Security Electronics & Networks Magazine by Security Electronics & Networks Magazine

Security Managers ◆ Integrators ◆ IT Managers ◆ Installers AUGUST 2019 ISSUE 412

GREATEST THREATS OF 2019 l ASIAL Best New Product & People’s Choice Award Winners l Integrator Stanley Security Solutions Exits Australia l Thermal & Analytics: A Match Made in Heaven? l Special Report: Challenges of VMS l Case Study: EastLink’s Converged Future l Alarm Monitoring: Imagining The 3G Sunset l Scenes From Security Exhibition & Conference 2019

PP 100001158

l The Interview: Ashley Grembka, Atek Solutions

SEN819_1cover.indd 1

1/8/19 12:56 pm

SEN819_2.indd 1

1/8/19 1:01 pm

editorial S E CU RI TY E L ECTR O NI C S & NETWO R KS AU G U ST 201 9 ISSUE 41 2

By John Adams

U.S. GOVERNMENT’S CHINESE CAMERA BAN CREATING DOG’S BREAKFAST IN CCTV MARKET

HE U.S. Government’s T amendment to the National Defense Authorisation Act, which mandates that U.S. federal agencies should not purchase any CCTV cameras made in China and should replace such cameras by August this year, is creating a dog’s breakfast in the CCTV camera market. It is also creating a false impression in the electronic security industry that network security depends on hardware choice, not on secure network configurations and well-managed cyber security protocols. The nature of CCTV (and let’s face it, most electronics) manufacturing is that today almost every manufacturer in the world has some part of its range built in China. On a recent visit to Chinese CCTV makers we saw many famous brands trundling along automated production lines – brands we never expected to see. Tricky too, the ban may or may not include components – just which components remains opaque. As an observer of the CCTV market for nearly 30 years, SEN has seen recent fierce competition hollowing out the market by breaking the manufacturing model of many established global brands. Those which survived did so by means of OEM hardware (sometimes with in-house firmware) and they are all now well

Apparently, a majority simply don’t have the ability to establish which devices reside on their labyrinthine and fractured internal networks – instead camera numbers and brands must be checked manually.

and truly in the line of fire. The chances these providers won’t be outed by competitors who manufacture somewhere other than China is zero. It’s tempting to list all the brands we know of that OEM Chinese camera models but take this as gospel – it’s nearly everyone. SEN believes there are only 3 CCTV camera makers outside China that could be called ‘manufactures’ – that is, they build every single component (within reason) of their products themselves. Complicating all this silliness is that the best Chinese cameras cheerfully use the best Sony sensors they can lay their hands on, as well as using U.S. and Japanese production lines to build their hardware and nonChinese code writers to create their management systems. As for the country of origin of zillions of low-priced network devices – all those routers, switches (non-core switches are the ones to worry about) and storage solutions that support the networks of government agencies the world across and are not covered by the ban – don’t even get me started. News from the U.S. is that only 35 per cent of federal agencies have complied with the mandate and it’s clear most have no hope whatever of doing so. Apparently, a majority simply don’t have the

ability to establish which devices reside on their labyrinthine and fractured internal networks – instead camera numbers and brands must be checked manually. That’s simply too awful and, given the supposed capacity of the Chinese government to secretly monitor these hundreds of millions of cameras in real time, too ironic to contemplate. But it’s not quite so awful as the widespread notion network engineers around the world are unable to build infrastructure that’s impermeable to NICenabled devices that allegedly develop minds of their own. It goes without saying that integrators, consultants and end users should take great care when building networked security solutions – their baseline topology should deny access to any user, device, address and geographical location that does not conform with strict cyber security protocols. Any properly designed network with layers of ring fencing, a strictly maintained white list and an active intrusion detection dashboard is going to be thoroughly on top of high bitrate streams that suddenly start flowing out of multiple unauthorised ports via unconfigured pathways to unauthorised IP addresses on the other side of the planet. n

se&n 03

SEN819_3ed.indd 3

1/8/19 4:05 pm

SECURECALL SECURECALL1345 1345PORTAL PORTAL

  The TheSecureCall SecureCallPortal Portalisisaapowerful powerfulmanagement managementtool toolfor forinbound inbound1345 1345alarm alarmcall calltraffic. traffic.ItItisispowered poweredby bySCSI SCSICloud Cloudtechnology technology and andreceives receivessignals signalsdirectly directlyfrom fromOptus OptusININNetwork NetworkEquipment. Equipment.The ThePortal Portalgives givesyou youpeace peaceofofmind mindknowing knowingyour yourdata dataisis extremely extremelysecure, secure,including includingtransparent transparentcall callvalidation validationwith withdata dataupdated updatedevery every55minutes. minutes. - -Transparent Transparent&&Detailed DetailedAlarm AlarmCall CallReporting. Reporting. - -Email EmailAlerts Alertsbased basedon onpredefined predefinedsettings. settings. - -Alarm AlarmCall Calltracing tracingincluding includingPrivate PrivateNumbers. Numbers.

 

COMPLETE COMPLETEREPORTING REPORTING

Painful Painfulhours hoursspent spentauditing auditingare areaathing thingofofthe thepast! past!Find Findthe the exact exactsignal signalyou youare arelooking lookingfor forininseconds, seconds,including including identifying identifyingprivate privatenumbers. numbers.

PROVEN PROVEN

 

Processing Processingininexcess excessofof10 10million millionalarm alarmcalls callsper permonth, month,the the SecureCall SecureCallPortal Portalisisaaproven provenservice serviceused usedby byleading leadingsecurity security companies companiesAustralia Australiawide. wide.

 

1345VIRTUAL VIRTUALREDUNDANCY REDUNDANCYSERVICE SERVICE 1345

 

1345 1345Redundancy Redundancyallows allowsControl ControlRooms Roomstotouse useour ourhardware hardwareand anddata datacentre centreasasaa redundancy redundancysolution solutionfor foroverflowing overflowingtraffic. traffic.

 

SECURECALLREDUNDANCY REDUNDANCYFEATURES FEATURES SECURECALL Calloverflow overflow- -for forbusy busytimes. times.   Call Callfailure failureprotection protection- -line linecut cut/ /failure failureatatthe the   Call Monitoring MonitoringCentre. Centre. Callno noanswering answering- -specific specificreceiver receiverfailure. failure.   Call Totaldisaster disasteralarm alarmtraffic trafficmanagement management- -ability abilitytoto   Total send sendyour youralarm alarmtraffic traffictotoanother anotherfacility. facility. Dualhosting hostingofofthe theservice serviceasasSCSI SCSI   Dual Data DataCentre Centreand andthe theOptus OptusExpan ExpanData DataCentre. Centre. Fullaudit audittrail trailisisavailable, available,and andindependently independently   Full verified verifiedthrough throughthe theSCSI SCSISecureCall SecureCallPortal. Portal.

ERER MM OO ELEL NN STST AA CU CUMMP P R R LA LA AA

PP SS TT NNRR EE CC EE IVIV EE RR PP HH O O NN OO UU SS CC TA TAEELL CC AU AU MM ININ SS TOTO SS GG II VV EE MM /B/BEE IRIR SYSY ATAT STST IOIO TT UU NN UU E E S S M M RR AA YY EE LLRR DD UU EE CC NN EE DD IVIV AA EE NN SS RR U U CC NN YYPP S S H H AA I I TT NN HH EEDD CC 44 GG EE VV DD OO UU LL AA LLLLVV EE ININ K K SS SS EE AA FF OO RR DD DD CC

 

CoC

DA D DA D

1300 1300555 555570 570 sales@scsi.com.au sales@scsi.com.au www.scsi.com.au www.scsi.com.au

SEM1118_4_5.indd SEN819_4_5.indd 44

25/10/18 1/8/19 3:32 1:27pm pm

SEM11

MANAGEMENT MANAGEMENTPORTAL PORTAL Seeall allLive Livestatus statusinformation. information.   See RemoteAccess. Access.   Remote Createadditional additionallogins logins&&choose choosethe theaccess accesslevel leveleg. eg.   Create Employee, Employee,Customer Customer RunReports Reports   Run SubmitFeature FeatureRequest Request   Submit RunReports Reports- -DTU DTUSerial SerialCommunication, Communication,Signal SignalStrength, Strength,   Run I/O I/OEvents, Events,DTU DTUCommand, Command,Panel PanelActivity ActivityTimer, Timer,Panel Panel Events Events- -IfIfthere thereare areany anymore moreyou youwould wouldlike liketotosee, see,please please submit submitaafeature featurerequest requestand andwe wecan cando doit.it.

RM RM GG SS SS LA LARIRNIN E AA LEPP EL EU TIO TOE E I RIR U I N N R R K K TT OO NN WW CC MM AA CECE BB

OPTUS OPTUS EVOLVE EVOLVE PRIVATE PRIVATE IPIP SERVICE SERVICE

OPTUS/TELSTRA OPTUS/TELSTRA WIRELESS WIRELESS PRIVATE PRIVATE IPIP SERVICE SERVICE (SCSI (SCSI APN) APN)

YY RR AA S IM IM S SS R R E E s s PP CC CC lelses AA iriere ele tcW tW l c oo iriere DW DW SECURE SECURE nsns DD Co Co ss lelses iriereAA tW ctcW ayay irieretetw ew DD aa GG ss lelses iriereB B tcW tW yay c a irieretetw ew DD aa GG

TELSTRA TELSTRA OPTUS OPTUS

CU CU STST DD MM SLSLOO /A/A ERER RO RO DD SS UU TETEL L DD TU TU RR 3G 3G /IP LILTIT/IP AA LA LAE E RM RM

INTERNET INTERNET GATEWAY GATEWAY

BugTracker Tracker   Bug Accesstotoall allSCSI SCSIPortals Portals   Access OverThe TheAir AirUpload/Download Upload/DownloadAvailable Availableusing usingthe the   Over DTU3G/IP DTU3G/IPLite. Lite.

TECH TECHAPP APP

E RR

END ENDUSER USERAPP APP

LiveDTU DTUstatus status   Live

Arm/Disarmyour yourpanel panel  Arm/Disarm

Abilitytotoconfigure configureDTU DTU   Ability options options

Seelive livestatus status  See

Runreports reports- -Signal SignalStrength, Strength,   Run Polling, Polling,Events Events

Runalarm alarmevent eventreports reportsfrom from  Run the theapp app

ControlI/O I/OPorts Portson onDTU DTU   Control

PinCode CodeAccess Access  Pin

PinCode CodeAccess Access   Pin

E K SS

Loginfor formultiple multipleaccounts accounts-   11Login Handy Handyfor fortechs techswho whoreport reporttoto more morethan than11CMS CMS

SCSI SCSIISISPROUD PROUDTO TOANNOUNCE ANNOUNCEOVER OVERTHE THEAIR AIRDOWNLOAD DOWNLOADSUPPORT SUPPORTUSING USINGTHE THEDIRECTWIRELESS DIRECTWIRELESSNETWORK. NETWORK. Panel PanelList: List: Concept Concept3/4000 3/4000Type Type2 2 DAS DASNX4 NX4 DAS DASNX8 NX8

PARADOX PARADOXMG5050 MG5050 PARADOX PARADOXSP6000 SP6000 PARADOX PARADOXSP7000 SP7000 PARADOX PARADOXEVO192 EVO192

SOLUTION SOLUTION1616PLUS PLUS SOLUTION16I SOLUTION16I SOLUTION SOLUTION6464 SOLUTION SOLUTION144 144

SOLUTION SOLUTION6000 6000 SOLUTION SOLUTIONICP-CC488 ICP-CC488 SOLUTION SOLUTION862 862

TECOM TECOMCHALLENGER CHALLENGERV8V8 TECOM TECOMCHALLENGER CHALLENGERV10 V10

1300 1300555 555570 570 sales@scsi.com.au sales@scsi.com.au www.scsi.com.au www.scsi.com.au

0 u u

3:32 pm

DAS DASNX12 NX12 DASNX16 DASNX16 DAS DASR8R8 DASR128 DASR128

SEM1118_4_5.indd 5 5 SEN819_4_5.indd

25/10/18 3:32 pm pm 1/8/19 1:27

ex 35 O hib co ve i m r so ting pa lut se nie ion cu s s rity

4TH A N N UA L

SECURITY AND GOVERNMENT EXPO SECURITY

& GOVERNMENT EXPO

W W W. S E C U R I T YA N D G O V E R N M E N T E X P O . C O M . A U

SAGE DPS AD_AUG18.indd 6

1/8/19 1:27 pm

FREE EVENT

REGISTRATIO N N OW O P E N

Don't miss Security and Government Expo The Hotel Realm, Canberra.

November 14, 2019 Canberra Bringing the latest security products and technologies to government and commercial end users, installers and consultants in the nationâ&#x20AC;&#x2122;s capital.

12pm - 6pm ASIS ACT SEMINARS SAGE ANALTYICS SEGMENT EXPO REFRESHMENTS GUEST SPEAKER

SPONSORS TM

ACT Chapter

F O R F U R T H E R I N F O R M AT I O N C O N TA C T M O N I Q U E K E AT I N G E O N 0 2 9 2 8 0 4 4 2 5

SAGE DPS AD_AUG18.indd 7

1/8/19 1:27 pm

22: CHALLENGES OF VMS

AUG 19 12: ASIAL BEST NEW PRODUCT & PEOPLE’S CHOICE AWARD WINNERS ASIAL’S Best New Product & People’s Choice Award Winners were announced at the ASIAL Gala Dinner held last month as part of Security 2019 Exhibition and Conference at the ICC in Sydney.

When it comes to the challenges of VMS applications for integrators there’s certainly plenty to consider – starting with meeting customer requirements, finding a solution that’s affordable and manageable and ensuring the expertise is available to install and commission necessary system components. 24: EASTLINK’S CONVERGED FUTURE

ACCORDING to reports from former staff, integrator Stanley Security Solutions has exited the Australian security market.

Convergint Technologies, ConnectEast (CE), Broadspectrum (BRS) and Barco have integrated Genetec Security Center VMS and Axis IP cameras with Citilog analytics, UGL OMCS and Barco OpSpace to a design by security consultancy, ACAD Services. The solution balances complex topology, an exceedingly sharp operational focus, many interest groups and the stringent requirements of EastLink operators.

18: THERMAL & ANALYTICS

36: GREATEST THREATS OF 2019

Arguably the most robust and efficient intrusion detection technology on a dollar for dollar basis, thermal sensing has found a match made in heaven with deep learning. The combination could revolutionise local and remote monitoring and response services internally and externally, regardless of weather conditions.

What are the greatest cyber security threats facing electronic security solutions and their integrators and users in 2019, and what steps can be taken to mitigate those threats? We speak with consultants, engineers, developers and manufacturers to get a sense of cyber security’s state of play.

14: INTEGRATOR STANLEY SECURITY SOLUTIONS EXITS AUSTRALIAN MARKET

SEN819_8cont.indd 8

1/8/19 1:28 pm

56 54

regulars

48: SCENES FROM SECURITY EXHIBITION & CONFERENCE 2019 Security Exhibition & Conference wrapped up late last month after 3 busy days at Sydney International Convention and Conference Centre, Darling Harbour. There was plenty to see and do at the show, as well as all the latest solutions and technologies to catch up on. 52: THE INTERVIEW: ASHLEY GREMBKA, ATEK SOLUTIONS

AUGUST 2019 ISSUE 412

PP 100001158

l Scenes From Security Exhibition & Conference 2019 l The Interview: Ashley Grembka, Atek Solutions

Publisher Bridge Publishing Aust. Pty Ltd ABN 11 083 704 858 PO Box 237 Darlinghurst NSW 1300 tel 61 2 9280 4425 fax 61 2 9280 4428 email info@bridge publishing.com.au

Latest business, product and technical news from Australia and around the world. 46: MONITORING The Australian alarm monitoring industry needs to lock in plans for the sunset of 3G/CDMA wireless alarm communicators over the next couple of years if they hope to put together a coherent plan for the inevitable. 54: EDITOR’S CHOICE

In this month’s interview, John Adams speaks with Ashley Grembka of Atek Solutions in Mildura about the challenges and opportunities facing security integrators in country towns.

Security Managers ◆ Integrators ◆ IT Managers ◆ Installers

10: NEWS

What’s new from our manufacturers. 56: HELPDESK Our team of electronic security experts answers your tough technical questions.

Editor John Adams Advertising Manager Monique Keatinge Customer Service Annette Mathews tel 61 2 9280 4425 annette@bridge publishing.com.au

Design Tania Simanowsky e: tania@ taniasdesign.com.au

22 months A$195.00 (incl GST)

Subscriptions 11 issues per annum One year (11 issues)

Overseas 11 months A$220.00 22 months A$440.00

Australia 11 months A$110.00 (incl GST)

WEBSITE www.securityelectronics andnetworks.com

No part of this publication may be reproduced in any form in whole or part without prior written permission of Bridge Publishing.

