Intelligent insights into a high-risk digitally transforming world Issue 6 2023 MST for professional project solutions. Evidence, not footage.
www.securitysa.com Issue 6 2023 1 VOLUME 29 | ISSUE 6 | 2023 Women in Security SMART Surveillance Conference 2023 Smart/Safe City Sector Focus: Government Power Management Data Centre & Control Room Security Women often bring an entirely different skill set to the table, which enhances the overall service delivered. Uniting technology, community and law enforcement to develop safer and smarter cities that deliver a better life to all. Some people think the future is all about cloud technologies, but the SMART Surveillance conference demonstrated that AI is making edge surveillance much more attractive than ever before. Enhancing security with intelligent technology at government facilities, national key points and more. Eskom’s crumbling infrastructure need not make a victim of your systems and businesses. A comprehensive approach to protecting critical assets is vital to secure physical and digital assets in data centres and control rooms. Editor’s Note.....................................................................2 Smart Surveillance.....................................................14 Fire & Safety ..................................................................30 Project services to best-practice standards Mustek Security Technologies (MST) is dedicated to providing security solutions and distributing the full spectrum of blue-chip solution-driven surveillance products, primarily for the government and corporate arena. MST adheres to the latest Codes of Good Practice as set out by the Department of Trade and Industry. Intelligent insights into a high-risk digitally transforming world Issue 6 2023 MST for professional project solutions. Evidence, not footage. 3 REGULARS FEATURES OUR COVER 04 10 17 21 22 26
2 Issue 6 2023 www.securitysa.com Andrew LETTERS TO THE EDITOR Letters to the Editor should be addressed to Andrew Seldon at [email protected]. Sending material to this publication will be considered automatic permission to use in full or in part in our Letters column. Be sure to include your name, e-mail address, city and postal code. We reserve the right to edit all letters. Disclaimer While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements, inserts and company contact details areprinted as provided by the advertiser. Technews Publishing(Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material. All rights reserved. No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of Technews Publishing (Pty) Ltd, Reg No. 2005/034598/07 Editor Andrew Seldon: [email protected] Contributors Dr Craig Donald Lesley-Anne Kleyn Advertising sales Tracy Wolter: [email protected] Heidi Hargreaves: [email protected] Subscription Services For address changes, orders, renewal status or missing issues, e-mail: [email protected] Design and layout: Technews Production Department Published by Technews Publishing (Pty) Ltd Wild Fig Business Park, Block B, Unit 21, 1494 Cranberry Street, Honeydew Tel: +27 11 543 5800 ISSN 1562-952X Subscribe online: www.technews.co.za ISSUE 6 2023 FROM THE EDITOR’S DESK Back in the old days, when I started with SMART Security Solutions (or Hi-Tech Security Solutions, as it was known then), one of the major ‘revolutions’ of that time was the imminent demise of analogue CCTV in favour of IP-based surveillance. Of course, as in all market revolutions, the move to IP was fast, but more of an evolution. Today we still have analogue cameras being bought and sold, some of them the high-definition systems that were initially designed to compete with the IP invaders. Accurate information is hard to come by, but at, best analogue today represents 10% of all camera sales, and it’s still declining (although at a slower rate than in the first decade of the century). There are various reasons for the longevity of analogue technologies, but that is something people can argue about (those people that do argue about stuff like that, I’m sure some still exist). The reason I mention analogue is that I recently had a conversation in which I was informed that “physical security is dead”. As can be imagined, that made me think. In one way, the statement is true. Companies and people selling physical security products are under immense pressure these Is security the new analogue? days, as margins have hit the floor. I can remember when a 20% margin on a camera was considered unacceptable; 30-40% was the starting point for most companies – unless their physical security kit was a loss leader, or the customer was spending a fortune. In the fight to remain profitable and keep the wheels turning, companies today are looking for revenue streams, other than merely product. This is not any new revelation, of course. Manufacturers are including more in their hardware, often in the form of something with ‘AI’ in it, but also looking at providing software with their equipment to make it more tempting for the buyer. The biggest change is in the software world where integration and working with other products is no longer a speciality, but expected. Proprietary solutions, although they still exist, are finding it harder to make inroads and grow their market – except perhaps in smaller installations where they can do everything. But in the small end of the market, they are being challenged by cloud service providers and their AI/analytics, and are unable to command a premium anymore – and who these days is willing to pay a premium unless you see significant value for money? And then there is the IT threat, both from a cybersecurity perspective and from IT integrators who can throw IP security systems into their current mix and offer it to clients as part of a broader solution – oh, the horror! There is not enough space to really get into this topic in a short article like this, but I will hopefully be able to expand on it in future as I am hoping to get some people brave enough to talk openly about it at a round table event. If you have any opinions on the topic, or want to be involved in the round table, let me know at [email protected]. Until then, I guess we can carry on as usual because if physical security really is dead, there are a lot of zombies making money out there.
