Internet Security.

Part One. Actually, England

One of the most interesting news sites (we recommend subscribing to receive news via E-mail or RSS) is the site of the joint editorial board of the magazines «Security installer» and «Security management today» — http://info4security. Daily updates, convenient search for advertisers, convenient classification of news. What have they been writing about there in recent weeks? Here are typical news items:

• The SIA (Security Industry Authority – a semi-governmental body for licensing security companies and contractors for equipping technical systems) has opened a new website for receiving anonymous complaints from security industry workers and consumers of security services about violations of licensing rules. This is like our tax collectors calling on taxpayers to report tax evasion schemes.
• Over the course of a year (since September 2006), British embassies have been collecting fingerprints from everyone who wanted a visa. Or half a million fingerprints (on average, once every 30 seconds). By April 2008, they intend to significantly increase their capacity, so that soon, probably, there will not be a single foreigner left who would not be included in the British Foreign Office database. Incidentally, out of this half a million, 6,000 were found who were not given a visa because their fingerprints were in the «suspicious persons» database.
• A law on corporate liability for damage to life or health has been passed. Previously, oddly enough, in Britain it was only possible to sue private individuals for industrial injuries, which is only possible in small businesses where it is possible to point to a specific person whose negligence caused the accident. Now it is possible to sue an impersonal corporation and the state. It is expected that the state will be able to receive huge sums of money in the event of death or injury to people in prison. These are the grimaces of the English judicial system.
• A new guideline on the rules for storing and processing personal information has been released. It now describes in detail how, when and with whom companies can share information. By the way, with the state, including the police – only by court order (or with the consent of the person).
• NEDAP has installed a contactless identification system at Cyprus airports, AXIS publishes data on the constant growth of turnover, Siemens cares about environmental protection at its new plant, and so on and so forth

As you can see, several regulatory documents have appeared recently. In general, it should be said that the British Security Industry Association (BSIA) is the main author of European norms (standards) for security systems. On the site http://bsia.co.uk/you can find a lot of information, including free information. For example:

• In May 2007, a new edition of the CCTV handbook was published (in fact, in this case the word handbook is more correctly translated as «guidance document», because it is mandatory for licensed installers to follow this handbook). Those who wish can order it (for money).
• The association reminds business owners not to forget about basic security measures. The BSIA technical director considers basic measures to include “at least a basic access control system, video surveillance, and, of course, an alarm system with output to the security company’s control panel.
• The association reminds homeowners that burglaries increase during the summer months and recommends that they contact their nearest licensed installer for a security system, especially if the homeowners are planning to go on holiday during the summer.
• The Association notes that after the London bombings, 85% of CCTV installers reported an increase in orders, while only 15% reported a slight increase in demand. At the same time, the Association reminds of the need to adhere to the guidance document (now literally – Code of Practice) for the use of digital video recording as legal evidence. The relevant RD was issued this year. It also reminds of the RD on the procedure for the use of video recording activated by an alarm signal, which was recently updated.
• The Association expresses satisfaction that Scotland has finally followed England and Wales in legitimizing the Security Services Licensing Act 2001. And at the same time, it reminds that only members of the Association can provide high quality services.
• Since the update of the European standard 50131-1 on security alarms has not yet taken place, the Association postponed the requirement for mandatory compliance with the 2006 edition of PD 6662 until October 2007, but recommends following them, if possible, rather than the 2004 edition. By the way, PD is another type of guidance document, with the official name «scheme for the application of European standards in relation to …».
• In July 2007, two new documents were published (well, how can this be translated into Russian — user guide installer guide — again «guidance document»?) on the use of systems based on the TCP-IP protocol.

By the way, the BSIA writes safety standards, but it is more convenient to buy them (the paid ones) on the BSI (British Standards Institute) website – http://bsi-global/. You can also buy them at Rosstandart (more precisely, at VNIIKI), but it is cheaper online. By the way, there are about forty European standards related to safety, and also three dozen purely British guidelines (this is in addition to fire safety – there are at least a hundred more documents on the topic of fire alarms, protection, and fire extinguishing). There is a lot of interesting stuff there.