SEN819_8cont.indd 9

1/8/19 1:28 pm

NEWS IN BRIEF AUGUST 2019

DAHUA APPOINTS SECUSAFE DISTRIBUTION PARTNER FOR AUSTRALIA n DAHUA Technologies has appointed SecuSafe as a distribution partner for Australia. According to SecuSafe

general manager, Andy Lee, the company’s appointment as an official Dahua distributor is a significant milestone.

“Partnering with Dahua has allowed us to grow our business substantially, as it has the best range of products at extremely competitive prices” said Lee. “Dahua Technologies is one of the largest and fastgrowing manufacturers in the world, currently holding a huge proportion of the CCTV market sales in Australia and its product range has many unique benefits that sets it apart from competitors.” As an authorised distributor, SecuSafe will hold stock and distribute

Eason Zhong (left) with Andy Lee.

the full range of Dahua products including Dahua’s cameras, recorders, intercoms, network switches, monitors and accessories, AI solutions, with Dahua’s 3-year warranty. “Dahua Dealer Partner Program (DPP) will be introduced by SecuSafe to reward loyal customers with discounts and rebates, but most importantly with support and training,” Lee said. Dahua said it was pleased with the new distribution agreement. “SecuSafe has continued

to provide a strong network of both sales and technical support throughout NSW over the past 12 years and continues its expansion and investment throughout Australia in-line with Dahua’s distribution strategy,” said Eason Zhong, Dahua channel sales manager. “Dahua AI solution and Pro series range, will complement SecuSafe’s existing system integrators and commercial client requirements.”

Vlado Damjanovski

INNOTEC SECURITY APPOINTS CHRIS GUERTLER BDM n INNOTEC Security has appointed Chris Guertler as business development manager based in Melbourne. Guertler began his career in electronic security as an apprentice at Diebold working with access control, moved to Go Tech Security providing solutions for the banking sector and joined STS in 2013 working with Gallagher, Milestone and Jacques Intercoms. In January 2015, Secom offered Guertler an internal promotion to learn sales estimating. From January Chris Guertler

2017 through to May 2019, he was the dedicated account manager and the estimator of Secom’s largest national client. Some of the major products he’s worked with include Gallagher, Integriti, Tecom, Concept, Milestone, FLIR, Genetec, Geutebrück, Axis, Allied Telesis, Jacques, Samsung, Hikvision, and more. “Throughout secondary school, I was fixated on pursing information technology to the extent of being accepted in a Computer Science degree at university, however, a

last-minute decision was made to pursue electronic security,” Guertler said. “Having done the physical work out in the field and having that wealth of experience in the security industry, along with a fascination of IT that lies behind the way our industry is heading towards, has contributed to my role in sales. I’m ready to apply my enthusiasm to help Innotec Security grow.” Innotec Security’s Rob Rosa said Guertler was a welcome addition to the technical team. “Chris is secondgeneration security industry with wide experience in security technologies and in high level integrations, who was installing and supervising major systems for clients in the education and banking verticals as a 3rd-year apprentice,” Rosa said. “His knowledge and can-do attitude in areas like programming, training and sales significantly strengthens Innotec Security.”

SELECTADNA INTEGRATES BIOLOGY AND SECURITY TECHNOLOGY n A HIGH-end watch store in New York has installed a SelectaDNA security system, which is claimed to reduce burglary by nearly 90 per cent using a system of forensic marking that links people and objects. A problem for luxury watch stores is light fingered clients who view multiple watches and contrive to walk out of the store wearing something other than the clone that came in on their wrist. SelectaDNA is synthetically manufactured in an accredited ISO 17025 laboratory and has some of the properties of organic DNA while being more

rugged. Each particle within the forensic solution contains a universally unique code (sequence), which is never replicated, providing an exclusive identifying marker for each client. This code links a person, a stolen item and even the rightful owners. The SeclectaDNA system is made up of a control box, spray head and PIR and it can be integrated with other security systems such as intrusion detection, access control, intrusion, video surveillance – there’s even monitoring via Milestone Systems’ XProtect VMS. Installation is relatively simple and takes around 4 hours.

10 se&n

SEN819_10news.indd 10

1/8/19 1:45 pm

Lookout Sought For Cooktown Waterfront p.12 Integrator Stanley Security Solutions Exits Australian Market p.14 Mobotix Announces CNPP Cyber Security Certification p.16

COMPILED BY JOHN ADAMS

IPP APPOINTS KYLIE MARTIN CHIEF OPERATING OFFICER n IPP Consulting (IPP) has announced the appointment of Kylie Martin as chief operating officer. Martin has been a key member of IPP’s leadership team since she joined the company in September 2017 as technology program director. According to IPP managing director, Craig Brew, Martin has exceptional client management and team leadership skills gained over many years of experience. “We are extremely lucky to have her as a member of our team and are pleased she has decided to take on this new position,” Brew said. “Kylie is a highly respected industry leader with impressive business acumen and is known for her collaborative leadership style. This appointment is also consistent with IPP’s focus on supporting and promoting outstanding young talent.” Outgoing CEO Mario Parisi said that following 3 years of exceptional growth it was always IPP’s plan to find an individual who could manage the day to day activities of its business.

“I’m delighted to be handing over the reins to such a superb leader,” Parisi said. “I look forward to working with Kylie to build on our success and growth.” Following his own successful term as CEO, Parisi will be moving back into his previous role as one of IPP’s directors, focused on future strategy and growth. “I am both humbled and excited to be taking up this new role,” Martin said. “IPP has a highly talented team with a great culture which fosters inclusion and diversity. I am looking forward to continuing the success and growth Mario and the rest of the IPP leadership team achieved. “IPP is known for delivering bespoke client solutions to complex risk and technology issues, and I am looking forward to building on our success and reputation as market leader in our sector.” Martin has an impressive resume. As technology programme director, she was responsible for managing teams nationally to deliver a range of IPP services including IT networks, communications, security and audio-

Kylie Martin

HONEYWELL WINS $A2.2 MILLION QUEENSLAND RAIL CONTRACT n HONEYWELL Building Services has won a $A2.2 Million contract to provide service and maintenance services to Queensland Rail’s security and building management systems. QR says that to enhance the safety and security of the assets, staff and public that use its services, the organisation uses an integrated security technology system as

part of the overall layered security approach. The security technology system incorporates a Honeywell access control system with approximately 450 access points and supporting infrastructure, and a building monitoring system controlling the air-conditioning systems within several Queensland Rail’s buildings.

“Sektor offers us a platform for further growth as part of a larger New Zealand-owned distributor, both in New

Zealand and in Australia,” Hatchwell said. “The whole team is excited about this next chapter in the Duo story.”

visual technologies. She led its smart buildings project, heading up a multidisciplinary team to design and deliver the next generation of workspace, which fosters greater performance, engagement and an enhanced experience for the people and customers of a major financial institution. Prior to joining IPP, Martin was group manager security at Toll Group and before that head of asset protection services at NAB (Financial Crime Services). She will continue to be based at IPP’s head office in Melbourne, Victoria.

SEKTOR ACQUIRES CYBER SECURITY DISTRIBUTOR, DUO NZ n SEKTOR New Zealand has announced the acquisition of leading cyber security distributor, DUO NZ. According to Sektor New Zealand’s managing director, Andre van Duiven, cyber security threats are growing to be a major risk for all businesses and the

WE ARE ABSOLUTELY THRILLED TO HAVE FOUND AN ACQUIRER IN SEKTOR WHO SHARES DUO’S VALUES AND CULTURE”

market for cyber security solutions is growing accordingly. “Duo’s position as the cyber security market leader fits perfectly with Sektor’s plan to support this growing market, especially in Sektor’s vertical markets such as mobile computing, security cameras, retail POS and healthcare where cyber threats are now starting to be fully appreciated,” he said. Duo was founded in 1996 by Kendra Ross and Jackie Hatchwell.

Ross has been appointed general manager of the new division with all DUO management and staff being retained. “We are absolutely thrilled to have found an acquirer in Sektor who shares Duo’s values and culture” Ross said. “Sektor is market leader in verticals that are increasingly intersecting with the cyber security market – it’s an emerging market for us that we are very keen to pursue.” Jackie Hatchwell, Duo co-founder, agreed.

WE ARE A THRILLED FOUND A IN SEKTO SHARES VALUES A CULTURE

Kendra Ross

se&n 11

SEN819_10news.indd 11

1/8/19 1:45 pm

NEWS AUGUST 2019

ASIAL BEST NEW PRODUCT & PEOPLE’S CHOICE AWARD WINNERS ANNOUNCED n ASIAL’S Best New Product & People’s Choice Award Winners were announced at the ASIAL Gala Dinner held last Thursday night as

part of Security 2019 Exhibition and Conference at the ICC in Sydney. The New Product Award winner was Lock-IT Systems’ Keyhound,

while Comvision’s Visiotech Body Cam with the Permaconn PM54 comms module taking out joint runner up awards. Meanwhile the People’s

Richard Gould, Lock-IT Systems

SAAB SECURITY MANAGEMENT SYSTEM SECURING NSW’S EXPANDING PRISONS n AN electronics security management system designed by hightechnology defence and security company, Saab Australia, will soon secure multiple prisons in NSW, Australia. Saab’s OneView will manage security, surveillance and facility management functions at the Dillwynia Women’s Correctional Centre, Mid North Coast Correctional Centre at Kempsey and the Clarence Correction Centre near Grafton. According to Michael

Wilkin, Saab Australia, department manager public safety and security, the prisons’ electronic security specification demanded a reliable highly automated, user-friendly physical security information management system with open architecture and the ability to integrate multiple sub systems simultaneously with minimum risk. The integrated security management system connects all security subsystems, including

video surveillance, access control, intrusion detection, intercoms, biometric scanners and more, into a simple interface. “When a security breach unfolds, a lot of information is generated via different sensors, so it’s critical the system is fast, foolproof and robust,” said Wilkin. “OneView brings all this information together intelligently, presenting the critical information needing attention and advice for personnel on how to action.” Designed in Adelaide by the engineers who developed the Royal Australian Navy’s battle-proven combat management system, OneView is also securing hospitals, defence bases, government buildings, detention centres and other major prisons around the country.

Choice Award winner was Nirovision’s facial recognition solution. Keyhound gives insight and control of key locations in realtime to ensure all keys are accounted for. The smart-phone app (IOS and Android) communicates with the electronic system over secure Bluetooth Low Energy (BLE) to unlock cabinets without the need for an internet connection. The cabinets also connect to an internet-based server, allowing users to monitor all their keys anywhere in the world. Using a PC or mobile device, users can create personal log-in details, control cabinets’ access, search for, locate and track keys; for example: search by job code, car registration number, etc; intelligently track and view key history, organize key-exchanges between staff members, create parking space allocations to track cars, set up keyreturn curfew and enable

notifications to be sent to management when rules are violated. ASIAL CEO Bryan de Caires said the association was delighted to be able to celebrate its 50th anniversary with the industry. “We want you to know we remain committed to the introduction of nationally uniform and consistent security licencing, raising compliance and professional standards, industry collaboration and communicating the industry’s capabilities,” de Caires said.

WE REMAIN COMMITTED TO THE INTRODUCTION OF NATIONALLY UNIFOR AND CONSISTENT SECURITY LICENCIN RAISING COMPLIAN AND PROFESSIONA STANDARDS

WE REMAIN COMMITTED TO THE INTRODUCTION OF NATIONALLY UNIFORM AND CONSISTENT SECURITY LICENCING, RAISING COMPLIANCE AND PROFESSIONAL STANDARDS...

LOOKOUT SOUGHT FOR COOKTOWN WATERFRONT n COOK Shire Council is seeking suitably qualified contractors to install solar and wind turbine-powered lighting and CCTV along the footpaths and at other potential crime hot spots around Cooktown’s waterfront. This project is Stage 2

of the Cook Shire Safe Places Project, which will implement necessary infrastructure at strategic locations to encourage community safety and reduce incidences of crime at identified hot spots around the shire. The tender closes on August 14.

12 se&n

SEN819_10news.indd 12

1/8/19 1:45 pm

EARLY WARNING OF POTENTIAL RISKS + C

ID:1 25.8°C

CMY

Thermal Bi-spectrum Deep Learning Turret Camera DS-2TD1217 series · Temperature exception alarm

· VCA with deep learning algorithms

· Vigilant smoking detection

· Picture-in-picture preview

Distributed by R

https://csd.com.au/

SEN819_13.indd 1

www.nesscorporation.com

www.videosecurityproducts.com.au

www.hikvision.com 1/8/19 1:01 pm

NEWS AUGUST 2019

INTEGRATOR STANLEY SECURITY SOLUTIONS EXITS AUSTRALIAN MARKET n ACCORDING to reports from former staff, integrator Stanley Security Solutions has exited the Australian security market.

The move poses questions for Stanley’s customers, as well as extending opportunities to other integrators – Stanley

had a strong client list which included customers like Westmead Hospital, as well as councils and major government and commercial organisations around Australia. According to reports, all current projects will be fully commissioned and completed in-line with existing contracts, though this process is likely to be challenging, given it may be managed by remote control

and must be undertaken by local contractors. Stanley Security Solutions, a division of Stanley Black and Decker, has a history that goes back 50 years and globally offers a comprehensive range of services and solutions, with a focus on integration and installation, design and service, as well as monitoring. The company’s business model is built around

ONI AUSTRALIA SEEKS SERVICES FOR $A1 MILLION ONE PASS ENTERPRISE ACCESS CONTROL SOLUTION n AUSTRALIA’S Office of National Intelligence (ONI), on behalf of the National Intelligence Community (NIC), is seeking consultancy and technical services to undertake the detailed design of a common network and interoperable access card system to enable badge holders to enter facilities across the NIC. This concept of allowing access to multiple NIC agencies with a single badge is known as One Pass and the scope of the design includes the main Canberrabased headquarters of the ten intelligence agencies that form the NIC. An industry briefing was conducted in Barton ACT on the 9th of August from 1-2pm. Representatives of prospective respondents at

the briefing will be limited to 2 personnel. Nominations to attend the briefing needed to be forwarded in writing to the contact officer specified in the ATM document by no later than 2.00pm on 2 August 2019. Representatives of prospective respondents needed to hold a current personnel security clearance of NV1 security clearance level. All nominated representatives needed to provide the following details to enable ONI to confirm the clearance level for their representative(s): a. full name; b. nationality; c. date and place of birth; and d. current personnel security clearance and the Department which issued

the clearance. ONI seeks the service provider to propose a delivery approach to achieve the detailed design and associated work specified in the ATM. Timeframe for Delivery is estimated at 6 months (March 2020) and the contract has an estimated value between $A500,000$1,000,000. The One Pass tender closes on August 30, 2019.

TIMEFRAME FOR DELIVERY IS ESTIMATED AT 6 MONTHS AND THE CONTRACT HAS AN ESTIMATED VALUE BETWEEN $A500,000$1,000,000

notions of global resources, with a local touch – the company’s client list suggests this model had merit, while its exit from the Australian market underlines the competitive nature of security integration. Successful security integrators generally have diffuse business models revolving around building services and automation, not just electronic security solutions.

Luke Williams

BGW TECHNOLOGIES APPOINTS LUKE WILLIAMS STATE MANAGER WA n BGW Technologies has appointed Luke Williams state manager for Western Australia. “We are very pleased to announce the appointment of Luke Williams as the state manager for BGW Technologies Western Australia,” said Robert Meachem, GM for BGW Technologies. “Luke joined us 2 years ago in a sales engineering role after many years’ experience in security sales roles in both distribution and system integration. He earned the promotion to state manager after building

strong relationships with customers and staff and delivering high sales growth over the last 2 years, in particular in our intrusion and intercom category.” BGW Technologies distributes well known products such as Panasonic, Milestone, Pelco, DSC, Alarm.com, Dell, S2, Kocom and more. The WA branch has 3 staff dedicated to the security segment, a fully stocked warehouse, trade counter, training room, demonstration room and is located at 309 Great Eastern Highway, Redcliffe.

THE CONTRACT HAS AN ESTIMATED VALUE BETWEEN $A500,000$1,000,000.

SYDNEY OPERA HOUSE SEEKS INTEGRATORS FOR ACCESS CONTROL, VMS, PSIM UPGRADE n SYDNEY Opera House is in preparation to embark on its security system upgrade project (SSUP), which includes the replacement of the existing electronic security systems, and provision of a new physical security information system (PSIM).

Sydney Opera House is inviting security system integrators of integrated electronic security systems based around PSIM, video management system (VMS), electronic access control system (EACS), and other key sub-system integrations,

to submit an expression of interest to be the principal contractor for the works. Sydney Opera House is seeking a complete turnkey solution for the SSUP project. The tender closes on August 15, 2019.

