Using PSIM to ‘Predict’ the Future
There are similarities to cyber crime attacks and physical facility breaches that are not being tracked today and can be predictive in nature. That will have to change.
|ABOVE: NYSDOT operators at the 24x7 Joint Transportation Management Center in Long Island City, N.Y., work on addressing highway incidents.|
Physical Security Information Management (PSIM) is morphing from “alerting” and post-incident-only management platforms and into incorporating a “predictive” behavioral component in their solutions. This is a natural progression being driven in large part by societal trends, the expansion of the Internet, and end user deployments within an accelerating global crime environment. The future is here and PSIM platforms must evolve to address the blended threat of digital and physical crime.
“PSIM identifies a category of products that integrate an organization’s disparate security devices and systems into a single common operating picture. These systems can identify, verify, and resolve emergency and business situations in real time,” states the PSIM Trends website (www.psimtrends.com), a website that was created to provide information from industry thought-leaders about the PSIM market.
Next-generation PSIM models also will integrate information databases, intelligence sources and behavior profiling to complement security systems. Predicting threats to global businesses and critical infrastructure resulting from cyber crime and espionage also need to be addressed in future PSIM models. The attack vectors include dual risk scenarios for physical and digital attacks, and theft from traditional “insider” espionage methods.
“The trend in PSIM is toward digital and many of the current analog systems will diminish in the coming years. We are going from dumb to intelligent, as systems rapidly analyze data and make intelligent decisions. Ultimately, this will bring us to a world where enterprise level systems form a grid with other advanced systems controlling much of the world around us and reducing superfluous human interaction,” states Richard Hahn, director of Marketing at Bold Technologies, Colorado Springs, Colo.
James Chong, founder and chief technology officer at VidSys, a PSIM provider, anticipates more integrated solutions in future platforms.
“PSIM is analogous to Security Information and Event Management (SIEM) software, in that it does for physical security what SIEM does for cyber security. I believe that PSIM and SIEM will blend together over time and take on a larger role for private and public organizations, and we can expect to see more overlap among the technology systems to provide the real-time visibility organizations demand wherever they need it — especially as people embrace virtualization of services and utilize mobile technologies as a basic way of life.
“It’s an exciting time in the PSIM market now, and it’s only going to get better as technology and adoption gets broader in the world of security,” Chong describes.
Yes, That’s Undecillion
Driving this adoption cycle is the pace of technology. Semiconductors, network bandwidth, storage density, and mobility are driving machine, sensor, and human communication across open platforms. Social media is exploding as people share all manner of information content with no end in sight.
However, the more fundamental change in the Internet itself is the move to Internet Protocol Version 6 (IPV6), which is a massive increase in the number of devices with an IP address. Here is the Wikipedia explanation: “While IPv4 allows 32 bits for an IP address, and therefore has 232 (4,294,967,296) possible addresses, IPv6 uses 128-bit addresses, for an address space of 2128 (approximately 340 undecillion or 3.4×1038) addresses. This expansion allows for many more devices and users on the Internet as well as extra flexibility in allocating addresses and efficiency for routing traffic.”
Yes, that was undecillion or in layman’s terms, 10 numbering categories higher than 1 billion — and “many more devices” is a massive understatement. IPV6 is the building block for the “Internet of everything.” The projections of 14 billion mobile users worldwide by 2020 and storage measurement in Yotta Bytes (trillion) is one subset of this phenomenon.
With such fundamental changes occurring, it is hard to believe that PSIM platforms will not extend their current capabilities into a more virtual solution, similar to the environment they are expected to mange and secure.
One sure bet is that when “everything” has an Internet address, every device will be open game for a hacker. This will require collaboration across internal business units — and with a wider array of surveillance, access systems and integrated databases.
Pulse of the City
While IPV6 represents a major technical shift, the future direction of our world’s major cities is an example of a physical one. National Geographic (www.nationalgeographic.com/earthpulse/population.html) highlights that for the first time in human history, half of all the people on the planet currently lives in cities. This puts a tremendous onus on local, state and national governments to provide a safe environment for people and businesses to grow and prosper during this historic transitional period. The ability for technology to integrate a vast number of digital systems, sensors, and software with human services has never been more important. As such, security integrators, consulting firms, and technology vendors are focused on the issue of Smarter Cities.
Keith Bloodworth, founder & CEO of CNL, Indianapolis, makes an interesting point; “One thing is sure, PSIM will not stay PSIM for very long. As people begin to understand it, it will become a subset of Unified Risk Management and/or a better Smart Cities tag. The key mistake was to allow the use of the word security in what is basically middleware with a big front end. Please find another description or tag for a platform that aggregates and manages all other platforms and devices.”