In addition to magazines and associations, there are also simple portals that are not clearly connected to «offline organizations.» One of the most interesting is http://securitypark.co.uk/. Here are some examples of news:

• British companies are increasingly using the Internet and remote connection capabilities to their corporate networks for both employees and partners. However, the vast majority of companies still use text logins and passwords to identify users. Moreover, passwords are relatively easy to guess. With the spread of single sign-on technologies, this approach is becoming increasingly dangerous. At the same time, even the simplest means of two-factor authentication (for example, a physical token key) are now cheaper than even processing phone calls due to forgotten passwords. Moreover, biometric methods are becoming more accessible.
• Doncaster Hospital has chosen CommuniCare to provide safety for individual staff. Using a standard mobile phone or a special handheld device, field staff can trigger an alarm at any time by pressing a button. The service identifies their location, dispatches an emergency response team, and records all conversations with the operator (or simply the acoustic signal from the scene).
• Brentside High School has been awarded the Association of Chief Police Officers (ACPO) 'secure building' certification following its refurbishment. The refurbishment project was initially based on the association's 'Secured By Design' guidance document.
• Wandsworth Borough Council is not satisfied with the use of mobile phones to protect its employees visiting risky areas of the city. The main problem is that if a person in danger tries to call for help via a mobile phone, this often provokes an escalation of the confrontation with the criminal. Specialized small-sized devices with a built-in location function, high-quality audio recording (the recording can be used in court) have been purchased.
• Guidelines from the Department of Health recommend the use of visitor registration systems, as well as wearable (chest) badges for visitors with a limited validity period, to protect staff and visitors from unlawful actions.
• The HRS company announces the development of a system for analyzing the behavior of suspicious persons (including literally — exactly the faces — the front part of the head). The system is designed to identify terrorists. Sounds good? In fact, in addition to a completely ordinary motion detector, only a face recognition function has been implemented to detect persons who reappear or who are in the control zone longer than the specified «usual» time.

In general, Britain gives the impression of being tightly regulated, although with a good purpose — ensuring the safety of citizens, ensuring the rights of the customer of security services. It should also be noted that all these terrible regulations are not actually mandatory at all, their application is mostly voluntary, and they allow the customer, who is not too lazy to understand the details, to subtly coordinate these details. Well, if the customer is too lazy, he can simply declare the corresponding category of his object and demand «to do according to the regulations».

Now let's move on to overseas territories. North America.

So, the website of the US Security Industry Association is http://siaonline.org/. The news on the website is as follows:

• The police are concerned that more than 60% of calls are made from mobile phones, and if a person cannot say where he is, the police can hardly determine the location. It was easier with landline phones.
• According to a survey, the main threats to democracy in Russia are considered by Americans to be corruption and the lack of parliamentary traditions.
• Black Americans make up 13% of the population, but 49% of murder victims.
• Private contractors in Iraq do jobs much cheaper than the military, saving taxpayers money.
• New robot for working in dangerous areas is red as a fire hydrant, but can walk and talk.
• Bank robber caught, bag of money was equipped with car alarm with GPS and GPRS.
• The association is creating a commission to educate government officials on new trends in the security industry. The commission will be neutral and independent in relation to all manufacturers.
• The association has published a report on the security industry market in China. It is expected that in the coming years, the population will feel the results of the country's economic prosperity, and the demand for security equipment will increase sharply.
• The Senate has instructed the Department of Homeland Security (DHS) to develop a national policy for the use of video surveillance systems and methods for coordinating the efforts of state, local agencies and private companies.

But, of course, the main sections of the association's website are devoted to rulemaking. The association, in cooperation with ANSI (American National Institute for Standardization), is currently working on several dozen standards. For example, in recent months the following have been published:

• Standard for the format of messages from a security alarm to a central monitoring station in the case of using a TCP-IP network.
• Mathematical model of the interface data of the video surveillance subsystem with the integrating system.

