SlideShare a Scribd company logo

The digital transformation in physical security

P
Paolo Sciarappa

To fully understand the digital transformation of Physical Security, it is necessary to analyze the context in which it has evolved by retracing the phases of its evolution and its relations with other sectors of security. Through this analysis I will illustrate the profound changes it has undergone, the new opportunities and its new role in security.

Technology
1 of 36
Paolo Sciarappa Paolo Sciarappa 2019
1 Paolo Sciarappa INDICE INTRODUCTION 2 CHAPTER 1 4 The evolution of the context and the management of information 4 1.1. Information overflow and human factor.......................Error! Bookmark not defined. CHAPTER 2 9 PSIM Systems 4.0 9 CHAPTER 3 19 Big Data & Information Management 19 3.1. Descriptive Analytics ..................................................................................................19 3.2. Machine Learning.......................................................................................................21 3.1. Physical Security as a service (PSaaS)........................................................................29 3.2. Cyber Physical Security...............................................................................................30 Conclusion 32 Bibliography:........................................................................................................................33 Sitography: ...........................................................................................................................33
2 Paolo Sciarappa INTRODUCTION To fully understand the digital transformation of Physical Security, it is necessary to analyze the context in which it has evolved by retracing the phases of its evolution and its relations with other sectors of security. Through this analysis I will illustrate the profound changes it has undergone, the new opportunities and its new role in security. You can have the best firewalls and change control procedures; you can have regular electronic penetration testing against networks and applications; you can audit your source code and lock down your servers. However, if an attacker can physically penetrate your premises and access information systems directly, these strategies won’t protect you 1. Will Allsopp Its contribution to the protection of information has been revalued in recent years, thanks to changes introduced with technological innovation. The Physical Security evolves slowly, without major technological and organizational changes until the two thousand years, the passive security that had been the historical protagonist in the implementation of countermeasures gives way to the active component, less expensive and more rich in novelty. We are in the phase that I would define as analogical and autarchic. The organizational component was and in many ways, even today, appears backward and focused on classic models. With the two thousand years begins the process of digitalization of Physical Security and its evolution from the autarkic phase to that of close synergy with the world of technologies and distributed networks, up to the sharing of information with the other business organizational units. Even the skills evolve, the technological component changes rapidly to require skills closer to the 1 Will Allsopp Unauthorised Access: Physical Penetration Testing for IT Security Teams 2009
3 Paolo Sciarappa world of Information Technology than to the classic analogue world. The organizational structure remains unchanged. The digital transformation that has recently begun has led, in some cases, to a profound transformation of business organizations, starting from the processes up to the information flows. Physical Security has undergone an unprecedented innovative drive in recent years. The combined use of new technologies has produced new tools, whose evolution is constantly growing. As we will see many of these technologies are common to different areas of application, IoT and Big Data Analytics are an example. Thus new scenarios are opened, far from the self-sufficient models of the past. The convergence of IP networks and the migration of old sensors and applications from the world of proprietary networks to that of TCP-IP has certainly encouraged this transformation. Digital transformation does not exhaust its effects in technologies, it imposes a revision of organizational structures, procedures and human capital. We will see how the latter is the weak link in digital transformation. If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.2 Bruce Schneier The difficulty in finding the skills necessary to manage both the change and the operation could undermine the undoubted positive effects of these new models that must be accompanied by a careful analysis of the new risk scenarios. The approach to identifying and planning countermeasures has undergone major changes. Today, the risk analysis not only takes into consideration new threats, the result of technological evolution, but is based on more stringent disciplines that take into account the controls required by the various standard management systems and European Data Protection Regulations.
4 Paolo Sciarappa CHAPTER 1 The evolution of the context and the management of information. A multifunction supervision systems have spread since the 2000s. Systems for managing access control, intrusion detection, fire detection and video surveillance are often integrated into a single application. The benefits appeared immediately evident because through the use of a single interface it was possible to manage an event in its entirety: analysis of the intrusion, control of the possible access and visual feedback, all in a single front-end. To this was added a series of facilities for remote site management: many of the operations that were handled by personnel located in different geographical areas, were progressively centralized in a few Security Operations Center. The construction of modern buildings has contributed to the expansion of these integrated systems, but with a logic that is far from the one to which they were inspired, in many cases the integration did not take place or was partial. The combination of these systems has led to an exponential increase in the information to be managed. This element is important for understanding how and how much informational excess, if not properly managed, can compromise the safety of people and assets. Failure to integrate subsystems has played an important role in the inflation process, along with other factors related to elements intrinsic to sensor technology. Unfortunately, in some cases the Security project had an excessive focus on cost reduction rather than on real management optimizations and analysis of related risks. The technological component was also overestimated, without considering that data management was still manual. Progressively the field sensors related to the various safety subsystems have evolved by multiplying the information and using more intelligent and sophisticated technologies that require in turn more and more specific skills, both for their installation and for the configuration. The situation is clearly
5 Paolo Sciarappa more critical when the number of subsystems is high. Finally, system information is added to report server, pc and network connections. We have thus arrived at the full digitalization of security systems, a huge flow of information to be cataloged and managed, a prerequisite for what will then be the "digital transformation". Internal procedures, reserved for insiders, often do not take into account the changed reality regarding the management of alarm events, technical support and escalation procedures. This management is extremely complex and heterogeneous and requires more and more specific preparation and a strong attitude to "Problem solving". Technological support is certainly at the base, but discretionary scope is always fundamental, at least in large companies. The theme of alarm management is different in the control centers of the Security firm, where alarm signals are more homogeneous and standardized. Often these are cumulative alarms of smaller entities, even if the number of remote sites managed is significantly higher. Often the sense of security is directly proportional to the level of innovation used to guarantee it. The term innovation already has a positive meaning in itself, but to really benefit from innovation, the most appropriate technology must be used, taking into account the organizational context in which it will be applied. First of all, therefore, a careful and in-depth analysis of the risk that must surely start from threats, but must also evaluate the effects of countermeasures in organizational and management terms. The assessment activity subsequent to the application of countermeasures, what I would call "Responsive impact assessment", is fundamental for measuring the degree of efficiency and effectiveness in the organization's response to a critical event. If the information flow is such that it cannot be absorbed efficiently, the derivative risk could be higher than the initially calculated one. It is not just a process of improvement, already computed in the Deming cycle, but of a different and essential activity to the point where it can determine the degree
6 Paolo Sciarappa of applicability of a countermeasure that could even worsen the level of risk initially calculated. Often the System Integrators suggest guided procedures (wizards) to support the operator in choosing the operations to be performed. I do not think this is the right way, I think it is more effective to make security operators responsible for choices by developing skills and professionalism. In any case, the criticality in the management of information is focused on the interpretation of the data rather than on the reaction. 1.1. Information overflow and human factor The expansion of centralized systems associated with a short-sighted installation logic that does not take into account the possible use of correlation elements, has led to an excessive granularity of the alarms. Moreover, in some cases, the tendency has been to bring back to the operator's console not exactly security alarms, even if at the service of it, an activity that should remain in charge of maintenance services. To these are added false alarms, in addition to the improper alarms that derive from authorized accesses. False alarms, some of which derive from external factors and related to environmental conditions, are a real safety disaster. Many false alarms also derive from a bad or non-existent maintenance, others still from installation faults. Finally, there are false alarms resulting from incorrect classification.
7 Paolo Sciarappa The immediate consequence of this informative excess is the reduction in the level of attention or the misinterpretation of events, which leads to increased exposure to risk for company assets and people. To give an idea of the volume of data flowing to a business center of a large company, I can list some related to the reality of Vodafone Italy.  20.000 intrusion and environmental sensors  1200 card readers  36.000.000 transits per year  1400 cameras In this context the role of those responsible for monitoring alarm events is complicated, the skills and professional skills required to manage such a situation are very challenging. As I said, in addition to problem solving and team working skills, specific technical skills are required. The proactivity and professionalism of the operator become fundamental in order to be able to manage a situation of this type, in fact a great capacity for
8 Paolo Sciarappa analysis and intervention is needed, both to maintain efficient systems and to guarantee a prompt reaction when necessary. We will see later the great help that the digital transformation brings, but in any case the high degree of discretionality in the decisions will not fail. In this context, procedures play a key role, reducing and simplifying processes and reporting in favor of a greater focus on objectives and KPIs.
9 Paolo Sciarappa CHAPTER 2 PSIM System 4.0 Physical Security Information Management (PSIM) systems are software platforms designed for the purpose of unifying information management, supporting security operators on the decisions to be taken in the face of a critical event and providing aggregated elements for the Security Managers in order to can evaluate the efficiency and effectiveness of security systems. They are used to collect, analyze and correlate data from various subsystems and security devices. These are relatively recent solutions, but only for a few years have they found widespread use, albeit in different forms and with non- uniform technological solutions. Their evolution is at the base of the digital transformation that has affected the sector and that is why it is necessary to correctly understand the purpose and their practical declination. They are the starting point for the revolutionary management of information obtained from the large amount of data coming from the various systems involved, subsequently extended by the analysis of open sources. The application of business intelligence and the principles of information management has marked a change in the vision of an isolated world. It is therefore a double-track, informative and technological revolution. The evolution of these systems towards ICT has helped to standardize information making it more usable to other business units and at the same time allowing to draw from other units. This interaction facilitates the assessment activity for the verification of compliance with the guidelines imposed by international organizations for the standardization of processes. The purpose of Physical Security is primarily the protection of people, then the protection of data, systems, equipment, facilities and other tangible and intangible assets of the company. This is why it is essential to seek full integration with all company systems that can contribute to achieving these
10 Paolo Sciarappa goals. The logic of silos is a legacy of the past and is no longer suitable to defend companies from new threats, such as cyber-attacks and terrorism. The integration with the other business units takes the form, for example, with the sharing of data from HR, Information Technology and Safety systems. By sharing the same repository for identity management, with the alignment of physical and logical accesses and with the implementation of a shared account management process. The company badge is an example of possible technological convergence. It can be a multifunctional tool used for time and attendance tracking, for secure printing, as a payment tool, as a container for biometric information and for accessing IT resources. The ISO / IEC 27001 standard (Information Technology - Security Techniques - Information Security Management Systems - Requirements) requires the verification of a series of controls, the feedback of which is simplified in the presence of an open system and integrated with the other business units in which processes are shared, tracked and validated in an appropriate and consistent manner. These controls, aimed at achieving precise objectives, affect both the system intended as a requirement for achieving objectives aimed at protecting information of the entire business, and the system as a source of data to be protected in terms of confidentiality, integrity, availability and compliance. The PSIM systems also contribute to ensuring compliance with the administrative responsibility of the companies (see also Physical Cyber Attack) and the US legislation (Sarbanes Oxley Act) for listed companies. This conformity is achieved with the positive feedback to the controls imposed by the rules and which can have first and natural feedback precisely in the PSIM systems, also designed for this purpose. The General Data Protection Regulation (Regulation (EU) No. 2016/679) under Article 32 - Security of Processing - requires that the controller and processor should implement appropriate technical and organizational measures to
11 Paolo Sciarappa guarantee a level of safety commensurate with risk requiring restoring of availability and access to personal data in a timely manner in the event of a physical or technical accident. Article 32 goes further explaining that when assessing the appropriate level of security, account should be taken of the risks associated with accidental or illegal causes of destruction, loss, alteration, unauthorized disclosure of information or access to personal data transmitted, stored or otherwise processed. This regulation emphasizes the importance of preventing unauthorized access to data. It is therefore evident the key role that the Physical Security assumes and of how it can be supported by the modern PSIM in the protection of data against malicious actions that aim to exploit the vulnerabilities of the company. As we will see later, the PSIM systems meet the requirements of the management systems in the part dedicated to the improvement of processes and products, as they measure their efficiency and effectiveness. Example of aggregated representation of system events.
