Keeping our changing environment secure

August 2019 Editor's Choice, Security Services & Risk Management

Electronic security started with the development of CCTV systems made of analogue cameras where information was recorded on to VHS tapes and stored in the security centre. As the acronym points out – it was a closed-circuit TV system.

In this digital technology age, we assume that wherever we are we can have permanent connectivity to the Internet via a variety of electronic devices and use them for viewing cameras, unlocking doors, accessing data, communicating with other people and so on. Every time we use a device, we are entering the realm of cyberspace. It is not a controllable physical space.

Rob Anderson
Rob Anderson

A whole new set of opportunities have been discovered by those who have bad intentions and are keen to exploit us and our connectivity to enrich themselves at our expense. We have a new challenge.

The digital age relies mostly on the expertise of the IT specialists. This is complicated and difficult to others. The fact that the electronic equipment being used has to be installed, programmed and maintained by IT specialists, has meant that the whole security solution has migrated, in a large part, to being under the control of the IT specialists.

This has not been a good idea from the point of view of those who understand criminology and good security practice.

What needs to be done is for the criminology and security specialists to take back control of the part which they understand instead of being frightened off by the apparently complex IT issues.

How will they do this?

For a crime to take place there needs to be a victim and a criminal who sees an opportunity. For a cybercrime to take place we need the same set of circumstances, although the participants may now be called an unaware user and a hacker looking for an opportunity.

The basic principles of CPTED (Crime Prevention Through Environmental Design)/Designing out Crime, have been well documented and discussed. Instead of re-inventing the wheel, would it not be a good idea to take these basic principles and apply them to the digital environment. As a reminder, these principles are as follows:

1. Surveillance and visibility.

2. Territoriality.

3. Access and escape routes.

4. Image and aesthetics.

5. Defensible space and target hardening.

Applying these to the digital age, we can define the following principles.

Vigilance and responsibility

Surveillance and visibility becomes vigilance and responsibility. This means we must all not be unaware users. We should not make use of our security access to ‘quickly check emails while we are online’, especially those who have Administrator privileges on the network. This would give cyber criminals the opportunity to change the network settings for their own purposes.

We should be aware that ‘phishing’ emails are one of the biggest problems. As the user, it would be your responsibility to report anything you think is suspicious to those who are responsible for the network.

The target is continually moving. As well as user vigilance and responsibility, a network surveillance system can be installed to monitor the network and to detect any unusual activity. This could be a place for the use of AI (artificial intelligence) techniques. It can never be said that there is a point where the risk is zero, so there must be a recovery plan in place for the possibility that a cyber-attack takes place.


This principle does not need to be re-defined. The common thread is OWNERSHIP. For this reason, fragmented solutions where there are no clear responsibilities defined for IT people and security people, cannot work. There is no pride in ownership by either.

The IT service providers must maintain and upgrade the network and communicate with the security service providers. The limitations and possibilities of the network structure and the respect for systems and procedures in place to maintain the integrity of the installation should be communicated to the users.

The users can communicate operational requests to the network managers. They should expect to receive adequate and ongoing training in the use of the equipment. This approach should provide for a harmonious working solution.

Access and escape routes

This can be as simple for users as:

• Password management.

• Don’t share your password or access privileges with anyone.

• Don’t plug other people’s memory sticks into your computer.

Having accessed your network and carried out the attack, the criminal can escape into cyber space, not into the local area. The effect of the attack may not be apparent for a while. The criminal did not leave you an audit trail of CCTV images and bare spaces where your possessions have been removed. You cannot see what has been stolen or how it was done. There is a possibility for the criminal to return multiple times.

Image and aesthetics

This is part of designing out crime. The easier to use the interface between user and network/digital mechanism is, the more willingly compliance can be achieved.

Those who are using the screen interface for their security surveillance work, for example, should be able to log in securely, carry out their assigned tasks without being stressed by difficult-to-follow commands and instructions, and log out at the end of their session. This in place and good training will ensure that all data has been safely captured for reporting and investigation.

Communication is a key factor again, this time between the software designers and the security solution advisers.

Defensible space and target hardening

The manufacturers are applying themselves to this problem to make sure that their devices and systems are as secure as possible, on an ongoing basis. They have had to introduce research and development programmes to address these issues since the target is always moving.

Those maintaining the network should make sure that all updates and patches issued are installed. The security network should never be part of a general IT solution for the site. The installation of antivirus software and the secure storage of information to comply with data protection regulations, also forms part of defending your space and making it more difficult to target your network.

It will be easier, as in the case of physical crime, to move on and find someone who has not been so vigilant.

In conclusion

Now that it can be seen that crime, whether in the physical space or cyberspace, is still crime and that the basic elements for committing the crime – opportunity, target and of course a criminal – can be analysed and dealt with by doing our best to apply CPTED principles and work on designing out crime as best we can.

To be able to apply all this means we have to have a starting point to define what we need to address. The importance of the risk assessment can never be underestimated. Risk assessments will always address the issues of target and opportunity so that the area of interest for the criminal can be defined and the necessary target hardening can be introduced to reduce access to the opportunity.

Appropriately completed with objective analysis of the results and the application of a solution which addresses the risks of the time, as far as possible, is the best we can do. Regular re-assessment and re-evaluation without knee-jerk responses to isolated incidents, but thorough investigation and analysis will be the best that any security solution designer can do.

Each system must have an owner who understands the mechanism of crime and the IT space, take responsibility for outcomes and: Be Aware and Beware.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

24-hour emergency response for staff
August 2019 , News, Security Services & Risk Management
The FirstRand Group has partnered with PanicGuard to create a 24-hour emergency response programme for staff.

Augmented security with drones
August 2019, Drone Guards , Editor's Choice, Integrated Solutions
Drone Guards is moving into an untapped market of using drones to secure residential estates and other high-value assets such as mines, farms and commercial properties.

The importance of real security risk assessments
August 2019, Sentinel Risk Management , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Andy Lawler, MD, Sentinel Risk Management, says a security risk assessment is an onerous task, but is not something estates can consider optional or a luxury item anymore.

Risk assessment or product placement?
August 2019, Technews Publishing, Alwinco, SMC - Security Management Consultants , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Hi-tech security solutions asked a couple of experts to provide estate managers and security managers with some insights into what a ‘real’ risk assessment includes.

How far are we really at with artificial intelligence?
August 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, IT infrastructure, Residential Estate (Industry)
Justin Ludik unpacks exactly how far AI has come and what it potentially can do for society and more importantly, surveillance.

Residential security – caveat emptor
August 2019, Stafix , Integrated Solutions, Security Services & Risk Management
When it comes to improving your property’s security, make sure you take all the options into account as you build a layered approach to keeping people safe and assets secured.

The importance of effective perimeter security
August 2019, Elf Rentals - Electronic Security Solutions, Stafix , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
Protecting the perimeter is critical for any residential estate; how does one go about making sure your perimeter is as secure as possible?

Ensuring your electric fence is compliant
August 2019, Stafix , Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
A challenge facing both existing and potentially new perimeter electric fence installations is how to economically meet the legal requirements required in the SANS 10222-3:2016 standards document.

Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

The hidden claws of proof of concept
August 2019 , Editor's Choice, Integrated Solutions
Proof of concept is a proven methodology for testing new technologies, but it isn’t perfect, and it can be more of a hindrance than a help.