www.securitysa.com Issue 6 2023 3 COVER STORY As a division of Mustek Limited, Mustek Security Technologies (MST) is dedicated to providing security solutions and distributing the full spectrum of blue-chip solution-driven surveillance products, primarily for the government and corporate arena. MST adheres to the latest Codes of Good Practice as set out by the Department of Trade and Industry. MST has vast experience in the security industry, making it one of the top security solutions providers. Its solutions include everything you will ever require for security. From server rooms, control rooms, microwave communications, green power to final endpoint terminations for your equipment. MST has representation throughout South Africa in the major business centres and is a Level 1 B-BBEE contributor. From CCTV to forensic investigative tools, MST offers complete security solutions, obviating the need to source various components from a host of suppliers. All warranty and product repairs are supported by Mustek Limited. Mustek is a B-BBEE Level 1 company and aims to be South Africa’s ICT supplier of choice, something it constantly strives for through an approachable, ‘can do’ attitude when assisting its resellers with product specification and solution formulation, and superior technical expertise, evidenced by the high level of technical support and assistance afforded to its resellers. Compliant and regulated MST is registered with various international, and national compliance and regulatory bodies. As such, it is held accountable by laws and regulations, which forms the core of its solutions implementation and maintenance. Project services to best-practice standards In terms of compliance, MST adheres to standards and regulations from: • ISO 9001. • ISO 14001. • ISO 27001. • ISO 45001. • PSIRA. • SASSETA. • CIDB. • SAIDSA. • Rotakin certified. Due to the wide variety of services provided by MST, including physical installation and construction activities, MST is committed to providing its workforce, clients and general public who are affected by its activities with a safe and healthy work environment. As such, MST fully complies to all regulatory and legislative requirements pertaining to Health and Safety. MST is proud to be ISO 45001 certified. The company is also a member of the following professional bodies • SACPCMP – (South African Council for Project and Construction Management Professionals). • SAIOSH – (South African Institute of Occupational Safety and Health). • PMSA – (Project Management South Africa). • All MST personnel, including the board of directors of Mustek are PSIRA registered. Services MST offers MST offers customers a range of services, including system design and implementation, from homeland security to building management, and from CCTV to control rooms, and more. As a product-agnostic company, MST has access to a range of products and solutions which are recommended and installed according to what best meets its customer requirements. All products are tested and approved by MST’s engineering department, and it supplies turnkey solutions, along with service-level agreements (SLAs) to ensure the solution delivers value from day one and far into the future. Training and supporting SMMEs MST’s Training Academy provides partners, customers, sales and technical staff with the necessary skills to design, install, configure and operate CCTV and access control solutions from industry-leading security technologies providers. The courses are a combination of lectures and practical setup with emphasis on hands-on activities. MST is an accredited SASSETA training provider, and as such, is able to provide accredited security courses at its head office in Midrand, Gauteng. MST only makes use of subject matter experts within the training fields who are all registered with SASSETA as a facilitator, assessor or moderator, in order to ensure full compliance with SASSETA at all times. MST is also focused on creating new and sustainable skills by incubating business partners in the electronic security and ICT industries, where it trains and develops entrepreneurs (graduates, school leavers) and aspiring entrepreneurs, assists in creating and incubating SMB companies providing constant administrative and management support, and entrepreneurial mentoring and coaching of newly formed and existing businesses. “Our mission is to commit to the creation of sustainable small/medium business and creation of job-opportunities,” said Peter Bouwer, GM of MST. “This is achieved by identifying, empowering, and supporting aspiring and existing entrepreneurs.” MST will design and deliver the electronic security solution customers in the government and corporate sectors need, and ensure it is supported and delivers value for the long term. For more information contact Mustek Security Technologies, +27 11 237 1364, [email protected], www.mstprojects.co.za
4 Issue 6 2023 www.securitysa.com Given that August is Women’s Month, it seems only fitting that we feature Eva Nolle, arguably one of the most respected and prominent women working in the South African security sector today. Eva is a founding partner and the director of operations at Ceravoid, a commercial intelligence and risk management firm, which operates throughout sub-Saharan Africa. She also happens to be the Regional Vice President for region 10A of ASIS International. Headquartered in the United States, ASIS is the world’s largest member organisation for security professionals. The organisation aims to advance the profession worldwide. It is aligned to United Nations SDG 4 (Quality Education) and SDG 16 (Peace, Justice & Strong Institutions). ASIS also has liaison status with ISO technical committees. It is the premier destination for industry certifications. An ASIS board certification places a security professional in a different league in terms of credibility. Making a difference with human intelligence gathering Women often bring an entirely different skill set to the table, which enhances the overall service delivered. The South Africa chapter falls under ASIS region 10A, which currently consists of chapters in Botswana, Kenya, South Africa, and Uganda. Tanzania will be coming onboard soon. The interest in ASIS by these SSA countries has been gratifying to Eva. “Traditionally, sub-Saharan