Prior to the 9/11 attacks, physical electronic security systems were often a “subjective elective without a budget.” The positive consequence of this was that the owner/end user worked directly with the systems integrator (SI) to develop a “system” to mitigate the owner’s risk and provide operational value. Post-9/11 brought (and continues to bring) great advances in technology and products along with significant capital budgets for physical security. However, the “system focus on actionable intelligence via collaboration between the owner and SI” became a casualty of a new procurement process that overemphasized competitive bidding for an impressive equipment list of the latest shiny, new widgets. Overlooked and undervalued was the functionality of the integrated system to provide “actionable intelligence” and the SI’s role in configuring it to the ConOps (concept of operations) of the owner.
Sometimes before things get better they have to get worse to expose the obvious. A decade after 9/11, driven by horror stories of expensive “systems” that failed to meet the expectations of the owners, and now the proliferation of mobile devices generating staggering amounts of data, there is a realignment of priorities toward systems that provide actionable intelligence over “solutions” that are little more than an equipment list of popular products. That is not at all to say that high-quality state-of-the-art sensors and field devices are not essential components of security systems. They are and will continue to be. However, without the effective presentation of information from those devices, the data is of no value.
Evidence of this evolutionary shift in emphasis from devices and subsystems to the actionable intelligence provided by the system at the command and control level began with the introduction of physical security information managers (PSIMs) a few years ago. PSIMs responded to the increasing complaint by end users that they had multiple physical security platforms that could not share information and had to be managed separately.
There is a realignment of priorities toward systems that provide actionable intelligence over “solutions” that are little more than an equipment list of popular products.
Although some PSIMs have matured to provide functionality beyond the original mission, what is missing is comprehensive actionable intelligence inclusive of the exponentially increasing threats to the “security of information” and “cyber-attacks on systems and networks.” That need has given rise to security information event management (SIEM) systems that manage the network and report on logical and physical security events.
Today’s threat environment (be it terrorist or criminal) makes the awareness provided by SIEMs to CSOs, CIOs and security directors essential. Therefore, the demand (and requirement?) for SIEMs will only increase. This presents SIs with both the opportunity and the challenge to be articulate enough about the subject to earn a position as a trusted advisor to clients while also being the trained resource to successfully execute. Even if your principle business today is design, deployment and support of traditional physical security systems (e.g., video, access control, intrusion detection), you will enhance your business in that sector with clients that realize they will need help navigating the convergence of information, cyber and physical security in the very near future.
The convergence challenge is daunting, and most end users are acutely aware of it. Just look at the state of physical access control systems (PACS) and logical access control systems (LACS). Both share the common elements of identity management, credential management, access management, auditing and federation. Yet, most PACS and LACS are still run independently with different identities (real name vs. online ID) and two sets of credentials (badges and passwords).
Where there is chaos, there is opportunity. The stakes are high and the reward great for SIs that can truly be a trusted advisor that delivers what has been promised. It will take significant investment in personnel and training, but that is where the profitable, sustainable business will be over the next 10 years.