ASIS International

Facial Recognition: Balancing Privacy and Security

A combination of Internet of Things (IoT) technology, holistic urban development models, and more widespread and reliable connectivity have evolved the concept of smart cities from a futuristic ideal to a series of real-life initiatives that have already been adopted by municipalities across the world. Smart cities, which rely on IoT sensors to collect and analyze data, provide a world of opportunity to create more intuitive, efficient, and sustainable solutions to urban living. Security plays a large role in smart cities, and the industry is approaching the initiative as a way to revolutionize what safety looks like in urban environments.

Donald Zoufal, CPP, founder and CEO of Crowz Nest Consulting and ASIS International Security Applied Sciences Council chair, says the city of Dubai was an early adopter of the smart city approach and has lead the way in integrating innovative security technology such as robotic police officers, roadway safety lighting, and advanced surveillance.

“Dubai is in the lead, internationally, of understanding the capabilities of technology for cities,” Zoufal says. “In the United States, Chicago has done some interesting things to utilize technology to make the city safer.”

He points to Chicago’s strategic decision support centers, where law enforcement and data analysts work side-by-side to reduce gun violence using technology such as a citywide network of cameras, acoustic sensoring to detect gunshots, and computer-aided officer dispatches to close the response time for violent crime.

“The city seems to be showing some significant benefits from the implementation of this approach—statically, where these support centers have been deployed, there’s been a drop in violent crime,” Zoufal notes. “Chicago is a concrete U.S.-based example of the kind of multisensory world that we find ourselves in, in terms of the technology available to provide security and other services.”

A key component of the initiative to build safer, more connected cities is the seamless integration of advanced technology and connectivity into citizens’ everyday lives. But one aspect of smart cities has recently come under closer public scrutiny: facial recognition technology. Biometric matching technology is not new to the security industry—it’s been used for years in access control and other identification applications—but Zoufal says what’s novel today is the ability to use facial recognition in real time to gather information and relate it to individuals.

“People are realizing the amount of data that is being collected about them because of IoT—all the sensors out there in environment,” Zoufal explains. “The concept behind smart cities is tapping into all that information and data so we can deliver services more effectively, look for problems, and assess environments more accurately. All those are great things, but they create this digital footprint, this data that can be related to individuals.”

There has already been pushback against facial recognition technology: the city of San Francisco recently banned all forms of government-operated facial recognition programs, and nearby cities are planning to follow suit. A bill has been introduced in California that would make it the first state to ban the use of facial recognition technology from being used in police body cameras. And the lack of the technology’s regulation has raised concerns both among privacy activists and legislators—a recent congressional hearing on the use of facial recognition software by law enforcement forged a rare alliance between Democrats and Republicans, who agreed that legislation may be necessary to rein in use of the technology.

Zoufal acknowledges that there are problematic ways in which facial recognition technology is being used but says it’s all about the context—biometrics are frequently used in more traditional security applications without encroaching on privacy, as is frequently seen in the exhibit hall at Global Security Exchange (GSX)—an annual event for security practitioners.

“There are some clear use cases where everyone can agree that facial recognition is extraordinarily useful technology,” Zoufal says. “You can use it as access control in a security context—rather than using fingerprints, we’re using a facial match to grant or deny access. I don’t think that’s particularly controversial for most people.”

Zoufal points out that airports are continuously developing biometric identification programs to expedite the passenger journey—a model that follows the smart city initiative principles of seamless integration and security.

“The vision for airports is that once you get a ticket for a flight, your face will become your token for travel,” Zoufal explains. “If I registered for the program, my face is matched to the picture in my passport, so the bag drop can recognize my face and give my bag to me, or I can go to the security checkpoint and be recognized without having to show my passport. And at the gate they’ll let me on the aircraft using facial recognition. Those systems are already being piloted in U.S. airports and powered by facial recognition.”

Privacy and transparency issues emerge, though, when facial recognition is used for general surveillance and identifying people of interest, Zoufal notes—and that’s an issue that goes beyond the use of the technology by law enforcement, as discussed during the congressional hearing and outlawed in San Francisco.