Committees have been created to develop the following standards:

• Standard for the basic elements of the user interface so that the police or central response forces of a large corporation arriving at any facility can quickly and accurately understand the situation.
• Standard for XML or a fixed format of messages that comply with the OSIPS (Open Systems Integration and Performance Standards) data model.
• Vehicle Access Control Data Model Standard.

As you can see, as in Britain, the process of rule-making to ensure the quality of security services is in full swing.

Now the magazines. There are many of them in the US, and each has its own website with news.

Security Products. http://secprodonline/.

• Especially popular this year are tools that allow you to convert broadcasting from old analog cameras to IP format. Expansion of old systems is almost everywhere carried out on the basis of IP technologies, and to ensure unified access to all cameras, it is necessary to convert the analog signal using encoders.
• Nowadays, access control systems are actively switching to IP technologies, which sometimes makes it easier and cheaper to install systems (a ready-made network infrastructure is used). But, on the other hand, now the security system supplier must closely interact with the customer's IT department; gone are the days when the installer took a screwdriver out of his pocket, connected a couple of wires — and voila! — the system works. Now it is necessary to set up the network infrastructure for a long time.
• Modern intelligent video signal analysis systems are capable of processing tons of information and fine-tuning reactions to suspicious deviations from the normal course of things… (Impressive? Don't rush). The most advanced systems can not only detect the unauthorized presence of a person outside of working hours, but even the absence of an object that should be present! (It seems that the author of the article saw a modern motion detector for the first time in his life and was delighted by the power of intelligence. Otherwise, how can one explain such high-flown words in relation to technologies that have been known for 7-8 years).
• The development of IP video surveillance technologies opens up new opportunities for dealers. In addition to selling equipment, it is now possible to organize a central control panel for technological support, as well as a central control panel for video surveillance and a central data archive via the Internet. Since this centralized archive is independent of the user's services, the data stored in it is more credible in court.
• Casinos are famous for their state-of-the-art video surveillance systems that can spot any suspicious activity. Oddly enough, more than 90% of casinos in the US are equipped with old (over 25 years old) analog systems. Casino managers follow the saying «why fix something that ain't broke yet.» The quality of the systems installed in casinos is so high that they still do their job successfully. However, they are becoming increasingly difficult to maintain and repair.
• Oil companies are forced to use a variety of often incompatible security systems. Conventional systems on office buildings, explosion-proof systems on factory floors, special ones (such as ground radar) over large areas along oil pipelines, mobile systems on vehicles… The challenge is integrating all this equipment to deliver signals to a single monitoring center.
• New construction has slowed in the past year, but security system installers see new growth opportunities – expanding into home automation, life support integration, comfort, and entertainment.
• The best-laid security measures can be ruined by a forgetful employee who, leaving work on Friday, forgets to lock the door. Access control systems, especially those that provide monitoring via the Internet, solve this problem.

Security Magazine. http://securitymagazine/.

• The average bank robber takes away 00. Over the course of a year, all banks lose about 70 million. The average store thief causes one-time damage of 5. Over the course of a day (over a day!), all U.S. stores lose about 25 million. Another problem has arisen this year. Gasoline has become more expensive, and people are increasingly stealing (in particular, not paying for gas after filling up). Average losses per year are expected to be about 50 million. Next year, it will probably exceed bank losses from robberies.
• New night vision devices have been released, designed to work with high-definition video cameras (HD — higher than normal video signal, starting from a megapixel).
• New on the market: distributed network RAID systems for storing huge amounts of digital video recordings.