African countries have tended to be a little slower about membership at local level. ASIS membership is far more robust in developed nations, but we have some very active strong chapters now.” The South Africa chapter currently boasts 119 active members, of which 14 are women. This seems a pity in a country with thousands of PSIRA-registered security service providers in business, given the organisation’s resources, international member database, sought-after certification, and the access that it provides to subject-matter expert communities. “It has been necessary for strong chairpersons, with a real passion to see professionalism advanced within the security space, to step up and lead the chapters,” says Eva. “The annual membership fees are (relatively) inexpensive for individual members from South Africa, as we qualify for a discount as a developing nation. Having said that, given South Africa’s economic situation, the South Africa chapter would like to see more South African firms getting behind their staff, encouraging, and possibly even sponsoring membership and certification.” Security and risk focus A German national by birth, Eva’s love for South Africa goes all the way back to her gap year in 2006, which she spent working with township children in the greater Cape Town area. On her return to Germany, her plan was to study forensic psychology. Whilst waiting for her university acceptance, she happened across an advertisement for the University of Public Administration. That institution was offering an undergrad degree in Risk and Security Management, with a focus on By Lesley-Anne Kleyn. WOMEN IN SECURITY WOMEN IN SECURITY
www.securitysa.com Issue 6 2023 5 corporate security. Eva decided to give the course a try to see if she enjoyed it. She has not looked back since. Hence, after graduating in 2010, she packed her bags and headed straight back to South Africa. This was an early lesson in the importance of a network. Eva fondly remembers calling every person that she could think of in Cape Town in the hopes of finding work. She was snapped up by a management consulting firm and offered a one year contract. Five years later, Eva was still there. Then, visa related issues forced her to return to Germany. She worked for a consultancy in her home country, focused on travel security and geopolitical analysis. During this time, she also completed her first of two ASIS board certifications, the Certified Protection Professional (CPP). Known as the gold standard for security management professionals, the CPP validates knowledge in all areas of security management. The launch of Ceravoid Whilst in Germany, Eva was frequently approached to assist colleagues in her network who were working in countries in Africa. Helping her with many of these assignments was Carl Hancocks, now her business partner. Eva and Carl discovered that their respective skills complemented each other. The two took the plunge and decided to go into business together. This was in 2017. Very soon after the decision was taken, Eva found herself back in Cape Town. Asked to offer us his insight as a Ceravoid client, Jason Cherish, founder of Atlas|Bear, had this to say, “Eva is a real pro and I have learned a lot from working with her. Attention to detail and excellent operationally, but also creative and agile in a way few practitioners manage to balance effectively. She is the total package.” Ceravoid is predominantly focused on intelligence and investigations, working throughout sub-Saharan Africa, and dealing with the likes of attorneys needing high-level litigation support. The firm is particularly strong in human intelligence gathering. “In other words, in gathering intelligence that is not readily available in the public domain,” Eva smiles. She cites an example: “A client operating in Ethiopia was suddenly required to pay certain taxes and needed this requirement to be verified.” Ceravoid offers services such as asset tracing, background investigations, competitive intelligence, corporate investigations, country risk assessments, ESG due diligence, fraud investigations and reputational risk assessments. The protection of assets has two sides and so Eva and Carl have recently launched a subsidiary called C2 Capabilities, which focuses on the other side of the Ceravoid coin: operational risk management. C2 offers services in analysis, business continuity, crisis management and security awareness training. Participation in ASIS As if all of this isn’t enough, Eva has also served ASIS in several roles. She first became aware of the organisation while completing her degree, given that her lecturers were actively involved with ASIS. Since becoming a member herself, she has served as secretary of the South Africa chapter, headed up Women in Security for the South Africa chapter, has been the Women in Security global liaison for Africa, and served as an Assistant Regional Vice President, before taking on her current ASIS role. I ask her what she feels her personal strengths are and without hesitation Eva cites her network. Ceravoid maintains an active and extensive network across the globe to best cater for clients’ needs and acquire the necessary intelligence. “This network has been built over a long period of time and is vetted, trustworthy, and professional, thus making it a great value-added asset to the organisation.” She also feels that curiosity and a genuine interest in people are necessary for all business professionals nowadays. Has she found it challenging to be a woman operating in a traditionally male dominated space? Eva pauses to consider the question. She says that in her various roles she has often come across women working in the security industry who have really struggled with misogyny. She finds this disappointing. Stand your ground “One must be able to stand one’s ground. It takes guts to do that. I have been fortunate myself, in that I came out of university with a degree in this field maybe giving me a bit of an edge. In fact, there were more women than men in my class. I walked into the industry with an equality mindset. Yes, there have been a few occasions in which clients have wanted to chat to my partner rather than me, preferring to deal with a male, but for the most part I have been surrounded by well educated, professional