14 se&n

SEN819_10news.indd 14

1/8/19 1:45 pm

SEN819_15.indd 1

1/8/19 1:01 pm

DATIONS ABLED TO CURITY HE N AND NING ANCE

NEWS AUGUST 2019

HIKVISION ANNOUNCES 14.6 PER CENT SALES GROWTH, 1.67 PER CENT PROFIT GROWTH POST-Q2 n HIKVISION has reported a total operating revenue of RMB 23.92 billion for the first half of 2019, representing a year-over-

year (YoY) growth rate of 14.60 per cent, while net profits attributable to shareholders of the company amounted to RMB

4.22 billion, a growth rate of 1.67 per cent YoY. Hikvision reported strong financial performance during the second quarter

DRONESHIELD INTEGRATES COUNTER-DRONE DETECTION WITH BOSCH CCTV SOLUTIONS n SYDNEY-based DroneShield and Bosch Security and Safety Systems have entered into a partnership in the counter-drone market under the Bosch Integration Partner Program (IPP). DroneShield will be offering an integrated system for drone detection and mitigation, with the company’s products integrated with Bosch’s video surveillance products. The product integration has been completed and the combined solution

is now available to customers, according to an announcement. “Bosch is pleased to add DroneShield as the preferred counter-drone partner to our suite of capabilities,” says Hsiang Nung Kuah, Bosch Business Unit Security, director. “Drone security is becoming a rapidly increasing problem for our existing and prospective customers across the sectors, and we expect DroneShield’s capability

to service this emerging need.” DroneShield CEO Oleg Vornik says the company will work with Bosch across various customer segments. “Most customers seek to make the most use of their existing installed hardware and systems, and adding our capabilities to the large installed and growing base that Bosch has in Asia-Pacific and globally, is expected to drive significant value to customers,” he said.

of 2019, with 21.46 per cent growth year on year, in total operating revenue and 14.98 per cent growth YoY in net profits. The company reported it had maintained strong investment in R&D and accelerated development of trending technologies such as deep learning, big data, and intelligent IoT, which will enable it to stay ahead of the curve in innovation for the security industry. During the first half of 2019, the company further strengthened its operations at home and abroad with continued investment in local sales, marketing, and customer services operations. Hikvision was

also pleased to see its new businesses – EZVIZ, HikRobotics, automotive electronics, and intelligent storage – continue to flourish, gradually becoming a new source of development and long-term growth.

HIKVISION REPORTED STRONG FINANCIAL PERFORMANCE DURING THE SECOND QUARTER OF 2019, WITH 21.46 PER CENT GROWTH YEAR ON YEAR, IN TOTAL OPERATING REVENUE AND 14.98 PER CENT GROWTH YOY IN NET PROFITS.

MOBOTIX ANNOUNCES CNPP CYBER SECURITY CERTIFICATION n MOBOTIX reports it has obtained the certification ‘CNPP-certified’, which integrates the cybersecurity dimension. According to Mobotix, it is the first manufacturer in Europe to obtain CNPP-certified product certification for its video surveillance cameras, offering a guarantee of IT and electronic resistance to cyber-attacks. “This recognition is proof of quality, performance, and also of the trust of our customers at a time when digital security is becoming a key issue for all stakeholders,” says Patrice Ferrant, regional sales

manager, Mobotix. Mobotic announced its intention to focus on cybersecurity 18 months ago, which included launching the Mobotix Cactus Concept, which has recently been upgraded with the release of the Cactus Patch software download. “The objective of this initiative is to promote cyber-security in the area of video protection and video-telephony,” Ferrant said. “An integral part of our strategy is to develop a series of product-integrated tools and features that allow IT security administrators to protect their systems.”

16 se&n

SEN819_10news.indd 16

1/8/19 1:45 pm

SEN819_17.indd 1

1/8/19 1:00 pm

● Special report

Security Technology

BY J O H N A D A M S

Accuracy has improved, and we have deployed installations as temporary wall during construction and on some solar farms as a virtual fence.

THERMAL & ANALYTICS

HERMAL detection is a righteous technology that’s just as effective over close ranges as it is when defending bridges, solar farms, industrial applications and port facilities. It’s the cheapest intrusion detection technology on an area basis by a significant margin. The key thing about thermal detection is that it applies to everything, because everything has thermal emissivity and those differences in emissivity can be measured. Add deep learning to the mix and you end up with a solution

that is highly discerning and learns from its mistakes, becoming more and more effective over time. Axis’ Wai King Wong says that unlike conventional optical cameras, thermal cameras definitely have an advantage when it comes to the ability to detect intrusion events. “This comes as a result of the difference in technology between the 2 types,” explains Wong. “Where conventional optical cameras capture an image using light reflecting off surfaces back into the

18 se&n

SEN819_18thermal.indd 18

1/8/19 1:46 pm

security

The Complete Security Solution Expand your offerings to cover intrusion from DSC, video from exacq and access control from kantech in one single solution.

The all-in-one integrated solution provides the best of video surveillance, intrusion detection and access control all from one single, trusted partner. You can deliver a full solution to your customers with ease and business owners and security personnel can manage all aspects of on-premises physical security from a single interface - kantech or exacq.

For a total solution from a single trusted source Visit: tycosecurityproducts.com Call: +61 0499688921 Email: bts-emea-tycosales@jci.com

SEN819_19.indd 1

1/8/19 1:00 pm

● Special report

Security Technology

lens, a thermal camera reads the thermal signature being emitted from a surface and this difference in technology means that thermal cameras are typically not subjected to the same challenges as optical cameras. These challenges include low light, strong backlight, smoke, fog, dust, and rain, to a certain degree. It is because of this, that thermal cameras are heavily utilized for detection, especially for perimeter protection applications.” When it comes to the qualities integrators and end users should seek in thermal cameras used with analytics, Wong argues it’s best to break this question into 2 parts, both of which will have equal value when it comes to determining a suitable solution. “First is the quality of the image, or how usable is the image being generated,” Wong explains. “This does not necessarily mean higher resolution as most analytics scale the resolution down before being analysed. Rather, what is the important aspect would be the contrast of the thermal image being generated how well it’s able to differentiate between temperature variations and represent that with clearly different colour tones in the image digitally generated. This becomes important for analytics we plan to use later, as it dramatically improves accuracy. “The second equally important factor is what is being done with that image by way of analytics and integration of said analytic with a VMS/SMS platform. Typically, prior research should first be done into what type of analytics is available out in the market, then identify those which is able to solve the customer needs. Next stage is to then choose an appropriate VMS/SMS platform as this is going to be the platform/ interface an operator will use to access and receive detection from both the camera and analytics.” According to Will Hasna of Bosch, analytics and

BY J O H N A D A M S

THERMAL TECHNOLOGY IS VERY GOOD FOR USE IN PERIMETER DETECTION APPLICATIONS AS YOU CAN DETECT OBJECTS OVER A LONG RANGE. thermal cameras have the capacity to change the way perimeter detection is handled. “Absolutely, they do,” he says. “Thermal technology is very good for use in perimeter detection applications as you can detect objects over a long range. If you couple this with the ability for that thermal camera to not only detect that there is an object 150m away, but that the object is classified (via the analytics) as an upright person, and you can measure the flow direction of that person, then you have a better understanding of the behaviours around the perimeter line. Add to this the ability to trigger an analytic rule and command a conventional PTZ to a predetermined zone and turn on the white light illumination that we deploy in our Bosch MIC, and this becomes a very powerful perimeter protection combination, indeed.” Meanwhile Branon Painter of Pelco says security operators can use video analytics to monitor gates and other physical barriers as well as to establish a virtual fence around certain areas of interest. “They can also track moving objects in an unauthorized area, even as they move out of the scope of one camera,” Painter says. Mike Metcalfe of Milestone agrees the future looks bright for thermal and analytics. “I think, like the rest of our industry, these technologies are constantly innovating, coming up with smarter, more efficient ways of managing perimeters,” Metcalfe says. “Thermal and analytics, coupled with IoT sensors, access control and smart geofencing result in automated processes and actions that could soon become an industry standard.” Sargon Yousif of Axis also argues analytics and thermal cameras could change perimeter detection. “It’s getting close, accuracy has improved, and we have deployed installations as temporary walls during construction and on some solar farms as a virtual fence,” Yousif says. “Whether you’d use them would depend on the level of risk. In a few more years, I can see this technology changing the way perimeters are protected.” According to Florian Matusek of Genetec, analytics and thermal cameras are already changing the way perimeter detection is handled. “Many customers today already rely on thermal cameras with analytics as their primary perimeter detection technology,” Matusek says. “Since any technology has advantages and disadvantages, a highly secure facility will always rely on multiple technologies, but analytics is increasingly a part of that.” n

20 se&n

SEN819_18thermal.indd 20

1/8/19 1:48 pm

SEN819_21.indd 1

1/8/19 1:56 pm

● Special report

VMS

BY J O H N A D A M S

CHALLENGES OF VMS When it comes to the challenges of VMS applications for integrators there’s certainly plenty to consider – starting with meeting customer requirements, finding a solution that’s affordable and manageable and ensuring the expertise is available to install and commission necessary system components. OR electronic security installers and integrators, making the jump from big NVRs with integrated management solutions to server-based VMS is a frightening prospect. Getting the move right demands your business tick off a checklist of networking expertise, as well as showing up with the capability to undertake a quality CCTV application. You can depend on support from the manufacturer and distributor to a point, but training needs to be undertaken to ensure you’re able to get the solution across the line. According to Mike Metcalfe of Milestone there are a number of things integrators need to keep in mind. “The most challenging aspect of applying video management systems from the point of view of integrators is ensuring the specifications of the running hardware is done correctly, and ensuring a seamless deployment while allowing the integrator to offer their end customers the option to scale after deployment,” Metcalfe says. “With proper training, installation and configuration of the VMS shouldn’t be challenging, allowing integrators to deploy the solution faster - resulting in more opportunity to deliver more functionality to customers. Something else to consider is fundamental operator training, which should be easily accessible for integrators to help them deliver onsite as part of their own handover, but also allowing integrators to

offer end user operators the option to access the VMS training courses in their own time, post-handover. “At the heart of this is the fact that integrators need to select an open VMS which gives them the ability to easily build an integrated solution to offer their customers,” says Metcalfe. “This allows them the freedom to choose from a huge range of marketleading technologies. Coupled with this, integrators should choose a VMS which has local vendor setups and support teams offering professional and consultative services.” George Moawad of Genetec argues that for systems integrators, ease of installation and maintaining the system in the future can be challenging aspects. “They need to be fully certified and attend regular training (ideally once or twice a year) in order to be up to date with the latest features, and new and improved software versions,” Moawad explains. “Integrators also need to select VMS vendors that offer training courses, so they can be on top of the latest product features and industry trends.” Staying ahead of the curve on functionality is a big deal, especially as video content analysis and deep learning begin to make a serious impact on the market. An integrator which is familiar with a particular VMS brand also needs to be across that brand’s technology partners – the nature of the market is such that a quality VMS is the centre of a cluster of solutions delivering key pieces of user functionality. Getting analytics working properly relates not only to rules-based setup but ensuring the proper training is in place to allow users to make the most of their analytics-enhanced VMS. The presence of analytics is likely to impact on the layout of video walls as well. Intrusion events are likely to be thrown to dedicated alarm event monitors rather than being left in the background in the hopes an operator may notice trouble. Alongside this will be additional network complexity. The beauty of analytics is that it increases control room efficiencies, as well as making investigations much faster. Around Australia end users are clamouring for analytics – all of it with clear operational outcomes – and no VMS integrator should be without the necessary expertise to deliver them. According to Larry Waite of Ipswich Council, the hardest thing about applying VMS from the point of view of integrators is multi-faceted. “It’s about keeping staff skilled and up with the latest technology and networking behind the VMS, as well as having the ability to fully support the product and the end user,” he explains. “Another challenge is ensuring adequate knowledge of network and cybersecurity practices. Integrators need multiple skilled people to draw from to address issues in real time, and technicians with sufficient knowledge to enable a quick response and the ability to resolve any issues.” n

22 se&n

SEN819_22vms.indd 22

1/8/19 1:46 pm

SEN819_23.indd 1

1/8/19 12:59 pm

● Case study

EastLink

EASTLINK’S CONVERGED FUTURE Convergint Technologies, ConnectEast (CE), Broadspectrum (BRS) and Barco have integrated Genetec Security Center VMS and Axis IP cameras with Citilog analytics, UGL OMCS and Barco OpSpace to a design by security consultancy, ACAD Services. The solution balances complex topology, an exceedingly sharp operational focus, many interest groups and the stringent requirements of EastLink operators. NY piece of road infrastructure is a challenge for its managers – upgrades must be handled with meticulous planning and careful process control to ensure traffic flows are never impeded and that safety is maintained at all times. These priorities colour many aspects of the EastLink CCTV and network upgrade, from product choice and the involvement of multiple interest groups, through to incremental upgrades after the system went live. There are currently 230 cameras across the freeway, tunnels and buildings that support the EastLink freeway, but this modest camera count belies the intensity of this application and the complexity of the solution integrated here. On a camera-by-camera basis, this is the most complex video surveillance application we’ve ever seen. It’s tempting to say the bulk of that complexity lies in the layered network topology but there are too many other things going on at EastLink to be certain.

The monster lead time with the painstaking process of selecting hardware and software, testing before production, testing after production, and ensuring buy-in from multiple internal and external stakeholders, speaks of the importance of its video surveillance system to the safe and efficient operation of EastLink. This is a serious system designed, built and installed for a serious operator. In terms of hardware and software at EastLink, the new IP CCTV system is built around an Allied Telesis network, with a DELL VMWare virtual server environment, Genetec VMS, Barco OpSpace operator workspace solution and third-party integrations with Citilog video analytics and UGL’s SCADA (OMCS). Analogue cameras have been brought into the IP solution via encoders and are now being replaced by Axis IP cameras through a process of progressive upgrade. Visiting the site, we go into the bright green EastLink building and down the Emerald staircase into the magical heart of the EastLink traffic control room. Stuart Lindsay, engineering/project delivery manager at ConnectEast (EastLink), meets us – he’s matter of fact and operationally on-point. The traffic control room is large and well set up with plenty of adjacent workspaces. In the room are system designer Bob Firth of ACAD and Neil Bernabe of integrator, Convergint Technologies. According to Lindsay, the new CCTV system went live at the end of February 2019, but the story began years before. “We needed to replace a legacy Honeywell MAX1000 analogue switcher, which supported a GE management system and Panasonic analogue cameras, with an IP solution,” Lindsay explains. “But this IP solution needed to incorporate many of the analogue cameras, as well as new IP cameras, and it needed to integrate with the OMCS Scada system, the VicRoads Genetec VMS and much more besides. We started looking at upgrading our system about 18 months before we went out to tender in mid2018 – we looked at cameras, VMS suppliers, switch manufacturers, the lot. “Convergint Technologies Australia was selected as the integrator of the head end of the CCTV solution. We had to get the IP backend integrated first and we converted all analogue cameras to IP via encoders so they could be integrated with the new Genetec VMS. Over the next 2 years we have a roll-out of new Axis IP cameras with an installation crew going along the freeway and tunnels changing cameras - about 30-35 per cent of cameras have been upgraded on the road out of 208, with extras

24 se&n

SEN819_24east.indd 24

1/8/19 2:00 pm

BY J O H N A D A M S

being added, including those covering depots and other assets. We have designed the system to support 300 cameras, so we have room to expand.” It goes without saying that there’s an operational requirement for the system. “We are required as managers of EastLink to have gapless CCTV coverage of the 39km of open freeway and the two 1.6km road tunnels,” Lindsay explains. “The purpose of the system is to maintain traffic flow, maintain health and safety of staff and our customers, and to monitor the safety of maintenance works.” System design was undertaken by principal consultant Bob Firth of ACAD Services who says that early on the ACAD team engaged with all the user interest groups and then designed a solution around their requirements. “EastLink and all the stakeholders had done a lot of thinking – they were one of the most educated clients we’ve ever worked with,” Firth explains. “They originally thought about delivering the project themselves, so had done a lot of research on VMS solutions, cameras – it was different coming into that environment compared to a customer wanting to be told what to do. But despite the challenges of the application, it was an enjoyable process, and everyone has worked very well together.”

