In this month’s interview, Genetec’s Pierre Racz synthesises past, present and future into a constant governed by technological possibility, operational imperative and a hybrid morality that could bring trust to the relationship between humanity and artificial intelligence.
JA: In terms of the VMS market itself – it seems the leading players are more clearly defined, and some players are fading away. Would you agree with that?
PR: Up to a certain point the basic video recording functionality is commoditised, what’s not commoditised is the reliability with which that functionality can be carried out. Regardless, there will always be at least 3 competitors in any market. So, yes, the market is fragmented but is becoming less fragmented.
JA: What in your opinion are the major VMS trends of the moment?
PR: The first trend group is cyber security – strong authentication and password single sign on, zero trust architectures that are replacing perimeter-based protection architectures and dynamic authorisation policies.
Next, there’s an architectural paradigm shift towards hybrid computing and workload mobility, so workloads should be able to move between the cloud and on-premises seamlessly – people are starting to understand what we mean by convergent architectures and software defined networking.
Another major trend is accountability and governance. People are becoming more accountable for the stewardship of the infrastructure, so if they are sloppy with their computer systems and the bad guys launch attacks using those computer systems, we are holding companies and executives accountable for the harm people do using their equipment.
There’s new interest in reliability engineering, which is a good trend, because a lot of infrastructure is so flaky. Finally, there’s a trend towards an AI winter – having hit the peak of the hype cycle, we’re now going to head for the trough of disillusionment.
A trend we are noticing is that people are starting to want to share video information peer to peer. For instance, 2 adjacent businesses will keep an eye on each other and might opt in to share that information with law enforcement. Our Project Greenlight in Detroit is an example. Chicago Police offered to monitor cameras installed by businesses that were open at night using our Stratocast technology. In return, the business can display a green light that tells its customers the business is part of the Greenlight initiative. One business refused to buy a camera system required to take part in Project Greenlight and the businesses around crowd sourced funds to buy the system. Citizens and business want police keeping an eye on them and with good reason – within 6 months violent crime rates had gone down by 48 per cent.
JA: End users definitely have an appetite of operational outcomes using AI, don’t they?
PR: When users are looking for quick-fix solutions, shortcuts, they can wind up in a situation where they have given themselves a false sense of security and created an unwarranted invasion of privacy. Beware of systems that work best when you need them the least. Facial recognition systems work really well for tracking people going about daily business because they are not using counter measures to avoid being identified, but the people you do want to track may be.
JA: What impact would you say the COVID-19 epidemic has had on the Genetec business? How are your customers reacting, what are they asking of you, what do they most need?
PR: We were able to engage our business continuity plan and we hit 95 per cent operational capability in less than 12 hours – the last 5 per cent was related to shipping and supply chain issues which we have addressed. We activated contingency plans seamlessly from the perspective of our customers. We have also responded to specific feature requests from customers that we fast tracked for our public safety and healthcare customers and we made them available free of charge.
The most notable is the Contagion and Contaminant Proximity Report we recently announced and is being used, for example, at an alternative hospital built at McCormick Place in Chicago. We also repurposed an internal application we use in our employee cafeteria to scan/swipe to pay for meals and snacks into an honour system dispensary for personal protection equipment for healthcare customers. We now have a customer in Canada using this to manage and track access to precious personal protective equipment.
There has also been a change in the nature of our support activities. In particular we have noticed that our customers are doing more maintenance tasks and it seems that maybe because of self-isolation our customers are less time poor and are trying to trouble shoot problems themselves – that’s an interesting change. Certainly, the whole Genetec team is motivated and engaged to help the people who put their trust in us.
JA: The market has been a little bit behind Genetec’s solutions – do you think the COVID crisis has woken enterprise operations to the importance of integration and the potential for centralised or remote management?
PR: Centralised management is only half of the equation – the other is construction of a hierarchical network of service providers both internal and external providers where the root provider will delegate some of its authority to different layers in that network. For that you need an architecture that supports both centralised and decentralised authority.
As an example, our product ClearID allows the central security team to delegate access authorisation decisions to the owners of the space – the person accountable for the operation of the server room is in a better position than the central security team to make decisions about who is allowed in that server room and under what circumstances.
Another example is that we have large federations of systems – Chicago has many separate organisations that have federated together with 2 centralised federations – with one being the Chicago Office of Emergency Management and the other one being the Chicago Police Department. In these situations, the authentication of people who access the system should be managed by the organisation which employs the person and is trusted by the rest of the federation to confirm their identity.