12 Paolo Sciarappa In fact, one of the purposes of the advanced PSIM is to provide an aggregate and continuous representation of the efficiency and effectiveness of the systems, also with reference to predetermined KPIs. This allows not only to immediately identify the areas at greatest risk and evaluate the effectiveness of maintenance contracts, but also to effectively target the budget on the areas most exposed, reducing costs with the introduction of new technologies or new models of protection, more efficient than those that were most likely fallacious. It is a process that ensures a more accurate risk analysis by helping to make corrective actions more incisive or by assessing the coverage of residual risk with alternative measures. The evaluation of a Physical Security project (technologies, human resources and procedures) must also be based on performance, this indicator allows us to understand how well it is operating in ensuring the achievement of the objectives by an organization. The technological component does not have a precise standard of reference. In the original idea, the PSIM systems would have had to take the place of the individual under supervision systems with the double advantage of being able to be supervised with a single monitor and to provide summary information through the correlation of several events. A prerequisite for the unification of the systems is the availability of the producers of the various devices to provide the necessary protocols for their integration. This is a crucial point that has prevented, until today, the diffusion of these systems. The use of these platforms is very expensive because it does not allow the elimination of the individual subsystems, but is added to the existing ones. These are enterprise solutions aimed at critical and complex realities, which is why single-brand solutions have found greater favor in companies, an acceptable compromise to ensure the integration between their proprietary subsystems and to be relatively open to information sharing. On the other hand, they present some technical and commercial problems, they do not offer tailor-made security solutions in relation to the various company needs, the software platforms are linked to the proprietary hardware and do not offer very advanced innovative solutions. The constraint to the proprietary hardware is very strong and often does not allow the use of the most modern and efficient devices. Surely the
13 Paolo Sciarappa most critical problem is perceived on the commercial front, the economic tie based on the investment necessary for a change of product or supplier is very high. The result is a very delicate and unbalanced relationship with the supplier, especially for systems that integrate building management functions. Finally, they are more oriented towards data collection than their analysis, even if in this sense recent developments seem very interesting and promising. Many PSIM solutions currently on the market do not meet the classical criteria that these systems are brought to: freedom in the choice of underlying products and control of field devices. Instead, they focus on the collection, organization and analysis of the data made available by the various systems, including open sources on the internet. These are very interesting vertical solutions, especially in cases where it is not possible to integrate existing systems at the level of field devices. However, the return on investment is not short-term and is measurable mainly in terms of greater resilience and compliance. The case of more advanced PSIM systems is rather different. These can be used as the only vertical solution; in fact, the field sensors are managed directly by centralizing the data coming from the field. Example of data collection relating to badge readers.
14 Paolo Sciarappa They replace single-brand integrators integrating third-party subsystems with obvious benefits in economic and performance terms. They allow the use of a wide range of products at lower and technologically more advanced costs. Another plus of these systems is given by a greater penetration in the correlation of data, indispensable for the management of critical events in real time. The correlation of data offers undoubted benefits. In reality very complex the number of information to be managed is enormous and it is for this reason that the events are classified according to their importance and managed accordingly. However, there are many events that, if evaluated individually, are not to be considered critical, but if analyzed in a broader context and properly correlated they assume a different gravity and provide important information that would otherwise escape the attention of the operator. Then there are other cases in which the correlation allows a faster response, with the consequent reduction of the impact on the business. The correlation should be multilevel, bidirectional and multifunctional. The information is presented to the operator by correlating more input data and is processed automatically generating outgoing events to multiple systems belonging to different functional areas. For this reason, the choice of these evolved PSIMs, which I would call 4.0 in parallel with the recent industrial innovations, must be adequately evaluated and with transversal skills. The practical examples of correlation are innumerable: The logical access to a defined critical production system could be granted only in the presence of a transit on the turnstiles verified by the access control system. On the other hand, logical security systems should inhibit remote access using a PC stolen from the company. This is only possible with an information exchange between different systems and that are normally
15 Paolo Sciarappa managed by figures not belonging to the same functional unit. The information exchange should also concern the operators of IT call centers that should not provide assistance on these PCs, I refer for example to the request of a recovery key for a PC with BitLocker Drive Encryption (function that allows to encrypt the data of a PC). The applicant's identification is often summary and not formal. Safety also benefits from these correlations. The authorization of a badge for access to a technical site may be subject to the execution of prevention and protection courses or the compliance of the security documentation. We think of the break-in of an internal gate, the signal could come to the operator with the resumption of the affected area and with the indication of the name of the transgressor. The recognition is possible by correlating the data obtained from the access control system to the entrance of the building with the biometric recognition carried out by the video system at the time of the break-in. An alarm that signals the opening of a safety exit, an often recursive event in some environments, correlated with the information on the directionality of the movement previously analyzed by the interested cameras, provides the operator with an immediate indication of the seriousness of the event. Also sensors normally used only when the system is inserted can provide useful information, if related. A volumetric sensor that activates in a restricted access area, without having detected a previous authorized transit by the access control system, in a reasonable time unit, is reported to the operator as a serious intrusion event. The sensors themselves can provide an indication of the state of occupation of the building in case of evacuation. In other cases, the correlation is used to increase the reliability level of sensors subject to false alarms, for example generating an alarm only following the signaling of several sensors pertaining to different subsystems: the signaling of
16 Paolo Sciarappa an intrusion detected by perimeter IR barriers in AND with that coming from the video analysis of the camera. The growth prospects of the PSIM systems are very promising. According to Frost & Sullivan, a multinational consulting and economic analysis company, the global PSIM market will grow 20 times between 2011 and 2021. Transparency Market Research expects growth at a compound annual rate (CAGR) of 18.7% between 2016 and 2024. Lastly, the recent report by the research firm Wiseguy confirms the growth trend, even if with a more contained outlook, the compound annual growth rate is expected to be between 14% and 15% in the 2016-2020 period. The development of these systems is determined by the economic and financial sustainability of companies and their sensitivity to new risks related to the era of digital transformation. Despite the growing cyber threats and physical security by terrorists and illegal organizations, many companies impose continuous savings targets, probably against a perceived low probability, compared to the occurrence of the event. However, the impacts could be very heavy, especially in terms of interruption of business activities and brand reputation. New threats require new tools to address risks in a holistic security concept. This is an investment in risk management that should be carefully analyzed. Without forgetting that the operational centers also supervise alarms that are not a direct consequence of malicious actions; the delay in managing a fire / flooding alarm or neglecting a bulletin issued by the civil protection could have serious consequences for the safety of people. Managing information efficiently and effectively means anticipating and therefore preventing the occurrence of accidents. This does not mean that the positive effects cannot be evaluated concretely. Using two indicators such as the Total Cost of Ownership (TCO), which measures the initial cost of purchasing the software and the cost of maintaining it, and the Return on Investment (ROI) that measures the gains of an investment compared to its cost, emerges an interesting fact.
17 Paolo Sciarappa PSIM systems are not for everyone and have not always been convenient. There have been cases in which there were some features that turned out to be useless or non-existent and for this reason they were often negatively evaluated by end users as well as for the excessive functionality and complexity of use. Finally, in some cases the integration and centralization of legacy systems has been achieved at very high costs. Today, advanced PSIM solutions can integrate and centralize a larger number of solutions and products and are easier to manage, enabling faster and more efficient deployment and utilization. The ability to use the most cost-effective and innovative products without binding to a single brand or supplier leads to tangible returns on ROI. Added to this are the cost reductions due to higher efficiencies (vigilance reduction, business intelligence, greater resilience, ecc.). Il cost of ownership can be significantly reduced if the system is not closed or owner. The initial costs are lower compared to the mono-brand integrated systems, also due to greater competition. Those related to its maintenance are also reduced both because the value of installed products is lower and therefore positively affects the maintenance contract, and because 'normally evolutionary maintenance includes software release upgrades.
18 Paolo Sciarappa However, most large companies already use one or more supervisory systems, so would the purchase of a PSIM 4.0 justify the investment? In this case the investment is justified on the one hand for a reduction in the operating cost and on the other for greater efficiency and effectiveness due to a better analysis and management of information. This is the strength of these systems, above all thanks to the new business intelligence technologies applied to Big Data, which we will see in detail in the next chapter. In addition, the type of information available increases, from open sources on the internet, to environmental sensors installed on the territory and to information bulletins of government bodies. Using API components (Application Programming Interface, they concern the software programming and allow to simplify the dialogue between an application and another) and SDK (Software Development Kit) to interface search engines and social media you can obtain data that can be correlated with those obtained from the sensors obtaining information with high added value. In this way, the operational management, simpler and more immediate, is also improved, finally the use of modern web standards for the presentation and search of information reduces reaction times.
19 Paolo Sciarappa CHAPTER 3 Big Data & Information Management As we have seen; the world of physical security is filled with cutting-edge technologies capable of producing huge amounts of data. In the Internet of Things era every object on the net can be a threat and at the same time help to provide valuable data for security. Then all the data coming from open sources and those imported from the other business units are added. The analysis of open sources is now essential to assess and understand the threats, especially the most recent ones such as Islamic terrorism and cyber- crime and to be able to proactively face natural disasters and fires that could cause serious damage to assets and facilities. as well as threatening employee health. It is therefore essential to have advanced technologies and techniques focused on data presentation and analysis, able to create value by bringing out hidden data, presenting aggregate and related information of rapid and immediate understanding. Large companies, especially critical infrastructures, are the most exposed to new threats. As we know the prevention and identification of appropriate countermeasures passes through knowledge. These new analysis techniques make it possible to make decisions with greater awareness and speed. 3.1. Descriptive Analytics It starts with the Descriptive Analysis which has its main support in the tools that allow to represent and describe reality, also in a graphic way, through the interpretation of data. Descriptive Analytics allows the graphical display of the efficiency and effectiveness of the organization's control and reaction center. For this purpose, dashboards, analytical reports and query tools are used.
20 Paolo Sciarappa The Security Dashboard, an example of a graphical representation of events: È It is a system of indicators appropriately organized to provide selected and aggregated data on the data being analyzed, with the following characteristics: • Summary of the performance of intervention times and reaction times. • Status of employment of the company areas. • Status of application efficiency. • Summary of faulty sensors disabled and maintenance status. • Summary of the state of risk exposure. • Network efficiency status. • Status of efficiency of video recording systems and retention times. • Summary of alarms in progress. • Telephone queue summary and waiting times. Analytical reports and queries are used to extract and share specific information. They are very useful for evaluating the effectiveness of Physical Security strategies and effectively planning structural interventions by subjecting them to periodic reviews to assess the impacts of investments.
21 Paolo Sciarappa 3.2. Machine Learning The manual analysis of huge volumes of data coming from heterogeneous systems to detect or prevent accidents can be a very burdensome exercise as well as little indicated if you are not clear in mind what to look for. Furthermore, traditional tools do not take the "context" scenario into account. The use of Machine Learning allows learning without explicit and preventive programming. The definition most accredited by the scientific community is that provided by Tom Michael Mitchell, director of the Machine Learning department of Carnegie Mellon University: «A computer program is said to learn from experience ‘E’, with respect to some class of tasks ‘T’ and performance measure ‘P’ if its performance at tasks in ‘T’ as measured by ‘P’ improves with experience ‘E’ ». These are algorithms capable of automatically improving the performance of results through experience. These algorithms are able to learn continuously from the data themselves and discover unknown information and unexplored views, identifying and extracting value without having been programmed to know exactly where to look for it. Thanks to this approach, the
22 Paolo Sciarappa analysis also becomes a predictive tool (Predictive Analytics) that expands the time horizon of information, from present to future, thanks to the mathematical juxtaposition between the condition and the probability of the occurrence of an event. Even in everyday life we use algorithms to solve problems, even the simplest ones. In many cases, these are simple sequential instructions that allow us, through a series of operational choices, to reach the goal. But there are many problems that cannot be addressed in this way. Let's imagine that we need to implement an algorithm that allows us to distinguish the various animal species. One way could be to write a series of physical characteristics of each species and then make the algorithm apply the rules by classifying the animals. We can decline a large number (shape and distance of the eyes, number of legs, etc.), but the results will never be satisfactory for the countless variables in the field. Machine Learning, on the other hand, uses a totally different approach, starting from input and output and letting the machine understand the relationships between them and ultimately give the algorithm a result. In the case examined, if we provide the system with thousands of animals already cataloged, he will identify the criteria for classification and will alone classify them, the more data he will have available and the more accurate his classification will be. The role of the human being is only to define how the program will have to learn, to choose the examples and the information to be stored and how to apply the knowledge in order to make decisions. The same concept is applied by systems Example of possible relationships between the objects being analyzed