men who have never made an issue of my gender, so making an issue of it doesn’t occur to me either.” Eva mentions Natascha Pienaar and Suzanna Alsayed as two other women working in security whom she feels we should get to know. Natascha is a Senior Digital Forensic Investigator at TCG Forensics in Gauteng. Her company provides computer forensic, digital forensic and cellular forensic services to attorneys, accountants, auditors, and private investigators around South Africa and on the African continent. Suzanna is the founder of a company called Evolutz. She is an author and global influencer based in Canada and is involved in marketing and branding – but with a specific focus on the security industry. Her advice to young women contemplating entering the security services industry is to embrace that women often bring an entirely different skill set to the table, which can enhance the skills of male colleagues. “As women, we tend to think differently. There is a lot of power in that. We should not try to adapt ourselves, but rather, simply be ourselves.” For more information contact: • Eva Nolle, Ceravoid, +27 79 838 6852, [email protected], www.ceravoid.com • Natascha Pienaar, [email protected] • Suzanna Alsayed, [email protected] Lesley-Anne Kleyn is a business advisor working across a range of sectors, assisting clients to build their businesses into profitable, impactful and enduring entities. With many clients in the security services industry too, she is the ASIS International South Africa chapter board member heading up Women in Security. To join the conversation, contact her on +27 64 410 8563, or reach out on LinkedIn: https://www.linkedin.com/in/lesleyannekleyn Eva Nolle. WOMEN IN SECURITY
6 Issue 6 2023 www.securitysa.com The Milestone Systems’ African team wanted to express their appreciation for the incredible contributions of the women in the security industry and held a breakfast in honour of the hard-working women in the industry on 8 August. Milestone celebrates women in security In the rapidly expanding field of cybersecurity, two major challenges loom large; a staggering talent gap and persistent gender inequality. According to the recently released 2022 (ISC)2 Cybersecurity Workforce Study, the industry Empowering the new team of trailblazers in cybersecurity The cybersecurity industry faces an alarming shortage of 3,4 million skilled professionals. faces an alarming shortage of 3,4 million skilled professionals. To compound matters, women currently represent a mere 24% of the global cybersecurity workforce. In South Africa, the representation of women in cybersecurity is even lower, standing at 9% in 2021. While these numbers may seem disheartening, they signify a significant improvement from the paltry 11% global representation reported in 2017. Amidst the challenges, a glimmer of hope emerges, demonstrating that progress is possible. Overcoming career challenges in cybersecurity To foster a successful career in cybersecurity, women are fearlessly confronting the industry’s significant challenges. “One thing that I have learned is that continued learning is essential. It’s important to be open to learning from everyone around you because there is always someone who can teach you something,” says Maria Jose Albarran, Channel Account Director at Fortinet. Sandra Tamer, a dedicated System Engineer at Fortinet, echoes these sentiments and emphasises the immense benefits of conversations, particularly among women, for personal and organisational growth. She believes that by sharing stories of successes and failures, women working in cybersecurity can uplift and support one another. “Let’s change the culture and help more women thrive rather than just survive. It is time to take our place at the top.” Tamer’s passion for cybersecurity began when she completed her master’s degree in telecom engineering over five years ago. Since joining Fortinet at the beginning of 2023, she has been committed to becoming a cybersecurity expert. Tamer encourages other women and young girls to embark on a similar path, highlighting the rapid growth and immense importance of the engineering Continued on page 7 “Their dedication, expertise, and resilience are truly inspiring and help make our world a safer place,” said George Psoulis, Sales Manager for Milestone Systems Africa. “Thank you for breaking barriers and being a vital part of shaping the future of security.” WOMEN IN SECURITY
sector. “There are plenty of great opportunities for women to join this exciting area. You can make a difference in the world, so don’t hesitate to start such an amazing journey.” Myths and truths of the cyber sector A survey conducted by the World Economic Forum on women in science, technology, engineering and mathematics (STEM) and cybersecurity revealed interesting insights that shed light on both the truths and myths surrounding cybersecurity careers. One observation that holds true is the importance of engaging in STEM from an early age. Unfortunately, in countries like South Africa, not everyone has equal access to quality education, particularly in STEM subjects. According to a 2022 government report, only 13% of local graduates in STEM fields are women. Luckily, having the support of role models or mentors can make a significant difference. Girls can take part in initiatives led by NGOs or businesses, like TechnoGirl or Girls4Tech, as well as bootcamps or skills programmes, to get additional support. A common misconception is that women are unaware of cybersecurity as a viable career option. Surprisingly, the survey results showed that while the majority of women were aware of cybersecurity careers, many had never been exposed to the field or simply had not considered it as a potential path. Unfortunately, due to distorted perceptions of the industry, women may also be discouraged from pursuing a cybersecurity career. This is compounded by various barriers, including unequal access to job opportunities and limited options for non-technical entrants. It is also often seen as a male-dominated boys’ club, further exacerbating the challenges faced by women in the field. However, many businesses are working to change the status quo. A 2023 Global Cybersecurity Skills Gap Report found that 73% of businesses are now implementing recruiting