NETWORK SIDE The layered nature of the system makes the overarching scope of works especially hard to nail

EASTLINK AND ALL THE STAKEHOLDERS HAD DONE A LOT OF THINKING – THEY WERE ONE OF THE MOST EDUCATED CLIENTS WE’VE EVER WORKED WITH.

down. And while Convergint Technologies has undertaken the testing and installation of the head end, there was related work being done on adjacent sub systems and networks by Broadspectrum, Eastlink’s engineering dept, EastLink’s corporate IT department and VicRoads IT department that feeds into the functionality of the EastLink CCTV system. The network side is Allied Telesis with redundant cores in the main traffic control building and the administration building. The cores are split between these 2 locations, but they behave as a single virtual stack. What this means is that if this the main building goes down, the other core seamlessly takes over. We look at the network schematic showing the Allied Telesis network monitoring management software. There aren’t too many solutions around that sprawl across 40km but when you take the federated network into account, the system gets much larger again. Structurally, there’s a dedicated single mode fibre network supporting field CCTV cameras in a dual redundant ring out in the field, while the internal network is built using a VMWare virtual network with multiple redundancies across multiple servers. According to Lindsay, moving from an analogue solution to an IT solution was a big shift. It was not only about the VMS – the SCADA system with which the operators were very familiar needed to be functionally integrated. When I suggest to the room this overall process is easier to say than do, there’s an intense burst of laughter.

se&n 25

SEN819_24east.indd 25

1/8/19 2:00 pm

● Case study

EastLink

Bob Firth (left) Stuart Lindsay and Neil Bernabe

“As a business we have always worked on the lines of IT and OT - IT is in one building and outside technology is in another building,” Lindsay explains. “IT tends to deal with the commercial LANs – the business operations. Everything on the OT side runs the road – that has included this control room, the PLC networks to the tunnel, the comms to the tunnel, the CCTV system - the 2 have never been entwined. “Now OT has come into the 21st century with networked virtual environments and there are challenges. These are systems vital to the operation of the freeway. With some commercial applications you could outsource IT functionalities, but we cannot do that – this is a critical life safety solution. Our systems cannot fail or be at risk of failure, and this means we need a highly redundant solution located and managed inhouse in close liaison with our IT department. Adding complexity, we also need access to the internet, and we get that connectivity behind layers of firewalls. “At all times redundancy and support is vital,” explains Lindsay. “For example, the maintenance team in another building will soon have a monitor which allows them to be alerted to any issues with the system in real time – network, connectivity, switch usage. This is also displayed in the ops centre – we never had that capability before, which made maintenance harder. Another big improvement is that the path from here to the roadside used to have many steps, with multiple instances of encoding and decoding causing signal degradation and latency. The new design has improved that – we are getting far better performance from the new system.” From his position behind the Barco OpSpace workstation, Neil Bernabe, IT project manager, Convergint Technologies Australia, points out the salient features of the system. “You can see the core represented here, you can see the open road area of the freeway here - this represents the tunnel, and these are the buildings,” he explains, pointing out each key piece of infrastructure. “There’s redundancy for the tunnels within

NOW OT HAS COME INTO THE 21ST CENTURY WITH NETWORKED VIRTUAL ENVIRONMENTS THERE ARE CHALLENGES.

the network – if a master switch goes down the node in the cabinet at the other end will take over. As well as CCTV, there are radio repeaters, the OMCS infrastructure and multiple Barco OpSpace workstations incorporated into the overall network – this increases situational awareness by allowing sub system events to be displayed on the video wall. “On the freeway there’s an EPSR ring (Allied Telesis) which daisy chains from switch to switch via 10Gb fibre through the whole ring. Here in the main building, each switch stack (some in ops room, some in the server room which support virtual workstations) has a redundant path to the 2 buildings here – this is what facilitates continuity, allowing every other switch a path to the core even if the head end goes down,” Bernabe explains. “It’s the same in the tunnel with the ME02 and ME01 going back one to each side – it means that if you lose a path you retain connectivity all the way down the tunnel. A lot of the devices have redundancy built into them as well – things like dual power supplies with solenoids which are monitored here. “Moving into the virtual side of the network, this is virtual centre (V Sphere) with 4 hosts, 2 in each building designed so that if you lose a host the virtual machines will be migrated across to the other location with no break in service. There are redundancies everywhere – the VM are duplicated in the box so can shift between storage locations. The system has active directory, solarwinds, it’s housing the Barco OpSpace system, the V Centre environment and Veeam backup. “We installed all the head end gear for the network but there was a lot of input from the IT department (as well as from VicRoads) as to how they wanted their system to be set up, as they would be administrating it,” Bernabe explains. “It was a challenging and timeconsuming process getting the network right.” According to Firth, building a network that functioned perfectly was the key to ensuring the overall solution worked properly and met the expectations of the stakeholders. “This network is complex – we have our own network here then there’s the corporate network, then the VicRoads network,” Firth explains. “There’s a connection between the VicRoads network and the corporate network and we are inside their firewall and inside our own firewall. If we talk about who had to be involved in the network config it was the Convergint headend integration team, EastLink corporate IT, Corporate IT’s outsourced IT provider, Eastlink engineering, VicRoads IT, VicRoads IT’s outsourced IT provider, and the VicRoads CCTV contractor. So, 6 interest groups just to manage network configuration. “There were many phone calls and a lot of troubleshooting was required because we needed to negotiate multiple firewalls. It was hard work just coordinating it, let alone trying to work out where blockages might be. There were different systems

26 se&n

SEN819_24east.indd 26

1/8/19 2:00 pm

Visual Alarm Veriication

for New & Existing Paradox Systems

H.264

Upgrade your existing Paradox alarm system with

Paradoxâ&#x20AC;&#x2122;s HD Wi-Fi Cameras

1300 319 499 SEN819_27.indd 1

CSD.COM.AU

ATLASGENTECH.CO.NZ

SCAN TO WATCH VIDEO 1/8/19 12:59 pm

● Case study

EastLink

with different processes – it all took time. We even got Genetec engineering involved to establish whether both systems were configured properly in order to get persistent issues sorted. Finally, this project was put through a cyber security review which was being undertaken concurrently across the entire organisation – that was just another moving target. The reviewers recommended changes to our system, which we incorporated.” Bernabe says communication was key to resolving complexities. “Resolving a lot of issues came down to one big meeting with the system explained to everyone in detail - we ran through what everyone needed to be doing and then established what everyone was actually doing,” he explains. “A single phone call ended up solving the federation issues we had when we were trying to get the network layer and the application layers working.” Something else that fed into the nature of the head end was the choice of video analytics solution. The old system had a bank of analysers crunching data to allow automated alerts to be brought to the attention of operators. But EastLink decided it would take analytic technology to the edge with the upgrade. “The analytics solution used is Citilog, which is a suite of functionalities inside Axis cameras,” Lindsay explains. “This means the analytics processing is done at the edge, not in metal boxes in racks in the network room. It allowed us to rationalise 8 servers when we installed the Axis P1367E bullet cameras and the new system is running and works well – in fact, we are putting in another 19 of these Axis cameras on the weekend. “Something else is that each one of the old video analysers supported 16 cameras and if an analyser went down you lost all those cameras. With Citilog running on the Axis cameras if you lose 1 camera you lose 1 analytic, not 16 as previously. We went through a long process when trying to decide which cameras we would use – the amount of work that went into that decision was phenomenal. Ultimately, there’s

A KEY ELEMENT OF THE PROCESS WAS RUNNING THE OLD AND NEW SYSTEMS IN PARALLEL WITH A T-PIECE THROUGH ALL THE ANALOGUE FEEDS TO THE MATRIX.

a significant financial saving – we’ve removed the operational expense of replacing those 8 dedicated servers every 5 years.” There must be multiple sub systems that needed to be integrated into the management system during the installation process, I ask. How does that work? “Everything here runs on UGL’s Operational Maintenance and Control System (OMCS) – it’s proprietary infrastructure used in many tunnels across Australia,” Lindsay explains. “That’s what you see there on the video wall – it’s the variable speed signs, variable message signs – that’s the heart and the brains of the whole network. The old analogue CCTV was part of OMCS. “When we brought in Genetec, which is a thirdparty software solution, we had to integrate it into that existing core and brain of OMCS. One example of the OMCS CCTV integration would be if someone picked up a roadside help phone – operationally, OMCS would tell the operator a help phone been picked up, would call the help phone contact number and would control the matrix to swing cameras around to provide video of the help phone. With this upgrade we were moving away from the analogue matrix but we wanted to retain functionality and continue to integrate with the existing OMCS. “The appeal of Genetec was that it is also used in other road systems – the M7 in Sydney – so the drivers to make it work with OMCS were written and an SDK existed. We wanted Genetec because it had additional functionality and is off the shelf, which means it’s more cost-effective than a proprietary solution of the type we had before. “Contributing to our decision, VicRoads uses Genetec and we must supply VicRoads with access to certain cameras. And not only does VicRoads use Genetec, Victoria Police uses Genetec and the 2 freeways we interface with also use Genetec. In order to integrate with all these interest groups, it made sense to go with Genetec ourselves. It was so much easier and cost-effective to federate our own Genetec system with the Genetec systems of VicRoads and the others. It also means we can see some of their cameras when required.”

THE INSTALLATION Given the complexity of this solution, installation was a real process. Convergint Technologies handled the head end, while Broadspectrum took care of installing cameras and network components in the field. Concurrently with the CCTV upgrade, Barco delivered the OpSpace solution, while UGL updated OMCS, VicRoads configured its systems and EastLink corporate IT worked on the EastLink network. “Each of these contractors had its own role during the installation,” Firth explains. “Broadspectrum did the cabling on the freeway – going up in a bucket truck during quiet periods at night, pulling out the

28 se&n

SEN819_24east.indd 28

1/8/19 2:00 pm

Bernabe drives the Opspace.

coax, installing the CAT-6 to put in the pre-configured cameras given to them by Convergint Technologies. “The EastLink maintenance team then came in next day to finalise the handover from old camera to new camera. They put the camera on the map, added it into the viewing task and configured visual tracking.” According to Bernabe, Convergint Technologies started work on the project in the first half of 2018 and planning was a key element of the installation. “The initial thought was that we would duplicate the system in parallel, connecting the analogue cameras to the encoders and allowing the operators to continue working via the analogue solution,” he explains. “As we qualified the system we would cut over to the IP-based solution. “There were 3 phases to the installation for Convergint – the head end, roadside network and the cameras. The head end was everything related to the network including Genetec, the second stage was having everything out on the road in the cabinets. Stage 3 was PTZs being installed on road itself. Another aspect of the process was decommissioning legacy components of the analogue system.” Lindsay believes the most important part of the installation took place before the physical installation began. “Prior to production of the system we did fullon factory acceptance testing at Convergint Technologies in Port Melbourne and during that process we identified some issues with hardware that needed addressing before we could proceed,” he explains. “There were issues with servers that needed to be resolved with the manufacturer and

once that difficult process was completed, we got the core installed and then the network infrastructure in place. We needed all that finished before we could go ahead with the rest of the application.” According to Firth, complicating the installation was the fact the importance of surveillance to operations meant there could be no break in service – the cameras had to keep working no matter what. “A key element of the process was running the old and new systems in parallel with a T-piece through all the analogue feeds to the matrix,” Firth explains. “The integrators added encoders to give us a second digital stream and the whole Genetec system was built to a fully operational level alongside the analogue system.” Firth says every part of the installation process was painstaking. “We went 3 rounds with the tunnel cameras – we needed to look at the lenses required and the brackets – we wanted to make it as easy as possible to retrofit the new IP cameras where the old analogue cameras had been in their Strongabuilt housings, which open from the bottom. While we could not find cameras that worked with the existing housings, we also couldn’t drop cameras further into the tunnel because trucks needed the airspace. We ended up designing a custom bracket.” Also driving camera choice on the freeway was the fact the new cameras needed to be installed on the same poles as the old, with the installation process being as similar as possible, in order to streamline the upgrade. “When you look at the schematic that network is 39km long – each of the nodes you can see is a comms node cabinet (CNC) and the CNC feeds

se&n 29

SEN819_24east.indd 29

1/8/19 2:00 pm

● Case study

EastLink

multimode fibre out to a local camera location,” Firth explains. “There’s also power fed out for polemounted cabinets. What happens with replacement is that the maintenance team removes the camera, then puts a media converter in place. They use the existing fibres that went to the local fibre modem (which is removed) and the camera becomes PoE between converter and camera for power and video data.” According to Bernabe, mirroring of the functionality of the old SCADA-based solution ran deep. “The existing media converter had an input for the tamper switch on the cabinet which fed through to the OMCS system – when the cabinet was opened it would trigger the OMCS to swing a camera to a position,” he explains. “This posed a challenge because this equipment was being decommissioned and replaced with an IP camera without a tamper. “Instead the techs used the camera input/output as a tamper, giving us the ability to drive the camera to a preset position whenever the cabinet doors opened, and to display this video stream in the control room. There have been a few things like this – things the new system has taken from the old system in terms of field functionality, including reusing existing multi-mode fibre going directly into the switch so there are less parts.” Lindsay says retaining existing components extended to the network cabinets by the roadside, though this posed challenges during the process. “Something we needed to consider was that all the switches in the roadside cabinets needed to fit into existing shallow cabinets that reach 60C during summer month,” he explains. “Only 2 of the numerous switch brands we looked at would fit into these cabinets and this meant Allied Telesis virtually chose itself as the field switch because the other options either would not fit our space or could not run the core at 40Gbps.”

CHALLENGES OF THE APPLICATION Something that stands out when visiting the site is

the complex nature of every aspect of the system and the overwhelming intensity of the application itself. There’s very little that’s not challenging about a life safety application like this one. Not surprisingly, for Convergint Technologies, the greatest pressure was felt once the new system was commissioned. “For us the pressure really came on once we hit the live button – when the system was live even the smallest tweaks became deadly serious,” Bernabe explains. “There’s a time window between 10am and 2pm for doing major works and if there’s an incident during that period all work stops. Then there’s different management teams and onsite maintenance teams that need to be involved in any works when the system is live – coordinating all this isn’t easy.” “During the earlier part of the integration we found that as soon as we cutover into the production environment just flicking a switch on the network side required a lot of buy-in from multiple internal and external interest groups. Then as soon as we had our system working, we added the Barco OpSpace and the federated network - then we really started finding wider issues that needed resolving.” The vital nature of the system made troubleshooting more difficult, too. “When integrating a highly secure networked solution you need support from the supplier, but the gear is now installed on site in a secure environment with restricted connection to the outside world,” Bernabe explains. “It meant we needed people to come on site, to diagnose issues, get results, come back to site with the results and only then could we have R&D test and analyse the system and the findings to resolve issues.” For Firth, salient challenges revolved around ensuring the system could perform to its specification during early testing of system components. This process was much more difficult and time consuming than you’d imagine it could be. “Challenges during the setup phase included a number of different manufacturer issues – faults with switches, hardware configurations,” he explains. “We would uncover an issue during performance or failover testing – things worked during normal operation but if you switched a device off there was a problem. Each issue took weeks to resolve and involved manufacturers updating hardware and firmware and Convergint laboriously re-testing. “We extended the testing phase by months in order to work through and resolve all the issues and re-test to EastLink’s satisfaction. We would be ready to cutover and would run through all the pre-cutover testing and we’d find an issue with NICs refusing to come live after a failover – in one case there was a different current draw from specification. We would try to resolve the issues but would have to fail the testing and go back to supplier support, working all the way through the issue with new hardware. “Next, we would re-do the testing and find a firmware update that impacted on the custom

30 se&n

SEN819_24east.indd 30

1/8/19 2:00 pm

DRIVING THE FUTURE OF

Intelligent Buildings T HROUGH INN OVAT ION, IN T EGR AT ION & E XCELLENCE

INTEGRATION

SCALABILITY

With a wide range of video, intrusion

Built-in scalability to meet long-term

Building on current platforms, Interlogix

and access control solutions, Interlogix

security needs, the Interlogix portfolio

products are utilising the latest and

products provide small to mid-

allows you to grow your security

leading technology to ensure your

size commercial applications with

solution, as your business grows.

security solution meets current and

comprehensive coverage.

LATEST TECHNOLOGY

future needs.

www.interlogix.com.au

SecElectronics_November2018.indd 1 SEN819_31.indd 1

23/10/18 1/8/19 8:45 1:02 am pm

● Case study

EastLink

software engineering. We’d go back to R&D, they’d fix this issue, then we’d go through it all again. That process was torturous. A lot of sites you would not go to this level of testing but because of the life safety requirements of EastLink we failed every component that could possibly fail – one power supply, both power supplies, the fibre, network components, the lot – we wanted to know whether we got an alert on failure, we wanted to know if the automated processes designed into the system ensured that it continued running – EastLink needed absolute certainty of performance. “When the project began we said it was an engineering project not a typical commercial project cutover – there were layers of commissioning checks,” Firth explains. “We did 3 solid days of testing, failing over, shutting things down making sure we got the alerts before we allowed the system to be produced, let alone installed and integrated. It was heavy duty from start to finish. Other complications included commissioning the Citilog analytic and the federation to VicRoads – all these aspects had to be worked through.” EastLink was highly engaged with the process of resolving issues. “We were heavily involved in sorting issues out and escalating issues as high as we needed to in order to resolve them – process control was a big part of this upgrade,” Lindsay explains. “It was through process control we found issues in hardware and software and it’s good we did – you can’t fault-find a system after it’s gone into production. “We needed to ensure suppliers knew how serious our application was – things like power supplies needed to be utterly dependable. The level to which planning and process control was taken was frustrating for suppliers who may not have dealt with a client like us before but when you have serious life safety responsibilities there is simply no room for complacency.”

WE NEEDED TO ENSURE SUPPLIERS KNEW HOW SERIOUS OUR APPLICATION WAS – THINGS LIKE POWER SUPPLIES NEEDED TO BE UTTERLY DEPENDABLE.