“The truth of the matter is, facial recognition is already being used extensively in the commercial sector—they use the technology to identify customers and their shopping habits, so they might send you an e-coupon for the products you’ve been seen buying in store,” Zoufal explains. “Some people will be creeped out when they get the coupons, and some will think it’s the greatest thing to get customized promotions.”

The same technology is being used by retailers to identify shoplifters, an application that might be of interest to security professionals but also raises civil rights concerns, Zoufal notes.

“That kind of real-time surveillance on individuals is difficult for some to accept, and I think there are some concerns that are more legitimate,” he says. “Operationally, if you’re going to utilize facial recognition technology in this way, you’re looking for bad people. But if you’re running tens of thousands of photographs through that system on daily basis, what’s the error rate in terms of identifying people? Even at an error rate of .5 percent, you’re still talking about a large number of false IDs. And do you have the ability to respond to all those alerts? That creates operational issues.”

Pairing such data with identities can also cross the boundary into personally identifiable information (PII), which creates its own security and privacy challenges.

“When the data is collected and connected to other PII, that data field becomes extremely concerning if it is involved in a breach or used inappropriately,” Zoufal notes. “At the end of the day a lot of this is about data and making sure you have good policies and procedures around governance for the use of that data collection, maintenance, and disposal.”

Zoufal plans to discuss the balance between technology and privacy at GSX this September during his session, Secure and Safe Cities: Emerging Technologies and the Law. These concepts are being exposed by smart cities in a new light but are ideas that security professionals should always take seriously, he notes.

“As we’re looking at these new and different technologies and collecting and analyzing this information, I think security professionals truly want to participate in the conversation—this information becomes extremely valuable, not just for commercial purposes but for security services as well,” Zoufal says. “The real issue is making sure that you’re attuned to the fact that we’re becoming a more data-driven world, and security has to become a more data-driven profession, but with the ability to access and use data comes the responsibility to make sure we’re doing it in an appropriate fashion.”

To hear Zoufal and other experts speak on these topics and to meet with reputable companies who supply facial recognition and surveillance technology, register for GSX at www.gsx.org.

We Hacked a Commercial Office Building. Here’s What We Learned.

Countless high-profile, high-stakes incidents over the past few years have made it clear: anyone can be hacked, and there is no limit to the scope or reach of cyberattacks. New reports seem to emerge every week of international retailers, government organizations, political groups, and even entire cities suffering a major data breach or aggressive ransomware attack, resulting in leaked data and costly response. It’s a security professional’s nightmare, and organizations large and small have been taking steps to lock down networks filled with sensitive personal or proprietary information that might tempt a cybercriminal.

But not all cyberattacks are equal, and if you look more closely at the headlines you might notice an entirely different threat: the digital disruption of physical systems. As more physical security systems, including access control, lighting, building operations, and other industrial control systems are linked to and controlled by Internet-connected networks, the more risk there is that these systems might be caught up in—or even targeted by—cyberattacks.

As someone who has worked in both physical security and cybersecurity, I have long been concerned about this gray area where, often, nobody owns the responsibility to protect it. Even in the early days of convergence, there was always the question of whether engineers, facilities managers, or the security department owned the physical spaces where networks exist, and that has evolved today into building control and automation, including elevators, sprinklers, chillers, and more.

All of these components connect to the same data network, but who is responsible for protecting industrial control systems, and what security gaps does that gray area create?

This is a question me and others in the security industry have been asking for more than a decade. And as more physical security components are getting caught up in digital breaches, concrete answers are more important than ever. After much research, I realized that others were talking about the susceptibility of integrated physical systems, but nobody was publicly discussing just how vulnerable these systems are.

So, about a year ago, a group of security professionals made up of physical security experts, building automation and controls security leads, and cybersecurity experts began strategizing a way to gather this information, and in March 2019 we carried out a cyberattack on a Class A commercial office tower. Through my organization CISO Insights, we funded a simulation of a full-on attack of physical and cyber systems against a commercial real estate organization’s 16-story commercial building. This type of attack presentation has rarely been seen before because of the implications—organizations are hesitant to open themselves up to exposing vulnerabilities and the corporate liability that comes with that knowledge.

