind” in a public venue (as opposed to a mop bucket), an unauthorized person present at a perimeter or border (as opposed to a deer or coyote) — is the fundamental element of video analytics. Challenges doing so in crowds, low light, difficult weather conditions and otherwise uncontrolled environments coupled with practical security operational considerations (i.e. high volumes of “false positives”, bandwidth use and expense issues, etc.), has contributed to a perception held by many who would purchase or use video analytic systems that they “don’t work” (see http://ipvideomarket.info/report/video_analytics_survey_results and for a survey and spirited discussion on the practicalities and perceptions of video analytics, and http://www.blackhat.com/presentations/bh-dc-10/Marpet_Joshua/BlackHat-DC-2010-Marpet-Video-analytics-Video-Surveillance-and-you-wp.pdf for further detail on which particular video analytics work well (i.e. license plate recognition (LPR)) and which are still struggling (i.e. facial recognition).
While there have been disconnects between video analytic developers, systems integrators and customers, the truth is that many of these applications do work well and the critical factor here is to avoid overpromising and under-delivering in what can be done now. Whether its motion detection, license plate recognition, or even certain facial-recognition applications, with realistic expectations and a smart procurement and implementation program, organizations can realize operational and financial benefit from video analytics.
Now let’s consider Artificial Intelligence:
There are over 100 billion neurons in the human brain. To replicate the brain’s ability to recognize patterns, communicate, make judgments, learn and otherwise think outside of logical and literal calculation is correspondingly daunting. Nonetheless, applications such as those to survey online communications for evidence of fraud and other prohibited activities (and unauthorized persons), control access to a computer network or facility, or automate the development of data collected by physical and IT security systems into operationally useful intelligence, have emerged based on machines that are beginning to know how to “think” and “learn” (a popular example in the consumer world is the SIRI feature of the iPhone 4S (see: http://vritechnologies.com/news/“secrets-what-they-do-know-can-hurt-you”-2/ for a discussion of how “Virtual Personal Assistants” may be a game changer for the world of security and privacy); the University of Arizona’s Artificial Intelligence Laboratory has assembled information on AI’s use in security systems at http://ai.arizona.edu/research/isi/).
The opposite solution – where proponents of security rely on the fact that computers CANNOT mimic certain aspects of human intelligence – is the basis of the CAPTCHA program. Also known by its full name —the “Completely Automated Public Turing Test To Tell Computers and Humans Apart” — CAPTCHA is most commonly the box of oddly shaped numbers and letters that must be entered by a human to access certain websites that wish to defeat bots, spam and other automatically generated malfeasance, and now also generally refers to tests designed to be easy for humans but hard/impossible for computers (i.e. see http://server251.theory.cs.cmu.edu/cgi-bin/sq-pix for “ReCAPTCHA where access is based on an ability to trace objects within a picture). For about five years there have been claims by programmers that they can defeat the traditional CAPTCHA program head on with a machine that CAN read the squiggly lines (as well as hackers who can defeat CAPTCHA with indirect methods exploiting other weaknesses).
As those who promote security (and those who promote its defeat) continue to develop programs that can think (and exploit areas where they cannot), and CAPTCHA like solutions are developed for the emerging ubiquitous “Internet of Things”, the push and pull between man and machine will become ever more relevant to our daily lives.
Finally, let’s talk about Training:
Mayor Bloomberg made a statement a few years back at the Cohen-Nunn Dialogues about city employees responsible for various aspects of Homeland Security:
“Those are the people – if you just gave them an abacus and they had to run messages around – I would rather have that than all the technology in the world and dumb people. And I think the city is blessed with – people always say to me, well, you came in as a business guy. What impressed you the most? What didn’t you expect? And I think in retrospect it is the quality of the people that work in a city like this. Yeah, we have 300,000 employees. There are some bad apples, there are some lazy people, stupid people, all that. But 99 percent of these people are the best I have ever seen. They could be very successful in business. They would run a hell of a company.“
My experiences as Commissioner of NYPD and FDNY align with Mayor Bloomberg’s statement and I believe that the glue to its truth is training. From the seemingly basic aspects of government and private security and emergency response professionals being trained on their missions and roles (see: http://vritechnologies.com/news/43/), to learning how to use technology to its full potential in preventing and responding to incidents, training is often the strongest link in security organizations that work and the weakest link in those that do not.
I have found that every building block of success in a security organization – knowledge, skill and morale – are all improved with training that is practical, realistic (i.e. scenario-based), challenging and frequently scheduled.
The bottom line is that while emerging technology strives to address security challenges (and creates new ones), the blurring line between man and machine must always favor the former.
Be safe and enjoy your day.
Chairman and CEO
Vigilant Resources International (VRI)
About This Communication
The intention of this weekly communication series is to explore security threats and vulnerabilities and the technology that can help avoid or minimize them. I’m writing this series because I believe that security operations and technology — depending on how they are implemented and utilized — can either be byzantine, distracting and harmful or tremendously helpful in protecting lives, assets and reputations. I enjoy doing what I can to help people and organizations achieve the latter.
Security threats and vulnerabilities discussed in this series may include (and certainly will not be limited to) a full spectrum of physical, cyber, economic, reputational, man-made and natural disaster/weather related threats and vulnerabilities. Security technology considered may include (and certainly will not be limited to) physical security technology (cameras, alarms, access controls), cybersecurity, cybersurveillance, personal protective equipment gear, emergency communications, data mining, fusion centers, pin-mapping, predictive modeling, internal controls, and forensics.