Physical Security as a Service? It’s Time!

By David Strickland, Vice President of Kenton Brothers

Physical Security as a ServiceKenton Brothers Systems for Security has been in business since 1897. This year we are celebrating our 125th year! Over that time, we’ve seen our industry innovate and transform several times. Currently, we are at another crossroads of evolution and innovation.

Traditionally, organizations have developed and generated their own internal physical security teams… one person or policy at a time. As their needs grow, so would their team. This team worked hard to stay on top of the regulations required of them as well as the technology available to them to meet those regulations. They would enhance capabilities based on the threats they faced, and manage the risk the best they knew how.

Many of the systems internal security teams traditionally invested in have become more and more complex and even introduce new risks with the convergence of IT/OT security and physical security considerations. This pressure to keep up with modern technologies and the threats they bring has become a real strain on resources. This, coupled with a very low labor pool, has led to some great conversations with our customers.

The Need for Physical Security as a Service

Over the last two years, Kenton Brothers has been approached by companies and organizations from many different industries. They want to know more about what we offer to help support getting them out of this downward loop. We quickly noticed that many of these customers’ needs analysis meetings carried the same theme. “There just aren’t enough resources to go around. With current personnel levels, there’s just no way to cover everything correctly.”

After several interviews, the pattern appeared and these valued customers needed support in the following ways:

  • Physical Security as a ServiceAdministration of Access Control, IP Video surveillance, Intrusion Detection system
  • Hosting and Managing of Access Control, IP Video surveillance, Intrusion Detection system
  • Policy and Procedure creation
  • Personnel Training
  • Physical Inspections and Maintenance
  • Alarm Management
  • Cleaning and Repairing equipment
  • Firmware and End of Life Management
  • Forensic Discovery and Preservation
  • Technology Selection
  • Future planning
  • Red team testing

An additional question was raised. “Would Kenton Brothers be able to take over the day-to-day running of our systems?” The answer is YES.

Case Study

In one scenario, a customer was losing their System Administrator soon after losing their Director of Security. This left no one to manage their physical security systems. This company is in a highly regulated industry and wasn’t able to find a replacement internally or manage the system correctly on their own in the time given. With three days notice, we went to work supporting our customer. We also created operating procedures for the tasks needed to successfully manage the following areas:

Immediate:

  • Physical Security as a ServiceOnboarding and offboarding employees
  • Issuing credentials, assigning to user groups
  • Managing alarms and system messages
  • Preserving video evidence forensically
  • Running daily checks of access control and video Systems
  • Daily updates to system communications that are shared with IT and executive teams

Secondarily:

  • Working with IT and executive management to communicate the state of system
  • Create polices and procedures for new staff taking over
  • Inspecting system to determine firmware status and Cybersecurity risk

We were able to create a part time Managed Service Agreement (MSA) that dedicated three hours a day to our customer. The agreement allows for additional hours for special projects such as a new location being built that will need to be onboarded in the next few weeks.

At Kenton Brothers, Partnerships and Innovation are core values. Partnerships have to be WIN/WIN and this was definitely the case in this situation. The Innovation came when the company decided to change the position they’re trying to replace by keeping future duties in Kenton Brothers’ hands.

Physical Security as a Service? Yes. If that sounds interesting, we would love the chance to work with your team to explore the idea and what it could mean for your organization. Just give us a call!

Crime Prevention Through Environmental Design

By Kevin Whaley, CPP, Sr. Security Consultant at Kenton Brothers

Welcome to the first part of a multi-part series where we dive into the idea of Crime Prevention Through Environmental Design or CPTED.

How many parts? Yet to be determined. My objective with this series is to provide you with an introduction to CPTED with the hope that you will be able to consider these ideas and principles for your next security project.

Introduction

When it comes to physical security, most people tend to think of guards, video surveillance (aka “big brother”), alarms, fences with barbwire, etc.

That is the basic underlying impression that people get when they hear security. When I think of security, I think of onions. (That’s not an acronym for anything.) When I conduct a security assessment, I tell my clients to think of security like an onion. Why? Because security, like onions, should have layers. We also refer to these layers as “concentric layers of security” meaning that each layer builds off of the last to create maximum protection.

When developing a security plan, the goal is to create a “target shift” or target hardening. This means that you’re trying to make it as difficult as possible to defeat the security measures or increase the probability of becoming detected or being caught. Depending on conventional security measures like access control, video surveillance and security guards may have their limitations. Employing standalone security measures may fail to address the underlying behavioral patterns that may adversely affect the environment. That’s where CPTED comes in.

Crime Prevention Through Environmental Design

Crime Prevention Through Environmental DesignCPTED is defined as “the proper design and effective use of the built environment that can lead to a reduction in the fear and incidence of crime and an improvement in the quality of life.” In other words, a CPTED analysis focuses on creating changes to the physical and social environment, that may reinforce positive behavior, with the goal of reducing opportunities for crime that may be inherent in the design of the built environment. CPTED is a multi-disciplinary approach to deterring criminal behavior.