DRIVING THE SYSTEM EastLink’s operations centre is more complex than Paul Bretherton (left) and Lloyd Tanzen installing tunnel cameras.

a typical commercial CCTV control room. The video wall is extensive and the Barco OpSpace gives operators highly sensitive situational awareness across multiple integrated systems located on multiple networks. “The traffic control room is on that side and we are standing in the incident room,” Lindsay explains, pointing. “In the event of an incident – an accident, a fire in a tunnel - fire brigade and police will be in this room with access to their radio communication systems. Our duty manager will interface with them and the teams will work seamlessly to ensure the scene is made safe and we return traffic flow to the EastLink freeway as efficiently and safely as possible.” While there are similarities in function and appearance, a traffic control room is unlike a typical CCTV control room. “A key differential in this application is that it’s primarily a live operation – for EastLink operators it’s about managing flow in real time, while for most sites there’s little real time monitoring and recordings are investigated post-event,” explains Firth. “This need for live monitoring impacted on system design – we’ve put more effort into accessing cameras than into recordings, although those functions are there. This whole workspace here – it’s a Barco OpSpace - is bringing together workstations across multiple networks. Barco OpSpace means operators can pull up any of their authorised workstations as a window within an OpSpace workstation - it’s very powerful. “Looking at this workstation OpSpace you can see the Genetec workstation, the OMCS SCADA workstation and here are the video wall feeds,” Firth explains. “On the other side of the same monitor you see servers in case we have maintenance tasks to do. The strength of this is that operators can bring up anything they need to view or manage, no matter where it is in network. And because it’s linked DVI to monitor, access is possible even if a network is airgapped - we are directly encoding remote streams into the Barco Ops Space.” According to Firth, this allows a huge amount of flexibility in terms of what’s possible. “One operator might have cameras on that side, another has them on this side – to set the OpSpace up operators just open the source they want and lay the space out as they want – it looks like one workstation but it’s multiple workstations crossnetwork,” he explains. “Creating a control room with this functionality is not easy to do – it was a tough process and it really should have been a separate project on its own, not something we were trying to manage at the same time as everything else. Just to highlight the complexity, there are 8-9 virtual servers supporting Barco OpSpace. Operationally, there are 4 workstations running the system via Barco OpSpace, each with 4 displays. There are another

32 se&n

SEN819_24east.indd 32

1/8/19 2:00 pm

3-4 dedicated Genetec workstations, as well as the workstations that run the video walls.” A key part of the traffic control room’s real time monitoring functionality is built around analytics inside tunnels. “We use the Citilog automatic video incident recognition in conjunction with new Axis cameras to alert staff in the operations centre to incidents in real time,” Lindsay explains. “The rules-based algorithms operate end-to-end in both directions of both tunnels and approaches. They will detect a stopped car, debris on the road, smoke in the tunnels, wrong way traffic, pedestrians on the road and slow vehicles. You get to know about vehicles behaving outside what’s normal instantly – staff are alerted, and video displays will automatically switch to incident locations. “The Citilog cameras are fixed Axis cameras which have masks and detection zones programmed into them. How the system works is that when a camera picks up an incident in a zone upstream, downstream PTZs will turn to look at that zone and feed it to specific screens so operators know where to look. Once operators have assessed an incident, they can notify incident response teams, fire, law enforcement.” Looking at the video wall in the traffic control centre we can see 1080p Axis cameras and 4CIF analogue cameras side by side. The analogue cameras take a circuitous route to the ops centre so the quality of the image streams is weakened. Watching the monitors, I can see there’s a struggle to identify license plates or faces from the analogue cameras. But the Axis HD cameras are having no trouble getting plates and high levels of detail, with everything rendered in that very specific Axislooking video stream – tending to cool temps, with relatively low contrast, subtle colour saturations yet strong definition. To demonstrate the way the system works, Bernabe gives us a run-through. “If you’re an operator and you need to access the system there are a number of ways to manage the process,” he explains. “First, there’s a full map of the freeway system including roadway and tunnels, and you can zoom into an icon and click on a camera to access a view. Operators can also track an incident sequentially by clicking cameras using keyboard shortcuts and they can also access cameras related to specific incidents that take place on the freeway or tunnels. “If an incident occurs, they look to the incident camera view on the video wall– this mirrors the way the analogue system worked. Importantly, there are shortcuts hardcoded into the system and the operators, most of whom have worked at EastLink for many years, know the camera numbers by heart. To take advantage of this familiarity, we mirrored shortcuts when building the new system. “The operators know exactly which camera is

Lindsay at a roadside cabinet.

viewing what and they will just hit the shortcut to pull it up, making managing the system much faster for them,” Bernabe says. “It’s just one of the ways in which the operational aspects of the old system have been translated into the new IP system, which in a real sense mirrors the analogue matrix. “Operators can also get access to cameras views using directory trees for tunnel inbound, tunnel outbound, all fixed cameras and all PTZ cameras. A really neat feature of the new system is a functionality called area of incident – operators can rewind multiple cameras associated with an area of incident to get a complete snapshot of an event from start to finish.” According to Lindsay, the old system could only record what the operator was looking at on the video wall. “What was being viewed on the video wall was being recorded by 16-channels DVRs,” he says. “But now, regardless of what’s being displayed, everything is being recorded all the time. Further, when the OMCS triggers a camera to move to a preset position, that is recorded as well – in the past operators needed to be viewing an event or it would be missed. “Operators love the fact they can get to recordings quickly and easily – before they had to go through a protracted process – they were working live off the matrix using a keyboard and to view recorded footage they had to log into DVR software and go and view it. This gives them everything all the time as drag and drop.” Lindsay says this part of the system was designed in partnership with the operators. “Operators were integral to the design of the interface,” he explains. “We needed stakeholder engagement with them and on this project, we had the operators on board from shop floor level. They were also part of the factory acceptance testing process and as the system progressed they were feeding suggestions back in. They certainly got a lot of what they wanted.” Firth explains that the system was designed

se&n 33

SEN819_24east.indd 33

1/8/19 2:00 pm

● Case study

EastLink Bernabe agrees. “If you were to install Genetec Security Center in a greenfield application you would never use it like this – there’s been so much customisation to meet the demands of the application and the demands of the operators – it’s a special integration and certainly the most complex I’ve been involved with,” he says.

CONCLUSION

to mirror the analogue matrix in terms of some functionalities. “That’s why the operators have a keypad and a joystick with the new solution,” he explains. “Some operators are using more mouse when driving the system but in the first instance we needed to have a completely seamless transition in that early cutover period. If there was a life-threatening incident in the tunnel and the operators’ first instinct was to type a camera number, we wanted to accommodate that instinct.” The UGL OMCS we see on the workstation seems to be the core of the system in many ways – is that how it is? I ask. “OMCS is like a SCADA system for the freeway,” says Firth. “When it comes to CCTV, all the cameras have the ability to trigger a preset to one of these monitors so alarms might trigger an event to the video wall – an over-height vehicle approaching the tunnel for instance – 3 cameras will pop up and show the event. With the analogue system, this process was serial but now it’s a driver in the back end of Genetec. That functionality is essentially identical, so it remains familiar to the operators. “Getting this right was a process with a lot of testing and a custom driver. UGL wrote the driver to Genetec’s SDK but Genetec was involved in the process – they reviewed the design before procurement. Importantly, this meant we had a sign-off from them that this was the right design and later we had a sign-off from them on the actual implementation before we cut over. Zane from Genetec flew down from Brisbane and did a full health check.” Is there anything unique about the management system functionality? “There’s custom integration between the OMCS and the Genetec SDK and the rest is mapping which was customised from the functionalities within Genetec Security Center,” Firth explains. “There are hot actions, moving multiple cameras to a view an event. Probably the biggest deal is the level of configuration that has gone into it. It’s not just install Genetec Security Center, add some cameras and walk away. It’s the naming, the links, the vehicle tracking – that’s what sets it apart.”

When we walk the site our first port of call is the network room complete with 3 racks of gear dedicated to the system. There are the Genetec Streamvault boxes, the servers, the fibre switch and plenty of related gear. We look at the core, the firewalls, switches for the workstations, the encoders for the Barco system. It’s all very tidy and nicely done, as you’d expect. Visiting a cabinet beside the freeway highlights further installation challenges of the system – the huge distances, the relentless traffic flow and the combination of analogue and IP componentry. There’s a lot of infrastructure supporting a road system and I come away from EastLink with a strong sense that road systems are a serious business – ensuring life safety and monitoring traffic flows is vital and nothing can be left to chance. Something else that’s telling is just how difficult it is for the narrative to flow without spilling into the challenges of process control, the challenges of the layered network, the complexity of wrangling interest group requirements. No matter where a topic starts, it ends up in that place where all challenges meet. Listening to the chat in an office beside the traffic control room it’s impossible not to get a strong sense of what an epic undertaking this EastLink upgrade turned out to be. According to Firth, the EastLink solution is one of the most complete end-to-end upgrades in Australia. “The attention to detail in the engineering, setup and testing of the system has been intensive due to the high expectations of this customer,” Firth explains. “As a result, it’s a nicely polished solution. EastLink is a complex environment with lots of redundancy so getting it right was a process for everyone involved, the hurdles we had to jump through to meet the requirements of the customer – engineering, operations, training, configuration, managing the buyin of interest groups – it was a real process.” Meanwhile, Lindsay says the challenges of the application have been worth it and the upgraded system meets EastLink’s requirements. “Upgrading the CCTV solution has been a process to put it mildly,” he says. “We needed to understand what we wanted, how to achieve it and how to deploy it and we had to address major challenges along the way. If we had a greenfield site, things would have been easier but being brownfield made the upgrade more complicated and being a road/tunnel system with a life safety focus added pressure to many aspects of the work. But we needed to look at the bigger picture of EastLink’s converged future and I believe we have achieved that with our new solution.” n

34 se&n

SEN819_24east.indd 34

1/8/19 2:00 pm

A ground breaking alarm panel now comes with a ground breaking app (the new and improved)

The SkyCommand App Now available on iOS and Android

�

Free to download

� Setup takes just a few minutes bell Get real-time notifications

(subscription needed)

� Control doors and outputs remotely � Monitor inputs � Arm/Disarm areas

Direct integration with the Inception security controller

SEN819_35.indd 1

1/8/19 12:59 pm

● Special report

Cyber security

GREATEST THREATS OF 2019 What are the greatest cyber security threats facing electronic security solutions and their integrators and users in 2019 and what steps can be taken to mitigate those threats? We speak with consultants, engineers, developers and manufacturers to get a sense of cyber security’s state of play. YBER security has become the keystone of IP-based electronic security solutions. As integrations between subsystems and enterprise networks and third-party networks accelerate, the importance of network protection will increase exponentially. What’s so compelling about the cyber security of networked solutions is that it’s not a simple layer but layers within everything – smart devices, sensors, data streams, data pipes, cameras, servers, apps, management solutions, network devices and much, much more. The ubiquity of NIC-enabled hardware draws an inevitable question - is it ever possible to completely secure a network-facing electronic security solution? Consultant Shane Norton of Arup argues that

entirely securing a network-facing electronic security solution is not possible. “The simple answer is no,” he says. “You have seen examples such as the centrifuge network in Iran being targeted by Stuxnet, which was meant to be an off-grid network but in the end, some media reporting claims the virus was infiltrated by compromised USB. Even today we have the potential for drones to be fitted with Wi-Fi Pineapples (a tool originally used for penetration testing WiFi networks) with the potential to carry out snooping and infiltration into a wireless network. However, a compromised human to mule malware in and bypass organisations firewalls, the DMZs is normally the easiest and quickest way to gain access to a system. “Therefore, you are always in the mode of prevent (cyber security assurance and threat analysis to instruct who is in the neighbourhood which points to the firewalls, procedures, etc), detect (behavioural analysis of network patterns, network intrusion detection systems (NIDS), respond and recover (incident response, business continuity and evidence gathering). If I was to be facile for a moment, what people do with their guard dogs, CCTV, burglar alarms etc is not to prevent burglaries but to encourage the burglar to head somewhere easier or, if they are determined to break-in, make their life as difficult as possible with a greater chance of being detected with evidence gathered to

36 se&n

SEN819_36cyber.indd 36

1/8/19 2:17 pm

BY J O H N A D A M S

prosecute later.” Norton has no doubt about the most dangerous cyber security threat facing security managers and security integrators in 2019. “It’s the human being,” he says. “It’s the insider either accidently allowing access to restricted information, or causing a denial of service attack via misconfiguration of the L2 or L3. One of the classic examples of this is to have a very large L2 network and someone drops in a piece of equipment with the same IP address as another piece of equipment. Soon a storm will occur and depending on the switches involved, can cause them to reboot repeatedly with all the storm traffic. Finding these sorts of problems if not properly recorded as part of an inventory/configuration record can be a real nightmare, so maintainability goes out the window. “There are storm controls for L2, but I have found them to break, so one of the simplest mechanisms is to keep the L2 areas small and interconnect via L3 – in security terms this is containment. Lack of security design combined with a lack of senior management awareness of security can lead to expensive and often incomplete security solutions being bolted on in the last minute or even after the solution has gone in to production with the potential for large risks having to be accepted or not even understood. For government and corporate users, the greatest threat is staff error, inattention or failure to follow IT security protocols? “Yes; roughly 90 per cent of problems seen by a behavioural analysis tool were down to staff errors or hardware problems some of which were caused by staff,” Norton says. “Most staff are taken in by spear phishing exploits, which is a specific way in to loading/targeting malware. As a minimum, staff procedures must ensure that: l All staff should be encouraged to learn/given paid courses about cyber security for their home, and this leads to better understanding and behaviour at work. l All staff with operational or administration access to operational systems are proportionally screened dependant on their required level of access and potential operational impact. l New starters receive the appropriate accounts, authorisation levels and security training dependant on their required level of access and potential operational impact. l Confidential information and documentation is retrieved, accounts are deactivated and passwords are changed when personnel leave or change roles and responsibilities. l Separation agreements for both direct and thirdparty employees are in place prior to access being granted to operational systems. “I must caution SEN readers here that most people are familiar with IT systems but it’s the operation technology (OT) systems which control the vital systems of the organisation. IT security is normally

Shane Norton

THE KEY FOR SECURITY IS TO UNDERSTAND YOUR SUPPLY CHAIN AND SUPPLIER AS DOLLARS SAVED EARLY ON CAN BE LOST IN DRAMATIC FASHION LATER.

assured using ISO 2700x based standards. OT systems have moved towards an IEC 62443x or NIST SP800x set of standards which tends to be more onerous than ISO2700x standards,” Norton explains. “The interesting point here is the movement of IT and OT systems towards each other so many of the security assurance processes move to combine both aspects.” From an engineering perspective Colin Brown of SNC-Lavalin says there are steps integrators should take to ensure such vulnerabilities are significantly reduced and any untoward activity is pounced on immediately. “Drop them in a VPN which can only be accessed via a firewall to a demilitarised zone (DMZ) and an internal firewall,” Brown says. “The rules of the internal firewall need to be controlled by a security operations centre and any activity is logged and examined for unusual behaviour. This way the integrators have control via the VPNs and firewalls with the backup of behavioural analysis to spot unusual behaviour of human, configuration change control and the network behavioural analysis. Not only does this protect against miscreant behaviour but also against accidental human foul ups. This is all about establishing defence in depth.” Brown argues integrators setting up cyber security rules and protocols should be strict. “Start with the principal to deny all then release only that which is needed,” he says. “Now, some suppliers of products can be a bit lazy in their product designs and have more ports open than required. However, industry, especially on the OT side, are looking to harden systems, so reduce the number of ports used in general to the minimum required. To augment security, monitor the network for the presence of exploitable back doors as part of an ongoing assurance regime.” When it comes to the most important cyber security settings for CCTV cameras Brown argues safety first with a balanced eye on risk levels and cost. “I am paid to be a little paranoid, as most engineers are,” he says. “My greatest worry is that a camera can be disconnected and used as access into my network or for wireless cameras hit by a man-inthe-middle attack, which repeats the same frames, making it look like everything is wonderful when it’s not. In the first case I look to lockdown the interface, so I can identify the camera through a camera ID or unique security cookie setup for challenge and response. The use of Mac IDs as a means of locking the interface can be overcome using Mac spoofing. For defeating man-in-the-middle attacks for wireless CCTV cameras I would encrypt the information. However, it’s all about risk and keeping costs down as low as reasonably possible. If the loss is low, then the security features should be similarly low.” The electronic security industry has used subnets and silos to keep attackers at bay in the past – would you argue that to get the best performance from our

se&n 37

SEN819_36cyber.indd 37

1/8/19 2:17 pm

● Special report

Cyber security

solutions we need to re-imagine system designs to factor in cyber security threat? “I believe in an holistic approach – a system of systems and not just silos, otherwise you end up with lots of inefficiencies,” Brown says. “Having a system of systems view leads to a common risk assessment and management process, as well as a common risk view. All of this gives a better understanding and cost benefit. IEC 62443 leads you to zones and conduits, but if you look at value engineering a lot of the services for security, it can be engineered into the network at the beginning and can cost surprising little. Leaving security to the end drives up the costs, scalability goes out the window and maintaining the system becomes a nightmare.” How big of a deal are geo-political cyber security risks, broadly speaking? “Let us take an analogy to start with for geopolitical cyber risks,” says Brown. “If you look at the biological world, should you infect a body with a virus and it doesn’t kill it, then generally the body understands the virus and learns how to defeat it. As nation states start to use malware to make political and economic statements against each other, what is to stop a virus from one of these states being a little less well-targeted and damaging lots of other collateral systems or worse intentionally targeting your organisation’s SCADA systems? “A quote from the Washington Post: On Saturday, Christopher C. Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, issued a warning about Iranian attacks on American industries and government agencies, saying “malicious cyberactivity” was on the rise. “We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyberactivity, share information and take steps to keep America and our allies safe,” Krebs said.” “A Quote from ABC: One of Australia’s senior military figures says the threat of cyber-attacks against the nation’s infrastructure and military networks is on the rise. Major General Marcus Thompson leads the Information Warfare Division, which was set up in mid-2017 with the aim of providing both defensive and offensive cyber capabilities. In his first media major interview, he told the ABC the job of protecting Australia from serious cyber threats was only becoming more challenging. “What I’m seeing is a significant up-tick in the threats both from a criminal perspective as well as from state-sponsored [groups],” he said. “So this is not about some spotty youths who haven’t seen the light of day for several weeks as they heroically defeat big brother, rather they are well-funded organisations with lots of resources targeting the crown jewels of a nation via its SCADA systems.”