23 Paolo Sciarappa that identify spam e-mails or profile our preferences to propose results that are closer to our expectations. Not within the details of the various learning mechanisms or other more complex and sophisticated techniques, this may suffice to imagine the great prospects of these new technologies on security and in particular on Physical Security. If Big Data Data Analytics techniques allow to give a synthetic form and extract useful information from the mass of data coming from different systems, Machine Learning is able to amplify this process and take a further step forward in understanding the associated phenomena to these data. Think of access control systems, this technique is able to analyze millions of transits and detect any anomalies in real time. For example, identify subjects whose behavior is abnormal and represents a deviation from the standards. A person who is in areas not frequented and not compatible with his access profile (visitor, employee or external). Abnormal transits in relation to time or the space in which they are detected, we think of the same person who is transiting at the same time in two different locations. Or an anomalous occupation of spaces, excess or poor employment. Denied transits always referred to the same person, etc. But above all something that we did not expect and we ignored its existence or criticality. There are also many applications for anti-intrusion. Statistics allows us to model the behaviors expressed by the data and the identification of non-linear Graphical representation of how machine learning handles a large amount of data.
24 Paolo Sciarappa correlations of events coming from multiple sensors. This technique can be useful to bring to the attention of the operator sensors that behave abnormally, especially if related to data from other systems. They are an alarm bell and indicate maintenance problems or malicious actions. Even more interesting is the possibility of creating predictive models. A predictive supervision system is able to analyze the data both taking into account factors endogenous to criminal action and environmental. We can derive a model of attack correlating endogenous factors that could for example result in an intensification of access to the site in the days before theft for maintenance activities, suspicious movements near it or false perimeter alarms. Taking into account external factors, from the deterioration of the environmental context to the analysis of the time slots in which the accidents occurred, etc. The analyzed data come from different systems, from the analysis of open sources, from the information made available by law enforcement agencies and research institutes. Video surveillance plays a decisive role in the enrichment of databases and will be even more so in the future. This sector is the one that has benefited most from the technological development, in the last decade it has undergone a real digital transformation and it is the one from which we still expect a lot. The cameras have become security sensors, intelligent units that process images for us and interpret the content. This kind of approach is based on algorithms that can be supervised or learned from historical data. Using the data repository as a starting point, the algorithms generate behavioral and predictive analyzes, giving, in fact, the possibility of anticipating possible risk situations. Carmine Buono Head of BigData Area in Crisma Security
25 Paolo Sciarappa The algorithms used for image analysis and comprehension are increasingly sophisticated and able to identify complex behavior patterns with an ever increasing level of reliability (loitering, panic disorder, tracking, overriding, crossing zones, flow direction, face recognition, etc.). The search for events in video recordings has been greatly simplified, from smart search techniques that offer targeted results on certain areas of camera framing to the latest techniques that allow you to view events in different moments in a single image, where each subject is labeled with an indication of the time in which it appeared on the scene. The big step forward was made with the introduction of metadata, a kind of text that describes what happens in the video. Some examples: suppose you have to check the correct use of an island for the collection of waste to prevent them being abandoned outside the bins. A traditional system using a dedicated algorithm could record the scene and notify us of the event. With the metadata we will have: notification of the event and its visual observation ... - Type: Vehicle - Class: Truck - Color: Green - Plate: XXX - Recurrent: YES - Number of people: 2. GPS-based video analysis sensors are also able to provide the GPS coordinates of the target and place it on a map. If we install cameras in a store, carefully positioned, we can derive a series of data that go beyond the security needs and that could be useful to other business units: with the available data it is possible to obtain the average observation time, providing information on a sort of "Rating Index" of the window display. Elaborating a supervised algorithm with the support of historical data about the phenomena of the shoplifting suffered we will be able to identify behavioral models typical of those criminal actions. In this way, thanks to the techniques already described and with the use of more complex techniques such as Deep Machine Learning we can be alerted in advance in case of suspicious behavior that could anticipate a criminal action.
26 Paolo Sciarappa Deep Learning is a particularly advanced learning technique that uses a neural network with several interconnected layers, where the result of a processing creates a model which in turn is used to analyze the following data, greatly increasing the processing capacity. It can perform classification activities directly from the images obtaining results that previously seemed impossible, sometimes exceeding the performances obtained by man. On the Google Teachable Machine website, you can directly test how a system trains based on starting data and how the recognition system can then match specific results. Suppose we have to monitor the access of a building where we assume terrorists are present: monitoring access with traditional technologies would require many people and an important organizational economic effort. By installing a high-resolution camera that resumes the street or the square where the target building is located we will be able to analyze the scene with an overall view and at the same time in detail the entrance. In this way we will be able to know how many people have entered, the time spent, the car's license plate and the personal details of the subjects, after identifying them by comparing the photos in other repositories. Once identified, the system will automatically provide the details for each access. Further recognition aid is given by deep learning facial recognition algorithms that are now available in applications such as search engines, designed to find missing persons in movies. In the previous case, installing an audio sensor near the access, perhaps in a car parked nearby, it will be possible to identify the subject even from the voice. Google has recently filed a patent for which a program is able to associate the voices to the faces, using the use of machine vision algorithms and a typical Machine Learning approach. Siamo We are therefore beyond the first generation of facial recognition software that measured the distances between the various points of the face. The goal is to teach a computer to perform a natural activity for humans: identifying and recognizing the content of an image. Returning to the example made to demonstrate the usefulness of data correlation, a camera resumes the entrance of a building equipped with turnstiles, the access control system allows you to associate a name to each
27 Paolo Sciarappa face framed by the camera and can do dozens of times a day for months. With this volume of data the Deep Learning can learn very quickly and with a minimum gap. To this are added modern zoom-enanched techniques, researchers of Google Brain, the division of Mountain View that works on algorithms of intelligence, has developed a system able to increase the resolution of extremely grainy images, to reconstruct their shape and structure. The scenes of CSI films where magically the grainy images are reconstructed with a simple click and that today make the professionals smile, a tomorrow not too far could be a reality whose implications, in the forensic analysis, would be of enormous importance. Today's cameras are real intelligent units capable of carrying out increasingly complex tasks, so the algorithms can be moved to the camera, limiting bandwidth consumption and computing power centrally managed, thus reducing costs. A start-up specialized in automated solutions for the external inspection of vehicles has implemented a physical security system that analyzes the bottom of vehicles to detect threats such as bombs or weapons, completely replacing human intervention. Digital scanner to inspect the undercarriage.
28 Paolo Sciarappa In the rooms of the private security firms there are hundreds of cameras to monitor the counting operations, another application for Deep Learning could be to identify the correct behavior model and report any deviations thus avoiding the revision of hours and hours of recording. Digital Transformation has also introduced new products at the service of safety, imported from other markets and born for different purposes. For example, the MEMS chip used in many smartphones as an accelerometer makes it possible to translate the accelerations caused when climbing over an enclosure in an alarm. A new type outdoor sensor uses advanced radar technology and intelligent algorithms to detect intruders, also offering the angle of motion, size and speed of objects. Furthermore, by providing the exact location, it allows you to filter by distance and is immune to events that often cause false alarms, such as moving shadows or light beams, small animals or insects. The detector can send the exact coordinates of the people or objects detected directly to the PTZ cameras, which can automatically enlarge the target without manual intervention. Network Radar Detector, target trajectory and detailed image, by Axis Communications. A separate chapter should be dedicated to the potential of smartphones, both as objects to be used to supervise security events, we are intelligent "sensors" able to collect data. A brief mention to explain the importance of these devices in the production of Big Data. They are equipped with many sensors able to
29 Paolo Sciarappa collect data from the environment, produce their own, correlate them and send them independently, are part of the information security and with their data contribute to the creation of Big Data. For example, they are used to geolocate employees in critical contexts, as a tool for accesses and for assessing the degree of occupancy of the company areas, when associated with dedicated devices. They are a valuable resource in the analysis of open sources, contribute to the formation of news thanks to information sent online by users. 3.1. Physical Security as a service (PSaaS) The Cloud could not be missing, another element of novelty for Physical Security. It is a business model that provides for the outsourcing of one or more services where security is provided as a service delivered in the Cloud, without the need for expensive hardware, reduces the Total Cost of Ownership. Before entering into the merits it is necessary to clarify the perimeter of the outsourced activity. The first level includes the processing power and space for the various repositories, as well as the security application, the core business of those providing this type of services. The second level also includes the supply of field hardware installed at the customer. The third is the case of the total outsourcing of the service, leaving the customer only the operational management without alarm monitoring functions. Savings, scalability, resilience and innovation are the first concepts that come to mind when talking about Cloud, to this is added the great advantage of avoiding large disbursements in capital account. There are no insurmountable technical limits and probably bringing Cloud security could also be advantageous, but there are some factors we need to take into account. In medium and large companies the technological infrastructure is already present and is shared with the other business units, the virtual servers are scalable and allow the addition of new systems, modulating the resources as needed. In this sense there would be no significant savings as it does not need to create an ad hoc structure, but the existing one already interconnected with all the business units would be exploited. We are far from the "silos" logic and it is therefore necessary to
30 Paolo Sciarappa interconnect the systems to facilitate the sharing of information, which of course is easier if the system is located within the company. Secondly, the "open system" logic that underpins the PSIM 4.0 systems that would lead to single-supplier solutions would be lost. Finally, one could not do without the field hardware related to the various security subsystems. However, there are cases that are an exception, where great scalability and speed of execution are required, in a context that does not require particular interactions with other systems. The financing of operating expenses in place of capital expenditure may be useful in other contexts, for example if all the infrastructure is allocated within the company. In this case there would be a double benefit, not having to deal with large initial investments and not having the problem of technological updating due to the fact that the supply and installation of the security systems would be remunerated at the fee and renewed at the end of the contract. 3.2. Cyber Physical Security Cyber Security attacks are increasingly complex and sophisticated. The theme must be tackled on two levels. The first is that information theft can take place not only online, but directly accessing IT resources. The second refers to the fact that the vectors used for the attacks also concern the physical devices beyond the technological ones. The IOT and the development of physical security systems towards IT has introduced new vulnerabilities, while we assume that a PC or a server must have an antivirus and that we must implement a series of security measures both at the application level and on the Operating System, we do not do the same for physical security systems. Cameras, sensors, badge readers, etc. they are potential points of access for every hacker, both to access corporate networks and to be used as a point of attack to other structures, or to take control of the security subsystems to guarantee free access to data held by companies. It is therefore necessary a
31 Paolo Sciarappa specific preparation able to evaluate these threats and support a business intelligence activity able to collect and analyze information through all communication channels, including dark web.
32 Paolo Sciarappa Conclusion La Digital transformation does not end with the introduction of new technologies, it requires a complete revision in the way of managing information. For Physical Security it is a period of profound changes and the 4.0 enterprise is an opportunity to create greater value. Not only a support to ensure companies achieve their goals, reducing, addressing and overcoming risks, but also ensuring greater resilience to business activities and contributing to an enabling security in the digital transformation process. The new Physical Security project facilitates core activities and contributes to enriching information assets which in turn create value, both in terms of income and greater compliance. A more functional, smarter security that is more capable of adapting to changing human needs than limiting exercise. A physical security not only focused on technological innovation, but more attentive to the human factor. Many of the targeted attacks on companies are made using phishing or social engineering techniques, so we must also invest in information and training. Without physical security, any other protective measure may be ineffective, the weakest layer of protection is the one that determines the level of security. It is therefore necessary to tackle emerging threats with a multidisciplinary approach where information is at the same time our main asset to be protected and our best ally.
33 Paolo Sciarappa Bibliografia:  Wil Allsopp, Unauthorised Access: Physical Penetration Testing for IT Security Teams. Published by Wiley & Sons 2009, ISBN: 9789470747612.  Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, Bo Luo: Cyber-Physical Systems Security. IEEE Internet of Things Journal, 0.1109/JIOT.2017.2703172.  Guy Harrison, Next Generation Databases: NoSQLand Big Data. Apress 2015  Lawrence Fennelly, Effective Physical Security, Butterworth-Heinemann 2016  Robert M. Clark, Simon Hakim. Cyber-Physical Security: Protecting Critical Infrastructure, 2017 Springer. ISBN 978-3-319-32824-9  Kevin D. Mitnick e William L. Simon, L’arte dell’inganno. Feltrinelli 2013  Clarence Chio e David Freeman, Machine Learning and Security: Protecting Systems with Data and Algorithms. O’Reilly 2018 MISBN-13: 978-1491979907.  Bruce Schneier, Secret & Lies - Digital Security in a Network World. 2000 SBN13: 9780471453802 Sitografia: 2018 Data Breach Investigation Report https://www.verizonenterprise.com/verizon-insights-lab/dbir/ Investigare su immagini e video https://www.safetysecuritymagazine.com/articoli/investigare-immagini- video/ Riconoscimento facciale con la computer vision https://it.mathworks.com/discovery/riconoscimento-facciale.html Cosa sono i Metadata https://www.securindex.com/downloads/2d9964f182edaa529967ea2be2a2ffc 4.pdf
34 Paolo Sciarappa UNIFICATION: Bringing Security and Operations Together With PSIM https://www.sdmmag.com/articles/91566-unification-bringing-security-and- operations-together-with-psim Big Data e Machine Learning: trovare risposte nei dati https://www.secsolution.com/articolo.asp?id=536 Physical Security and Why It Is Important https://www.sans.org/reading-room/whitepapers/physical/physical-security- important-37120 Why Integrate Physical and Logical Security? https://www.cisco.com/c/dam/en_us/solutions/industries/docs/gov/pl- security.pdf
35 Paolo Sciarappa Paolo Sciarappa https://www.linkedin.com/in/paolo-sciarappa- 8b558a30/?locale=en_US