Government Security and Security Solutions. http://securitysolutions/:

• A University of Florida survey of the top 100 retailers found that the biggest problem was theft by its own employees. Security vendors can help combat theft by outside criminals, but protecting a store from its own employees is extremely difficult and expensive.
• The Atlantic Fleet has ordered a new integrated gate management system for its Little Creek base. The system will include license plate recognition, video recording of all entries and exits, contactless smart cards, and smart card and barcode card readers for compatibility with other systems at other facilities.
• Experience with facial recognition systems in Florida has been generally positive. They have been used to search databases for photos taken in correctional facilities or by mobile teams. However, this only applies to digital cameras in controlled settings with the formal cooperation of the person being photographed. Applying facial recognition to video from security cameras is difficult.
• The U.S. Border Patrol is considering seven major biometric technologies and intends to use all or most of them in combination: fingerprints, palms, pupils, facial photos, voice, signature, and DNA analysis.
• Only 25% of Americans believe that privacy should not be sacrificed for security.
• The danger of hacking access control systems by connecting a miniature device to the reader cable is demonstrated. This device remembers all legal codes that the reader issues during operation and reproduces one of them when the «owner» appears.

Security Distributing and Marketing. http://sdmmag.

• The Internet, SMS and other methods of transmitting information directly to the owner of the protected premises have not at all reduced the need for central monitoring. On the contrary, the more information the user receives, the more he is involved in managing the security system, the more he values ​​its importance and is more willing to pay for maintenance and security.
• The growth of the security market, its connection with IT technologies has led to the fact that instead of relatively small companies, GE, Tyco, IBM and other similar firms are now operating on the market.

In general, as you can see, the US is also concerned with licensing and standardization (quality assurance) of security services. The admissibility of limiting individual rights for the sake of fighting terrorism is also being actively discussed. The issues are not simple, there are only a few terrorists, and they act rarely, while the violation of privacy affects everyone and constantly. And if we also remember that fewer people have died from all terrorist acts than from the flu, not to mention car accidents, then human rights activists are not without reason to suspect that the state, under the slogan of fighting terrorism, is suppressing its own people.

In the American segment, the websites of the Ministry of Defense and the Army are very interesting. A huge number of recommendations, regulatory materials and reviews of the latest security technologies can be found at
http://army.mil/usapa/epubs/190_Series_Collection_1.html

http://hnd.usace.army.mil/esc/ESS%20Resources.asp

https://pdc.usace.army.mil/library/ufc/

http://bragg.army.mil/dpw/idg/index.htm

Please note that the root pages of sites are usually not specialized (dedicated to security). Sections on security technologies should be searched for in depth, often a site search helps, in extreme cases, Google.
As an example of a very interesting site, we will cite http://cisr.nps.navy.mil/cyberciege/. It offers a training game for network security officers. A typical strategy game, like «civilization», only you are a security officer there, and your task is to build a security system for the entrusted information network, including firewalls, security alarms, etc.

In addition to England and the USA, the English-speaking segment also includes Canada, for example http://canadiansecuritymag, Australia (at least the famous http://cctv-focus/), South Africa (there are also great security traditions there – De Beers is located there, and there is a constant civil war, as in Britain and Israel). By the way, many Israeli sites are also in English, for example http://israelnewsagency/israelsecuritynews.html.

For those who want to dig around in person, here are a few more links:
Magazines:

http://securityworldmag/

http://cctvimage/
portals

http://globalsecurity.org/

http://homelandsecurityindustrynews/

http://searchsecurity.techtarget/

http://securityinfowatch/

http://security-industry-today/

http://sourcesecurity/

http://enewschannels/news/safety_and_security/

http://bnp/security-news/security-industry.htm

http://zdnet.au/news/security/

http://asial.au/

http://security-industry-today/

And also specialized sites dedicated, for example, to biometric systems or network systems security.

http://biometricgroup/reports/public/reports_and_research.html

http://biometricscatalog.org/evaluation/default.aspx

http ://biometricsinstitute.org/

http://compseconline/premium_article/prembiodetail.htm#sepfpvte

http://biometricgroup/reports/public/comparative_biometric_testing.html

http://ifsec.co.uk/