Rusty Blake

IT’S WELL KNOWN THERE’S AN ADVANCEMENT IN SOPHISTICATED MACHINELEARNING AND AUTOMATED BOTNET ATTACKS, BUT HUMAN ERROR IS STILL A RISK.

If you were setting up a secure electronic security solution that included access, intrusion and CCTV, what would the topology look like? “Before I looked at the topology, I’d start with 12 principles of security by design which I use, and consider the system as a whole, so think POTI (processes, organisation, technology and information),” Brown says. l Know your infrastructure - You must have current and detailed understanding of your network infrastructure, data flows and assets’ specifications. l Understand your threat landscape - Most threats are likely to come from inside – with accidental, malicious insider and supply chain activity the largest malware infection threat vector. l Prioritise operational resilience - Aim to provide operational continuity through cyber resilience. l Understand your risk - Be aware of the safety, integrity, legal and availability risks of your networks and assets. l Implement security layers - A well designed and defended enterprise architecture should include multiple layers of security; being able to identify attacks early will minimise impact. l Segregate vital systems - Segregation of vital and non-vital systems minimises the attack footprint and the provision of security gateways and encrypted conduits will help protect essentially services. l Minimise user privileges - Restrict access to the most data critical systems to those who truly need it using Role Based Access Control (RBAC). l Minimise media connectivity - Removable devices and unmanaged media remain a high risk, limit the use of such devices and design out their use with a secure remote access solution where appropriate. l Prepare for maintainability - Digital assets will require regular patches and updates, this needs to be a secure central solution that minimises user interaction through a DMZ automated process. l Prepare for monitoring - Monitoring is vital; building in an anomaly detection capability to your networks will help to future proof your systems design. l Manage third party risk - Manage your supply chain risk via the adoption of a standardised System of Systems approach, underpinned by baseline architecture, external security gateways and a code of connection. l Implement change assurance - Threats change on a regular basis; your Design Assurance regime must be cognisant of these developments and respond to any emerging risks during the system lifecycle. “The above points are based on many similar control network designs,” Brown explains. “CCTV and access control are not really that different from energy and power control networks or some of the modern signalling control networks. The one thing to note is the monitoring and behavioural analytics which is intended to monitor all crown jewels in

38 se&n

SEN819_36cyber.indd 38

1/8/19 2:17 pm

SEN819_39.indd 1

1/8/19 12:58 pm

● Special report

Cyber security

their own VPN (zones) and is made possible by the firewall allowing access to the various VPNs. This does require care and monitoring equipment that is VPN-savvy.” Rusty Blake of access control manufacturer Inner Range agrees it’s never possible to be 100 per cent secure any device or system accessible by a wouldbe attacker, assuming the attacker has unlimited resources and unlimited time. “That said, it is certainly possible to harden a network-facing device or system to the point it becomes unrealistic or impractical to carry out a successful attack,” Blake says. “Partnering with systems that design cyber security at the core is essential in mitigating most attacks. “Access control systems are a huge asset for security, offering integrated and intelligent responses to events on site and the best access control systems guard against cyberattacks as well as physical threats to ensure more robust safety and security for people and places.” Blake says staff error is arguably the greatest cyber security threat, though there are other contenders. “It’s well known there’s an advancement in sophisticated machine-learning and automated botnet attacks, but human error is still a risk,” he explains. “Many organisations are deploying internal systems and tools to help staff protect themselves from wrong clicks – end-point protection is an example. It really depends on each organisation as to how they train staff and what cyber defences they have in place.” When it comes to steps integrators should take to ensure vulnerabilities are significantly reduced, Blake says there are a number of options. “Isolate the security network (VLAN, firewall or air gap if possible), change default passwords, stop unneeded services that may be running in the background, update firmware/software to the latest versions, setup operator permissions and implement strong passwords and 2FA (where possible) – that’s a good start,” he argues. “Setting up basic cyber security rules to harden a device or system is straightforward. There are a plethora of documentation and training courses online. Cyber security is always evolving, and ongoing management is also very important. Fortunately, there are easy-to-deploy cyber security management tools that can proactively notify the installer/end-user should there be a vulnerability found or attack detected. A network intrusion detection system is one such tool.” According to Blake, while it’s possible to protect networks with isolation, more needs to be done. “Isolating networks and systems is a good first step but doesn’t go far enough by itself,” Blake explains. “Security installers and end-users can implement an array of defences but the actual system itself needs to be designed with cyber security at its core. There are some key areas that should be looked for in a

ENSURING YOUR SYSTEM IS ‘ALWAYS ON’ IS ANOTHER KEY ELEMENT TO REDUCING THE RISK OF CYBER BREACHES IN VULNERABLE DOWN-TIME.

hardened security system. “Secure communications are paramount for cyber security, whether that’s via in-house private communication networks or between access control system controllers, servers and door modules, or when the core system integrates with third-party products, such as CCTV,” Blake says. “A robust level of end-to-end encryption across all these communication channels and interfaces is vital. Data encryption ensures secure LAN communications and continuous monitoring will detect any fault or attempted module substitution. “Another tactic is to implement sandboxing - a software management strategy that isolates applications, such as your access control system, from critical system resources and other programs, such as other products integrated with your core access control system. It provides an extra layer of security that prevents malware or harmful applications from negatively affecting your access control system. “Without sandboxing, an application may have unrestricted access to all system resources and user data on a computer. A sandboxed app, on the other hand, can only access resources in its own ‘sandbox’. An applications sandbox is a limited area of storage space and memory that contains the only resources the program requires. If a program needs to access resources or files outside its sandbox, permission must be explicitly granted. “Where a higher than normal level of security is required, you should ensure devices connected to the access control system have their own MAC addresses to help guard against cyber security breaches. This measure prevents module substitution. For example, if an attacker attempted to replace devices for others, the system would alert operators to the unauthorised change. “Ensuring your system is ‘always on’ is another key element to reducing the risk of cyber breaches in vulnerable down-time. A security system should offer high availability with an IP network that runs multiple instances of itself – at the same time – across multiple nodes or servers at local, national and global levels. Solutions such as database failover clustering means it will auto-connect to available nodes when necessary and ensure there is no compromise to the system.” Blake says fine grain permissions for users are also useful. “Security systems that allow fine grain tailoring for permissions and protocols offer better protection from would-be hackers,” he explains. “For example, systems that allow you to create completely bespoke access credentials for each member of staff and visitor ensure they can only access authorised areas and systems. “Further, systems offering a full forensic audit trail are vital for robust cyber security. Forensic audit reports cover every single action and engagement

40 se&n

SEN819_36cyber.indd 40

1/8/19 2:17 pm

with the access control system and can be reported at local, national or global levels. This means security managers can see exactly who has done what to the system and when. A good audit trail system should have the ability to roll-back changes made to system programming by any person or entity at a specific date and time. This means, for example, changes made by a rogue operator can be undone in one action and the system programming rolled back to exclude these changes.” If you were setting up a secure electronic security solution that included access, intrusion and CCTV, what would the topology look like? “The establishment of dedicated network security devices is key, with examples being a good quality stateful firewall (at the internet border and even between network segments if necessary), and an internal intrusion prevention system and intrusion detection system,” says Blake. “Other configuration options to help prevent attacks can include shutting down ports that don’t need to be used, setup of VLAN’s to segregate traffic and isolate an attacker, setup of access control lists to surgically control the flow of traffic (particularly for high security devices), locking network ports to pre-defined MAC addresses or better yet, using 802.1X certificate based authentication and setup of a centralised system log server to actively monitor and report certain activity.” Raymond Frangie of consultant NDY agrees it’s not possible to completely secure a network-facing electronic security solution. “This is a question I hear quite often, and in short,

the answer is no,” Frangie says. “With the continually changing threat landscape, malicious attackers are always finding new and exciting ways to break into networked environments. When operating in cyber and information security spaces, there are 3 key aspects; people, processes, and technology. “The problem we have in today’s world is not so much the technology but people, and slightly less, processes. Security awareness and security awareness training is lacking in most organisations, and where it exists, is of variable quality and effectiveness. This lack of awareness training subsequently causes environments to be vulnerable, even though most user mistakes may be innocent.” In Frangie’s opinion, the most dangerous cyber security threats facing security managers and security integrators in 2019 are multifarious. “Specifically targeting the security environment, I would expect to see a continued rise in popularity and reporting of distributed denial of service attacks a.k.a. DDoS attacks,” he says. “Continued cyber threats that target the exponential growth and deployment of devices classed as the Internet of Things, which I fondly call the Internet of Threats, is almost guaranteed.” According to Frangie, humans will always be the weakest link in any security system. “I have audited numerous environments throughout my career, and the simple lack of following vital industry best practices is quite concerning,” he explains. “One of the essential best practices I always recommend to clients and colleagues is to deploy the Top 20 Critical Security

se&n 41

SEN819_36cyber.indd 41

1/8/19 2:18 pm

● Special report

Cyber security

Controls from the Centre for Internet Security. It is a known fact that by merely implementing the Top 6 of these 20 Critical Security Controls, organisations can mitigate approximately 85 per cent of known vulnerabilities in networked environments.” We’ve heard a lot about cameras and NVRs being breached – which steps should integrators take to ensure such vulnerabilities are significantly reduced? “In August 2016, a piece of a malware known as Mirai turned networked devices running Linux into remotely controlled bots,” Frangie says. “These bots formed part of a botnet in large-scale network attacks, subsequently known as the Mirai Botnet. This piece of malware is still traversing the Internet and targeting environments. Mirai identified vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords and logged into them to infect them with the Mirai malware. One major problem we see, which allowed Mirai to spread so extensively, is failure to follow industry best practices – in this case changing the default factory configured username and password.” How hard is it to set up basic cyber security rules and protocols, and to manage them? “The majority of cybersecurity controls are pretty straight forward, such as changing default factory-defined credentials and disabling insecure and unnecessary services,” Frangie says. “One of the critical security controls organisations need to deploy is the continual, and real-time automated inventory of hardware and software on their environments. You cannot protect what you do not know is there.” According to Frangie, many settings and configurations allow for secure environments. “When working with CCTV environments, it is imperative that the entire network is looked at and not just the CCTV cameras themselves,” he says. “Advanced, low level, physical or logical network segmentation is critical in not only the deployment of CCTV environments but all environments. This segmentation includes isolation of cameras, NVR’s and CCTV management servers, each deployed on isolated and dedicated physical or logical networks. It is also imperative that all traffic traverse dedicated firewalls and not just switching layers. Network switches are not designed to inspect malicious traffic; it is not their role. “For the CCTV cameras themselves, changing default login credentials to unique and complex credentials is essential. Disabling insecure communication protocols such as Telnet is also a great place to start. Further security by disabling weak encryption algorithms and ciphers for Secure Shell connections such as non-AES, AES-CBC, as well as anything before Transport Layer Security (TLS) Version 1.2 for Web Management Portals, all assist in making these environments more secure.” The electronic security industry has used subnets

Raymond Frangie

CONTINUED CYBER THREATS THAT TARGET THE EXPONENTIAL GROWTH AND DEPLOYMENT OF DEVICES CLASSED AS THE INTERNET OF THINGS...IS ALMOST GUARANTEED.

to keep attackers at bay – is this an effective strategy? “Using subnets and siloed networks to segment environments is the best form of network design to keep attackers at bay,” Frangie says. “Configuring CCTV cameras, NVRs, CCTV servers, electronic access control devices, and other systems in buildings and environments on dedicated virtual networks is the way forward. This segmentation, however, is heavily reliant on the configuration and design of the rest of the networking environment. “For example, segmenting an environment into multiple virtual networks (VLANs) and placing the gateways of such networks on switches rather than firewalls is pointless. Yes, a switch configuration can include access control lists (ACLs), however, a switch cannot perform deep packet inspection of network traffic against known and unknown threats. Switches do not have advanced intrusion detection and protection functionality. The old mentality of core switches and setting VLAN gateways on core switches is no more. Core switches should be no more than a simple layer 2 distribution layer.” Frangie argues organisations need to ensure logging of all traffic and forwarding of such logs to security incident and event management (SIEM) infrastructure for analysis and correlation to detect malicious events. “Another recommendation is to perform passive real-time vulnerability and network analysis,” he explains. “Furthermore, organisations need to stop looking at how to design and build environments on the cheap to maximise profits. Providing equipment that does not meet the bandwidth requirements of environments or taking shortcuts on design to save money increases the risk of cyberattack. The money saved by such alternatives may be a false economy, due to financial penalties from legislative and regulatory breaches such as Australia’s NDB Scheme or the European Union’s GDPR if an organisation falls victim to a cyberattack.” Frangie says geo-political cyber security risks also need to be considered. “Geo-political cybersecurity risks and issues are a big deal as these risks can affect an organisation on many fronts,” he explains. “Two-thirds of cybersecurity professionals polled at the recent RSA Conference 2019 said they have had to change where they do business and with whom due to international cybersecurity concerns. Recently, attacks attributed to nation-states include attacks on US energy infrastructure, the NotPetya malware, the Sony breach and the WannaCry ransomware. If you were setting up a secure electronic security solution that included access, intrusion and CCTV, what would the topology look like? “Every design is on a case by case basis,” Frangie says. “A generic topology, however, would see the CCTV cameras, NVRs, CCTV management servers, all electronic access infrastructure, and management systems on isolated networks. For large environments, these dedicated networks may

42 se&n

SEN819_36cyber.indd 42

1/8/19 2:18 pm

also be further segmented into smaller manageable networks or zones dependent on the environment, albeit still isolated and segmented. “These networks are also isolated from the rest of the building networks, which in their own right, must be appropriately segmented and undergo the same form of secure network design and configuration. Configured on the firewalls are each of the gateways for these respective networks. This strict configuration enforces all traffic requiring network traversal to undergo deep inspection and analysis via the configured security profiles defined on the firewall. Secure configuration and hardening of every device and system per industry best practices and standards must also be defined, with active overall automated network monitoring, analysis, logging, and inventory systems. “Finally, it is always best that organisations have dedicated and certified cybersecurity professionals who are also members of industry associations, bound by codes of ethics. Industry associations such as the Australian Computer Society, the Australian Information Security Association, and other global associations such as ISC2 and ISACA are places to start. ICT professionals often have super-user system administrator rights; it is therefore also vital to support cybersecurity risk controls and security education by adequate personnel security vetting. This vetting includes ensuring that staff with trusted insider access to valuable information and tangible assets are and remain suitable.” Con Sgro of Gallagher agrees it’s never possible to completely secure a network-facing electronic security solution but he argues that the possibility of a system being threatened needs to be put into perspective. “The type and size of the client will depend on the attack vectors as well as the scope of the protection needed,” Sgro says. “For instance, a university faces risks around personal data, defence and government sites have the potential of external attacks, and commercial institutions generally want to protect access to assets. It’s really important to assume that the network may be compromised and adopt a layered approach, for example protecting each layer of network and hardware components to isolate any compromise. Identifying and utilising end-to-end security solutions is key.” For Sgro, the most dangerous cyber security threat facing security managers and security integrators in 2019 is inactivity. “There is generally a small team (if not one person) looking after a site’s networks and systems, but there’s an unlimited number of people willing to ‘test; those systems,” he says. “There are numerous systems in place to help IT teams keep up to date with their systems. Manufacturers in this space are now starting to use common vulnerabilities and exposures (CVE) notifications when an issue is apparent in their systems, as well as software maintenance agreements to keep clients on the