Meanwhile, the authorisation should be done by the people that control/own the resources and are accountable for the governance of the privacy of information of those resources. There can also be multiple organisations between the 2 organisations at the end so that the decision chain can modulate how authority is delegated. The answer to your question is that centralisation alone is not going to get you there. You need the centralised ability to delegate distributed authority.
JA: Face recognition – it’s increasingly popular – even police investigators are keen to get hold of facial IDs from public CCTV solutions. Is there a way we can do face recognition in a secure way that is not intrusive of privacy, or is it inevitable with such a technology that there’s a clash between information and privacy?
PR: Face recognition is the best example of a technology that works the best when you need it the least. There are really simple counter measures – a battery power headband with IR LED lights, for instance, which creates flare-so the person’s face is invisible to CCTV cameras. I think police are curious about face recognition technology and they see it as a shortcut when undertaking investigations in the face of ever shrinking budgets, but when they are held accountable for bureaucratic overreach, then the law enforcement community will change its mind.
A better use of face recognition technology is when the subject wants to be recognised – for example, second factor authentication. If you use it as your only factor there are ways to breach face recognition using 3D printing among other techniques.
JA: Blockchain – for many people it’s a nebulous technology. How could blockchain help security people enhance the cyber security of their applications?
PR: What makes blockchain nebulous is that people are confusing crypto currency use of blockchain, which seeks anonymity, with regular use of blockchain as a distributed reference system. Blockchain allows the identification of 2 files with the same content, as they have the same cryptographic name. This lets us have a completely distributed record system with increased resilience that cannot be tampered with.
A security system blockchain would be highly authenticated and encrypted, so you have a much higher sense of the confidentiality and integrity of content. In such blockchains you can store multi-media, system logs, configuration information, decisions and events. If you look at the Genetec Clearance investigation management system, it’s actually a blockchain used to securely share digital evidence while ensuring the proper chain of customer protocols is respected.
JA: Where are we at with compression technologies? H.265 still has some evolving to do – is there anything new on the horizon, or will we continue as we are?
PR: I would disagree that H.265 hasn’t evolved – H.265 is a snapshot of the state of our technology in time. When thinking about compressions, let’s make the distinction between lossy and lossless compression. Some files like Zip, are lossless and cannot be further compressed when redundant information is removed without throwing away information. But we can throw away information that human perception will not notice. For instance, our colour perception is less acute than our greyscale perception. So, we can get reduce some colour information when we compress files. Another thing we can trade away is the size of data against the size of computing effort.
This is what H.265 has done – it has achieved higher levels of compression, but it costs more computer time to compress and decompress it. As computer chips get faster, we will be able to have another level of compression that trades off compute time for compression ratios. Of course, compute time has a price in power/battery consumption. Another trade-off we are able to make is the cost of compression vs the cost of decompression. Again, you might have a standard that costs more to compress, but if that’s done in a central server that is powered by mains, no problem, and if it’s decompressed by a battery appliance – well, that’s what will drive the evolution of compression in the future.
JA: From the point of view of Genetec – what impact might 5G have on solutions – for instance, a federated solution with multiple end users bringing systems together?
PR: What 5G is going to bring is millisecond latency vs hundreds of millisecond of latency in wireless networks. There will be an increase in bandwidth and throughput which will change the nature of applications we use, but the thing that is going to be most noticeable will be lower latency. This is not going to affect the applications we use today, as Genetec solutions can live with existing network latencies. But what we are going to see with 5G is that once we have lowered latencies, we will be able to use wireless technologies for new applications – it will give customers new and interesting options.
JA: From a Genetec point of view – and you’ve been doing networked solutions for a long time – does the team notice networks are more stable, more secure, more capable? Do you feel we are getting there in terms of the underlying infrastructure, the ability to roll out the best networked and cloud solutions?
PR: Let’s start with reliability. Networks have become more idiosyncratic. Before, we had networks that had predictable behaviour as we were talking to an Ethernet. Now, not only are we talking to weird wireless networks but to virtualised software networks that have absolutely flabbergasting behaviour. So, in that sense, we need to be able to work in an environment which has bizarre behaviour and do so in such a way the end user doesn’t notice the weird things the network is doing.
If we’re talking about security, I don’t think networks are more secure than they have ever been. What comes to mind is that the mega-cloud providers like Microsoft give their customers better network security than is found in a lot of enterprise environments. It’s also true that the most-used way to break into a system is social engineering – phishing. Many people send unencrypted email almost like a postcard in the physical mail and don’t realise email is readable by everyone. In the case of a postcard, few people have the opportunity or means to read it, whereas with email, any actor, state and private, with the means and motivation can read it.