initiatives aimed at women. Fortinet is also committed to creating more opportunities for women in cybersecurity in South Africa. It actively fosters a culture of inclusion by expanding access to training and career advancement through its training institute. “Being able to have an active role in helping people and organisations protect themselves and improve their security posture from cyber risks is very rewarding. With cybersecurity, the learning never stops, which keeps me engaged and challenged. And it presents massive opportunities with various career pathways and growth opportunities,”Tamer adds. Next steps for bridging the gender gap To bridge the gender gap in cybersecurity, there are three key steps that companies can take. Firstly, creating training and upskilling opportunities specifically designed to advance women in the field is crucial. “Training is important in any industry, but it is especially important in cybersecurity considering that technology is always changing. When it comes to supporting women, I believe that the encouragement, support, and empowerment of other women is the greatest help in ensuring the retainment of women in cyber,” says Albarran. Secondly, providing internships not only for recent graduates, but also for individuals looking to transition into a cybersecurity career can be immensely beneficial. Lastly, mentorship programs play a vital role in fostering the growth and development of women in cybersecurity. Pairing newcomers with experienced women in the field creates a supportive environment for learning, guidance, and networking. WOMEN IN SECURITY
8 Issue 6 2023 www.securitysa.com SPONSORED: CYBERSECURITY The South African Department of Justice recently faced a hefty fine from the PoPIA regulator due to a data breach caused by a ransomware attack. This incident serves as a stark reminder of the increasing threat posed by ransomware to organisations. According to Sophos’s most recent ransomware report, an alarming 78% of the South African organisations that Sophos surveyed experienced ransomware attacks in the past year. Here we delve into the key statistics from the report and provide insights on how companies can bolster their security measures to mitigate the risk of data loss. The growing ransomware threat: In South Africa, exploited vulnerabilities were the primary cause of ransomware attacks, as mentioned in the survey, accounting for 49% of incidents. Additionally, compromised credentials were used in 24% of attacks. These figures highlight the critical importance of addressing vulnerabilities promptly and adopting robust identity management protocols to safeguard against unauthorised access. Data encryption and theft: An alarming 89% of attacks resulted in data encryption, surpassing the global average of 76%. Disturbingly, data theft occurred in 35% of attacks where data was encrypted, higher than the global average of 30%. This underscores the need for organisations to reduce time to detection and time to respond preventing data exfiltration and encryption. Effective recovery methods: Fortunately, 100% of South African organisations whose data was encrypted managed to recover their data, slightly surpassing the global average of Protecting against ransomware attacks: lessons from a recent PoPIA fine By Pieter Nel, Regional Head, SADC, Sophos. According to a recent survey by Sophos, 78% of the South African organisations surveyed experienced ransomware attacks in the past year. 97%. Backups continue to be the most common method for data restoration, with 76% of South African respondents utilising this approach. Maintaining comprehensive and up-to-date backups is crucial to quickly restore data and minimise downtime. The dilemma of ransom payments: While it is discouraging that 45% of the organisations surveyed in South Africa paid the ransom, this figure has seen a slight decline compared to previous years. It is essential to emphasise that paying the ransom does not guarantee the return of stolen data or prevent future attacks. Organisations should focus on implementing preventive measures to avoid falling victim to ransomware in the first place. Parallel recovery methods and costs: Approximately 24% of South African organisations that experienced data encryption used multiple recovery methods simultaneously, demonstrating the importance of a multi-faceted approach to data restoration. Furthermore, the average cost incurred by South African organisations for recovering from a ransomware attack, excluding ransom payments, was $750 000. Although this is lower than the global average, organisations must consider the comprehensive impact on downtime, lost opportunity and other associated costs. Business impact and recovery time: Ransomware attacks have severe implications for businesses. In South Africa, 82% of affected organisations surveyed reported losing business and revenue, which is slightly lower than the global average of 84%. Recovery times varied, with 53% taking up to a week, 29% requiring up to a month, and 19% facing recovery periods of one to six months. Minimising downtime and implementing efficient incident response plans are crucial to reduce the operational and financial impact of attacks. The role of cyber insurance: The report reveals that 98% of South African organisations have some form of cyber insurance coverage, with 66% acknowledging that the quality of their defences affected their ability to obtain coverage. In addition, 61% stated that the quality of their defences influenced the cost of their premiums. This highlights the importance of maintaining robust security measures as a prerequisite for obtaining comprehensive cyber insurance coverage. The recent fine imposed on the Department of Justice reinforces the urgent need for organisations in South Africa to fortify their defences against ransomware attacks. By addressing vulnerabilities, implementing strong authentication measures, prioritising data backup strategies, and fostering a comprehensive incident response plan, companies can significantly reduce the risk of data loss. Additionally, organisations should strive to maintain cyber insurance coverage that aligns with their security posture, ensuring adequate protection and financial support in the event of an attack. Find out more at www.sophos.com.
