Axis- Experts & Thought Leaders

With 1,300 cameras recording 24/7 and more than 1,000 investigations to process per year, Massachusetts General Hospital’s security team was not able to keep up with the vast amounts of recorded video. Now, BriefCam Syndex Pro for fast video review, search and analysis, embedded within a Milestone XProtect video management software (VMS) platform is making efficient and effective video investigation possible. Unique challenges to security Massachusetts General Hospital’s (MGH) Police, Security and Outside Services Department provides some security services to many other Partners hospitals and facilities. Following its recent digital conversion, unified on the Milestone XProtect VMS platform, MGH’s security team was able to expand camera coverage by adding new Axis network cameras directly to the existing IP network. The hospital environment presents unique challenges to security, Michelman points out “The number of investigations we were doing was taking huge amounts of time in terms of reviewing video, and that was really a waste of time,” said Bonnie Michelman, MGH Executive Director of Police, Security and Outside Services and Consultant for Partners Healthcare. The hospital environment presents unique challenges to security, Michelman points out. MGH’s 17-acre urban campus, comprising 29 contiguous and 14 separate buildings (including underground and freestanding garage facilities), is complex. The security team must also take into account not only the main location, but also dozens of satellite facilities around the Boston area. Enterprise risk management “We can’t cover all of these facilities with security staff,” said Michelman. “We need to augment heavily with very good, state-of-the-art technology that allows us to combine our intelligence, labour, policies and procedures, in order to create a better holistic approach to enterprise risk management.” Charged with creating a safe environment, MGH’s security team at the same time is challenged by the clinical team’s needs for increased efficiency through lowering length of stay and moving patients through the hospital as quickly as possible. The 24-hour Emergency Room, with its anxious, highly volatile population presents challenges of its own. In addition, patient elopement and patient wandering – unauthorised departures from the medical facility, whether intentional or unintentional – pose liability threats that can be very damaging to a hospital. Providing customer satisfaction A unified system was required to balance the video surveillance needs of a busy hospital campus A unified system was required to balance the video surveillance needs of a busy hospital campus with remote satellite locations while upholding the highest level of security possible, maintaining operational flow, and providing customer satisfaction that includes expectations of privacy. Michelman, together with MGH Senior Manager, Systems and Technology Robert Leahy, decided on the Milestone XProtect VMS platform. Camera count was increased from 400 to 1,300, and standardised with Axis network cameras connected directly to the IP network. To deal with the marked increase in video data, MGH’s team chose BriefCam Syndex Pro, a powerful set of tools intended to reduce the time and effort needed to conduct video reviews, post-event video investigation and real-time video monitoring. The BriefCam solution ties in seamlessly with the Milestone video management solution, providing efficient workflow for investigators. Presenting video metadata According to Michelman, BriefCam has already proven invaluable. A two year long ROI examination of video surveillance use at MGH has shown a progressive rise in success rates with the use of video in incident investigations. According to Michelman, BriefCam has already proven invaluable “I see BriefCam as a very important part of our toolbox of excellent practices for protecting what is a very complex environment of tangible and intangible assets,” said Michelman. BriefCam Syndex Pro’s ability to present video metadata in graphic visualisation format, such as bar graphs, pie charts and the like, has opened up new realms of possibilities to extend the role of CCTV video beyond security into organisational efficiency and more informed, data-driven decision making. Better investigative focus “In the past, there might have been things that would have been a ‘nice to do,’ but we couldn’t do it because we didn’t have resources to watch many hours of video,” said Michelman. “Now we can manage the content and we can see trends, which in turn can drive redeployment of resources, and by extension, facilitate a better investigative focus and success.” BriefCam Syndex Pro embedded within Milestone XProtect VMS platform is helping MGH in its mission to effectively and efficiently protect and safeguard the hospital community. Michelman said: “We’re happy with these products, but it’s not just about the quality of the technology, it’s about the quality of the partnership. You know, it’s easy to sell a product, but to sustain it, service it, and be there after it is in is really very critical for us.”