Recommended

Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
IoT 서비스 아키텍처 분석 및 Case Study-Innovation Seminar
IoT 서비스 아키텍처 분석 및 Case Study-Innovation SeminarIoT 서비스 아키텍처 분석 및 Case Study-Innovation Seminar
IoT 서비스 아키텍처 분석 및 Case Study-Innovation Seminar
영섭 임
 
大学生からの「おたく」的因子の抽出と、それを元にした分類
大学生からの「おたく」的因子の抽出と、それを元にした分類大学生からの「おたく」的因子の抽出と、それを元にした分類
大学生からの「おたく」的因子の抽出と、それを元にした分類
Shibaura Institute of Technology
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List Conference
Cigdem Sengul
 
Cleveland Research Company Stock Pitch Competition Finalist Presentation
Cleveland Research Company Stock Pitch Competition Finalist PresentationCleveland Research Company Stock Pitch Competition Finalist Presentation
Cleveland Research Company Stock Pitch Competition Finalist Presentation
Nick Meyerson
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-template
jbmills1634
 
BlackBerry Stock Pitch
BlackBerry Stock PitchBlackBerry Stock Pitch
BlackBerry Stock Pitch
Tyler Schroeder
 
South East Asia and Malaysia (Deep Dive) Startup Ecosystem 2016 - An Overview
South East Asia and Malaysia (Deep Dive) Startup Ecosystem 2016 - An OverviewSouth East Asia and Malaysia (Deep Dive) Startup Ecosystem 2016 - An Overview
South East Asia and Malaysia (Deep Dive) Startup Ecosystem 2016 - An Overview
ERIC TAN
 

Recommended

Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
IoT 서비스 아키텍처 분석 및 Case Study-Innovation Seminar
IoT 서비스 아키텍처 분석 및 Case Study-Innovation SeminarIoT 서비스 아키텍처 분석 및 Case Study-Innovation Seminar
IoT 서비스 아키텍처 분석 및 Case Study-Innovation Seminar
영섭 임
 
大学生からの「おたく」的因子の抽出と、それを元にした分類
大学生からの「おたく」的因子の抽出と、それを元にした分類大学生からの「おたく」的因子の抽出と、それを元にした分類
大学生からの「おたく」的因子の抽出と、それを元にした分類
Shibaura Institute of Technology
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List Conference
Cigdem Sengul
 
Cleveland Research Company Stock Pitch Competition Finalist Presentation
Cleveland Research Company Stock Pitch Competition Finalist PresentationCleveland Research Company Stock Pitch Competition Finalist Presentation
Cleveland Research Company Stock Pitch Competition Finalist Presentation
Nick Meyerson
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-template
jbmills1634
 
BlackBerry Stock Pitch
BlackBerry Stock PitchBlackBerry Stock Pitch
BlackBerry Stock Pitch
Tyler Schroeder
 
South East Asia and Malaysia (Deep Dive) Startup Ecosystem 2016 - An Overview
South East Asia and Malaysia (Deep Dive) Startup Ecosystem 2016 - An OverviewSouth East Asia and Malaysia (Deep Dive) Startup Ecosystem 2016 - An Overview
South East Asia and Malaysia (Deep Dive) Startup Ecosystem 2016 - An Overview
ERIC TAN
 
Impact of Zero Trust Cyber Security on Healthcare 4.0
Impact of Zero Trust Cyber Security on Healthcare 4.0 Impact of Zero Trust Cyber Security on Healthcare 4.0
Impact of Zero Trust Cyber Security on Healthcare 4.0
Glorium Tech
 
ワンコイン田舎ビジネススクール〜ロジカルシンキング〜
ワンコイン田舎ビジネススクール〜ロジカルシンキング〜ワンコイン田舎ビジネススクール〜ロジカルシンキング〜
ワンコイン田舎ビジネススクール〜ロジカルシンキング〜
Yoshiaki Tsunoda
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
ICT Watch
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
JayfErika
 
Reveal.js
Reveal.jsReveal.js
Reveal.js
Hakim El Hattab
 
2015 - Cleveland Research Company Stock Pitch Competition Runner Up
2015 - Cleveland Research Company Stock Pitch Competition Runner Up2015 - Cleveland Research Company Stock Pitch Competition Runner Up
2015 - Cleveland Research Company Stock Pitch Competition Runner Up
Michael T. Loffredo
 
William Blair Case Competition
William Blair Case CompetitionWilliam Blair Case Competition
William Blair Case Competition
Nhat Pham
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
Dawn Yankeelov
 
中国移动集团总部联系电话040826
中国移动集团总部联系电话040826中国移动集团总部联系电话040826
中国移动集团总部联系电话040826
20004
 
How to Plan and Manage a BCM and IT DR Project
How to Plan and Manage a BCM and IT DR ProjectHow to Plan and Manage a BCM and IT DR Project
How to Plan and Manage a BCM and IT DR Project
Continuity and Resilience
 