But thanks to our strategic partnership with the organization and the building’s owners, we were able to provide an actionable assessment to the organization while documenting significant results about the state of today’s physical security systems and their ability to detect, respond to, and withstand attacks. The results of this testing shook the multibillion-dollar organization to its core and provoked a complete realignment of how they design and maintain their buildings. It also provided us with valuable data that we used to build a set of basic rules and principles for buying, installing, and configuring connected physical systems.

The types of systems attacked in the plan included access control, camera and alarm systems, building automation and control systems, and local IT infrastructure and wireless connections.

The attack plan used publicly accessible information to identify external attack options available from the Internet, as well as a physical site visit to confirm onsite technology in use. Much of what we will expose in the full report are the commonly available tools and methods that intruders use today, and just how easy they are to acquire.

When carried out, the planned attack quickly escalated, bringing a number of unintended systems into scope. This is the reality of the way today’s networks are built and buildings are connected: it’s all integrated. For years we have known it was cheaper and more efficient to integrate technology, but as today’s legacy building systems and company data networks are combined with Internet of Things connectivity, this approach gets much more interesting—and risky.

The full results of the attack and their implications will be shared in our session this September at Global Security Exchange (GSX) in Chicago. They will confirm some of your worst fears about real world security protections, identify common weaknesses in similar building control, building automation, IoT, and physical security systems.

Much of what we learned, though, are the same big-picture lessons applied throughout the security industry—do you know how secure your environment is? When you add a new piece of technology, have you assessed the risks and engaged security professionals before deploying it? How do you know it will stay secure, and who is responsible?

Access control, CCTV, alarms, and similar systems are all connected with different software programmed by different manufacturers. Very little of what we found suggested a holistic approach to understanding the problem. Often these components are maintained by third parties, integrators, or internal resources from IT, leaving common gaps that you should look for to protect these systems.

Besides the standard security issues like passwords taped to HVAC systems and power systems vulnerable to physical attacks, the building control systems use connect points that leave them vulnerable. Much of what we learned during the exercise revealed a new way in which building systems need to be managed and maintained to protect them for the next 20 years.

We found several physical vulnerabilities, but it was the cyber vulnerabilities—and the converged threats that live between the physical and cyber worlds—that were not properly mitigated, which proved to be very valuable in discovering where the building was easiest to attack.

At one point or another, all of these systems operate on the company network, and the details of how IT manages the data network makes a difference in how secure the systems are. At GSX, we will discuss the fundamental mistakes made when connecting data networks to building systems and physical security applications. Further, we will discuss common techniques for protecting physical buildings against these types of attacks.

—————————————————————————————-
Dave Tyson is CEO at CISO Insights and a former ASIS International president and board member. His presentation at GSX, Cyber Attack on a Commercial Building, will discuss the full findings of the building cyberattack exercise conducted earlier this year. To hear Tyson and other experts speak on these topics and to meet with reputable companies who supply security technology, register for GSX at www.gsx.org.

Q&A: How Companies Are Using Drones for Security

We sat down with Jason Cansler, owner of UASidekick, LLC, which provides software for UAV pilots to maintain compliance with FAA requirements, to discuss the challenges and opportunities security organizations face when using drone technology.

Q: The use of drones and other unmanned systems in the security industry has been a hot topic over the past few years. How are drones affecting an organization’s approach to security?

A: There’s so much drones can do to augment security. They are being used to look at perimeters and conduct constant surveillance over large areas. Drones can also be sent out as a response mechanism before personnel can respond and conduct an initial site assessment, so people know what they’re getting into before they get there. It’ll take a little bit for people to get used to what they can do with drones, and when regulations loosen up, it will open up a whole other world in the security industry.

Drones are getting smaller, and their battery and fuel sources are getting more efficient. You’re finding more drones with better camera systems and a smaller footprint. The key aspects that make people buy certain drones are flight time and payload capacity, but the best drone you have is the one you have with you.