Being isolated on the edge of wilderness means there’s a need for a video system that’s both reliable and flexible. For that reason, the team at Jackson Hole Airport (JAC) since 2009 has relied on video management software (VMS) from Milestone Systems to enhance security, safety, and efficiency. Challenge - Help to keep scaling At the edge of the frontier, Jackson Hole Airport has experienced considerable growth over the years. Significant capital investments in expansions have made new video system integrations possible several times, and Milestone XProtect has supported the airport’s needs along the way. As of 2020, over 220 cameras were in use, and the airport shows no signs of slowing down As of 2020, over 220 cameras were in use, and the airport shows no signs of slowing down. New projects will include building a fuel farm, a car wash and expanded parking facilities. XProtect’s open platform software As the need to increase security continues, XProtect’s open platform software will continue to enable both IT team growth and the seamless integration of new cameras and data storage capabilities. Solution - Integrations are in the fly zone Milestone XProtect Professional Plus and Smart Client Network cameras from Axis Communications and Panasonic Optimised video server hardware from Razberi Integrated video analytics from Agent Vi All video is stored for up to a full year, with most of the system’s 200 cameras set for motion recording, 24/7. Result - Greater situational awareness for higher security The video system has enabled improvements throughout the entire airport. For example, Jackson Hole Airport has to contend with a great deal of plane de-icing for several months each year. This occurs at a distance from the main buildings and, thanks to the video expansion, each airline is now able to monitor the de-icing of their planes. Allowing clients to monitor progress on their own has saved airport staff time and resources. The airport uses the system to closely monitor the security checkpoint, too, capturing video documentation in case of an incident. Baggage areas are also monitored, so it’s possible to investigate lost bags and left-behind items by reviewing video. New 4K, multi-sensor cameras New 4K, multi-sensor cameras support a largely unmanned investigatory system New 4K, multi-sensor cameras support a largely unmanned investigatory system. They capture everything and provide enough data to zoom in after the fact, if needed. Additionally, the team has deployed video analytics from Agent Vi to provide a layer of automated alarms and notifications for flagging abnormal occurrences. Video analytics can detect events, such as travelers moving against the foot traffic flow and crossing into restricted areas. Milestone’s XProtect Smart Client Milestone’s XProtect Smart Client has shifted general situational awareness in the airport, as a new standard for authorising users’ remote access to the surveillance from multiple locations. It provides seamless viewing of live and recorded video, instant control of cameras and connected security devices, and a comprehensive overview of activity. The ongoing use of Milestone Systems’ video management software (VMS) makes it possible to maintain the independence and efficiency of a small team of personnel, thereby delivering maximum security at the base of the Grand Teton Mountains. Situational awareness for the JAC team and their clients Andrew Wells, the IT Manager for the Jackson Hole Airport (JAC), said “Situational awareness for our team and our clients allows us to be as secure and efficient as possible with our small team. The flexibility of the open platform VMS allows us to scale our system and add the features we need now and in the future.” Jackson Hole Airport (JAC) lies seven miles north of Jackson, Wyoming, at the base of the Teton Mountains, in USA. It is unique for being entirely within Grand Teton National Park. It is the busiest airport in the US state of Wyoming, with nearly 500,000 in-bound passengers annually. The airport covers over 500 acres and has one runway that supports 11 hard-stands, nine boarding gates and three baggage carousels.