Temporal Networks of Human Interaction
Temporal Networks of Human InteractionTemporal Networks of Human Interaction
Temporal Networks of Human Interaction
Petter Holme
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
JamesDempsey1
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
ADGP, Public Grivences, Bangalore
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
Anton Chuvakin
 
Maceo Wattley Contributor Infosec
Maceo Wattley Contributor InfosecMaceo Wattley Contributor Infosec
Maceo Wattley Contributor Infosec
Dr. Maceo D. Wattley
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
SUBHI7
 
Importance Of Structured Incident Response Process
Importance Of Structured Incident Response ProcessImportance Of Structured Incident Response Process
Importance Of Structured Incident Response Process
Anton Chuvakin
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
Jose R
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
Ben Browning
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security Compliance
Condition Zebra (CONZebra)
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
Michael Nickle
 
111.pptx
111.pptx111.pptx
111.pptx
JESUNPK
 

More Related Content

What's hot

中国移动集团总部联系电话040826
中国移动集团总部联系电话040826中国移动集团总部联系电话040826
中国移动集团总部联系电话040826
20004
 
Temporal Networks of Human Interaction
Temporal Networks of Human InteractionTemporal Networks of Human Interaction
Temporal Networks of Human Interaction
Petter Holme
 

What's hot (12)

Impact of Zero Trust Cyber Security on Healthcare 4.0
Impact of Zero Trust Cyber Security on Healthcare 4.0 Impact of Zero Trust Cyber Security on Healthcare 4.0
Impact of Zero Trust Cyber Security on Healthcare 4.0
 
ワンコイン田舎ビジネススクール〜ロジカルシンキング〜
ワンコイン田舎ビジネススクール〜ロジカルシンキング〜ワンコイン田舎ビジネススクール〜ロジカルシンキング〜
ワンコイン田舎ビジネススクール〜ロジカルシンキング〜
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
 
Reveal.js
Reveal.jsReveal.js
Reveal.js
 
2015 - Cleveland Research Company Stock Pitch Competition Runner Up
2015 - Cleveland Research Company Stock Pitch Competition Runner Up2015 - Cleveland Research Company Stock Pitch Competition Runner Up
2015 - Cleveland Research Company Stock Pitch Competition Runner Up
 
William Blair Case Competition
William Blair Case CompetitionWilliam Blair Case Competition
William Blair Case Competition
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
中国移动集团总部联系电话040826
中国移动集团总部联系电话040826中国移动集团总部联系电话040826
中国移动集团总部联系电话040826
 
How to Plan and Manage a BCM and IT DR Project
How to Plan and Manage a BCM and IT DR ProjectHow to Plan and Manage a BCM and IT DR Project
How to Plan and Manage a BCM and IT DR Project
 
Temporal Networks of Human Interaction
Temporal Networks of Human InteractionTemporal Networks of Human Interaction
Temporal Networks of Human Interaction
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 

Similar to The digital transformation in physical security

Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
SUBHI7
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
Ben Browning
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security Compliance
Condition Zebra (CONZebra)
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
Beji Jacob
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
Christopher Nanchengwa
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
Koen Maris
 
Risk Management
Risk ManagementRisk Management
Risk Management
ijtsrd
 
LP Meets IT White Paper
LP Meets IT White PaperLP Meets IT White Paper
LP Meets IT White Paper
Jeff Mohler
 

Similar to The digital transformation in physical security (20)

Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Maceo Wattley Contributor Infosec
Maceo Wattley Contributor InfosecMaceo Wattley Contributor Infosec
Maceo Wattley Contributor Infosec
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
 
Importance Of Structured Incident Response Process
Importance Of Structured Incident Response ProcessImportance Of Structured Incident Response Process
Importance Of Structured Incident Response Process
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security Compliance
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
 
111.pptx
111.pptx111.pptx
111.pptx
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Ciso organizational priorities to build a resilient bimodal it
Ciso organizational priorities to build a resilient bimodal itCiso organizational priorities to build a resilient bimodal it
Ciso organizational priorities to build a resilient bimodal it
 
8 BIGGEST MISTAKES IT PRACTITIONERS MAKE AND HOW TO AVOID THEM
8 BIGGEST MISTAKES IT PRACTITIONERS MAKE AND HOW TO AVOID THEM8 BIGGEST MISTAKES IT PRACTITIONERS MAKE AND HOW TO AVOID THEM
8 BIGGEST MISTAKES IT PRACTITIONERS MAKE AND HOW TO AVOID THEM
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
The application of process mining in a simulated smart environment to derive ...
The application of process mining in a simulated smart environment to derive ...The application of process mining in a simulated smart environment to derive ...
The application of process mining in a simulated smart environment to derive ...
 
LP Meets IT White Paper
LP Meets IT White PaperLP Meets IT White Paper
LP Meets IT White Paper
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 