Organizations also need to consider how to protect their assets from drones. This is another aspect to security that’s taking longer for people to understand the impact. And, policies need to be made so employees know what to do when they see a drone. Do they notify someone? Is there a ground sweep? Do they see if anything was dropped from the drone? Do you check rooftops for listening devices? Every company should have a drone policy, just like any other health or safety policy, whether you’re a school that would need to protect children, or a company with assets on their property, and especially jails and prison systems. Whether or not an organization has a drone program, they need drone policies.

Q: There are a lot of people in the security industry who are curious about the possibilities drones can provide as a physical security tool. Are you seeing an increase in the use of drones for security purposes?

A: Recently, there are more options that can support and provide drones as a security function. Companies need turnkey devices—they don’t want to go through the process of learning this on their own. If you can have a consultant or integrator that already has this experience under their belt, you’ll start seeing this implemented more, especially once integrators understand the systems and what it takes to actually incorporate them.

But overall, the growth is still slow—the industry is trying to determine where the technology is going and what they can do with it. There’s not a lot of litigation that supports how drones are used, even in law enforcement circles, which often looks at case law to know how it might be used for or against you in a case. And the lack of legal permission to fly drones beyond line of sight is causing some disruption for companies that want to patrol a thousand acres—they would have to someone in view of that drone at all times, which defeats the purpose.

Q: When do you think we will see more clarity on how drones can be used in security or law enforcement capacities? Is that the biggest barrier to the adoption of this technology?

A: We thought this year we’d be able to operate drones beyond the line of sight and over people, but the law is still not there. Regulations are being held up by the lack of remote identification—the requirement for a drone to signal that its flight has been authorized. Right now, law enforcement can’t tell whether the drone operators are good or bad guys.

The whole key is to find bad actors, not keep track of good ones. In a perfect world, if you see a drone but don’t have any ID pings, you’d know that is a bad actor. It will be very important in the future to have remote ID capabilities for traffic management and security. They want that capability in place before they allow people to fly drones beyond visual line of sight.

Q: During this time of uncertainty surrounding regulations, how are organizations using drones? What challenges do they face?

A: There are some organizations who have taken up the mantle and are using drones because they’re more concerned about the safety of their product, property, or people, and will take whatever hand-slapping they get as long as they’re able to protect their assets. You’ll find that taking place more overseas in Mexico, Venezuela, and Africa—people are using it because they need it, they have assets they have to protect. Most of the time it’s in coordination with local governments, but here in United States, we’re kind of stuck until we get this approval through the FAA or Congress.

Some organizations are taking a more careful approach and won’t really use drones until they find out how other companies fare, but the question of enforcement is unknown. Some fines have been given, but they aren’t broadcast, which kind of defeats the purpose. The FAA licenses pilots to be able to fly, but they aren’t an enforcement agency. They can revoke licenses, but actual enforcement is left up to the Department of Justice or FBI. For them to go after drone pilots, there has to be some other precipitating issue, like they crashed and hit something or used them nefariously. We’ll start to see more and more of this—the FAA is providing resources to get local law enforcement to help.

Q: What can security professionals do to stay up-to-date on advances in drone technology, regulations, and use cases?

A: In our presentation, Drone Evolution: Security Tools or Security Threats?, that we’ll be leading while at Global Security Exchange (GSX) this September in Chicago, we will discuss information from regulatory requirements and case studies on how drones can interfere with security measures for a small or large company, or even a government agency. The three of us giving the presentation—myself, Nathan Ruff, and Mark Schreiber, offer a good combination of perspectives with my pilot’s point of view, Mark’s engineering background, and Nathan, who’s an expert in the unmanned systems industry. We participate in different rulemaking committees, NASA groups, and a safety team for FAA. Some of the information that comes through these channels we’re privy to, and we can and will talk about what we’ve learned.