latest supported versions. “Social engineering and ignorance of protocols are always going to offer easy targets for attackers the main problem here is that the more onerous the protocols are, the greater the chances for inactivity, error, or plain ignorance. IT departments are unable to stop BYOD (bring your own device) and the risks that it naturally brings with it. Again, the best way forward is having layered security which isolates each potential compromise and minimises the risk. “Silo-ing a networked system is still a great way to protect a high security system or simple systems without integration. The issues become apparent when you want to use the full feature set of an integrated system, for instance the ability to automatically send notifications to people in certain areas of the site, for evacuation purposes or to let people know why an area has been locked down. For that you need secure networking.” Genetec’s Mathieu Chevalier argues that instead of completely securing a network-facing electronic security solution it’s more practical to be laserfocused on risk reduction; there are too many variables inside and outside an organisation to ever achieve a 100 percent fully secured solution, he explains. “When it comes to the biggest cyber security threats, many organisations have yet to master basic security practices and hygiene. While some would not consider this an advanced threat it’s the foundation upon which securing against advanced cyber security threats rests.” Staff error, inattention or failure to follow IT security protocols contribute? “Yes, those are certainly very important threats affecting all industries,” Chevalier says. “It comes back to my point about organisations failing to master basic security practices and hygiene and it is the best place to start minimising risk.” How should integrators reduce vulnerabilities of CCTV cameras and NVRs? “The physical security industry is still struggling with implementing basic IT security best practices,” argues Chevalier. “Things like changing default passwords and rotating them on a regular basis, updating video device firmware in a timely fashion and using HTTPS. Those are the easiest areas to exploit for a hacker, because they provide the best return on investment. Consequently, these are steps integrators should focus on first. “While in theory secure set-up should be relatively easy, organisations often run into problems when it comes to managing the scale of enforcement and ensuring that they continuously evolve their rules and protocols. An effective risk mitigation strategy should be based on best practices and framework and must constantly adapt to evolving threats. That is not an easy task, but it is essential to any organisation. It will be easier to manage if all the right stakeholders are involved and if a proper security risk assessment is performed before setting

se&n 43

SEN819_36cyber.indd 43

1/8/19 2:18 pm

● Special report

Cyber security

up the rules and protocols. It may sound simple, but in my experience changing the default password and keeping the devices up to date is a fundamental way to manage risk (of CCTV cameras.” The electronic security industry has used subnets and silos to keep attackers at bay in the past – would you argue that to get the best performance from our solutions we need to re-imagine system designs to factor in cyber security threat? “Yes absolutely, however, this should not be your only line of defence and that is probably where the industry has sinned in the past,” Chevalier says. According to Chevalier there are multiple reasons for geo-political cybersecurity risks. “Importantly, cyberattacks currently do not cross the threshold for a kinetic military action response (i.e., active warfare),” he explains. “This means that it’s an interesting tool for nation states to use against one another with less physical consequences (although we’re seeing an increasing number of cyberattacks putting people’s lives at risk and causing physical harm). “Cyberattacks can therefore be used to retaliate, send a message, or gather information to maximise damage in future kinetic conflicts. Layered on top of this, is the attribution problem - it is hard to clearly identity the attacker, making cyber investigations incredibly challenging. The rules on this are still yet to be written so this leaves a lot of room for actors to be creative.” Dahua’s Roewe Ji says that for security managers and security integrators, the biggest security threat they face is that they cannot fully and specifically master the network security state, and it is difficult to establish a comprehensive security operation system and comply with it. “We have to admit that no product can tackle all potential cyber threats in the digital age,” Ji explains. “Especially when the users do not have sufficient security awareness and the habit of regularly updating software on their devices. “Cybersecurity is a common problem faced by many companies. What we can do is to act as a responsible manufacturer, actively respond to changing network attack patterns and act fast for new vulnerabilities. Our PSIRT (Product Security Incident Response Team) is a CNAs member of the Mitre.Org organization and is responsible for receiving and confirming Dahua product security issues. “At the same time, according to the standards and norms of incident response and security team forum of FIRST.Org, security warnings and notifications are provided for security incidents and vulnerability responses to ensure that customers and end users can obtain security. “As for integrators, it is necessary to undertake customer network topology planning and achieve effective access isolation control. Regularly provide IT asset security inspection and evaluation of

Con Sgro

SOCIAL ENGINEERING AND IGNORANCE OF PROTOCOLS ARE ALWAYS GOING TO OFFER EASY TARGETS FOR ATTACKERS...

equipment, regularly upgrade new equipment procedures, upgrade operating system patches, and provide users with secure training and security service support.” We’ve heard a lot about cameras and NVRs being breached – which steps should integrators take to ensure such vulnerabilities are significantly reduced? “All stakeholders should consider meeting new challenges,” says Ji. “To this end, manufacturers, system integrators, end users, and security service providers should all act together to reduce cybersecurity attacks. “Manufacturers should be responsible for product safety baseline SDL life cycle research and development, and system network security protection design. They must comprehensively improve product safety quality from a security baseline, privacy protection, threat modelling, security testing, simulation testing, vulnerability management and emergency response. They also need to provide product safety solutions and product safety issues upgrade and repair procedures. “System integrators should be responsible for ensuring the deployment of equipment to prevent defects or weaknesses that may be exploited or violate system security policies due to improper operation. The end user’s usage habit is one of the important part of network equipment security. Even the product security is further improved, the end user needs to take appropriate protection measures; otherwise the risk of being exploited by an attack still exists. “End users should set passwords according to the strong password policy and change passwords regularly when using the system. Users need to modify the default access account password as recommended by the manufacturer, regularly update new procedures and access to the network, according to the system application scenarios needed. “It is not recommended devices be directly exposed to the Internet. If the end user is an enterprise/team, proper security training a for employees is necessary, teach them to understand the known security risks, identify the risks in the use process, and timely report to the IT information security department to take necessary actions and measures “Additionally, the security service provider should regularly evaluate the information security of the system and examine the security risks caused by improper operation in the operation or management of the system, take good care of IT infrastructure and regular security maintenance, and update the operating system, application system, database, middleware and other patches, and pay attention to overall security risk management and control.” How hard is it to set up basic cyber security rules

44 se&n

SEN819_36cyber.indd 44

1/8/19 2:18 pm

and protocols, and to manage them? According to Dahua’s Diango Bian it is simple to establish basic network security rules and protocols, but regularly reviewing the implementation of security rules and protocols, identifying gaps, and continuously improving security rules and protocols requires long-term attention and continuous investment. “The most important security setting is to turn off unsecure or unnecessary services, set strong password management policies, and establish effective access control methods,” says Bian. “Other settings such as regularly change passwords, do not use weak passwords or common phrase passwords; prohibit devices from being exposed on the Internet, reduce the probability of being attacked; use encrypted communication methods such as TLS are also important. A full access cyber security solution is built from the perspectives of terminal security, video access security, core data security, network security, and security operation and maintenance.” Clavister’s Mattias Nordlund argues anyone who says an internet-facing electronic security solution can be 100 per cent secure isn’t being completely honest. “State level threats, high level advanced actors can get into almost any network if they want to,” Nordlund says. “You’d have to be air gapped and in an almost military level environment to be that assured. But what most companies and organisations need help combatting are criminal cyberattacks, be they DDoS attacks, ransomware or spyware. Cybersecurity and network security vendors can help with almost all their needs. Companies have a responsibility to protect their networks and make sure their organization’s data as well as customer data is secure. “In 2019 there are 2 big threats that we see. One is that identity is the new perimeter - that the person accessing the network is who they say they are and that they have the right privileges to the data they’re requesting. There’ll be a large focus on identity access management solutions in the cybersecurity conversation this year to address the problem. The second issue is the rise of SSL inspection as encrypted traffic to sites like https websites and other sites rises dramatically. Recent data by Gartner has found that 50 per cent of malware deliveries are coming through encrypted traffic which traditional firewalls don’t see. The solution is advanced threat protection through SSL inspection.” Would you agree that the greatest threat is still staff error, inattention or failure to follow IT security protocols? “Absolutely – 80 per cent of data breaches occur because of insecure passwords,” Nordlund says. “That’s entirely preventable but we need to educate users and IT administrators on how to be better. If you look at how we got better with phishing attacks,

making people understand not to click on suspicious files and such, then we can be optimistic that the human firewall problem is getting better…but it’s far from where we want to be.” Which steps should integrators take to ensure such vulnerabilities are significantly reduced in network devices like cameras and NVRs? “I’d say the first and most powerful and important one would be having strong segmentation on the network where those devices are so as to prevent lateral movement from other breached devices,” says Nordlund. “Together with VPN tunnels with strong authentication for the access to the cameras and NVRs, this would take out most of the problem of bots hijacking IoT cameras. The other step would be testing devices and making sure basics like the default passwords are reset. “Getting this right is not that hard - there’s some basic, common sense things to do on the network that will give big benefits for security. It’s a matter of someone prioritizing that and making the security map and implementing it. For instance, when it comes to securing CCTV cameras, change those default passwords! It sounds almost stupid to say but that’s how wannacry spread like wildfire and made us realise that we’ve been taking IoT security too casually.” Would you argue that to get the best performance we need to re-imagine system designs to factor in cyber security threat? “Yes, you hit it on the head, reimagine is exactly right,” Nordlund says. “VMware CEO Pat Gelsinger and Intuit director Shannon Lietz gave a great presentation at RSA that stated because of the hyper focus on security threats we’ve actually failed at protecting our customers. What we need to do is rethink the security architecture. They propose starting at the app level; encrypt at the app level, not at the network level, reduce the threat surface rather than simply react to threats as they come. I think they’re onto something - we need to simplify, to go back to basics and bake security into the infrastructure.” n

se&n 45

SEN819_36cyber.indd 45

1/8/19 2:18 pm

Proudly brought to you by

● Regulars

Monitoring

Your Monitoring Specialists

1300 130 515

www.bensecurity.com.au

Imagining The 3G Sunset THE Australian alarm monitoring industry needs to lock in plans for the sunset of 3G/ CDMA wireless alarm communicators over the next couple of years if they hope to put together a coherent plan for the inevitable.

T’S not that 3G doesn’t work beautifully in support of low data alarm systems, home automation solutions and machine comms – the real issue is that as investment in 4G LTE peaks and subscriber influx maxes out bandwidth potential, telcos will need to leverage every hertz of wavelength they can get their hands on just to keep up with runaway consumer demand. The Americans are putting 3G sunset at 2-3 years away – Verizon says December 2019, while AT&T is aiming for 2022. In their case, there are 10 million 3G communicators to upgrade. It’s far fewer in Australia but don’t think the issue won’t be significant. The 3G sunset is made redder by the fact that as Aussie installers have hopped out of 2G and dialler comms they haven’t gone over to blue cable in any numbers – it’s too messy and too risky. They’ve almost all gone 3G wireless. What this means is that in a few years most of Australia’s monitored alarm system communicators will need

WHEN SHOULD INSTALLERS AND INTEGRATORS STOP INSTALLING 3G MODEMS? NOW IS A GOOD TIME.

replacing – a task that is going to be time consuming for installers and expensive for customers – at least $A200 per device with multiple phone calls and a physical call to each location. If you put Australia’s total line numbers at 500,000, the task of juggling service calls alone is going to be beyond the industry’s capacity to manage. How much time do we have? Telstra says it will turn off 3G connectivity this year but will leave 3G services running on the 850MHz spectrum. The word is 3G will completely shut down in 2020 but it may be longer than this. Making matters more challenging is that 3G isn’t only the domain of basic alarm systems. Some of the latest security and home automation solutions have wireless-only 3G comms baked into them – same goes for higher end access control and intrusion detection systems, as well as legions of smart meters. Meanwhile, 3G also supports various monitoring systems in cars and heavy vehicle fleets, as well as providing mobile comms for law enforcement, emergency services and defense applications. Most security and automation systems still have a distinct proprietary air – users are not at liberty to climb under the hood and swap out wireless modems willynilly. Pairing a new communicator with a monitoring station is not plug and play.

As for self-monitoring DIY systems – in a couple of years every DIY alarm system with 3G-based comms ever installed will be a throwaway – the expense of swapping out modems will be greater than the cost of replacing entire solutions. In some cases, there may be an opportunity to upgrade users from

46 se&n

SEN819_46monitor.indd 46

1/8/19 1:49 pm

Proudly brought to you by

Your Monitoring Specialists

1300 130 515

www.bensecurity.com.au

Telstra says it will turn off 3G connectivity this year but leave 3G services running on the 850MHz spectrum. The word is 3G will shut down sometime in 2020.

their legacy gear to the latest 4G LTE security and home automation systems â&#x20AC;&#x201C; higher res video is an attraction of 4G. But in many cases, installers are not going to want to risk the loss of a monitored line by burdening a user with a capital expense which leads them to a reappraisal of their relationship with monitored intrusion detection systems. Another possibility is that a 4G gateway

might be DIY â&#x20AC;&#x201C; installed in-premises that allows the 3G modem to continue chugging away for a decade or more â&#x20AC;&#x201C; time enough for a more natural upgrade process to develop. This bestcase scenario is still going to cost users around $200 and would save installers going site-to-site but it could light up help desk switch boards like Christmas trees. When it comes to the 3G sunset, the

devil is going to be in the detail and the sooner industry bodies, alarm monitoring providers and attendant security and home automation suppliers get their heads together, the better customer outcomes are going to be. When should installers and integrators stop installing 3G modems? Now is a good time. Every 4G modem installed today is a future problem solved. n

se&n 47

SEN819_46monitor.indd 47

1/8/19 1:49 pm

● Special report

Security 2019

SCENES FROM SECURITY 2019 Security Exhibition & Conference wrapped up late last month after 3 busy days at Sydney International Convention and Conference Centre, Darling Harbour. There was plenty to see and do at the show, as well as all the latest solutions and technologies to catch up on. VERY year we get an opportunity to take a look at a serious cross section of the latest security products and solutions at Security 2019, which was held this year at the ICC Darling Harbour in Sydney. SEN’s full show report will be going into greater depth but it’s worth pointing out that the evolution of the industry’s solutions was clearly evident at the show. Particular strengths of this year’s exhibition were to be found in management solutions of all types, in a significant expansion in the capabilities of analytics software – as well as devices with analytics at the edge. It would be a mistake to suggest these continuing trends suggest a pull-back from hardware devices, because that’s not so. There was plenty of beautiful electronic security hardware to be seen,

from biometric readers and task-specific cameras to intercoms, keypads, access controllers, locks, automated barriers and loads more. The feel of the show was good – Day 1 was probably the strongest of the 3 but walking around I saw plenty of action on most stands each day, including in some of the far-flung corners of the room, and the overall feedback from exhibitors was satisfaction.

48 se&n

SEN819_48show.indd 48

1/8/19 1:50 pm

se&n 49

SEN819_48show.indd 49

1/8/19 1:50 pm

● Special report

Security 2019

I SAW PLENTY OF ACTION ON MOST STANDS EACH DAY, INCLUDING IN SOME OF THE FAR-FLUNG CORNERS OF THE ROOM AND THE OVERALL FEEDBACK FROM EXHIBITORS WAS SATISFACTION.

50 se&n

SEN819_48show.indd 50

1/8/19 1:50 pm

THERE WAS PLENTY OF BEAUTIFUL ELECTRONIC SECURITY HARDWARE TO BE SEEN, FROM BIOMETRIC READERS AND TASK-SPECIFIC CAMERAS, TO INTERCOMS, KEYPADS, ACCESS CONTROLLERS, LOCKS, AUTOMATED BARRIERS AND LOADS MORE. se&n 51

SEN819_48show.indd 51

1/8/19 1:50 pm

● Regulars

The Interview

Regional Flavour In this month’s interview, John Adams speaks with Ashley Grembka of Atek Solutions in Mildura about the challenges and opportunities facing security integrators in country towns.

JA: What’s the most important quality for a security integrator in a country town with a population of around 50,000? AG: Integrity – to be upfront, honest and personable. JA: What are the greatest challenges you face on a day to day basis? AG: Finding enough hours in a day.

JA: Is it difficult to find and retain quality staff? AG: Yes, it can be – Good technicians are hard to find with the experience and skills required in the industry, it also helps to have a background in electronics. With a decline in the numbers of electronic service industry technicians with these skills, quality staff are hard to find.

JA: How important is diversification? Can you focus on security or do you need to bring in additional services? AG: Diversification is important, while there is a growing need for security and CCTV it helps to have other services to offer as there are always lulls at certain times of the year.

JA: How vital are relationships when working in smaller centres – how important is reputation? AG: Reputation is very important, especially in small towns and communities as it doesn’t take long to become known for your work, good or bad.

JA: How competitive is the market – and is it just local competition or do big nationals horn in on plum jobs? AG: It is reasonably competitive locally and from bigger national companies. There are more than 8 companies locally that are competing for CCTV and security services, we also find that larger companies from Sydney and Melbourne will weigh in on larger projects like hospitals, public surveillance, mining and solar farms.

JA: There can be more property crime in rural areas than city people realise – and more valuable remote assets to protect. Do primary producers make up a significant percentage of your business? What would the split be between town work and country? AG: Yes, there are a lot of farms in the general area that are secluded, with equipment, fuel, chemicals and product that thieves will target. Our current workload between local homes/ businesses and primary producers would be around 50/50.

THE ELECTRONIC SECURITY INDUSTRY CAN BE VERY REWARDING TO BE A PART OF, WITH ADVANCING TECHNOLOGY SPANNING IT, IP NETWORKING, ELECTRONICS, ELECTRICAL SYSTEMS AND AUTOMATION.