The digital transformation in physical security

  • 2. 1 Paolo Sciarappa INDICE INTRODUCTION 2 CHAPTER 1 4 The evolution of the context and the management of information 4 1.1. Information overflow and human factor.......................Error! Bookmark not defined. CHAPTER 2 9 PSIM Systems 4.0 9 CHAPTER 3 19 Big Data & Information Management 19 3.1. Descriptive Analytics ..................................................................................................19 3.2. Machine Learning.......................................................................................................21 3.1. Physical Security as a service (PSaaS)........................................................................29 3.2. Cyber Physical Security...............................................................................................30 Conclusion 32 Bibliography:........................................................................................................................33 Sitography: ...........................................................................................................................33
  • 3. 2 Paolo Sciarappa INTRODUCTION To fully understand the digital transformation of Physical Security, it is necessary to analyze the context in which it has evolved by retracing the phases of its evolution and its relations with other sectors of security. Through this analysis I will illustrate the profound changes it has undergone, the new opportunities and its new role in security. You can have the best firewalls and change control procedures; you can have regular electronic penetration testing against networks and applications; you can audit your source code and lock down your servers. However, if an attacker can physically penetrate your premises and access information systems directly, these strategies won’t protect you 1. Will Allsopp Its contribution to the protection of information has been revalued in recent years, thanks to changes introduced with technological innovation. The Physical Security evolves slowly, without major technological and organizational changes until the two thousand years, the passive security that had been the historical protagonist in the implementation of countermeasures gives way to the active component, less expensive and more rich in novelty. We are in the phase that I would define as analogical and autarchic. The organizational component was and in many ways, even today, appears backward and focused on classic models. With the two thousand years begins the process of digitalization of Physical Security and its evolution from the autarkic phase to that of close synergy with the world of technologies and distributed networks, up to the sharing of information with the other business organizational units. Even the skills evolve, the technological component changes rapidly to require skills closer to the 1 Will Allsopp Unauthorised Access: Physical Penetration Testing for IT Security Teams 2009
  • 4. 3 Paolo Sciarappa world of Information Technology than to the classic analogue world. The organizational structure remains unchanged. The digital transformation that has recently begun has led, in some cases, to a profound transformation of business organizations, starting from the processes up to the information flows. Physical Security has undergone an unprecedented innovative drive in recent years. The combined use of new technologies has produced new tools, whose evolution is constantly growing. As we will see many of these technologies are common to different areas of application, IoT and Big Data Analytics are an example. Thus new scenarios are opened, far from the self-sufficient models of the past. The convergence of IP networks and the migration of old sensors and applications from the world of proprietary networks to that of TCP-IP has certainly encouraged this transformation. Digital transformation does not exhaust its effects in technologies, it imposes a revision of organizational structures, procedures and human capital. We will see how the latter is the weak link in digital transformation. If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.2 Bruce Schneier The difficulty in finding the skills necessary to manage both the change and the operation could undermine the undoubted positive effects of these new models that must be accompanied by a careful analysis of the new risk scenarios. The approach to identifying and planning countermeasures has undergone major changes. Today, the risk analysis not only takes into consideration new threats, the result of technological evolution, but is based on more stringent disciplines that take into account the controls required by the various standard management systems and European Data Protection Regulations.
  • 5. 4 Paolo Sciarappa CHAPTER 1 The evolution of the context and the management of information. A multifunction supervision systems have spread since the 2000s. Systems for managing access control, intrusion detection, fire detection and video surveillance are often integrated into a single application. The benefits appeared immediately evident because through the use of a single interface it was possible to manage an event in its entirety: analysis of the intrusion, control of the possible access and visual feedback, all in a single front-end. To this was added a series of facilities for remote site management: many of the operations that were handled by personnel located in different geographical areas, were progressively centralized in a few Security Operations Center. The construction of modern buildings has contributed to the expansion of these integrated systems, but with a logic that is far from the one to which they were inspired, in many cases the integration did not take place or was partial. The combination of these systems has led to an exponential increase in the information to be managed. This element is important for understanding how and how much informational excess, if not properly managed, can compromise the safety of people and assets. Failure to integrate subsystems has played an important role in the inflation process, along with other factors related to elements intrinsic to sensor technology. Unfortunately, in some cases the Security project had an excessive focus on cost reduction rather than on real management optimizations and analysis of related risks. The technological component was also overestimated, without considering that data management was still manual. Progressively the field sensors related to the various safety subsystems have evolved by multiplying the information and using more intelligent and sophisticated technologies that require in turn more and more specific skills, both for their installation and for the configuration. The situation is clearly
  • 6. 5 Paolo Sciarappa more critical when the number of subsystems is high. Finally, system information is added to report server, pc and network connections. We have thus arrived at the full digitalization of security systems, a huge flow of information to be cataloged and managed, a prerequisite for what will then be the "digital transformation". Internal procedures, reserved for insiders, often do not take into account the changed reality regarding the management of alarm events, technical support and escalation procedures. This management is extremely complex and heterogeneous and requires more and more specific preparation and a strong attitude to "Problem solving". Technological support is certainly at the base, but discretionary scope is always fundamental, at least in large companies. The theme of alarm management is different in the control centers of the Security firm, where alarm signals are more homogeneous and standardized. Often these are cumulative alarms of smaller entities, even if the number of remote sites managed is significantly higher. Often the sense of security is directly proportional to the level of innovation used to guarantee it. The term innovation already has a positive meaning in itself, but to really benefit from innovation, the most appropriate technology must be used, taking into account the organizational context in which it will be applied. First of all, therefore, a careful and in-depth analysis of the risk that must surely start from threats, but must also evaluate the effects of countermeasures in organizational and management terms. The assessment activity subsequent to the application of countermeasures, what I would call "Responsive impact assessment", is fundamental for measuring the degree of efficiency and effectiveness in the organization's response to a critical event. If the information flow is such that it cannot be absorbed efficiently, the derivative risk could be higher than the initially calculated one. It is not just a process of improvement, already computed in the Deming cycle, but of a different and essential activity to the point where it can determine the degree
  • 7. 6 Paolo Sciarappa of applicability of a countermeasure that could even worsen the level of risk initially calculated. Often the System Integrators suggest guided procedures (wizards) to support the operator in choosing the operations to be performed. I do not think this is the right way, I think it is more effective to make security operators responsible for choices by developing skills and professionalism. In any case, the criticality in the management of information is focused on the interpretation of the data rather than on the reaction. 1.1. Information overflow and human factor The expansion of centralized systems associated with a short-sighted installation logic that does not take into account the possible use of correlation elements, has led to an excessive granularity of the alarms. Moreover, in some cases, the tendency has been to bring back to the operator's console not exactly security alarms, even if at the service of it, an activity that should remain in charge of maintenance services. To these are added false alarms, in addition to the improper alarms that derive from authorized accesses. False alarms, some of which derive from external factors and related to environmental conditions, are a real safety disaster. Many false alarms also derive from a bad or non-existent maintenance, others still from installation faults. Finally, there are false alarms resulting from incorrect classification.
  • 8. 7 Paolo Sciarappa The immediate consequence of this informative excess is the reduction in the level of attention or the misinterpretation of events, which leads to increased exposure to risk for company assets and people. To give an idea of the volume of data flowing to a business center of a large company, I can list some related to the reality of Vodafone Italy.  20.000 intrusion and environmental sensors  1200 card readers  36.000.000 transits per year  1400 cameras In this context the role of those responsible for monitoring alarm events is complicated, the skills and professional skills required to manage such a situation are very challenging. As I said, in addition to problem solving and team working skills, specific technical skills are required. The proactivity and professionalism of the operator become fundamental in order to be able to manage a situation of this type, in fact a great capacity for
  • 9. 8 Paolo Sciarappa analysis and intervention is needed, both to maintain efficient systems and to guarantee a prompt reaction when necessary. We will see later the great help that the digital transformation brings, but in any case the high degree of discretionality in the decisions will not fail. In this context, procedures play a key role, reducing and simplifying processes and reporting in favor of a greater focus on objectives and KPIs.
  • 10. 9 Paolo Sciarappa CHAPTER 2 PSIM System 4.0 Physical Security Information Management (PSIM) systems are software platforms designed for the purpose of unifying information management, supporting security operators on the decisions to be taken in the face of a critical event and providing aggregated elements for the Security Managers in order to can evaluate the efficiency and effectiveness of security systems. They are used to collect, analyze and correlate data from various subsystems and security devices. These are relatively recent solutions, but only for a few years have they found widespread use, albeit in different forms and with non- uniform technological solutions. Their evolution is at the base of the digital transformation that has affected the sector and that is why it is necessary to correctly understand the purpose and their practical declination. They are the starting point for the revolutionary management of information obtained from the large amount of data coming from the various systems involved, subsequently extended by the analysis of open sources. The application of business intelligence and the principles of information management has marked a change in the vision of an isolated world. It is therefore a double-track, informative and technological revolution. The evolution of these systems towards ICT has helped to standardize information making it more usable to other business units and at the same time allowing to draw from other units. This interaction facilitates the assessment activity for the verification of compliance with the guidelines imposed by international organizations for the standardization of processes. The purpose of Physical Security is primarily the protection of people, then the protection of data, systems, equipment, facilities and other tangible and intangible assets of the company. This is why it is essential to seek full integration with all company systems that can contribute to achieving these
  • 11. 10 Paolo Sciarappa goals. The logic of silos is a legacy of the past and is no longer suitable to defend companies from new threats, such as cyber-attacks and terrorism. The integration with the other business units takes the form, for example, with the sharing of data from HR, Information Technology and Safety systems. By sharing the same repository for identity management, with the alignment of physical and logical accesses and with the implementation of a shared account management process. The company badge is an example of possible technological convergence. It can be a multifunctional tool used for time and attendance tracking, for secure printing, as a payment tool, as a container for biometric information and for accessing IT resources. The ISO / IEC 27001 standard (Information Technology - Security Techniques - Information Security Management Systems - Requirements) requires the verification of a series of controls, the feedback of which is simplified in the presence of an open system and integrated with the other business units in which processes are shared, tracked and validated in an appropriate and consistent manner. These controls, aimed at achieving precise objectives, affect both the system intended as a requirement for achieving objectives aimed at protecting information of the entire business, and the system as a source of data to be protected in terms of confidentiality, integrity, availability and compliance. The PSIM systems also contribute to ensuring compliance with the administrative responsibility of the companies (see also Physical Cyber Attack) and the US legislation (Sarbanes Oxley Act) for listed companies. This conformity is achieved with the positive feedback to the controls imposed by the rules and which can have first and natural feedback precisely in the PSIM systems, also designed for this purpose. The General Data Protection Regulation (Regulation (EU) No. 2016/679) under Article 32 - Security of Processing - requires that the controller and processor should implement appropriate technical and organizational measures to
  • 12. 11 Paolo Sciarappa guarantee a level of safety commensurate with risk requiring restoring of availability and access to personal data in a timely manner in the event of a physical or technical accident. Article 32 goes further explaining that when assessing the appropriate level of security, account should be taken of the risks associated with accidental or illegal causes of destruction, loss, alteration, unauthorized disclosure of information or access to personal data transmitted, stored or otherwise processed. This regulation emphasizes the importance of preventing unauthorized access to data. It is therefore evident the key role that the Physical Security assumes and of how it can be supported by the modern PSIM in the protection of data against malicious actions that aim to exploit the vulnerabilities of the company. As we will see later, the PSIM systems meet the requirements of the management systems in the part dedicated to the improvement of processes and products, as they measure their efficiency and effectiveness. Example of aggregated representation of system events.