—————————

To hear Cansler and other experts speak on these topics, see live drone demonstrations in the GSX D3 (Drones, Droids, and Defense) learning theater, and to meet with reputable companies who supply drone technology, register for GSX at www.gsx.org

Managing Today’s Multi-Gen Workforce

The makeup, attitude, and preconceived notions of today’s multi-generational workforces couldn’t be more different than previous generations, as there has been a significant shift in focus from career to lifestyle with recent generations. This is also most evident in how management communicates with workers, and workers communicate amongst themselves. All of which poses new challenges for managers across all industries.

With employees tending to stay in the workforce longer, and more new employees entering the workforce right out of college, the age range of today’s multi-generational workforce includes:

Traditionalist – born before 1943-45
Baby Boomers – born from 1943-1965
Gen X – born from 1965 -1978
Gen Y – born from 1978-1986
Millennials – born from 1986-1994
Gen Z – born from 1994-2000

One of the most distinguishable differentiators when comparing traditionalist to more recent generations is that the former seem to have more loyalty to their employers, with more recent generations focused more on their personal lifestyles and careers. As a result, today’s employees often require more incentive than just a fair paycheck. This is the root of a common disconnect between management and employees since many workers are satisfied with doing their job 9-5 and going home, which frustrates traditional management teams across the country.

So what can managers do to help keep multi-generational workforces happy and engaged?

Identify Goals
It’s important to clearly understand every employee’s goals, which will help better gauge their drive to complete assigned tasks and more. This will help both managers and employees set realistic performance expectations.

Determine the Best Forms of Communication
Each generation has its own preferred methods of communicating. Traditionalists prefer face to face or phone communications, baby boomers prefer email, and Gens X/Y/Z prefer immediate access via text or chat programs. Identifying your team’s collective communications preferences allows you to select the right combination of tools that work best for them.

Leverage Communications to Build Collaboration
Opening up the best channels of communication is the first step in building collaboration. And establishing collaboration is the first step in turning a workforce into a team. Encourage employees to identify new technologies and tools, design better processes, and implement new company standards. By getting them involved in developing processes, they will be more apt to abide by them, thereby increasing throughput and workflow productivity.

For a deeper dive into this topic, we invite you on Monday, 9 September to attend Managing Four Generations in the Workforce at GSX 2019 in Chicago. You can register here.

Speakers: Maria Dominguez and Brittany Galli

Announcing Keynote: General John F. Kelly

Gen. John F. Kelly

General John F. Kelly, U.S. Marine Corps (RET) to Speak on Geopolitics and Security

Join us at Global Security Exchange (GSX), 8-12 September 2019, and enjoy a truly engaging experience, that includes hearing unique and high-level insights from one of America’s most respected generals.

General Kelly’s keynote presentation will start Military and Law Enforcement Appreciation Day off at 8:30 am. GSX will honor all military, law enforcement, and first responders with a full complimentary day of education sessions and access to our exhibit hall—an interactive learning lab full of immersive experiences and cutting-edge technology.

Geopolitics and Security

In a world where dictators are falling and rising, governments posture for a greater impact on the global stage, and information is the critical currency, who will emerge and where will opportunities exist? The face of security changed forever on 11 September 2001, and General Kelly, a 4-Star General, U.S. Secretary of Homeland Security, and White House Chief of Staff, has continued to protect the United States both abroad and at home. His unique ability to provide first-hand insight into the evolving geopolitical landscape around the world is valuable when contextualizing the United States’ security priorities from a historical, current, and future prospective. Gen. Kelly will share his insights on the trends, risks, and potential rewards amid the ‘hot spots’ around the globe, and the role the U.S. plays (and should play), in our nation and world’s security.

Secretary Kelly enlisted in the Marine Corps in 1970 and went on to serve in a number of command, staff, and school assignments. During his command of SOUTHCOM, he worked closely with professionals in U.S. law enforcement, particularly the FBI and DEA, and the Department of Homeland Security, dealing with the flow of drugs, people, and other threats against the U.S. homeland. He went on to become the Secretary of Homeland Security before serving his country again as White House Chief of Staff until January 2019.

Don’t forget—free admission for military and law enforcement professionals!