The Commonwealth of Puerto Rico needed to implement a centralised and efficient perimeter security system for all public schools on the island. Intrusions and assaults at educational institutions have increased, and Hurricane Maria further exacerbated problems with the destruction of infrastructure. The solution: The need to repair hurricane damage also provided opportunities to invest in modern improvements. The Department of Education chose to install a video surveillance system with more than 10,000 cameras, speakers, and other security devices in 856 schools. In the same way, a centralised control centre was established using the Corporate version of Milestone Systems XProtect® video management software (VMS). Devices installed  Milestone Systems: XProtect VMS Software XProtect Smart Client Milestone Interconnect Cameras from Axis Communications and Uniview DH-Vision Seneca Servers and Optex Sensors The advantages: Audiovisual material captured by the system helps agencies to evaluate and manage areas for public use Endowed with the same annual budget that allowed the monitoring of 250 institutions, the new system enabled the Puerto Rico Department of Education to cover all 856 public schools. Since the system has been operational, there has been a 97% reduction in intrusions within educational institutions. In addition to protecting the educational programme, the audiovisual material captured by the system helps other government agencies to evaluate and manage areas for public use and investigate incidents. Need for a centralised security system Ensuring a safe environment is a growing challenge for schools and colleges: theft, fights, and bullying are some of the problems that not only affect students, but also teachers, employees, and, ultimately, the government entities that subsidize the educational system. In Puerto Rico, for example, the Department of Education was concerned about the increase in unauthorised intrusions, robberies, and assaults within its schools. This index shot up after Hurricane Maria destroyed much of the island’s infrastructure in 2017. Even before this natural phenomenon, there was no centralised security system that integrated an overview of all schools. There were disparate installations of video surveillance equipment (cameras, alarms, and lighting) but only in approximately 250 of the schools. Centralised command centre González said, the proposal was born to begin the process to acquire a video surveillance system for public schools  After the hurricane, top priority was given to providing perimeter security for all schools through an effective centralised command centre instead of investing in the repair and purchase of separate systems. “The hurricane damaged the island’s communication and lighting systems, a circumstance that promoted intrusions into schools and increased vandalism. We had no visibility of what was happening and we could not find a way to avoid these escalations,” said César González Cordero, Security Commissioner for the Puerto Rico Department of Education. He adds, “However, we could not afford to buy and repair equipment individually for all schools, so a centralised and coordinated effort was necessary.” Based on this context, González said, the proposal was born to begin the process to acquire a video surveillance system for public schools in Puerto Rico, focused on perimeter security. Perimeter security for all schools Genesis Security Services, Inc. of Puerto Rico was selected to develop the perimeter security project for the 856 public schools on the island. This Puerto Rican corporation was founded in 1997 in Yabucoa, Puerto Rico by brothers Roberto and Emilio Morales, who are leaders in security services at the government level. “We have been providing security to the Department of Education for more than 15 years through our onsite guard service. That is why we knew the design, location, assets, and vulnerabilities of various educational establishments. This was a great advantage when executing the project,” said Yasel Morales, Technology Director at Genesis. Video system Milestone XProtect video management software supports more than 8,500 security and surveillance devices In October 2018, the installation of cameras and other devices began in all schools. The video system mission control was built inside the Genesis Central Station, located in the Carolina municipality (in the island's northeast region). Video data from all schools are returned to Central Station, where it is managed with the Milestone Systems XProtect Corporate open platform VMS. Leveraging the power of the open platform, Milestone XProtect video management software supports more than 8,500 security and surveillance devices, and more than 450 software integrations from more than 3,500 technology partners. NVRs, DVRs and cloud solutions Alliance partners include providers of network video cameras, cloud solutions, DVRs and NVRs, servers and storage equipment, alarm and detection systems, video analytics, GPS technology, laser and radar scanners, boxes of emergency calls, and more. “At the Central Station, we have fifteen workstations, with the same number of operators per shift. There we have a videowall of ten monitors distributed between the stations. Likewise, we have two dispatch centers that serve as backup: one in the municipality of Yauco and the other in the municipality of San Juan,” Morales explained. Uniview DH-Vision 4-megapixel cameras, audio speakers As part of the project, approximately 10,000 Uniview DH-Vision 4-megapixel cameras were installed in 856 schools (an average of 12 cameras per campus). Audio speakers from Axis Communications and a range of Optex sensors also were integrated. The combination of these technologies made it possible for every school to have an anti-intrusions system with its alerts feeding back to the Central Station. XProtect Express+, Milestone Interconnect