CPTED incorporates principles from:

  • Planning
  • Architecture
  • Landscape Architecture
  • Security
  • Facilities
  • Engineering
  • Law Enforcement
  • Legal/HR

CPTED design includes the physical design, social management and directives that seek to affect positive human behavior as people interact with their environment.

Depending on your organization’s industry, you may already have established design guidelines that have been set by a governing body, standard, or regulation. For example, FEMAs Risk Management Series: Site and Urban Design for Security (Guidance Against Potential Terrorist Attacks) FEMA 430, establishes guidance for government facilities but can be applied almost universally.

However, if your organization doesn’t have guidelines, there are many factors that you may need to consider during the planning phase.

These factors may include (but are not limited to):

  • Stairs and ramp design
  • Interior and exterior lighting
  • Parking lot designs
  • Landscaping
  • Doors and windows
  • Blind spots or “ambush” points
  • Building circulation patterns

When entering the planning and design phase, it may be beneficial for you to enlist the services of a security consultant with experience in conducting CPTED assessments to assist you in developing your plans. (That would be Kenton Brothers Systems for Security… :)

CPTED is based on 4 key overlapping concepts which we will dive into in greater detail in the rest of this series.

Crime Prevention Through Environmental DesignNatural Surveillance – the placement of physical features, activities, and people in a way that maximized visibility from the surrounding environment. This increases the threat of apprehension by taking steps to increase the perception that people can be seen.

Natural Access Control – Natural access control means controlling access to a site. People are physically guided through a space by the strategic design of streets, sidewalks, building entrances, and landscaping. This clearly defines entryways and guides personnel to specific entrances that are well lit and overlooked by surrounding areas.

Territorial Reinforcement – In CPTED it refers to the development of areas or places where the users feel a strong sense of ownership. It is an umbrella concept, embodying natural surveillance and access control principles. This establishes your territorial boundaries and provides the “line in the sand.”

Maintenance – Allows for the continued use of a space for its intended purpose. Serves as an additional expression of ownership. Prevents reduction of visibility from landscaping overgrowth and obstructed or inoperative lighting. Ensures that your security postures remain effective by reinforcing the concepts of natural surveillance, access control and territorial reinforcement. Displays that the site is regularly cared for and occupied.

CPTED can be a little overwhelming, even for seasoned practitioners. If you’re interested in finding out how CPTED can enhance your organization’s security program, or just want to learn more, please contact me. (Kenton Brothers’ local CPTED subject matter expert, Kevin Whaley, CPP.)

Does Your Physical Security Provider Understand BAA and NDAA Regulations for Federally Funded Projects?

By David Strickland, Vice President of Kenton Brothers

Commercial Security Trends: The Buy American Act and the impact on Federally Funded ProjectsWhether it’s the National Defense Authorization Act (NDAA) or Buy American Act (BAA),  the landscape of government regulations is changing quickly. Recently, the BAA is getting a lot of attention because of thresholds that the act has established for products used in federal projects or for federally funded projects. We’ve spent some time discussing the NDAA regulations previously in this blog. We will concentrate on the Buy American Act’s new rules in this blog.

BAA – What You Should Know

THE BAA  is intended to protect US manufacturers and utilize US goods and products first.

Buy American Act (BAA) Two-Part Test

The BAA uses a two-part test to define a domestic end product.
– The article must be manufactured in the United States
– The cost of domestic components must exceed 60% (2023) percent of the cost of all the components
This regulation is for all projects over $10,000

The final published rules make several material changes to the regulations of the BAA.

1) Increased domestic content requirements.

The final rule increases the percentage of domestic content necessary for a product to qualify as a “domestic end product” in compliance with the BAA. Currently, the BAA regulations require a product to contain 60%  domestic components to qualify as domestic. In 2024 these same products must carry a 65% minimum threshold and this will increase to 75% in 2029. So current products having 63% of the components sourced domestically are considered BAA compliant, but in a year that will no longer be true.

2) The Fallback Threshold.

The Buy American ActThe current regulations have a “fallback threshold” for products that meet the current domestic content threshold but not the increased thresholds. The Fallback Threshold will allow agencies to use the existing 65% domestic content threshold in certain circumstances. This would be possible if the agency determines that there are no products that meet the new threshold, or such products are of unreasonable cost. The fallback threshold expires in 2030, one year after the domestic content threshold increases to 75%.

The government does allow for an agency to deem a product critical and exempt it from BAA compliancy on a temporary basis if the price is unreasonable. Waiver applications will go through the FTA. So far, even products that are in the 20-30% higher range have been upheld and BAA compliance is required.

The government has yet to publish a standard for what is “unreasonable” so all exceptions to the regulation must be made through the waiver request process.

3) Removes the commercially available-off-the-shelf (“COTS”) exception. 

This was available during the pandemic to  lessen the burden on agencies trying to deal with the supply chain.

4) Established restricted countries of origin.