  • 13. 12 Paolo Sciarappa In fact, one of the purposes of the advanced PSIM is to provide an aggregate and continuous representation of the efficiency and effectiveness of the systems, also with reference to predetermined KPIs. This allows not only to immediately identify the areas at greatest risk and evaluate the effectiveness of maintenance contracts, but also to effectively target the budget on the areas most exposed, reducing costs with the introduction of new technologies or new models of protection, more efficient than those that were most likely fallacious. It is a process that ensures a more accurate risk analysis by helping to make corrective actions more incisive or by assessing the coverage of residual risk with alternative measures. The evaluation of a Physical Security project (technologies, human resources and procedures) must also be based on performance, this indicator allows us to understand how well it is operating in ensuring the achievement of the objectives by an organization. The technological component does not have a precise standard of reference. In the original idea, the PSIM systems would have had to take the place of the individual under supervision systems with the double advantage of being able to be supervised with a single monitor and to provide summary information through the correlation of several events. A prerequisite for the unification of the systems is the availability of the producers of the various devices to provide the necessary protocols for their integration. This is a crucial point that has prevented, until today, the diffusion of these systems. The use of these platforms is very expensive because it does not allow the elimination of the individual subsystems, but is added to the existing ones. These are enterprise solutions aimed at critical and complex realities, which is why single-brand solutions have found greater favor in companies, an acceptable compromise to ensure the integration between their proprietary subsystems and to be relatively open to information sharing. On the other hand, they present some technical and commercial problems, they do not offer tailor-made security solutions in relation to the various company needs, the software platforms are linked to the proprietary hardware and do not offer very advanced innovative solutions. The constraint to the proprietary hardware is very strong and often does not allow the use of the most modern and efficient devices. Surely the
  • 14. 13 Paolo Sciarappa most critical problem is perceived on the commercial front, the economic tie based on the investment necessary for a change of product or supplier is very high. The result is a very delicate and unbalanced relationship with the supplier, especially for systems that integrate building management functions. Finally, they are more oriented towards data collection than their analysis, even if in this sense recent developments seem very interesting and promising. Many PSIM solutions currently on the market do not meet the classical criteria that these systems are brought to: freedom in the choice of underlying products and control of field devices. Instead, they focus on the collection, organization and analysis of the data made available by the various systems, including open sources on the internet. These are very interesting vertical solutions, especially in cases where it is not possible to integrate existing systems at the level of field devices. However, the return on investment is not short-term and is measurable mainly in terms of greater resilience and compliance. The case of more advanced PSIM systems is rather different. These can be used as the only vertical solution; in fact, the field sensors are managed directly by centralizing the data coming from the field. Example of data collection relating to badge readers.
  • 15. 14 Paolo Sciarappa They replace single-brand integrators integrating third-party subsystems with obvious benefits in economic and performance terms. They allow the use of a wide range of products at lower and technologically more advanced costs. Another plus of these systems is given by a greater penetration in the correlation of data, indispensable for the management of critical events in real time. The correlation of data offers undoubted benefits. In reality very complex the number of information to be managed is enormous and it is for this reason that the events are classified according to their importance and managed accordingly. However, there are many events that, if evaluated individually, are not to be considered critical, but if analyzed in a broader context and properly correlated they assume a different gravity and provide important information that would otherwise escape the attention of the operator. Then there are other cases in which the correlation allows a faster response, with the consequent reduction of the impact on the business. The correlation should be multilevel, bidirectional and multifunctional. The information is presented to the operator by correlating more input data and is processed automatically generating outgoing events to multiple systems belonging to different functional areas. For this reason, the choice of these evolved PSIMs, which I would call 4.0 in parallel with the recent industrial innovations, must be adequately evaluated and with transversal skills. The practical examples of correlation are innumerable: The logical access to a defined critical production system could be granted only in the presence of a transit on the turnstiles verified by the access control system. On the other hand, logical security systems should inhibit remote access using a PC stolen from the company. This is only possible with an information exchange between different systems and that are normally
  • 16. 15 Paolo Sciarappa managed by figures not belonging to the same functional unit. The information exchange should also concern the operators of IT call centers that should not provide assistance on these PCs, I refer for example to the request of a recovery key for a PC with BitLocker Drive Encryption (function that allows to encrypt the data of a PC). The applicant's identification is often summary and not formal. Safety also benefits from these correlations. The authorization of a badge for access to a technical site may be subject to the execution of prevention and protection courses or the compliance of the security documentation. We think of the break-in of an internal gate, the signal could come to the operator with the resumption of the affected area and with the indication of the name of the transgressor. The recognition is possible by correlating the data obtained from the access control system to the entrance of the building with the biometric recognition carried out by the video system at the time of the break-in. An alarm that signals the opening of a safety exit, an often recursive event in some environments, correlated with the information on the directionality of the movement previously analyzed by the interested cameras, provides the operator with an immediate indication of the seriousness of the event. Also sensors normally used only when the system is inserted can provide useful information, if related. A volumetric sensor that activates in a restricted access area, without having detected a previous authorized transit by the access control system, in a reasonable time unit, is reported to the operator as a serious intrusion event. The sensors themselves can provide an indication of the state of occupation of the building in case of evacuation. In other cases, the correlation is used to increase the reliability level of sensors subject to false alarms, for example generating an alarm only following the signaling of several sensors pertaining to different subsystems: the signaling of
  • 17. 16 Paolo Sciarappa an intrusion detected by perimeter IR barriers in AND with that coming from the video analysis of the camera. The growth prospects of the PSIM systems are very promising. According to Frost & Sullivan, a multinational consulting and economic analysis company, the global PSIM market will grow 20 times between 2011 and 2021. Transparency Market Research expects growth at a compound annual rate (CAGR) of 18.7% between 2016 and 2024. Lastly, the recent report by the research firm Wiseguy confirms the growth trend, even if with a more contained outlook, the compound annual growth rate is expected to be between 14% and 15% in the 2016-2020 period. The development of these systems is determined by the economic and financial sustainability of companies and their sensitivity to new risks related to the era of digital transformation. Despite the growing cyber threats and physical security by terrorists and illegal organizations, many companies impose continuous savings targets, probably against a perceived low probability, compared to the occurrence of the event. However, the impacts could be very heavy, especially in terms of interruption of business activities and brand reputation. New threats require new tools to address risks in a holistic security concept. This is an investment in risk management that should be carefully analyzed. Without forgetting that the operational centers also supervise alarms that are not a direct consequence of malicious actions; the delay in managing a fire / flooding alarm or neglecting a bulletin issued by the civil protection could have serious consequences for the safety of people. Managing information efficiently and effectively means anticipating and therefore preventing the occurrence of accidents. This does not mean that the positive effects cannot be evaluated concretely. Using two indicators such as the Total Cost of Ownership (TCO), which measures the initial cost of purchasing the software and the cost of maintaining it, and the Return on Investment (ROI) that measures the gains of an investment compared to its cost, emerges an interesting fact.
  • 18. 17 Paolo Sciarappa PSIM systems are not for everyone and have not always been convenient. There have been cases in which there were some features that turned out to be useless or non-existent and for this reason they were often negatively evaluated by end users as well as for the excessive functionality and complexity of use. Finally, in some cases the integration and centralization of legacy systems has been achieved at very high costs. Today, advanced PSIM solutions can integrate and centralize a larger number of solutions and products and are easier to manage, enabling faster and more efficient deployment and utilization. The ability to use the most cost-effective and innovative products without binding to a single brand or supplier leads to tangible returns on ROI. Added to this are the cost reductions due to higher efficiencies (vigilance reduction, business intelligence, greater resilience, ecc.). Il cost of ownership can be significantly reduced if the system is not closed or owner. The initial costs are lower compared to the mono-brand integrated systems, also due to greater competition. Those related to its maintenance are also reduced both because the value of installed products is lower and therefore positively affects the maintenance contract, and because 'normally evolutionary maintenance includes software release upgrades.
  • 19. 18 Paolo Sciarappa However, most large companies already use one or more supervisory systems, so would the purchase of a PSIM 4.0 justify the investment? In this case the investment is justified on the one hand for a reduction in the operating cost and on the other for greater efficiency and effectiveness due to a better analysis and management of information. This is the strength of these systems, above all thanks to the new business intelligence technologies applied to Big Data, which we will see in detail in the next chapter. In addition, the type of information available increases, from open sources on the internet, to environmental sensors installed on the territory and to information bulletins of government bodies. Using API components (Application Programming Interface, they concern the software programming and allow to simplify the dialogue between an application and another) and SDK (Software Development Kit) to interface search engines and social media you can obtain data that can be correlated with those obtained from the sensors obtaining information with high added value. In this way, the operational management, simpler and more immediate, is also improved, finally the use of modern web standards for the presentation and search of information reduces reaction times.
  • 20. 19 Paolo Sciarappa CHAPTER 3 Big Data & Information Management As we have seen; the world of physical security is filled with cutting-edge technologies capable of producing huge amounts of data. In the Internet of Things era every object on the net can be a threat and at the same time help to provide valuable data for security. Then all the data coming from open sources and those imported from the other business units are added. The analysis of open sources is now essential to assess and understand the threats, especially the most recent ones such as Islamic terrorism and cyber- crime and to be able to proactively face natural disasters and fires that could cause serious damage to assets and facilities. as well as threatening employee health. It is therefore essential to have advanced technologies and techniques focused on data presentation and analysis, able to create value by bringing out hidden data, presenting aggregate and related information of rapid and immediate understanding. Large companies, especially critical infrastructures, are the most exposed to new threats. As we know the prevention and identification of appropriate countermeasures passes through knowledge. These new analysis techniques make it possible to make decisions with greater awareness and speed. 3.1. Descriptive Analytics It starts with the Descriptive Analysis which has its main support in the tools that allow to represent and describe reality, also in a graphic way, through the interpretation of data. Descriptive Analytics allows the graphical display of the efficiency and effectiveness of the organization's control and reaction center. For this purpose, dashboards, analytical reports and query tools are used.
  • 21. 20 Paolo Sciarappa The Security Dashboard, an example of a graphical representation of events: È It is a system of indicators appropriately organized to provide selected and aggregated data on the data being analyzed, with the following characteristics: • Summary of the performance of intervention times and reaction times. • Status of employment of the company areas. • Status of application efficiency. • Summary of faulty sensors disabled and maintenance status. • Summary of the state of risk exposure. • Network efficiency status. • Status of efficiency of video recording systems and retention times. • Summary of alarms in progress. • Telephone queue summary and waiting times. Analytical reports and queries are used to extract and share specific information. They are very useful for evaluating the effectiveness of Physical Security strategies and effectively planning structural interventions by subjecting them to periodic reviews to assess the impacts of investments.
  • 22. 21 Paolo Sciarappa 3.2. Machine Learning The manual analysis of huge volumes of data coming from heterogeneous systems to detect or prevent accidents can be a very burdensome exercise as well as little indicated if you are not clear in mind what to look for. Furthermore, traditional tools do not take the "context" scenario into account. The use of Machine Learning allows learning without explicit and preventive programming. The definition most accredited by the scientific community is that provided by Tom Michael Mitchell, director of the Machine Learning department of Carnegie Mellon University: «A computer program is said to learn from experience ‘E’, with respect to some class of tasks ‘T’ and performance measure ‘P’ if its performance at tasks in ‘T’ as measured by ‘P’ improves with experience ‘E’ ». These are algorithms capable of automatically improving the performance of results through experience. These algorithms are able to learn continuously from the data themselves and discover unknown information and unexplored views, identifying and extracting value without having been programmed to know exactly where to look for it. Thanks to this approach, the
  • 23. 22 Paolo Sciarappa analysis also becomes a predictive tool (Predictive Analytics) that expands the time horizon of information, from present to future, thanks to the mathematical juxtaposition between the condition and the probability of the occurrence of an event. Even in everyday life we use algorithms to solve problems, even the simplest ones. In many cases, these are simple sequential instructions that allow us, through a series of operational choices, to reach the goal. But there are many problems that cannot be addressed in this way. Let's imagine that we need to implement an algorithm that allows us to distinguish the various animal species. One way could be to write a series of physical characteristics of each species and then make the algorithm apply the rules by classifying the animals. We can decline a large number (shape and distance of the eyes, number of legs, etc.), but the results will never be satisfactory for the countless variables in the field. Machine Learning, on the other hand, uses a totally different approach, starting from input and output and letting the machine understand the relationships between them and ultimately give the algorithm a result. In the case examined, if we provide the system with thousands of animals already cataloged, he will identify the criteria for classification and will alone classify them, the more data he will have available and the more accurate his classification will be. The role of the human being is only to define how the program will have to learn, to choose the examples and the information to be stored and how to apply the knowledge in order to make decisions. The same concept is applied by systems Example of possible relationships between the objects being analyzed
