Physical Security Interoperability for Federal and Local First Responders
The Federal Protective Service (FPS) is the federal agency charged with protecting and delivering integrated law enforcement and protection for more than 9,600 facilities nationwide. FPS is divided into 11 regions, with regional headquarters that are located in metropolitan areas across the country. There are approximately 200 field offices and 11 Mega Centers that provide responses to over 534,000 calls for service for law enforcement and public safety annually.
For the U.S. Department of Homeland Security (DHS), limited interoperability and compatibility of video surveillance systems across first responders and emergency management personnel creates significant challenges and impairs the mission objectives of the agency to protect its facilities and occupants. The General Accounting Office (GAO), concluded that a significant number of their video management platforms were obsolete and unsuitable for the law enforcement and public safety operations needed to provide adequate situational awareness to protect its facilities and occupants.
These deficiencies resulted in unnecessary cost, man-hours, lost productivity, and vulnerable security gaps. These findings not only highlighted significant deficiencies in the current use of technology, but also impaired FPS future mission objectives from being able to adapt sophisticated integrated video management platforms that could mitigate risks, automate manual processes, increase officer safety, situational awareness, information sharing and the collaboration across other agencies.
In 2013, the Federal Protective Service recognizing these deficiencies and seeking to overcome these challenges understood that the “the cloud” was the best strategy for transmitting video to remote internet connected data centers. Doing this would increase availability and access to once localized video, achieving operational effectiveness and force multiplication by providing FPS dispatchers with the ability to provide video verification in advance of dispatching municipal law enforcement, medical, fire, and other emergency personnel, and reducing false alarms, which accounted for as much as 85 percent of all calls.
The integrated solution, known as Credentialed High Assurance Video Encryption (CHAVE), was a video encryption model technology that could be introduced into pre- and post-manufactured products using a cryptographically secure mini-or micro SD card “smart chip”. This device was capable of managing digital certificates and credentials used in high assurance mission critical applications such as law enforcement and military/defense applications.
Recognizing the FPS’ need for an integrated solution based on a secure communications framework that was also resilient against attack or breach by hackers, Bosch Security Systems, Inc., entered into a technology partnership with SecureXperts, Inc. to integrate its internet protocol (IP) and high definition (HD) cameras and Intrusion Detection Systems (IDS) portfolio with SecureXperts’ trusted digital certificate based authentication, signing and encryption technology.
Federal Protective Service Director Eric Patterson understood the immediate benefit that the solution offered, as the technology could be developed into new and emerging technologies, or retrofit in existing technologies through the use of a Secure Digital or Micro SD card, which are currently available on most IP digital cameras. The deployment of this technology, and leveraging the use of existing technologies, figures to reduce implementation and installation cost, in addition to providing upgrades instead of costly replacement of Bosch IP cameras.
Floyd Jennings, Program Manager at the Federal Protective Service Physical Security Training Academy, said that limited interoperability and compatibility of video surveillance and intrusion detection systems (IDS) significantly limited the operational efficiency of dispatching of emergency personnel when needed. The integrated solution provided by Bosch and SecureXperts, which is in operation at the Academy, met the high level goals and objectives needed to provide the first responder community secure interoperability.
How the vendors worked together
The FPS Physical Security Training Academy, located at the US Department of Homeland Security Federal Law Enforcement Training Center (FLTEC) in Glynco, Ga., collaborating with industry partners SecureXperts and Bosch, concluded that not only Federal agencies, but municipal organizations as well, have been compelled to introduce stronger methods of authentication and encryption for IP connected devices. Factors like increased levels of sophistication involving cyber-crime, successful exploitation of rogue malicious cyber-attacks, and the inability to protect IP connected devices used for physical/logical systems (including video surveillance cameras) from interception by unauthorized sources, have been concerns.