Milestone Interconnect connects remote sites for a low-cost video surveillance solution Each campus has a Seneca brand server with the XProtect Express+ software installed. This communicates with the Corporate version at the Central Station through Milestone Interconnect™, a licensing platform that opens a communication channel between different hardware that normally cannot communicate with each other. Milestone Interconnect connects remote sites for a low-cost video surveillance solution. It is the ideal surveillance for a wide variety of industries that want an inexpensive way to get centralised supervision of multiple locations spread across one region. Remote management and monitoring With Milestone Interconnect, engineers and managers can easily monitor critical and remote areas from one central location. This means faster intrusion management because operators in the central system can access the video and receive alarms from remotely connected sites. This reduces the need to have local security personnel, maintenance, operation, and other costs, including visits onsite. Virtual gates Genesis created virtual gates using cameras that, in addition to protecting school spaces, also ensure the safety of substations and solar panels, which are considered important assets for institutions. If someone crosses the virtual gate, an alert is generated locally and passed to the Central Station through Interconnect. Operators then make a visual confirmation and, if applicable, the emergency protocol is activated. “The emergency protocol is to contact the Security Commissioner and the Department of Operations. For this liaison, we internally designate an inspector. Once informed, they activate the security officers at the sites, who are trained to give quick responses and inform the police,” said Morales. Identifying suspicious activities Due to the management software, Genesis can easily find any recording of the schools Due to the management software, Genesis can easily find any recording of the schools and send it to the Security Commissioner, who can also receive the alerts directly through an application on his mobile phone. It should be noted that all personnel handling the system, both operators and technicians, have Milestone Systems certifications, which they obtained on the manufacturer’s website. Security Commissioner González explained that the directors and residents of the schools may contact the Central Station if they wish to report any suspicious activity within a school after regular hours. Genesis operations centre González also clarified that “if for any reason a school principal requires a recording, he must contact us, and we request the information from the Genesis operations centre. This protocol is designed to respect the right to be in a place without feeling guarded at all times, as stipulated in the public policy of Puerto Rico. In total, this system directly benefits almost 400,000 people.” Increased security at a lower cost According to the Security Commissioner, since the first camera was installed, they went from two or three intrusions per day to one or zero. Even in October 2018, they had no record of intrusions. Genesis Security Services, Inc. confirmed that since the system has been operational, there has been a 97% reduction in school intrusions. Reduced physical assaults Video technology has helped dispel theft of property by employees and has helped reduce rates of physical assault Video technology has helped dispel problems such as theft of property by employees and, more importantly, has helped reduce rates of physical assault and bullying among students. These results have helped build trust among Puerto Rican families when they enroll their children in schools. “The system provides agility and precision. It is more efficient and immediate than communicating with a guard who has to enter a facility to verify what is happening. It’s great working with a system that has visibility 24/7 in schools,” said González. Cost savings On the other hand, due to this project, it was possible to reduce the cost of security in schools using technology, one of the main objectives of the Department of Education at the beginning.  “We spent about $25 million annually covering just 250 schools with the guard system, and we had almost 600 schools left unattended. This project gave us the possibility of covering 100% of the public schools in Puerto Rico with the same budget,” González reported. Finally, it is important to note that many of these schools are located in vulnerable places on the island, so the system is also helping the Police and the Prosecutor’s Office to resolve cases that occurred around the educational facilities, and in general to contribute with the welfare of the community. Future projects On behalf of the Department of Education, the Puerto Rican Government is seeking ways to integrate this type of video analytics system with software programmes and databases of organisations that advocate for sexual assault victims. “In the future, we want to have a system that is capable of identifying if a sex offender crosses the perimeter in school zones so that we can warn in time,” said González. On the Genesis side, Morales said that the next step with this project would be to develop video analytics for the VMS, not only to give perimeter security but also statistics such as counting people and vehicles. They also plan on integrating access control systems into all schools.

By all accounts, technology development is moving at a rapid pace in today's markets, including the physical security industry. However, market uptake of the newest technologies may lag, whether because of a lack of clear communication or not enough education of potential customers. We asked this week's Expert Panel Roundtable: How can the industry do a better job of promoting emerging technologies in physical security environments?

