Practical solution to security issues through information technology.
Practical solution to security issues through information technology
Several years ago, the owner of a sports complex in the Moscow suburbs expressed a desire to create an unprecedented security system at this facility. A corresponding tender was announced, and I, as an adviser to the president of a large security concern Falck Baltics, had the opportunity to participate in the development of the security concept announced for the competition. My friends and colleagues, Russian security experts, took part in the work.
As a result of the competition, the desire for unprecedentedness gradually subsided, and a more or less standard option was chosen. But, nevertheless, the concept we proposed was rated quite highly by security experts, although, admittedly, it was impossible to implement due to the need for coordinated work of various structures, including law enforcement agencies. And since the performance of those functions that the concept envisaged were not mandatory for them, it was impossible to implement them. Therefore, instead of an unprecedented security system, a conventional one was chosen.
I would like to believe that the time has come when the state is seriously concerned with security issues, and now there is an opportunity to ensure the coordinated work of private services and law enforcement agencies, even if it is necessary to make appropriate amendments to the legal framework, which will allow the ideas embedded in that rejected concept to be realized. That is why I would like to share these ideas.
Currently, the security systems of various facilities are fundamentally similar, differing only in details. Now, after the terrorist attack at Domodedovo, when analyzing the situation, the main emphasis is placed on the fact that control at the entrance to the airport was weakened. I arrived at Domodedovo 12 hours before the explosion and flew out of Sheremetyevo two days after the tragedy. Control at the entrance there was already quite strict. As a result, a large crowd formed — just then the next Aeroexpress arrived, and several hundred passengers and those seeing them off rushed to the airport. And standing in the crowd, I did not feel very comfortable…
After all, when planning terrorist attacks, their organizers usually aim to achieve the maximum number of victims. That is why explosions occur in places with the largest concentration of people. And now the next “increased vigilance” in the controlled zone creates the opportunity to carry out a terrorist attack in a crowd at the entrance to these protected objects, on the street, in an uncontrolled zone, in front of this very security check. With a very high probability, the next explosions may occur exactly there, in the uncontrolled zone, where achieving the desired result — the largest number of victims — is not particularly difficult. Of course, you can try to increase the number of checkpoints, but it is unlikely that this “quantitative” solution will give a sufficient effect. What is needed here is a “qualitative”, fundamentally different solution.
The concept we were developing, in addition to all the standard components inherent in security systems, also had a main component, which was supposed to become the “brain” of the entire system. This is information support!
The essence of this component was as follows: a person wishing to visit the facility can do so in the usual – anonymous – manner. Buy a ticket, arrive early, as recommended for such facilities – 2-3 hours before the start, stand in line (a large crowd of people!) to go through security, undergo this security and only then get inside.
But what if this person is given the opportunity to act differently: to notify about his desire to visit the facility in advance, identifying himself and receiving a certain identifier («ID», which can be the ticket itself!). In this case, preliminary information (PI) about the visitor is sent to the facility's security service information system, and from there the PI goes — to verify the visitor's identity — to the information system of the Ministry of Internal Affairs, which conducts a check in its databases (including operational ones), and issues a «receipt» to the facility's security service information system about the visitor's danger level (for example: «green», «yellow», «red») and his photograph.
At the time of the scheduled event, checkpoints of different categories operate at the entrance to the facility: «green» and «red». All those who have submitted a PI about their visit in advance, identifying themselves, are sent to the «green» checkpoint. Upon entering, they present the ID (ticket) they received, their photo, received in the «receipt» from the Ministry of Internal Affairs, appears on the monitor of the entrance controller, by which they are identified, and the visitor, who, in the opinion of the competent authorities, does not pose any threat (with a «green» mark in the «receipt») — practically unhindered or in the «soft» control mode, and therefore — quickly — gets to the facility. (It goes without saying that if the visitor was marked «yellow» or «red» in this receipt from the Ministry of Internal Affairs — the passage scenario will be different).
Well, in the «red» corridor, the same thing happens as now: control and inspection according to the established scheme, crowding, discomfort.
As a result of such a division, law-abiding citizens who find themselves in the «red» corridor, having experienced certain inconveniences, seeing that there is a «green» corridor nearby, having learned how it functions, next time, most likely, will choose exactly this path — through the PI.
As a result, after a short period of time, a self-regulating system will be created by itself, in which people will declare their desire to visit the facility in advance. And if this opportunity is simplified for them (for example, through the use of a mobile phone, the Internet, the soon-to-be-implemented universal electronic card (UEC) and other technological advances — on the part of visitors, and the issuance of «receipts» from the Ministry of Internal Affairs is reduced to a few seconds, which is quite realistic — on the part of those ensuring security), then this will become a completely ordinary matter. And then passing through the «red» corridor to any facility will simply become nonsense. Because even a foreigner who is legally in the country, checked when applying for a visa, and whose information is available in certain databases, can use the PI system.
Thus, ensuring security should move to the area of information technologies, the further development possibilities of which are now difficult to even imagine. After all, it is realistic, given the appropriate agreements, to conduct identity checks and databases of foreign relevant structures.
As a result, the load on the «green» and «red» corridors will begin to be redistributed towards the «green» ones, which will ensure stricter and more perfect control in the «red» ones, which are currently not providing the required efficiency due to both the heavy load and the «human factor».
And it is hard to imagine that terrorists, knowing about this principle of the system’s operation, would risk penetrating a facility equipped with it, because the risk of being stopped at the entrance would increase significantly.
In this article, the PI system operation scheme is described very briefly. When implemented, this system can be improved as much as necessary (for example, for identification by photo at the entrance, use not the subjectivity of the controller's perception, but use facial recognition systems, fingerprints, etc.). The PI system can be used at any facility (airports, train stations, metro, sports, entertainment and shopping centers, cinemas, etc.), as well as in certain zones, including temporary ones (rallies, parades, etc.).
Of course, in this case, the load on information systems and their components increases significantly, and it becomes necessary to make adjustments to the operation of these systems. But this is a purely technical problem, and with sufficient funding it can be solved. Of course, the load and responsibility of law enforcement agencies for the speed of processing requests, checking against their databases and issuing receipts increases. But this problem, with a state approach and real interest of the state in significantly improving the situation with the safety of citizens, is also solvable.
____________________________
Nikolay Ermakov
nick@e-swb
Vice President of the International Association
«e-Signature Without Borders»,
Former Advisor to the President of Falck Baltics