Convergence Q&A: Digital Transformation

Dec. 16, 2022
Use your company’s Digital Transformation initiative to achieve significant physical security risk reduction.

Q:        My boss asked me if Security had considered participating in the company’s Digital Transformation initiative. What does she mean?

A:        She is asking if Security can utilize information systems technology to (1) encourage collaboration and improve communication, (2) increase agility (ability to change and be flexible), (3) eliminate human error, and (4) increase operational efficiency and effectiveness.

The four objectives listed above are among the top objectives for corporate digital transformation, whose basic purpose is to transform the capabilities of a business – or a business unit – through the use of information technology and data.

Solving Physical Security’s Critical Weak Points

The primary objective of physical security is to reduce physical security risks to acceptable levels, at an acceptable cost, in a manner harmonious to the business. Yet there are a handful of high-liability security risks – which remain unquantifiable in any meaningful way – that could only be weakly addressed until now, due to the state of technologies. New technologies are changing that picture, and this column provides two examples of digital transformation projects that for the first time resolve long-standing security and safety technology shortcomings.

First Responder Communications

For more than 50 years one of the highly challenged areas of security and safety is an effective response to emergency and crisis situations, both human-caused and natural disaster based.

About 20 years ago – in the aftermath of 9/11 – it became obvious that first responder communications capabilities were unacceptably insufficient for large-scale crisis response. Thus, FirstNet (www.firstnet.com) was created, the first nationwide communications network dedicated solely to public safety. It enables law enforcement, fire service, and EMS to do their jobs safely and effectively.

Private Security and Safety Response

In many facilities security and safety personnel have depended on WiFi and hand-held radio communications that have not provided 100% coverage where needed. WiFi was initially developed for close-range communications of computer devices typically used in offices and homes, such as laptop and desktop computers, smartphones, tablets, printers, TVs, and wireless speakers. Its access points work well up to about 66 feet, with a few claiming a range of several hundred feet outdoors. Now, the kind of technology that built FirstNet has been further advanced and is available for private use.

Private Communications

Over the past two years, Nokia (www.nokia.com/networks/private-wireless/) has developed the world’s first 5G LTE private wireless network, with equipment that provides high-speed highly-reliable communications capabilities with military-grade security, that can scale up to any size warehouse, factory, port, or utility landscape.  A comparison between WiFi and Private LTE highlights its value.

A typical 500k sq. ft. wireless LAN warehouse deployment would require 49 WiFi access points and 9 IDF locations and cost about $0.65 per sq. ft. Using Private LTE, that same warehouse would require only 10 access points and 3 IDF locations at a cost of about $0.35 per sq. ft. This kind of technology is worth examining for safety and security use in large facilities and landscapes where traditional radio technologies don’t provide 100% coverage or have a higher cost.

Replacing spotty, weak or no communications capabilities with 100% reliable cybersecure communications can be a digital transformation project with high benefits for safety, security and business operations. Furthermore, outdoor robotics companies like SMP Robotics (smprobotics.com) are teaming up to ensure full communications capabilities in parking structures and large outdoor terrains.

However, it takes more than high-speed highly reliable communications to be able to effectively respond to emergency and crisis situations.

Agile and Scalable Emergency and Crisis Response

Planning for business emergency and crisis response (often labeled business continuity and disaster recovery planning) has gone through three stages already: paper documents (in binders sitting on shelves), electronic documents (PDF files and web pages), and applications (both client-server and cloud). All have required training and drilling. However, often training and drilling do not closely match the emergency or crisis that unfolds, and the infrequently trained and drilled actions aren’t automatically called into play under the high stress of actual events. The fact that planned-for situations don’t always unfold as planned prompted Dwight D. Eisenhower, Supreme Commander of the Allied Expeditionary Forces in Europe during the Second World War and later U.S. president, to state, “plans are worthless, but planning is everything.”

The act of emergency and crisis planning – identifying and describing potential harmful events and considering what would be required to prevent or minimize their harmful impacts – allows us to give our organizations the best starting point for response to a threat that materializes on a near or far horizon. Now that mobile devices (smartphones, tablets, etc.) are ubiquitous, everyone impacted by an unfolding situation can be kept up to date in real-time as to their individual situation and how to protect themselves and others. However, that would take cloud-based applications that are far more configurable, scalable and usable than traditional emergency response applications have been.

Modern Emergency Response Application Requirements

Emergency response plans must be easily updatable. Each individual with a responding or self-protection role needs a playbook to follow and must be able to revise it as required (without losing the original) to fit unfolding events. The application must provide a common operating picture (COP) that is a continuously updated overview of the incident compiled throughout the incident's life cycle from data shared between emergency management, individuals executing their parts of the response plan, and those with self-protection roles – plus data obtained via social listening and risk monitoring services. It must enable situation reports that can flow into the COP for true real-time situational awareness.

It must be a lightweight application that is easily accessible via existing services used by the organization (such as Microsoft Teams, Slack, ServiceNow and so on) without placing any data inside those services, so as to maintain the confidentiality, integrity and availability of data and application functionality. It must support and enable the best practice workflows and actions of Environment, Health, Safety, Security, and Corporate Communications – enabling their leaders to manage the response realms that are within their scopes of responsibility – while subscribing to the overall incident command or crisis management structure that is the framework for response and situation management.

It must provide timestamped records of actions taken and communications given and received, including all modifications and elaborations to response plan elements, such as role and task assignments, polls launched and answers received, checklists issuance, notifications issued, and action progress. It must enable generation of after-action reports. It must also support table-top drilling of all or part of a response plan, including COP generation and after-action reporting.

This is no longer pie-in-the-sky thinking. At least one such application does exist, In Case of Crisis 365 by RockDove Solutions (www.rockdovesolutions.com).

As technology continues to advance, including its affordability, keep a watchful eye out for cost-effective solutions that can significantly improve the security effectiveness of your organization. These are likely candidates for Security’s participation in your organization’s Digital Transformation initiative.

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders.He is the author of the Elsevier book Security Technology Convergence Insightsavailable on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and is a member of the ASIS communities for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.

© 2022 RBCS

About the Author

Ray Bernard, PSP, CHS-III

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (www.go-rbcs.com), a firm that provides security consulting services for public and private facilities. He has been a frequent contributor to Security Business, SecurityInfoWatch and STE magazine for decades. He is the author of the Elsevier book Security Technology Convergence Insights, available on Amazon. Mr. Bernard is an active member of the ASIS member councils for Physical Security and IT Security, and is a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).

Follow him on LinkedIn: www.linkedin.com/in/raybernard

Follow him on Twitter: @RayBernardRBCS.