Video surveillance was once the exclusive province of physical security; operators looked at multiple video screens, each displaying the field of view of a single video camera, to monitor for security incidents. But increasingly, the charge of fully securing an organization's assets requires a larger number of cameras with multiple viewers of the video information.
As these systems add more video to be watched, there becomes a need to use IT style analysis tools to help sort through the myriad of incoming video to find potential threats. With that, CSOs find themselves required to integrate a key physical security solution, video surveillance, into overall IT security. While this means understanding what video surveillance can and can't do, it also reveals the need for education on evaluation criteria for video surveillance solutions and an understanding of what else can be done to improve existing systems.
Move from Algorithms to Learning
The advent of video analytics software now makes it possible for computers to “read” the output of video cameras and automatically send out alerts when abnormal behavior is detected. Initial systems tended to be small — 10 to 12 cameras, six-month implementation cycles, were unable to be improved or expanded once installed, and did not necessarily add much value, since they were only being programmed to alert on one type of behavior. For example, one organization deployed a system to detect car break-ins during the night in a restricted parking lot. The system reported one incident (police officer who stopped to check the lot) in 18 months. It is difficult to justify the cost of an expensive system that only provides one or two valuable pieces of information in 18 months.
It has proven challenging in video surveillance systems to program a rule for every single unusual activity, but as a natural next step, organizations will require a system that works similar to current products currently in use in IT departments to detect abnormality in network data streams. Various tools have emerged that not only “see video better,” but also analyze the digitized output of video cameras in real time to learn and recognize normal behavior, and detect and alert on all abnormal patterns of activity without any human input.
Organizations may find the move from algorithmic and rules-based systems to a learning technology a helpful next step to improve a video surveillance system. The key to successful surveillance is learning normal behaviors, so that suspicious behavior can be detected to help predict, and prevent, future threats. By filtering out everyday activity, learning technology can help focus security personnel on unusual activities, which helps to raise organizational awareness and decrease response time to potential threats.
Scalability Is Key to Success
A video analytics technology capable of learning relies on computing power, which requires organizations to ensure that all elements of the system have the potential to scale to meet the needs of even larger video surveillance operations. Scalability is crucial; the sheer amount of video surveillance now being deployed is staggering. In London, there was an estimated 4.2 million closed-circuit TV cameras in June 2007.
Manual operations are expensive and limit the effective scalability of the system; if the video surveillance system cannot scale, the set up could require the hand calibration of each camera when it is set up and hand tuning to define security zones. Scalable systems will allow the video surveillance system to add cameras and video fields over time so that as an organization grows, its video surveillance system will grow with it. Over time, organizations expanding their video surveillance deployments over large areas will look to solutions that can self-calibrate rather than require manual programming. Organizations deploying video surveillance will also need an enterprise-class architecture that can scale in order to manage all the hardware and servers necessary to analyze the video.
Vendors can multiplex all the digitized video streams coming from the cameras into a video concentrator device or onto network video storage. Most of these solutions provide some recording capability and centralization of control to limit the total electronic real estate used by the video surveillance deployment.
Compatibility for Multiple Video Technologies
But once the video streams are concentrated or stored, what happens next? A level of compatibility is required if the video analytics solutions need to transmit video streams to an analytic engine so that different types of applications can consume and process the video. The more scalable video surveillance systems embrace open non-proprietary video standards, using network protocols such as Real-Time Streaming Protocol (RTSP), so that they can publish the video to as many people as possible.
Getting the video stream into an open standard for distribution can be a problem. Every camera manufacturer has a proprietary format or protocol for moving data. This did not matter with traditional closed-video surveillance systems, because only one vendor was needed for the entire solution. With analytics-based solutions emerging today, this requires a move to more open systems that will enable IT to select best of breed analysis technologies, and perhaps to run analysis technologies from a variety of vendors in order to meet their growing requirements. The video processing equipment must be compatible with the video viewing and video storage equipment. Without proper planning, this can result in duplicate purpose equipment, in which it is necessary to buy open-standards video processing equipment that runs in parallel with proprietary equipment.
As systems become more complex, it becomes more important to be able to buy compatible products from best-of-breed vendors. Even though some video surveillance vendors attempt to be one-stop shops, the customer's need for scalability and compatibility will drive the move away from proprietary camera systems to standards-based solutions. The innovation occurring in video analysis happens quickly, and the need to deploy these innovations is critical. With so much innovation and demand for deployment, it is critical that open standards be used to allow for maximum compatibility.
Digitized Video and Security
Today, a full video infrastructure includes cameras, viewing stations, video storage and recall, video analytics, and analytic processing. It may include remote monitoring or publishing video to remote locations, and it may require encryption of the video stream. Video isn't just video any more. Video is data; data that enters the realm of IT. Like any other type of data, digitized video must be analyzed, shared, transferred, archived, searched, and more. This makes it even more crucial for video surveillance systems to comply with open standards, since they are essential to getting the most value from the data.
With video surveillance as a data technology, security personnel will have to handle video data just like any other data. Video data will have to be integrated into the data security infrastructure, electronically signed to prove it has not been tampered with, tied into the IT infrastructure's existing permission and security systems so security can control who views it, and encoded for transmission. Incident manage — when the video surveillance system sends an alert, security personnel will need to enter comments about what actions they took to mitigate a risk or handle a security event and provide audit trails. And of course, the video data must comply with industry standards if it is to be integrated into the security infrastructure.
Joint Standards Efforts
Today, standards efforts for video data are still in their infancy. Vendors have formed standards boards without actually talking with one another. Vendors and standards bodies are just beginning to look at enacting guidelines for how to plug different parts of different technologies together: How data will be transmitted, how video streams will be encoded, and so on. But these efforts are splintered.
True interoperability, however, is usually not achieved via vendor-driven organizations. Interoperable, large-scale video surveillance solutions will only be achieved with the participation of end-user organizations. By insisting on standards and compliance the industry can work towards a video surveillance solution that will be valuable and accessible to the CSO and the larger security landscape.