From Reaction to Resilience Indaba Conference Centre, Johannesburg 26 October 2023 This conference will highlight the importance of resilience in a world of changing risks, runaway technology, and the drive to evolve security and risk management from a permanent state of reaction to one of proactive prevention and better integration, management and, above all else, results. Of course, no security is 100% effective, and the term resilience not only means proactive preparedness, but also the business continuity and processes to deal with emergencies quickly and decisively. Learn from world-class presenters, and see the latest offerings from security solutions and service providers. Cost: R1495 ex VAT Contact: Tracy Wolter: +27 11 543 5811 • [email protected] SMART Security Solutions is hosting a full-day SMART Estate Security Conference Book now! SMART Estate Security 2023 Conference Scan here to register or go to www.resc.co.za
10 Issue 6 2023 www.securitysa.com SMART Surveillance Conference 2023 By Andrew Seldon. Some people think the future is all about cloud technologies, but the SMART Surveillance conference demonstrated that AI is making edge surveillance much more attractive than ever before. SMART Security Solutions hosted a conference at the Indaba Conference Centre on 3 August 2023, focusing on the surveillance market, with a specific emphasis on edge vs cloud technologies, and of course, AI. Sponsoring the event were Cathexis, DeepAlert and Axis Communications, each with their own displays showing what the company can do in this arena. SMART SURVEILLANCE CONFERENCE 2023 Rodney Taylor, MD of Guardian Eye spoke about the optimisation of surveillance and IoT sensors with AI (and people) in offering integrated solutions for security and more. Guardian Eye started out as a remote surveillance operation in which operators in its nerve centre monitored and responded to cameras on various clients’ premises. Today, the nerve centre monitors many different signals from IoT devices, handling security, operations and healthcare, including cameras (with AI), health devices, tracking, vibration sensing and more. The Guardian Eye nerve centre manages any incident monitoring and even has doctors permanently available to advise AI plus IoT plus partnerships Rodney Taylor. clients based on health readings taken by IoT devices that can be used in homes or businesses. The security function itself is no longer only based on information provided by cameras, but a range of IoT devices that can warn of water leaks, fires (or smoke) etc. The growth of AI has benefited the nerve centre by reducing the time wasted dealing with false alarms and the cost of managing service providers and onsite staff who often run around aimlessly chasing these fake alerts. Taylor says the three primary benefits AI analytics provides includes: 1. Operator efficiency. 2. Faster responses to real events. 3. Proactive monitoring. Naturally the full effect of the presentations and the amount of information conveyed can’t be replicated in a few pages, but a few of the main points are summarised below. Dean Sichelschmidt, Managing Director of Arteco Global Africa spoke about what AI can do for surveillance operations as well as advise on making the cloud/edge/server (or onsite) decisions we are faced with today. In terms of the benefits of AI, Sichelschmidt said the technology allows for automated surveillance over broad areas instead of having people watching multiple cameras simultaneously. With software that alerts you when certain parameters are met, assuming the parameters are set properly, organisations improve resource management in terms of personnel, bandwidth reduction and processing requirements. This leads to better detection of crime and the ability to link people and other The correct solution Dean Sichelschmidt. objects across time spans by improved searching and detection capabilities. It also gets the nuisance alerts, such as moving branches, out of the way so that human resources can be applied to real issues. However, he says that while the backend of an AI analytics system is always complex, the frontend must be easy to use so that operators don’t have a steep learning curve and don’t have to focus on complex configurations or processes to get the information they need. Sichelschmidt went on to discuss the pros and cons of cloud, server or onsite surveillance solutions, ending by noting that there is not always a standard solution and different scenarios will require unique technology solutions to get the best results for that environment’s needs.
www.securitysa.com Issue 6 2023 11 “In theory there shouldn’t be a difference between theory and practice. However in practice there always is.” SMART SURVEILLANCE CONFERENCE 2023 Starting the conference, Dr Craig Donald from Leaderware, a human factors specialist in security and surveillance, spoke to the question of what AI is supposed to be doing to assist surveillance operations, specifically in control rooms, and what can really be done today. Sadly, there is still a big gap between what is promised and what is delivered. Donald started with a quote for Yogi Berra to make this point, “In theory there shouldn’t be a difference between theory and practice. However in practice there always is.” Donald then looked at the various steps in the surveillance process, from physical security (the need to deter, deny, delay etc.) through to the control room and the operators’ skills and knowledge and, of course, the need to offer an effective response to real alarms. This includes equipment specific, interaction and convergence, as well as the handling of small data and big data. From the equipment perspective, he noted that the more analytics you try to add onto your hardware, the more you push both the hardware and the analytics to their limits. Therefore it is important to design your surveillance system, from the camera at Controlled environments Dr Craig Donald. the edge to the server and control room, with analytics in mind and the additional processing this will require. Additionally, designing for a converging market is also critical as it will ensure that physical security systems are able to offer ‘smart assessments’ of events, adding value to the holistic solution. “The current state of analytics and AI is that video analytics work much better in a controlled, defined and limited environment,” he added. In the wild they become much more unpredictable, and the more difficult your environment is, the more challenges your analytics will face. Donald also noted that smart analytics aren’t plug-and-play and go; one size doesn’t fit all. AI ‘learning’ is often oversimplified and actually requires a lot of dedicated effort. When it comes to control rooms, integration and interaction into and between video management systems (VMS) and other security systems is crucial so that the operators can do their jobs without jumping from one application to another. Donald also noted that we need more thought on an effective display methodology, “putting boxes around everything that moves in a busy scene does not give the operator great insight.” Despite many people saying operators’ jobs are at risk of being taken over by AI, Donald stated that as things currently stand, “the operator is still the key interpretation and decision maker” and they are not going away anytime soon. At the same time, he also acknowledges the impact and potential of AI, closing with a poem about surveillance and control rooms, written by an AI. Johan van der Lith, CEO of Watcher Surveillance Solutions, a cloud-based surveillance as a service company, took the audience through the pros and cons of cloud analytics solutions. The nature of the AI analytics market is that it is always changing and technologies are developing quickly. This places continual demands on one’s computing and networking resources, as well as the requirement for high-level skills, which are in short supply. Additionally, the more customers learn about AI analytics, the more complex their requirements become in terms of no false positives and wanting more complex behaviour detection. When looking at the computing and human resources required, he says that cloud-based solutions often make sense because the costs can be aggregated over many customers. This is borne out when looking at what cloud analytics providers need to consider when setting up their The pros and cons of cloud analytics Johan van der Lith. solutions. This can include cloud native technologies like microservices, container orchestrators and autoscaling, for example. These are complemented by tiered and secure multitenancy systems, reliable failover and disaster recovery, diverse broadband connectivity and, of course, scalability. Van der Lith went on to discuss the advantages of cloud solutions while also highlighting the architecture required for even a basic solution that can meet clients’ needs. In today’s economy, the economies of scale cloud provides (when designed and set up correctly) are enormous, taking a lot of resource requirements away from customers that may not always have the technical skills on board or the data centre infrastructure. Of course there are still challenges, which he also noted; one of which is bandwidth as there is not a diversity of fibre connections in many areas that cloud service providers can use as primary and secondary solutions if one fails. So, while offering a successful cloud service, Van der Lith says there are some use cases where a pure cloud solution will not be the optimal solution, and where edge solutions may be needed to support the client’s requirements efficiently.