Military and Law Enforcement Appreciation Day honors the individuals who make our communities and world a safer place. As a thank you for your service, all law enforcement, military, and first responders get FREE one-day admission to GSX on Wednesday, 11 September.

We are excited to welcome you to Chicago!

Hello, everyone!

I am very pleased to announce that registration is open for GSX 2019. On behalf of the Chicago Chapter of ASIS International, we look forward to welcoming you to the industry’s flagship event, Global Security Exchange (GSX).

GSX continues to elevate the attendee experience with thought-provoking educational programs and valuable networking opportunities with like-minded industry professionals. In addition, there is an interactive trade show floor that allows you to explore both current and future security landscapes, exchange key ideas and best practices, expand global connections, and have the opportunity to see new innovations firsthand.

I invite all GSX attendees to take advantage of our wonderful city while you are here for GSX 2019. If you have any questions about getting around Chicago, or just need a tip for planning a business dinner, please don’t hesitate to post any questions or comments in the GSX Community.

I look forward to seeing you in September! REGISTER TODAY

Regards,

Grant Miller, MCJ, LEED Green Associate
Chairman – ASIS Chicago Chapter 003
[email protected]
asischicago.net

Welcome to Global Security Exchange

The time has finally come. Global Security Exchange (GSX) is just one day away, and in the first year of its rebrand following a 63-year history as the ASIS International Annual Seminar and Exhibits, this powerful, action-packed conference is set to deliver the solutions, networking, and world-class experience you have come to expect from the industry’s flagship event – multiplied.

More than just a new name, GSX reflects ASIS International’s commitment to unite the full spectrum of security – cyber and operational professionals from all verticals across the private and public sectors, allied organizations and partners, and the industry’s top service and solutions providers – for the most comprehensive security event in the world.

When you look around, you’ll notice that GSX is not your typical security conference. We left no stone unturned when it came to providing maximum value for your education dollars. From field expert keynotes and modernized education sessions to exceptional networking opportunities and a reimagined showroom floor, we set out to deliver unparalleled opportunities to build relationships, gain valuable insights, and expand your global peer network like never before. And we didn’t stop there…

For those who plan to be in attendance, we encourage you to embrace the professional growth that this week affords. While you’re there be sure to check out the X Stage to get a glimpse of the innovations and ideas that are poised to shape the future of the industry and stop by the Career HQ for a free career coaching session and professional headshot. Witness the intersection of security and technology at the new X-Learning Stages and immerse yourself in the GSX D3 Xperience: Drones, Droids, Defense. And of course, take time to reconnect with friends and forge new relationships at one of the many networking events planned throughout the week.

Even if you couldn’t make it to the conference this year, you can still be a part of the action. Follow the event from home on Facebook and Twitter and participate in the 2018 GSX Community forum. Sign up for Global Access LIVE! to watch the livestream of our industry-leading education sessions, or check out ASIS TV to watch broadcasts that offer expanded access to security best practices, engage new audiences, and ensure professionals like you are able to stay ahead of the security curve.

As the global voice of the security profession, ASIS is committed to helping advance security best practices. Convening the industry at GSX is an important part of that effort. However, this commitment extends well beyond this one week. Remember, we are here to support professionals like you year-round and we’re laser focused on reinvesting all of our efforts back into the education we deliver, the standards we develop, and the communities we serve. With that, we hope you enjoy all the surprises in store for you at GSX 2018.

Creating a Proactive Medical Risk Management Plan for Meetings and Events

By Jonathan Spero, M.D., CEO InHouse Physicians

With corporations placing an increased importance on duty of care, it is a priority for security professionals to have a solid medical risk management plan for meetings before an incident occurs. There is nothing associated with more liability at an event than a medical emergency improperly managed.

Identify all health risks that could be associated with your program.
Include the routine medical emergencies such as a cardiac event or a slip and fall, but also think about the risks specific to your event and location. There will be additional risks for altitude sickness, water sport activities for example. Internationally, there could be infectious disease risks, and potential food and water contamination issues.