In today’s world, almost any electronic security system holds the potential to become a gateway for cybercriminals. With physical security and cybersecurity increasingly entwined, security professionals aren’t doing their job unless they take all possible precautions to lock down unauthorised access to camera systems, access control platforms, intercoms, and other network-based security devices and solutions. Let’s explore the many steps companies should take throughout their security technologies’ lifecycle – from choosing a vendor all the way through device decommissioning – to avoid making the common mistakes that leave systems, and the networks they reside on, vulnerable to attack and sabotage. Prepurchase phase: Laying the groundwork for cybersecurity 1. Conduct a Vendor Risk Assessment IT departments often rely on the same Vendor Risk Assessment criteria they use for evaluating IT equipment manufacturers when considering the suitability of physical security vendors. While commonalities exist between how to assess these disparate solutions, there are also differences that require distinct scrutiny. For example, device endpoints within physical security systems run on custom Linux Kernels and therefore do not utilise standard Linux distributions like Red Hat, Ubuntu, or Debian. IT divisions often rely on the same Vendor Risk Assessment criteria they use for evaluating IT kit A comprehensive evaluation should examine how each security solutions manufacturer handles its software development life cycles. Ideally, vendors should adhere to a recognised framework when developing both their platform management and device-specific software. In 2021, Executive Order 14028 made it a bit easier for companies to evaluate vendors by providing guidelines for evaluating software security, the practices of the software developer, and methods to demonstrate conformance with secure practices, specifically referencing the NIST SP 800-218 Secure Software Development Framework. In short, a good vendor should have documentation that explains everything it’s doing to address cybersecurity from development, through releases and ongoing maintenance. 2. Obtain Software Update Schedules The frequency with which manufacturers update their software varies. Each company is different. If you’re their customer, it shouldn't matter whether the vendor schedules updates every six months, three months, or more often than that. What does matter is that you know what to expect and have a plan for how to deal with that reality. For example, if updates only occur every six months, under what conditions are patches released to address vulnerabilities that emerge between updates? Customers must understand how often they'll be updating the software on their devices and ensure they have the resources to make it happen. Make sure stakeholders agree, upfront, who will be performing the software updates. Will it be the integrator who installed the system, the physical security system staff, the IT team, or the end user? Keeping an entire system current is a huge challenge, but a non-negotiable responsibility. Manufacturers who don't issue frequent releases and patches put the onus on customers to handle mitigation efforts on their own. In these instances, IT departments must be prepared to employ network segmentation, firewalls, security whitelists/blacklists, and other methods to protect their systems until a patch is released. If a company's security team has typically updated firmware only when something breaks, these additional responsibilities most likely require greater collaboration with IT departments and a shift in how security systems are managed. 3. Know the Warranty Terms and Duration of Software Support Organisations should understand the warranty policies for the devices they purchase Organisations should understand the warranty policies for the devices they purchase. Even more important is knowing when a device's software support will expire. Software support should extend well beyond hardware coverage. For example, if a camera has a five-year hardware warranty, customers should reasonably expect an additional five years of software support. When that period ends, companies must plan on replacing the device – even if it still works well. Without software updates, the device lacks vulnerability support and becomes too risky to remain on the network. Manufacturers should be transparent about their warranty and software support policies, helping organisations plan for device replacements that align with cybersecurity needs. 4. Request a Software Bill of Materials (SBOM) During the pre-discovery process, customers should request a Software Bill of Materials (SBOM) that provides a detailed inventory of the software running on each device, including open-source components. By revealing what software is "under the hood," the SBOM allows IT departments to be vigilant in protecting the company's systems from exposed vulnerabilities. For example, a customer should understand how Transport Layer Security (TLS) is being handled to secure a security solution's web server if it’s an open-source component like OpenSSL. 5. Assess Vulnerability Disclosure Practices CNA manufacturers represent the gold standard in cybersecurity practices Understanding how a manufacturer handles vulnerabilities is essential. Ideally, they should be a Certified Naming Authority (CAN) and report common vulnerabilities and exposures (CVEs) to national vulnerability databases such as NIST and MITRE. Doing so automatically includes any disclosed vulnerabilities associated with their devices in vulnerability scanners' databases.  