Bosch, SecureXperts, and the Federal Protective Service entered into a joint development agreement that saw the SecureXperts information security analysts and engineers implement the strongest level of government approved cryptographic key strengths available (4096 bits) into Bosch cameras used for video surveillance applications. The Bosch firmware team developed the compiled libraries and application protocol interfaces containing the “smart chip” that prevents cyber security threats and malicious attacks against the IP camera and video surveillance systems used by both Federal and municipal agencies -- especially areas in such high-profile sectors as transportation, medical, energy, and other critical infrastructure.
FLTEC sponsored two demonstration events for various branches of DHS, who concluded that this solution resolved many issues concerning physical security interoperability with border protection, executive security, and other protective services missions where situational awareness and cyber security were critical elements to mission objectives.
Why it is Innovative
By storing video securely in a cloud hosted environment and meeting stringent NIST cybersecurity framework requirements, the implemented solution is expected to provide a more standardized, integrated, and efficient national information technology solution that figures to strengthen national preparedness and emergency response capabilities.
This groundbreaking solution resolves prior challenges that prohibited wide-scale adoption based on bandwidth limitations and information security concerns. Moving to a more event-driven methodology rather than the storage-heavy solution of non-actionable video has eliminated these challenges. The CHAVE technology represents a cost savings of up to 40 percent through the elimination of site-specific servers and digital video recorders, and promotes centralized administration and access that is securely maintained off-premises.
This innovative project has the ability to save hundreds of millions of dollars and redistributes significant manpower resources used in federal government facility protection, citywide surveillance applications, and protection of the nation’s critical infrastructure. It also provides these additional benefits from a cost perspective:
• Existing cameras deployed at FPS to manage facilities can be easily retrofitted to work with this technology, using analog to digital encoders that capture analog camera video feeds and digitizes them prior to secure transmission to cloud data centers.
• Using CHAVE technology, law enforcement can now remotely and cost effectively, connect into geographically disparate locations to obtain secure video verification of events and incidents, providing situational awareness, insuring security and promoting officer safety.
CHAVE is also able to employ the security technique known as public key infrastructure (PKI) for encryption authentication and digital signature capability. SecureXperts’ CHAVE technology possesses military grade encryption strengths (up to 4096 bits) that make it virtually impossible to hack the secure cameras -- even with the use of government and nation-state owned computers. Other technical innovations include:
• The encryption process encodes messages and information so that only authorized parties can read it. The authentication process uses smart card technology and credentialing for both the end user (person entity), and the camera device (non-person entity). The encryption process encodes messages and information so only authorized parties can read it.
• The authentication process uses smart card technology and credentialing for both the user and the cameras, eliminating username/password combinations, which are inherently the weakest link hackers exploit.
• The digital signature process uniquely ensures that the images rendered by the cameras have not been manipulated, tampered with, or altered during transmission or storage. This preserves the integrity of the video for legal and/or investigative purposes.
• As the system is scalable to near infinite proportion, the trusted systems environment protects the integrity of the information, and chain of custody to where the video image authenticity cannot be refuted. By using these high assurance cameras, the Federal government and security conscious organizations, as well as integrators that support them, there is a high level of assurance that the images captured are authentic and can only be accessed by designated viewers.
Another key innovation derived during this project requires multi-factor authentication “smart card” access by users responsible for configuring IP cameras or viewing/archiving live video feeds in the FPS cloud hosted environment. This eliminates “anonymous” viewers or unauthorized access. The operational and management innovations include:
• If a user’s smart card has been lost or stolen, his/her ability to connect to the video management infrastructure can be immediately revoked.
• If a camera is stolen or the facility where the video management system is breached, the camera’s digital certificate or credential can also be revoked. The camera’s capability to transmit live images over the video management infrastructure is terminated.
• The solution can also be extended to systems in other time zones due to the system’s ability to synchronize cameras using atomic time clocks that assert the time accurately, including time stamping storage, and retrieval times of video surveillance data.
Article Contributors & Notes: US Department of Homeland Security Federal Protective Service- (end user that ordered the project); Bosch Security Systems, Inc., (Manufacturer); SecureXperts Inc., (Security Professional). this case study was a 2014 submission for the STE Security Innovation Awards and was an awards finalist.