Find out what the emergency medical system response time is to your meeting venue.
Average EMS response time is 10-14 minutes and in emergency situations every minute counts. Note the phone extension for hotel security. In the event of an emergency, 911 should be activated by the hotel security team. Ask the director of security at your venue for information on closest (and best) hospitals and urgent care facilities. It’s also a good idea, especially for large venues, to ask what entrance EMS responders should to use to get to your meeting space. Are there two personnel certified in CPR/First Aid that are available 24 hours a day to respond to any medical emergency? Is there an automated external defibrillator, or AED, on the property?

Consider onsite medical support.
Having a physician onsite for your program makes sense in certain circumstances such as large program, offsite board of directors meeting, or an international incentive trip where the standard of care and/or emergency response times may not be acceptable

Join me at Global Security Exchange for session #6209, Medical Risk Management for Meetings and Events on at 2:15 pm on Wednesday, September 26, for additional details on medically risk-proofing meetings. Attendees will receive a checklist of action items on how you can prepare for any type of business gathering.

Exhibitor Profile: Vanderbilt Industries (Booth #2865)

The Rise of Networked Access Control

By Lynn Wood, Product Portfolio Manager, Vanderbilt

We’ve seen the rapid development and expansion of the cloud and Internet of Things (IoT) impact almost every aspect of the security industry; from surveillance technology to video management systems to data storage, the opportunities presented by increasing interconnectivity and communication between devices have revolutionized the way users handle security operations. And the access control market is no exception: according to research by Security Sales & Integration, 71 percent of companies were deploying a networked access control system in 2017.

The once-trusted, traditional mechanical lock-and-key access control systems may still function adequately in some instances, but these technologies can be less secure than newer door solutions. Complications can easily arise, such as in the case of a lost key or if access to a facility needs to be restricted. Security, building management and privacy concerns are likely to develop, as a company may not know who’s entering and exiting the building at all times.

Today’s access control users expect more of an integrated system than a one-size-fits-all solution that is cumbersome to operate and expensive to scale. The shift to networked access control systems takes the hardwiring and complicated installations out of the equation, while also enhancing security and flexibility. A single interface that integrates multiple points of entry and can be accessed through a connected smart device anywhere at any time provides the ultimate simplicity and convenience.

Networked access control technology enables users to achieve two critically important components of a security system: remote and instant accessibility. Deciding whether access to a building should be granted or denied must be an immediate process, and this can quickly be accomplished through a central, networked hub rather than at the door. In the event of a security incident, real-time reporting capabilities facilitate streamlined response and all access can be restricted quickly.

Other useful functions of networked access control systems include the ability for technical queries to be diagnosed and resolved on the go, enabling site issues to be dealt with efficiently, thereby minimizing disruption. Users can also view real-time muster reports to aid in tracking all employees or students in the event of an emergency.

Networked access control solutions, such as Vanderbilt ACT365, take advantage of the increasingly valuable cloud and IoT to supply end users with the freedom they desire through a secure, easy-to-use interface. Features such as remote monitoring, real-time muster reporting and central management contribute to the expanding growth of networked access control and allow users to save time and money while achieving peace of mind.

Can You Be Liable for Your Vendor’s Data Breach?

By Kathy Winger, Attorney at Law

As a business attorney, one of my most important obligations is to help clients manage their legal risks, which these days include exposure in the cybersecurity/data breach arena. One expanding area of concern is liability for a third-party vendor’s data breach. If your business shares confidential information with third-party vendors in its line of work, you are now obligated to ensure that those vendors keep that information secure. If the vendor fails to do so, your business could be liable for the damages that flow from a data breach involving your information. Luckily, there are a several ways to help protect your business on this front.

First, be crystal clear about the details of your contract with any third-party vendors. The contract should address your liability versus the vendor’s liability and require indemnification in the event of a vendor data breach. You should also research your vendor’s data security standards and practices to confirm that they are as good or better than your own and are being followed and updated. This should be done at the beginning of the relationship and periodically throughout the contract term. Since you will be depending on your vendor’s security to protect the information you share, it makes sense for you to be mindful of their standards, to make certain that they are followed and to be compensated if you suffer a loss.