12 Issue 6 2023 www.securitysa.com As noted above, one of the key areas of contention when it comes to cloud and any form of remote monitoring is bandwidth availability and options. While fibre has spread like wildfire in South Africa, the ability to have dual or more connections for backup or failover is not freely available to most organisations. Rossouw van der Merwe from Secutel Technologies spoke on how the company overcomes the bandwidth issues in its cloud-based remote monitoring solutions. Once again a hybrid approach is recommended, with edge processing onsite to do some of the heavy-duty work and reduce the data usage, but cloud analytics are also included for further analytics and for virtual control room operations. Van der Merwe provided an example of traditional remote surveillance where 24 cameras stream 480P at 15 fps to a control room, which would consume around 4,3 terabytes of data per month (12 Mbits per second for all 24 cameras). Adding to the streaming time, the cloud analysis requirements, and time to return an alert to the site, and latency can become a problem. The solution is to stream and store video onsite and send images to the virtual control room for advanced analysis. Another option is the hybrid approach with the SecuVue Cloud Video Recorder (CVR) onsite. The system streams 720P at 10 fps per camera to the CVR to detect motion and people; a 480P stream at 10 fps is configured to allow for a live feed from the camera that can be remotely opened as required; and a higher resolution 1080P at 30 fps is used for local video storage. From the 720P feed the user gets triggered events as they occur, after which these are further downscaled to 480P which is sent to the cloud with the associated metadata. This allows for fast response and decision making to react to relevant onsite activities. In a scenario with 50 images being sent per day per camera, the data used per month would be around 150 MB per camera, or 3,5 GB per month. For specific functions, such as facial recognition, high-resolution images are required – one would want at least 1080P video at 30 fps. If two of the 24 cameras in this example scenario were set up as facial recognition devices, with 1000 images sent per day from one camera for facial analysis, this would use around 6,3 GB of data. So, two facial recognition cameras and the other 22 ‘normal’ cameras would use around 26 GB per month. Once again the speed of response is much faster and the bandwidth required much lower. Rossouw showed that hybrid edge/cloud/onsite systems Remote monitoring without surprise bandwidth costs Rossouw van der Merwe. provide the best in bandwidth usage and response times to events, while still recording high-resolution video streams. Sending a single image to the cloud, again with the right hybrid setup, can provide advanced AI analytics without hogging all the bandwidth and ensuring fast response times to events. This is one example, and once again, the specific scenario, environment and location of the remote sites (and the available skills) will all play a role in deciding which solution is best suited to each customer. Many people still believe they are under not threat from cyber threats via their surveillance system, especially when it runs on a separate network. This is a myth and cybersecurity has become a key factor in the surveillance market, throughout the supply chain. Marcel Bruyns from Axis Communications took on the challenge of highlighting the need for cybersecurity in the surveillance industry (which can also be applied to the broader IoT market). Bruyns started out by highlighting the need to acknowledge the risks the industry faces with statistics on the cyber threats globally, and to South Africa in particular. A breach of surveillance systems is not simply about someone seeing your video feeds (although that would allow them to tamper with your video and prevent evidence being collected and presented in court, not to mention the The cybersecurity spectre Marcel Bruyns. privacy violations inherent in that scenario), but there are other serious ramifications too. Some of these include operational disruption, theft of intellectual property (IP), reputational damage, as well as fines and other legal consequences. Ensuring the whole security supply chain is aware of their cybersecurity responsibilities and actively dealing with them is key to securing your installation, as are the basic principles of securing your own site. Bruyns then offered examples of various cyberattacks that were launched through surveillance systems, also touching on the problem of deep fakes. He said malicious code has even been found in mobile apps used for viewing video feeds. He finished off by highlighting a few processes and best practices to take in ensuring your surveillance system and supply chain is cyber secure.