  • 24. 23 Paolo Sciarappa that identify spam e-mails or profile our preferences to propose results that are closer to our expectations. Not within the details of the various learning mechanisms or other more complex and sophisticated techniques, this may suffice to imagine the great prospects of these new technologies on security and in particular on Physical Security. If Big Data Data Analytics techniques allow to give a synthetic form and extract useful information from the mass of data coming from different systems, Machine Learning is able to amplify this process and take a further step forward in understanding the associated phenomena to these data. Think of access control systems, this technique is able to analyze millions of transits and detect any anomalies in real time. For example, identify subjects whose behavior is abnormal and represents a deviation from the standards. A person who is in areas not frequented and not compatible with his access profile (visitor, employee or external). Abnormal transits in relation to time or the space in which they are detected, we think of the same person who is transiting at the same time in two different locations. Or an anomalous occupation of spaces, excess or poor employment. Denied transits always referred to the same person, etc. But above all something that we did not expect and we ignored its existence or criticality. There are also many applications for anti-intrusion. Statistics allows us to model the behaviors expressed by the data and the identification of non-linear Graphical representation of how machine learning handles a large amount of data.
  • 25. 24 Paolo Sciarappa correlations of events coming from multiple sensors. This technique can be useful to bring to the attention of the operator sensors that behave abnormally, especially if related to data from other systems. They are an alarm bell and indicate maintenance problems or malicious actions. Even more interesting is the possibility of creating predictive models. A predictive supervision system is able to analyze the data both taking into account factors endogenous to criminal action and environmental. We can derive a model of attack correlating endogenous factors that could for example result in an intensification of access to the site in the days before theft for maintenance activities, suspicious movements near it or false perimeter alarms. Taking into account external factors, from the deterioration of the environmental context to the analysis of the time slots in which the accidents occurred, etc. The analyzed data come from different systems, from the analysis of open sources, from the information made available by law enforcement agencies and research institutes. Video surveillance plays a decisive role in the enrichment of databases and will be even more so in the future. This sector is the one that has benefited most from the technological development, in the last decade it has undergone a real digital transformation and it is the one from which we still expect a lot. The cameras have become security sensors, intelligent units that process images for us and interpret the content. This kind of approach is based on algorithms that can be supervised or learned from historical data. Using the data repository as a starting point, the algorithms generate behavioral and predictive analyzes, giving, in fact, the possibility of anticipating possible risk situations. Carmine Buono Head of BigData Area in Crisma Security
  • 26. 25 Paolo Sciarappa The algorithms used for image analysis and comprehension are increasingly sophisticated and able to identify complex behavior patterns with an ever increasing level of reliability (loitering, panic disorder, tracking, overriding, crossing zones, flow direction, face recognition, etc.). The search for events in video recordings has been greatly simplified, from smart search techniques that offer targeted results on certain areas of camera framing to the latest techniques that allow you to view events in different moments in a single image, where each subject is labeled with an indication of the time in which it appeared on the scene. The big step forward was made with the introduction of metadata, a kind of text that describes what happens in the video. Some examples: suppose you have to check the correct use of an island for the collection of waste to prevent them being abandoned outside the bins. A traditional system using a dedicated algorithm could record the scene and notify us of the event. With the metadata we will have: notification of the event and its visual observation ... - Type: Vehicle - Class: Truck - Color: Green - Plate: XXX - Recurrent: YES - Number of people: 2. GPS-based video analysis sensors are also able to provide the GPS coordinates of the target and place it on a map. If we install cameras in a store, carefully positioned, we can derive a series of data that go beyond the security needs and that could be useful to other business units: with the available data it is possible to obtain the average observation time, providing information on a sort of "Rating Index" of the window display. Elaborating a supervised algorithm with the support of historical data about the phenomena of the shoplifting suffered we will be able to identify behavioral models typical of those criminal actions. In this way, thanks to the techniques already described and with the use of more complex techniques such as Deep Machine Learning we can be alerted in advance in case of suspicious behavior that could anticipate a criminal action.
  • 27. 26 Paolo Sciarappa Deep Learning is a particularly advanced learning technique that uses a neural network with several interconnected layers, where the result of a processing creates a model which in turn is used to analyze the following data, greatly increasing the processing capacity. It can perform classification activities directly from the images obtaining results that previously seemed impossible, sometimes exceeding the performances obtained by man. On the Google Teachable Machine website, you can directly test how a system trains based on starting data and how the recognition system can then match specific results. Suppose we have to monitor the access of a building where we assume terrorists are present: monitoring access with traditional technologies would require many people and an important organizational economic effort. By installing a high-resolution camera that resumes the street or the square where the target building is located we will be able to analyze the scene with an overall view and at the same time in detail the entrance. In this way we will be able to know how many people have entered, the time spent, the car's license plate and the personal details of the subjects, after identifying them by comparing the photos in other repositories. Once identified, the system will automatically provide the details for each access. Further recognition aid is given by deep learning facial recognition algorithms that are now available in applications such as search engines, designed to find missing persons in movies. In the previous case, installing an audio sensor near the access, perhaps in a car parked nearby, it will be possible to identify the subject even from the voice. Google has recently filed a patent for which a program is able to associate the voices to the faces, using the use of machine vision algorithms and a typical Machine Learning approach. Siamo We are therefore beyond the first generation of facial recognition software that measured the distances between the various points of the face. The goal is to teach a computer to perform a natural activity for humans: identifying and recognizing the content of an image. Returning to the example made to demonstrate the usefulness of data correlation, a camera resumes the entrance of a building equipped with turnstiles, the access control system allows you to associate a name to each
  • 28. 27 Paolo Sciarappa face framed by the camera and can do dozens of times a day for months. With this volume of data the Deep Learning can learn very quickly and with a minimum gap. To this are added modern zoom-enanched techniques, researchers of Google Brain, the division of Mountain View that works on algorithms of intelligence, has developed a system able to increase the resolution of extremely grainy images, to reconstruct their shape and structure. The scenes of CSI films where magically the grainy images are reconstructed with a simple click and that today make the professionals smile, a tomorrow not too far could be a reality whose implications, in the forensic analysis, would be of enormous importance. Today's cameras are real intelligent units capable of carrying out increasingly complex tasks, so the algorithms can be moved to the camera, limiting bandwidth consumption and computing power centrally managed, thus reducing costs. A start-up specialized in automated solutions for the external inspection of vehicles has implemented a physical security system that analyzes the bottom of vehicles to detect threats such as bombs or weapons, completely replacing human intervention. Digital scanner to inspect the undercarriage.
  • 29. 28 Paolo Sciarappa In the rooms of the private security firms there are hundreds of cameras to monitor the counting operations, another application for Deep Learning could be to identify the correct behavior model and report any deviations thus avoiding the revision of hours and hours of recording. Digital Transformation has also introduced new products at the service of safety, imported from other markets and born for different purposes. For example, the MEMS chip used in many smartphones as an accelerometer makes it possible to translate the accelerations caused when climbing over an enclosure in an alarm. A new type outdoor sensor uses advanced radar technology and intelligent algorithms to detect intruders, also offering the angle of motion, size and speed of objects. Furthermore, by providing the exact location, it allows you to filter by distance and is immune to events that often cause false alarms, such as moving shadows or light beams, small animals or insects. The detector can send the exact coordinates of the people or objects detected directly to the PTZ cameras, which can automatically enlarge the target without manual intervention. Network Radar Detector, target trajectory and detailed image, by Axis Communications. A separate chapter should be dedicated to the potential of smartphones, both as objects to be used to supervise security events, we are intelligent "sensors" able to collect data. A brief mention to explain the importance of these devices in the production of Big Data. They are equipped with many sensors able to
  • 30. 29 Paolo Sciarappa collect data from the environment, produce their own, correlate them and send them independently, are part of the information security and with their data contribute to the creation of Big Data. For example, they are used to geolocate employees in critical contexts, as a tool for accesses and for assessing the degree of occupancy of the company areas, when associated with dedicated devices. They are a valuable resource in the analysis of open sources, contribute to the formation of news thanks to information sent online by users. 3.1. Physical Security as a service (PSaaS) The Cloud could not be missing, another element of novelty for Physical Security. It is a business model that provides for the outsourcing of one or more services where security is provided as a service delivered in the Cloud, without the need for expensive hardware, reduces the Total Cost of Ownership. Before entering into the merits it is necessary to clarify the perimeter of the outsourced activity. The first level includes the processing power and space for the various repositories, as well as the security application, the core business of those providing this type of services. The second level also includes the supply of field hardware installed at the customer. The third is the case of the total outsourcing of the service, leaving the customer only the operational management without alarm monitoring functions. Savings, scalability, resilience and innovation are the first concepts that come to mind when talking about Cloud, to this is added the great advantage of avoiding large disbursements in capital account. There are no insurmountable technical limits and probably bringing Cloud security could also be advantageous, but there are some factors we need to take into account. In medium and large companies the technological infrastructure is already present and is shared with the other business units, the virtual servers are scalable and allow the addition of new systems, modulating the resources as needed. In this sense there would be no significant savings as it does not need to create an ad hoc structure, but the existing one already interconnected with all the business units would be exploited. We are far from the "silos" logic and it is therefore necessary to
  • 31. 30 Paolo Sciarappa interconnect the systems to facilitate the sharing of information, which of course is easier if the system is located within the company. Secondly, the "open system" logic that underpins the PSIM 4.0 systems that would lead to single-supplier solutions would be lost. Finally, one could not do without the field hardware related to the various security subsystems. However, there are cases that are an exception, where great scalability and speed of execution are required, in a context that does not require particular interactions with other systems. The financing of operating expenses in place of capital expenditure may be useful in other contexts, for example if all the infrastructure is allocated within the company. In this case there would be a double benefit, not having to deal with large initial investments and not having the problem of technological updating due to the fact that the supply and installation of the security systems would be remunerated at the fee and renewed at the end of the contract. 3.2. Cyber Physical Security Cyber Security attacks are increasingly complex and sophisticated. The theme must be tackled on two levels. The first is that information theft can take place not only online, but directly accessing IT resources. The second refers to the fact that the vectors used for the attacks also concern the physical devices beyond the technological ones. The IOT and the development of physical security systems towards IT has introduced new vulnerabilities, while we assume that a PC or a server must have an antivirus and that we must implement a series of security measures both at the application level and on the Operating System, we do not do the same for physical security systems. Cameras, sensors, badge readers, etc. they are potential points of access for every hacker, both to access corporate networks and to be used as a point of attack to other structures, or to take control of the security subsystems to guarantee free access to data held by companies. It is therefore necessary a
  • 32. 31 Paolo Sciarappa specific preparation able to evaluate these threats and support a business intelligence activity able to collect and analyze information through all communication channels, including dark web.
  • 33. 32 Paolo Sciarappa Conclusion La Digital transformation does not end with the introduction of new technologies, it requires a complete revision in the way of managing information. For Physical Security it is a period of profound changes and the 4.0 enterprise is an opportunity to create greater value. Not only a support to ensure companies achieve their goals, reducing, addressing and overcoming risks, but also ensuring greater resilience to business activities and contributing to an enabling security in the digital transformation process. The new Physical Security project facilitates core activities and contributes to enriching information assets which in turn create value, both in terms of income and greater compliance. A more functional, smarter security that is more capable of adapting to changing human needs than limiting exercise. A physical security not only focused on technological innovation, but more attentive to the human factor. Many of the targeted attacks on companies are made using phishing or social engineering techniques, so we must also invest in information and training. Without physical security, any other protective measure may be ineffective, the weakest layer of protection is the one that determines the level of security. It is therefore necessary to tackle emerging threats with a multidisciplinary approach where information is at the same time our main asset to be protected and our best ally.
  • 34. 33 Paolo Sciarappa Bibliografia:  Wil Allsopp, Unauthorised Access: Physical Penetration Testing for IT Security Teams. Published by Wiley & Sons 2009, ISBN: 9789470747612.  Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, Bo Luo: Cyber-Physical Systems Security. IEEE Internet of Things Journal, 0.1109/JIOT.2017.2703172.  Guy Harrison, Next Generation Databases: NoSQLand Big Data. Apress 2015  Lawrence Fennelly, Effective Physical Security, Butterworth-Heinemann 2016  Robert M. Clark, Simon Hakim. Cyber-Physical Security: Protecting Critical Infrastructure, 2017 Springer. ISBN 978-3-319-32824-9  Kevin D. Mitnick e William L. Simon, L’arte dell’inganno. Feltrinelli 2013  Clarence Chio e David Freeman, Machine Learning and Security: Protecting Systems with Data and Algorithms. O’Reilly 2018 MISBN-13: 978-1491979907.  Bruce Schneier, Secret & Lies - Digital Security in a Network World. 2000 SBN13: 9780471453802 Sitografia: 2018 Data Breach Investigation Report https://www.verizonenterprise.com/verizon-insights-lab/dbir/ Investigare su immagini e video https://www.safetysecuritymagazine.com/articoli/investigare-immagini- video/ Riconoscimento facciale con la computer vision https://it.mathworks.com/discovery/riconoscimento-facciale.html Cosa sono i Metadata https://www.securindex.com/downloads/2d9964f182edaa529967ea2be2a2ffc 4.pdf
  • 35. 34 Paolo Sciarappa UNIFICATION: Bringing Security and Operations Together With PSIM https://www.sdmmag.com/articles/91566-unification-bringing-security-and- operations-together-with-psim Big Data e Machine Learning: trovare risposte nei dati https://www.secsolution.com/articolo.asp?id=536 Physical Security and Why It Is Important https://www.sans.org/reading-room/whitepapers/physical/physical-security- important-37120 Why Integrate Physical and Logical Security? https://www.cisco.com/c/dam/en_us/solutions/industries/docs/gov/pl- security.pdf