Finally, your third-party vendors should confirm that they have adequate and appropriate cyber insurance to cover you in the event of a breach. In fact, if and where possible, the vendor should name your business as an additional insured on its cyber insurance policy.

If you’d like to learn more about this topic and other legal risks that business owners and technology professionals face in the world of cybersecurity and data breaches, join me at Global Security Exchange at 11 am on Tuesday, 25 September for Session #5333, Cybersecurity and Data Breaches from a Business Lawyer’s Perspective.

The information presented here is for general educational purposes only. It does not constitute legal advice and does not create an attorney-client relationship.

6 Ways to Make the Most of Your GSX Xperience

The industry’s flagship event only comes around once a year. With only six days left until GSX, follow these six simple pieces of advice and you’ll be well on your way to making every minute count…

Make a Game Plan
- Download the GSX 2018 mobile app to browse our record-breaking 350+ session education lineup, speaker bios, build a personalized schedule, locate the most talked about exhibitors, map your route, and more. Search “GSX 2018” on Google Play and the App Store.
Sign Up Ahead of Time
- Save time and money onsite at GSX 2018 by registering ahead of time. Expo-only passes increase to $75 onsite for non-members. Register today at GSX.org/register.
Get Up Close and Personal
- The GSX Exhibit Hall is the best place to experience the latest security technologies and innovations. Don’t miss the X Learning Stages, the GSX D3 Xperience, the Con-X-tions Lounge, or the Fireside Chats in the ASIS Hub.
Bring a Friend
- Adventures are always more fun when you have a friend. Explore the exhibit hall together or divide and conquer to make sure you don’t miss a thing! Spread the word on social media with those who couldn’t attend by using the hashtag #GSX18.
Make Connections
- Be prepared to meet new people! Don’t forget to bring extra business cards. If you plan to take advantage of the career fair, don’t come empty handed. Bring a few copies of your resume to share to help you score your next big career move!
Pack Accordingly
- There’s so much to see you don’t want to miss a beat. Make sure you pack the most comfortable shoes to get you through the day. And don’t forget, it might be warm outside, but it can get chilly in the convention center. Don’t forget to bring a sweater to keep you warm.

Drones and College Football Stadium Surveillance

By Richard Ham

Unmanned Aircraft Systems (UAS), commonly referred to as “drones” are changing the face of security surveillance. While some form of autonomous systems has been flying since 1918, the level of expertise and skill required often made them impractical. New sensors and cameras, as well as new safety technology and a workable regulatory environment, have made them not only practical, but the preferred method for large venue surveillance. Three areas of rapid advancement may be the tipping point to your ability to use UAS technology to improve your security posture:

A mature regulatory environment with practical waiver processes. Just a few years ago, waivers for operations or controlled airspace could take up to a year. The most recent automated systems allow some airspace waivers instantly and the advent of a remote pilot certificate with training standardized requirements and reduced confusion.
New sensors and software improve long distance surveillance without detection. New cameras can read license plates from distances exceeding half a mile and can incorporate facial recognition. Infrared cameras for night flying can detect and differentiate biological forms and are the standard for search and rescue missions covering large areas
User friendly UAS platforms with easy to learn programs for autonomous flights. My young students have no pilot skills to compare to UAS flying, but they are very adept at software. With sensors to avoid collision to reduce risk, the remote pilot can program the entire flight and operate it with the push of a button and monitor previously programmed flight plans.

During special events such as NCAA Division I football games or other large events, these three advancements have tipped the scales to reduce risk and improve capability. Nearly all large scale events can improve security surveillance by retaking “the high ground.”

Please join me at GSX for Session #4116, Using Drones for College Football Stadium Surveillance, on 24 September at 10:30 AM.

General John F. Kelly, U.S. Marine Corps (RET) to Speak on Geopolitics and Security

We are excited to welcome you to Chicago!

The Rise of Networked Access Control

Make a Game Plan

Sign Up Ahead of Time

Get Up Close and Personal

Bring a Friend

Make Connections

Pack Accordingly