IBM Corporation has a global media campaign detailing its plans to embrace this opportunity and recently announced a $50 million Smarter Cities Challenge Grant Program for 2012. This is a three-year, 100-city effort in which IBM’s top technical experts and consultants provide actionable advice to urban centers on a variety of urban-related matters, such as finance, sustainability, public safety, and citizen services. IBM Chairman Sam Palmisano states that by 2050 more than 70 percent of the earth’s population will be living in cities.
“Today, around the world, we see the infusion of intelligence into companies and entire industries, which is why you may have been hearing about ‘smart power grids,’ ‘smart healthcare,’ ‘smart supply chains’ and the like. And soon we will all be hearing about — and, I hope, living in — ‘smart cities.’ Because these same capabilities are being applied to change the way our cities work,” he says.
The global mega trends of IPV6 and Smart Cities are showing the security integrator where the security market of the future is going to be.
Smart Cities use traffic pattern analysis to determine travel times. Today, retailers anticipate buying behavior as bad weather conditions approach; credit card firms track activity that is outside a normal pattern for the cardholder; and global law enforcement agencies use analytics to fight crime. The COMPSTAT system, made famous by NYPD in the mid ‘90s, uses recent crime pattern data to pre-position police units at specific locations, times and days to anticipate criminal behavior. COMPSTAT is now used in major police departments across the country and in cities around the world. The British system known as Crush (Criminal Reduction Utilising Statistical History) uses predictive analytics to evaluate past and present incidents in crime reports, intelligence briefings, offender behavior and weather forecasts. IBM developed the software. Mark Cleverley heads IBM Government strategy and states, “What the technology does is what police officers have always done, sometimes purely on instinct, looking for patterns to work out what is likely to happen next. What is different is the scale on which the system operates and the speed at which the analysis takes place.”
Predicting threats to global businesses and critical infrastructure resulting from cyber crime and espionage need to be addressed in future PSIM models. A utility substation or network junction point is vulnerable to both a physical bombing and cyber attack. A sophisticated cyber virus can destroy physical equipment through a digital attack. With the increasing amount of connectivity and network traffic for the IT department to monitor for malware and botnet attacks, many insider threats and physical breaches are beyond their capacity to defend.
The issue in cyber crime and espionage is not just direct theft of information, but the prolonged presence in these networks to copy, listen, learn, and/or alter content. Our command-and-control platforms themselves must be protected and it must be anticipated that they will be targets of criminal or nation-state aggressors.
A major source of cyber crime and espionage is the human being — the trusted insider that has security-cleared access to operational plans and information. Private Bradley Manning of WikiLeaks fame is the poster child here. Even though the Top Secret facility was air gapped or “off the grid,” he managed to download 400,000 secret files onto a thumb drive and embarrass the Army. The fact is that leading up to the theft he was very vocal about his displeasure with government service, and security professionals should have seen this problem coming.
Kroll Security, the world’s leading risk consultancy company, has generated a threat report that states approximately 60 percent of cyber crime breaches are the result of a trusted insider. Furthermore, international security solution providers McAfee and Symantec have stated that over 80 percent of those insiders will steal information within a 30-day window prior to leaving the company.
It stands to reason that a policy can be enacted that collaborates between the Human Resources (HR), Information Technology (IT) and Security organizations to prepare for this insider risk scenario. If the individual on a probation period has digital access to Top Secret files, or physical access to a substation in a utility grid, his activities can be monitored more closely to protect the business, shareholders and public. A dashboard model can address these threats and incorporate a PSIM early warning system.
Proactive monitoring of physical space or information sources that people should not have access to at specific times or under certain circumstances makes good security policy. There are similarities to cyber crime attacks and physical facility breaches that are not being tracked today and can be predictive in nature. The combination of big data and social media analytics can establish behavior models to greatly complement existing PSIM platforms.
Security professionals need predictive capabilities in their risk models to consider, “If this…then what?” scenarios in a digital age where speed is the critical factor. PSIM needs to step up to the challenge of embracing predictive behavior analytics to improve security policy and law enforcement. The future of security depends on countering blended threats in real time. Cyber crime is here. Are we ready?
|PSIM: Listen & Learn|
|To complement this thought-provoking article, SDM has produced a set of podcasts (audio interviews) with experts in the PSIM market, which you can listen to online at www.sdmmag.com/media/podcasts. Some of the topics include the size and complexity level of PSIM projects (Can they be scaled?), as well as how to use consultative selling on PSIM projects.|
|What Is PSIM?|
|The PSIM Trends website (www.psimtrends.com) positions PSIM as follows: “PSIM identifies a category of products that integrate an organization’s disparate security devices and systems into a single common operating picture. These systems can identify, verify, and resolve emergency and business situations in real time. PSIM links together global command centers with mobile field personnel to provide lower costs of operation, better use of existing investments, quicker response to situations, better enforcement of security and business policies, and better protection of people and assets.”|