Going further, IoT devices have firmware with vulnerabilities and they are easily hackable by script kiddies. Once a hacker takes control of an IOT devices inside your firewall they have an ideal platform to attack your network. Another example of vulnerabilities is hackable CCTV cameras that facilitate access to data networks. And there used to be a thing called war driving, were hackers would go around in cars looking for unsecure Wi-Fi networks. Now there’s an updated version called war mailing – the attacker couriers a disposable cell phone with a pre-paid SIM card to a target organisation and while it’s sitting in the mail room, or on a recipient’s desk, the attacker establishes communication with the cell phone and starts hacking the target’s Wi-Fi and all this can be done on the other side of the planet.
So, I don’t think networks are more secure than they were 20 years ago, there are just different ways of breaking into them.
JA: For many integrators and end users it can be hard to understand the many ways in which a system can be open – there are so many vectors of vulnerability. Yet it’s vitally important they get across cyber security and apply solutions from end-to-end of a particular system – it’s a strength of Security Center – that ability to take a snapshot of a network and recommend fixes.
PR: There are 2 things here – the first is a system characteristic of failing secure. We will fail secure at the risk of incurring a support call when an end user upgrades their system in the future. But there are other software solutions that fail open when there’s an upgrade. Another part of the problem is that the executives are not being held accountable for their underfunding and misunderstanding of the importance of cyber security. As an example, if executives fail to properly manage company tax there is personal liability, but there’s no personal liability if executives mismanage cyber security and others suffer from their sloppy behaviour. Executives should be held accountable.
JA: What are the greatest threats facing the VMS market at the moment?
PR: The biggest risk is that these systems are becoming mission critical but were never engineered as if there would be. When customers put these systems in 10 years ago, they did not project CCTV, access control and automation solution would become mission critical – that it would become their eyes. Now many realise they did no reliability engineering around the system and yet they are operationally dependent on the system – unless resolved, that poses a major threat.
Another threat is system failure, which can occur for 2 reasons. One reason is random events, including operator errors, etc. The other reason is intentional malicious manipulation by third parties for fun or profit, so we should be very wary that what we put into a network, in terms of software and hardware. It needs to be from a trustworthy source – you want end-to-end encryption even of third- party cloud-based solutions. People don’t take that seriously – there are the means to listen to every unencrypted phone or videophone conversation and to read every email – people should not underestimate this threat.
JA: The world economy is going to take a hit from COVID-19 – notwithstanding that security is operationally vital, which makes the business somewhat recession-proof. Do you think a COVID-19 slowdown is something we will face and what sort of impact do you think will it have?
PR: I think a slowdown is a very real possibility, though it depends how we luck out. The sooner we can find a vaccine, the sooner we will be able to contain the damage.
There may be positives, too. COVID-19 may change the underlying principles of the way we do business – we might have to rethink our organising principles. We are at a deciding moment. COVID-19 might be the unwanted and unwelcome gift from the universe that propels us to choose generosity as the organising principle for the next 75 years not the gold standard that governed the last 75 years.
Alternatively, we might choose selfishness as the organising principle and that would be bad. If we choose generosity as the organising principle, you and I might be too old to enjoy it, but our children will be grateful. I hope COVID-19 propels us forward – maybe the silver lining to this cloud might be that people actually do become more generous and walk back their scepticism towards science. I hope it becomes important to everyone that there are some things that are closer to the truth than others and these are the things we should focus on.
JA: What pieces of functionality do you think will define the future – what will the operational focus of VMS be, what will users be hungry for?
PR: It’s stuff we’re all working on now – the ability to securely share video and multi-media between various parties – if I give my camera feeds to law enforcement no one else can see them, for example. In the past we had no control over such abuses but in the future, we will have fine control over how this technology is going to be used. In general, we are trying to implement Asimov’s Laws of Robotics: That a robot will not do harm or let harm come to a human; that a robot will obey all orders given by a human unless they contradicts the first law; that a robot will protect its existence unless its actions contradict the first 2 laws.
Now think of a body camera – it is the robot of the law enforcement person carrying it, it’s not the robot of the district attorney, or the robot of other people. It’s there solely to serve the person that wears it. This is what we will see in terms of recording multimedia for safety and security purposes. This robot belongs to the wearer and internet giants must not be able to find out what the wearer is doing by tapping into personal data. This concept is something we are working towards, believe me.
#securityelectronicsandnetworks.com
