Balancing Innovation and Security
To innovate is to ‘make changes in something established, especially by introducing new methods, ideas or products’. Some security professionals would argue that security design and security management are not disciplines that should readily submit to innovation; tried and tested is the way. Others follow the maxim of Francis Bacon, who declared that ‘He that will not apply new remedies must expect new evils; for time is the greatest innovator’. What is innovation in security, and how readily should it be embraced by those of us who design and operate security systems?
From an outsider’s perspective, it could be argued security technology has not changed significantly over the last decade or so. Where there were CCTV cameras there are still CCTV cameras. Where a card is used to gain access via an automated access control system and a turnstile, that process still takes place. When we take a look ‘under the bonnet’ though, we can see that there is technical innovation in security. Those analogue PAL CCTV cameras may have been replaced by digital megapixel units providing increased performance, or perhaps by providing information for automated video analytics. The 125kHz proximity card that was used for access control may have been replaced with a secure encrypted 13.56MHz card.
Innovation in security design
As with any other business discipline, innovation in security involves risk and is often therefore constrained by a number of factors. Standards and ‘best practice’ govern security equipment design and operation in many areas. This provides reassurance, that systems on which people depend for the protection of their property and their lives are capable of performing when required. The industry is not short of cautionary tales of security equipment manufacturers making claims which, under appropriate testing, were found to be untrue.
When a true technical innovation occurs, it is often swiftly imitated. For the end user, the multitude of systems claiming amazing performance in a new field can be overwhelming. For manufacturers, the products that actually perform can be lost
in a sea of more aggressively marketed competitors. In such a business environment standards and rigorous testing should not restrict innovation, but support it.
A great example of where standards have helped to guide innovation and reassure users is the UK Government I-LIDS (Imagery Library for Intelligent Detection Systems) programme (gov.uk/imagery-library-for-intelligent-detection-systems). This programme provides a means by which video-based detection systems can be rigorously evaluated using the same video sequences related to specific scenarios. Successfully tested systems are permitted to use the I-LIDS logo in their marketing material, thereby assisting both the manufacturer in marketing and the end user in product selection.
Similar examples exist in physical security as well as electronic. QCIC has worked to design innovative hostile vehicle mitigation measures where projects are unsuitable for conventional bollards. Those designs were formally impact tested to the same degree that a manufacturer’s new bollard design would be tested prior to construction. The Catalogue of Impact Tested Vehicle Security Barriers contains not just traditional bollards but a good number of innovative designs tested to PAS 68 (shop.bsigroup.com).
Without formal testing and approval, many security stakeholders would instinctively shy away from using innovative products in such a critical situation as preventing the delivery of terrorist vehicle bombs. But with documented and repeatable test results, the security designer can select from a far more flexible range of options.
In other areas though, it seems that standards, or in some cases the cost of testing to them, prohibit the development or the adoption of innovative products. The link between intruder alarm standards and police or insurance requirements, for example, is felt by some to stifle innovation. A number of recently released products in that field have sought to apply the same aesthetics, flexibility and ease of use that are being developed in other home automation products. But with no apparent compliance with current European intruder alarm standards, their adoption in the UK may be limited.
This disparity in innovation between technical areas within the security industry is perhaps determined by the nature of the standards that guide them. I-LIDS, PAS 68 and other performance-based standards such as LPS 1175 (redbooklive.com) for manual attack resistance allow a greater degree of flexibility in design than more proscriptive standards such as the BS EN 50131 intruder alarm series. This is not to say that standards such as BS EN 50131 series should not be appreciated or adopted. 50131 has provided stringent grading of intruder alarm systems based on, for example, components and functions required in different types of sensor, which has helped to ensure that appropriately graded equipment is installed for different levels of security within developments. However, if a new type of detector is invented tomorrow with fantastic performance, it would not be able to be graded as there would not be a category for it within the standard.
Thieves will continue to develop more sophisticated tools. Terrorists will acquire more powerful weapons. The technical measures that security professionals use to mitigate the risks from these groups must continue to adapt. To achieve this while maintaining security will require the designers and managers of security to continue to innovate with the technology that we deploy and the ways that we use it. In so doing, we must be mindful of the standards that are in place, their strengths and weaknesses to make sure that we apply them in the most appropriate way for the security threats that we face.
Mark Tucknutt MPhys, MSc, CPhys, Associate Director, QCIC Group (at time of writing)