CNA manufacturers represent the gold standard in cybersecurity practices, but most security manufacturers do not reach this level. At a minimum, the vendors you choose to work with should have an email notification system in place to alert customers to new vulnerabilities. Remember – email notifications are only as reliable as the employees managing them, so investigate whether the manufacturer has a strong track record of keeping up with such communications. Ask to speak with customer references who have been using the solution for an extended period to ensure the vendor is diligent in its communications. Configuration phase: Ensuring a secure setup 1. Use Hardening Guides Once a device is purchased, configuring it securely is the next critical step. Manufacturers should publish hardening guides that detail the security controls available for their products and recommended practices for implementation. Between the features offered by the vendor and your company's own cybersecurity policies, make sure all possible encryption options are activated. Using HTTPS is vital for ensuring secure communication with devices. Many physical security devices default to HTTP to accommodate customer-specific network topologies and certificate management. Failing to implement HTTPS can leave sensitive metadata unencrypted and vulnerable to interception. 2. Consider Advanced Encryption Protocols Protocols are necessary to protect video data in transit from cameras to the VMS Some solutions offer built-in encryption protocols, like MACsec, which makes it impossible for data to be compromised as it is transmitted over the network. HTTPS is still necessary to secure the connection to the devices’ webservice, but while customers set up and configure their devices, MACsec will keep network data safe. Additionally, if you want to encrypt video streams, consider protocols such as Secure Real-Time Transport Protocol (SRTP), which secures the transmission of audio and video data over the Internet, or tunnelling methods like Secure Socket Tunnelling Protocol (SSTP), which encapsulate data packets for safe transmission between two points, even if the network is insecure. Such protocols are necessary to protect video data in transit from cameras to the Video Management System (VMS). Encryption should also extend to the VMS hard drive where video is stored. There are different methodologies to do that, but ultimately the goal is to encrypt data in transit and in storage. 3. Implement Remote Syslog In the case of a breach, each device maintains a set of logs that are useful for forensic investigations. However, if a device gets hacked, its log may not be accessible. Best practices dictate that companies should set up a remote Syslog server that maintains a copy of all device logs within a central repository. In addition to providing redundant data for investigations, a Syslog offers IT systems an efficient way to look for anomalies. Cybersecurity teams will receive immediate notification for events like unsuccessful login attempts so they can quickly figure out what's happening. Who is trying to log in? Why on that particular device? 4. Practice Healthy Password Hygiene Ideally, organisations should move towards using Active Directory or Single Sign-On (SSO) solutions One of the most basic and yet overlooked aspects of cybersecurity is the failure to manage user accounts meticulously. Many organisations use the same username and password for all security devices because it's simply too cumbersome to manage a network of devices in which each requires a separate, unique login. It's assumed that the system's primary administrators are the only ones who know the universal password. However, the system becomes vulnerable if anyone within this select group leaves the company and the password isn't changed or deleted right away.  Ideally, organisations should move towards using Active Directory or Single Sign-On (SSO) solutions. This approach ensures that employees throughout a company are each assigned a unique login credential that they use for any systems they use throughout the organisation. When they leave, their passwords and access are universally terminated along with their accounts. If SSO is not an option, regular password changes and prompt account deactivation are critical. Decommissioning phase: Securely retiring devices At some point, physical security devices will reach the end of their useful life. When that time comes, companies must take care in how they dispose of their devices. A good vendor will provide guidance on how to clear memory chipsets and restore factory defaults. Improper decommissioning can lead to severe risks. For example, if an improperly decommissioned device is sold on the secondary market or retrieved from a dumpster, an attacker could gain access to sensitive network configurations and use this information for malicious purposes. Conclusion Deploying physical security solutions involves more than just securing buildings and assets; it also requires robust measures to protect against cybersecurity threats. From assessing vendors and understanding update policies to configuring devices securely and managing decommissioning processes, each step presents potential pitfalls that, if overlooked, could expose organisations to significant risks. By incorporating the techniques discussed into their deployment protocols, organisations can ensure their physical security solutions provide comprehensive physical and digital protection.

The Internet of Things (IoT) has revolutionised many industries, including physical security. By connecting physical devices to the internet, IoT technology offers significant enhancements to security systems. Benefits include real-time monitoring, remote access, and the utility of new devices such as temperature and humidity sensors. At the same time, IoT devices come with challenges, including greater cybersecurity vulnerability. We asked this week's Expert Panel Roundtable: How is the Internet of Things (IoT) impacting the physical security marketplace?