® Sentronics MD, Bernard Senekal, offered some insights into running AI at the edge, which means either in cameras, or more often, on appliances placed at remote locations that function independently, but can be accessed remotely. An example of this is Sentronics’ edgE:Tower (see www.securitysa.com/19840r for more on the product), which Senekal says uses AI without needing onsite training. Presenting on a broader scale, Senekal spoke on the capabilities of AI on the edge (and otherwise). Traditional surveillance is in ‘hindsight’ mode where events are spotted as they happen, and this results in slow response times and inefficient postincident activities. AI is taking us is into the era of ‘insight’, where we receive early warning of incidents, which results in better information available for more dynamic responses and enhanced post-incident activities. Somewhere in the future we will get to ‘foresight’, where the AI will predict Edge in focus Bernard Senekal. incidents, leading to the implementation of prescribed measures and will serve to prevent the incident from occurring. The status, or level of AI we are able to develop and implement will determine how we move into these areas. Currently we are confined by ‘Narrow AI’, where the technology is focused (or specialised) in one area. The next level is ‘General AI’, which will offer more human-like intelligence; and somewhere in the future we will achieve ‘Super AI’, which will be smarter than humans (although this is a long way away, as is ‘General AI’ according to many – but not all). He listed many advantages of AI on the edge, such as data residency, network stability and more, which deal with some of the cloud challenges Van der Lith mentioned, and Senekal surprised everyone with a cost breakdown that shows that edge AI systems are more cost effective over the long term (from 24 months onwards). Of course, this depends on the costing model of the provider. As in the Watcher presentation, Senekal also noted that the cloud/edge/onsite solution is not a simple choice and there are different scenarios, including hybrid solutions to match the user’s environment and requirements. SMART SURVEILLANCE CONFERENCE 2023 Following the presentations, a panel discussion was held where Dr Jasper Horrell from DeepAlert, Gus Brecher from Cathexis, and Bernard Senekal from Sentronics were on hand to answer questions about the state of AI in the surveillance market, put to them by the facilitator and various delegates. During the break and after lunch, the delegates had the chance to network as well as speak to the sponsors and find out how they serve the surveillance market in the age of AI. While the attendees at the first SMART Surveillance conference were hit with information overload, they managed to gain insights into what is happening in the surveillance market at the moment, the pros and cons of edge/cloud systems, as well as the capabilities of AI – what can realistically be done and what is still futuristic. SMART Security Solutions would like to thank the delegates, the sponsors and the speakers for attending the first SMART Surveillance Conference. The positive feedback we received will be taken into account when it comes to planning next year’s conference, which will be bigger and better. SMART Security Solutions’ next conference is the SMART Estate Security Conference which will be held in October. See www.resc.co.za for more information. A panel of AI experts
14 Issue 6 2023 www.securitysa.com SMART SURVEILLANCE Supporting CCTV intelligence with small and big data By Dr Craig Donald. AI, intelligence-led CCTV, and implications for the interaction of site and big data. Intelligence functions can exist without CCTV and have done for centuries. Similarly, CCTV can function without an intelligence function, and many sites operate in a vacuum, looking only at what is in front of them. I’ve written previously about how intelligence-driven surveillance can have a major impact on CCTV system performance, and indeed intelligence has been a theme in many of my articles (https://www.securitysa.com/14414r). The increasing development of AI, and its role in enhancing investigation-led surveillance, and the increasing capacity of CCTV control rooms and local analysts to deliver data in return can hugely increase the synergy between these two roles. The interaction between intelligence and CCTV control room functions is fundamental to the ultimate success of both. The control room should be capturing data, including not only CCTV footage, but also information from the community, guards, response personnel, access control information, and incident details about infrastructure and modes operandi. All this goes to create what I refer to as local or ‘small data’ that tends to be site specific. The type and quality of this data plays an important role when using it within a site (such as looking for a repeat offender), but also the way in which this is shared with ‘big data’ sources, which reconcile this information in the context of the wider society. Broader intelligence and investigations, increasingly led by AI, reconcile information from a variety of sources to provide better information on emerging threats and risk conditions. This can potentially cover the suspects, methods, times and even locations where one can look for threats. It also increases the potential profile information on the suspects, and aids in the immediate and follow-up responses to incidents. Managing the CCTV and intelligence relationship I wrote a number of years ago about the importance of defining and managing the relationship between CCTV operations and intelligence functions, and AI and the advent of big data has not changed that. This includes a need for: • Defining the nature of the relationship and responsibilities of the two parties – how the parties and management can work together to maximise the benefits in a structured manner. • What information needs to be passed on within this relationship, the quality of information required, and what may be kept confidential; the sooner this is defined, the quicker potential issues in relationships can be avoided. • What kinds of indicators and event information are required from each party – ie., the kinds of behaviour/actions/details that CCTV need to be aware of to pass on, and the kind of things intelligence need to give surveillance access to, to make them more effective. • A common awareness of body language and profiling, and its role in surveillance and intelligence management. • Data coding that everybody can agree on to ensure that information generated can be incorporated into the systems of the respective parties. • An intelligence interface that is effective and allows one to push relevant information, interrogate the system easily, and establish and illustrate patterns and relationships between different elements. I’ve seen a number of attempts at control room data collection fail miserably due to poor information collection, inappropriate data, poor classification, and inability to transform collected data into usable information. There needs to be a focus on gathering appropriate and quality information. One of the starting points is to have a suitable awareness of your own CCTV system performance though system reporting functions. Most modern VMS software and alarm systems have extensive report types available that summarise and highlight the weaknesses in system performance, key concerns, and success points, and incident information. All too often, management fail to pay attention to the fundamentals of the system which is impacting on other security staff and functions, and potentially limiting the ability of systems to deliver an appropriate service capacity. Often, it is only when a crisis hits that these kinds of things are addressed.
RkJQdWJsaXNoZXIy MjEzMjU=