JA: Public safety and surveillance solutions in town centres – there’s a definite trend to install and/ or upgrade these solutions with the latest technologies, including analytics and thermal. Are you seeing that? AG: There has just been an upgrade

to the local city surveillance system to include extra cameras around the Mildura CBD and Murray riverfront, these are typically PTZ cameras. I haven’t seen thermal cameras being used and I am unsure of the analytics behind the scenes. Recent works were conducted by an out-of-town company. JA: Do you talk much with other regional integration businesses, partnering up when applicable to extend your capabilities? AG: Yes, we work with electricians, IT companies, automation integrators and other security installation companies to create solutions that meet our client’s needs. JA: How important is recurring revenue from alarm monitoring to your overall business? Do you install mostly wireless (GPRS) or IP-enabled gear? AG: It’s important to us as it adds value to our company and it’s great to realise that your time is not only for sale an hour at a time. With regards to monitoring, we use a mix of both IP and GPRS technologies. JA: What’s the most challenging thing about security installations in the country from a technical perspective? AG: There can be some challenges with respect to layout of properties and large distances between buildings requiring point-to-point Wi-Fi links or underground cabling. Sometimes there is also a lack of technical challenges, such as lift/elevator and access control for multi-story buildings. JA: How is the NBN going for you – has the process been messy or relatively simple to navigate? AG: I know the NBN has been difficult for some of our clients migrating from ADSL and 4G in the initial changeover, however, it has been reasonably simple for us after the installation is complete and working. Reliability and speed remain a concern for some clients. JA: When did you establish your business, Ashley? What’s your background – have you always worked in the electronic security industry or did you come across from electrical or elsewhere?

52 se&n

SEN819_52interview.indd 52

1/8/19 1:10 pm

JOHN ADAMS WITH ASHLEY GREMBK A

AG: I established Atek Solutions in 2015. My background was initially in the electronic repair industry as an electronics technician. But the service industry started to slow down due to cheaper electronic appliances. When TVs, sound systems, microwaves, DVD and VCR players became throw away items I progressed to a position at a cable TV/Internet company servicing and maintaining hybrid fibre, coax (HFC)

networks and headend transmission equipment. From there I progressed on to security, video surveillance and communications. JA: What advice would you give to youngsters in regional centres looking at the electronic security industry as a career? In what areas should they focus their training? How can they succeed in the business?

AG: Above all, be personable. Take pride in your workmanship, be keen to learn and have a general interest in technology. The electronic security industry can be very rewarding to be a part of, with advancing technology spanning IT, IP networking, electronics, electrical systems and automation. Itâ&#x20AC;&#x2122;s important to gain knowledge across all these areas, including the basics of electronics from the component level up. n

se&n 53

SEN819_52interview.indd 53

1/8/19 1:10 pm

● Regulars

Products

Editor’s choice NEW SHEPHERD SECURITY PANEL FROM CROW l SHEPHERD is Crow’s next generation of security and safety

panels, offering the highest standards of reliability in data transmission via its multiple encrypted communication paths and advanced cloud services suite. Features include a smart and wide portfolio of security, safety and home comfort devices with an extended life time. There’s SOTA Software Update Over-The-Air for easy remote configuration, wireless equipment upgrade and testing, and FOTA Firmware Over-The-Air for devices. Other features include advanced diagnostic tools for optimal installation and configuration, artificial intelligence with detection and recognition, Crow Cloud and Smart Shepherd apps and CMS/ ARC management software support, offering big data turned into smart data. Shepherd is compatible with Amazon Alexa and Google Assistant for IoT voice activation. Distributor: Consolidated Security Merchants Contact: 1300663904

AETEK EPOT LONG RANGE POE EXTENDERS l AETEK EPoT long range PoE extenders overcome the general

100 metre distance limitation when running Cat5E or Cat6 cable. These long range PoE extenders can expand the transmission distance up to 1,200m with a data rate of 100Mbps and a 9.7W PoE budget at the transmitter end (this PoE budget will vary depending on power input and distance). Both indoor and outdoor options are available. The outdoor version is protected by an IP67 weatherproof and an IK10 vandal resistant casing as well as a built in PoE surge protection of 6KV. This range of extenders must be sold in pairs, so the RX must be installed at the local site and the TX unit has to be installed at one end of the PoE IP device. Distributor: CSD Contact: 1300 319 499

What’s new in the industry.

PELCO RELEASES VIDEOXPERT PLATES l VIDEOXPERT Plates is an automatic license plate recognition (ALPR) system used for detecting and capturing vehicle license plates through video feeds. The system integrates with VMS like VideoXpert or can be used on its own. VideoXpert Plates uses advanced optical character recognition (OCR) engine technology, which detects and captures plates with greater than 97 per cent accuracy and minimizes false positives. VideoXpert Plates can detect vehicles moving up to 150 mph (250 kph). VideoXpert Plates enables access control for restricted areas such as loading docks and employee carparks. If the area has a gate, fence, or garage door, this solution can automatically control which vehicles are authorized to enter or exit the area, which reduces the need for additional security personnel on the scene. The system can simultaneously detect license plates from multiple states, provinces, and 200 countries without the need for additional engines or databases. Driving the system is VideoXpert Plates Manager. Distributor: Pelco Australia Contact: +61 2 9125 9310

DAHUA TECHNOLOGY XVR SUPPORTS FULLCHANNEL AT & AF POC CAMERAS l DAHUA has launched a new series of digital video recorders comprising XVR5104H-X-4P, XVR5108H-X-8P and XVR5216AN-X16P. These units have stronger functions while saving a significant portion of wiring and power cost, thanks to the Dahua HDCVI-PoC technology that realizes transmitting video/audio/power/data over a single coaxial cable. Dahua HDCVI PoC cameras come in 2 types: AT mode (maximum power consumption =12W) and AF mode (maximum power consumption =6W). The new series of recorders support fullchannel Dahua AT and AF PoC camera access, regardless of different series and resolutions, with zoom or fixed lens. Meanwhile, the PoC technology makes it possible for back-end recorders to provide instant power, through the same coaxial cable, to PoC cameras, which is a more stable way of energy supply. Dahua Technology’s -PoC products support broadcast-quality audio, which is far better than ordinary coaxial cable transmission. Moreover, the new back-end products are smart enough to automatically tell if it is a non-PoC camera being connected to the system and decide whether to provide power or shut the power down in a channel. Distributor: Dahua Contact: overseas@dahuatech.com

54 se&n

SEN819_54prods.indd 54

1/8/19 1:10 pm

COMPOSITE CABLE FROM CSD

NEW 4K FROM PANASONIC

l NEW access control composite cable has been specifically

l PANASONICâ&#x20AC;&#x2122;S new 4K bullet (WV-S1570L) and 4K dome (WVS2570L) cameras, distributed locally by BGW Technologies, are designed for use in fast changing surveillance environments. The 2 new 4K (3,840 x 2,160) capture the highest quality resolution images, perfect for capturing evidence, with the large image sensor realizing wide area surveillance with high quality images. Intelligent Auto (iA) monitors scene dynamics and motion to adjust key camera settings automatically in real-time reducing distortion such as motion blur on moving objects, with auto shutter speed control for moving objects. With both the dome and bullet adopting H.265 Smart Coding technology, bandwidth efficiency is intelligently increased for longer recording and less storage. Out of the box, the camera supports full data encryption streaming and is compliant to FIPS 140-2 Level 1 standards to keep your video secured.

designed to save significant time and money for the installer. By running a single, 100 per cent copper cable consisting of; 1 x data cable for Sifer or standard card readers, 1 x 4 core 14.020 for REX and breakglass, 1 x 6 core 14.020 for Tongue Sense, Handle Position and Reed switch, 1 x figure 8 14.020 for lock power all together in a green PVC outer sheath eliminates cable jagging and in most cases the need for a 2 man job significantly reducing installation costs. This high quality cable is priced very competitively and has been designed and manufactured to meet the Australian standards and the demands of the security industry. Distributor: CSD Contact: 1300 319 499

Distributor: Panasonic Security Contact: 132 600

PARADOX WD1 WATER DETECTOR l PARADOX WD1 water detector is designed to trigger an alarm

upon contact with water, minimising the risk of severe water damage from leaks or floods while you are home or away. Being a 2-way device gives an extra level of security, and ensures communication to the panel, especially during detection. It can also be easily programmed to shut off an electric water valve on alarm using our 2-way PGM. The main unit is designed for a flexible home installation by being free standing or surface mounted, featuring a built-in piezo buzzer and LED. The WD1 makes installation more suitable by including a floor bracket and screw kit, so there is no need to drill additional holes in the walls and ceilings. To broaden the range of exposure, you can include the ES1 Extension Sensor which increases the detection area by up to 2 metres through itâ&#x20AC;&#x2122;s dual-sided technology which is completely waterproof. Having no active components, the ES1 can be completely submerged, while the WD1 main unit can be placed safely away for transmission of water alarm. Head into your local CSD branch for more information. Distributor: CSD Contact: 1300 319 499

2-WAY WIRELESS OUTDOOR CURTAIN PIR DETECTOR FROM DSC l BGW Technologies has launched the new DSC Power-G Wireless Advanced Outdoor Curtain PIR detector DSCPG4902. It is compatible with DSC PowerSeries NEO and DSC iotega and will be in stock in September 2019. The new Power-G Wireless Advanced Outdoor Curtain PIR detector is a powerful device that creates a narrow protective shield across windows, balconies, doors, driveways and other entranceways, for superior outdoor detection with minimal false alarms. Small in size, this device is big on performance. Weatherproof (IP55) and pet-immune, with anti-masking capabilities, it delivers accurate, reliable detection in severe temperatures (-35C to 65C) and demanding outdoor environments. This sensor leverages Power-G wireless technology, which combines spreadspectrum frequency-hopping wireless communication technology with 2-way 128-bit AES encryption to provide high-level protection and extended battery life. Distributor: BGW Technologies Contact:+61 2 9674 4255

se&n 55

SEN819_54prods.indd 55

1/8/19 1:10 pm

● Regulars

Help desk

Our panel of experts answers your questions.

for internal applications, but lifespan is around 5 years – much less than for an all-stainless externally-rated unit. Something else to look out for are robust poly keypads with a gloss finish that are backlit. Such finishes wear more slowly.

Q: It seems a small thing but while doing some intercom work for a client our techs noticed a keypad used for access control that had obviously used the same code its entire life – 4 keys were very clearly worn, making the task of attempting to guess the code much easier. We like keypads – they are robust and simple and there are no databases or cards to manage but they have vulnerabilities. What are the best ways to manage that? Or would you recommend using keypads that shift numerical position to avoid wear? A: Changing the code monthly is the easiest and least expensive option – even if the monthly codes are repeated the following year the wear pattern will be uniform. Changing the code also reminds users the keypad is part of a security system and the code needs to be protected. It also shuts out contractors or ex-staff who might have been given the code for good reason in the past but are no longer authorised to access the site. Other options are going to include keypads like Codeguard’s scrambler. Touch keypads are also going to help

Q: We’ve been having some issues with hardware damaged by static during on-site commissioning – it seems as though it is easier than ever before to fry circuit boards. Do you think modern devices are more susceptible than they have been in the past or is it something we are doing wrong? A: If you’re working with equipment onsite or offsite there needs to be thought given to static protection. ESD voltages can be massive – up to 30kV – and a person doesn’t need to do much moving around to generate such a high voltage, which comes with damaging current waveforms that can corrupt firmware and pop circuits. Part of the issue is that the tiny electrical paths in modern boards are more vulnerable to ESD. Even if they are protected by fuses, your techs may touch a component up-stream of the board’s defences. There are things you can do. Rubber soled shoes, rubber mats in front of work benches, leaving

systems plugged into AC with mains switched off, so the cabinet retains a ground path, the use of anti-static wrist straps clipped to earth points. And if you’re moving boards around, make sure they are positioned inside or on top of anti-static bags or foam. Q: What do you think are the most important things to look out for when selecting multi-head surveillance systems for large open spaces? A: Key performance vectors are going to include total bitrate from all camera heads, a coverage that doesn’t waste pixels by viewing non-target parts of the scene – this fundamental will spill over into installation choices, selection of brackets, etc. Resolution will also be important – the greater your depth of field, the higher resolution should be. Stitching needs to be looked at closely and you’ll also need to talk with the end user about how the image stream is going to be viewed – in a letterbox format or in separate frames on the VMS. The first is more intuitive, the second makes best use of available pixels. Q: We’re an installation company in Queensland and are working to re-commission an existing alarm

56 se&n

SEN819_56help.indd 56

1/8/19 1:09 pm

and access control system that has been unused for some time through lack of building tenancy. There are many hard-wired reed switches in this installation connected to zones which walk testing suggests are dysfunctional yet the system arms without a problem. What do you think could be the issue? A: If the system is arming then it’s not going to be oxidisation causing resistance and it can’t be broken connections. It’s likely a lightning strike has fused the reed contacts in the armed position. The zones will arm but won’t signal an alarm when the doors they are meant to protect are opened. Installing 0.1A pigtail fuses in the circuit will protect new reeds from surges in the future, as well as making trouble shooting easier, as a blown fuse will show as an open circuit during testing. You may need to break open a reed and get out a magnifying glass to clarify what’s going on inside the switch. Q: What sort of hardware would you recommend for handling analytics in a Linux environment at a university? I only have space for a single slot GPU. I have around $1000 to spend. Just for comparison, what do you think is the best GPU available at the moment? A: This is one of those how long is a piece of string questions – it depends on the number of cameras managed, the functionality offered by the analytics you want to use and other parameters that will be application specific. Generally, to handle analytics in large open spaces using a single slot you’d need something like an Nvidia P4000 GPU and when you are setting up the Linux box make sure you select ‘GPU-based’. Cost is around $A1200 retail. The hottest GPU available is probably the liquid-cooled GeForce RTX 2080 Ti, but it’s gaming hardware

and I think unnecessary for typical investigative analytics applications in Australia. Cost is around $1700, and you’ll pay a lot more to run it as these devices chew watts. Q: I am an electronic security installer. If I ask you what would be the future of the electronic security industry, what would be your answer? What should I do to keep up with the electronic security industry? A: Some obvious things occur understanding of a spectrum of security technology, IT capability, careful brand selection, training, customer relationships, partnering, flawless customer service, perfectionism, total control of the P&L, flexible payroll. Security technology moves faster than it used to but is not so fast moving it’s impossible to stay on top of - the trick is positioning yourself ahead of the trends - being open to what’s new, and having a keen interest in what consumers and end users desire and require.

A: The U.S. ban on Chinese CCTV cameras is thoroughly vexed, in our opinion. To be logically and technically consistent, this ban must be extended to cover almost all surveillance cameras sold in the world today, as well as many NIC-enabled network devices of all types – routers, switches, storage solutions, controllers, PCs and laptops, servers, smart devices, comms links, the lot. Broadly, we believe it’s possible to build secure networks and to defend and monitor them. We would argue it’s not possible for cameras – or any other devices in a secure network environment - to transmit meaningful data to external locations unnoticed. n

Q: Reading SEN’s editorial piece on the US government’s ban on Chinese cameras I wondered whether you believe these cameras pose a clear and present threat to end users in Australia.

se&n 57

SEN819_56help.indd 57

1/8/19 1:09 pm

Security Managers ◆ Integrators ◆ IT Managers ◆ Installers AUGUST 2019 ISSUE 412

events

PP 100001158

SECURITY & GOVERNMENT EXPO

Security and Government Expo 2019

Date: November 14, 2019 Venue: The Realm Hotel, Canberra Contact: Monique +61 2 9280 4425 SAGE 2019 is the perfect opportunity for government and commercial end users, as well as integrators, installers and consultants, to see the latest security products and technologies in the nation's capital city in a relaxed and informal environment.

SecTech Roadshow 2020

Dates: May 2020 Venues: 5 city Australian tour Contact: Monique Keatinge +61 2 9280 4425 SecTech Roadshow in its 6th year takes leading electronic security manufacturers, distributors and wholesalers on a national tour.

Security Essen Date: September 22-25, 2020 Venue: Messe Essen, Messeplatz 1, Essen, Germany Contact: +49 (0)201 72 44-524 Security Essen 2018 draws 950 exhibitors from 43 countries to show their security and safety innovations to 36,000 visitors from 125 nations at Messe Essen, Germany.

Security 2019 Exhibition & Conference

Date: July 22-24, 2020 Venue: Melbourne Convention & Exhibition Centre Contact: +61 3 9261 4662 Security Exhibition & Conference is the industry's annual opportunity to reunite for 3 days of quality networking and education.

DAILY, WEEKLY, MONTHLY.

SEN819_58events.indd 58

1/8/19 1:12 pm

Powering Trusted Identities Â®

Seos The Next Generation of Credential Technology

SEN819_67.indd 1

1/8/19 12:57 pm

Manufactured to Australian Standards Designed for the Security Industry Composite Access Control Cable Pull one cable instead of 4, no tangles, less stress Cabinets are tidy and organised Save time and money on labour, itâ&#x20AC;&#x2122;s a one man job

REX / Breakglass

Card Reader

Tongue Sense, Handle Position, Reed

Lock Power

SEN819_68.indd 1

1/8/19 12:57 pm