Cannot purchase or use supplies, material, or services originating in, transported from or through the following countries or entities:

  • China
  • Cuba
  • India
  • Iran
  • Iraq
  • Libya
  • North Korea
  • Sudan
  • The territory of Afghanistan controlled by the Taliban
  • Serbia (excluding Kosovo)
  • Entities controlled by the government of Iraq

The Buy American ActThese regulations have a direct impact on physical security projects that are federally funded or are purchased by a federal agency. These regulations effect the following components that a physical security integrator may be providing or installing.

  • IP Video Surveillance cameras
  • Network and Digital Video Recorders
  • Switches
  • Servers
  • Access Control Components
  • Mechanical and electrified locking door hardware
  • Doors and Frames
  • Metal Detectors
  • Turnstiles
  • Intrusion Detections Systems
  • Cable

Government regulations can be difficult to understand, and Kenton Brothers Systems for Security can help you navigate these regulations for your next project. We have suppliers that meet the BAA regulations and can fulfill your project with compliant materials. Give us a call today!

Why Drive a Model T When You Could Be Driving a Tesla?

By Neal Bellamy, IT Director at Kenton Brothers

Why Drive a Model T When You Could Be Driving a Tesla?When a mechanic looks at a car, he doesn’t see a specific brand, model or color. He really sees the overall system. He sees an engine, brakes and wheels. Whether it’s a Model T or a Tesla, if the engine doesn’t work, it won’t go anywhere; if the brakes don’t work, it doesn’t stop and of course flat wheels don’t roll. Access control systems are similar. They’re really just a set of inputs, output and readers.

When it comes to access control systems in detention centers, they usually don’t need readers. This is the reason that PLCs (Programming Logic Controllers) dominate access control for detention centers.

What are PLCs?

PLCs, created in the 1960’s, are most commonly a simple set of inputs and outputs. Because they’ve been around for so long, and lend themselves to centralized control, most detention centers are driven from a PLC. A PLC reads an input from a touchscreen to open a door, connect an intercom, or turn on a light. An open door illuminates on the touchscreen to show it’s not secured. The PLC might even be tied to cameras to show a specific camera when an intercom is pressed. It’s all ITTT logic; If This, Then That.

There is a lot of overlap between a PLC in a detention center and access control. Access control still needs to be able to open a door and show that a door is unlocked. An access control system might even be tied to intercoms or a video system. However, most access control systems are not designed for lights, water valves or guard tours. That’s when you need something that fits in between.

Site plan at a glance

PLC Challenges

Site plan - held openOne of the issues with a PLC is that it’s mostly wires. Changes to a PLC system are difficult and can be expensive. Most integrations from an intercom system or a video system are done with wires. If you have a hundred cameras, you have a hundred wires. 50 intercoms require 50 wires.

Sometimes, there are communication-based integrations. But even then, station 10 will always be station 10. Even if station 10 ends up being in a closet after a remodel, it is still station 10.  Even small changes to a touchscreen require hours of programming by specialized personnel. While PLC systems can talk to other systems like intercoms and cameras, they are still separate systems with separate interfaces. It’s not all managed through one “pane of glass”.

Access Control vs PLCs

It’s time for this situation to change.

Guard TourAccess control systems like Gallagher still handle the inputs and outputs like a PLC system does, but these updated systems add flexibility.

Gallagher integrations with intercom systems like Harding, and video systems like Milestone are purely programming and IP based. Changes in the Milestone system get reflected in the Gallagher programming. Changing and adding cameras, intercoms, doors or moving a map are as simple as clicking edit on the site map. Everything can be managed through the Gallagher interface. Connecting an intercom, initiating a lockdown, turning lights on and off are all handled through the click of a button. If a door is opened and it shouldn’t be, Gallagher can bring it to the forefront so it can be dealt with. Alerts, automated instructions, logs and alarm escalations are all built right into the software.

While a Model T and a Tesla might both have an engine, brakes and wheels, no one would ever say that they’re equals. Both cars might get you to where you’re going, but one of them will drive itself to your destination with the AC on while playing music from your favorite radio station.

PLCs are getting the job done for detention centers across the country, but wouldn’t you like to have a solution that gives you more features and flexibility, while costing you less?

We can help you get there. Just give us a call.

Access Control: Here’s Why the Outlook is Sunny in the Cloud.

By Gina Stuelke, CEO of Kenton Brothers

Cloud Based Access ControlIn the security industry, cloud based video recording, retrieval, storage and archiving solutions are leading the charge for growing video subscriptions as a service.

The same can be said for cloud based access control systems.

Check out these six reasons why the cloud delivers more value and ease of use:

  1. Lower service and maintenance costs. Managing a system in the Cloud reduces the burden on IT, allows more remote diagnostics and creates the need for fewer on-site service calls.
  2. Users enjoy the most up to date software and features sets, due to the ability to update remotely.
  3. Remote health monitoring. Cloud based system monitoring helps ensure systems are recording when they should and reduces the possibility of events with no video evidence.
  4. Searching and sharing of evidence is easy via cloud export and storage of clips with password protected systems and search tools.
  5. Business intelligence. Cloud based systems provide analytic data that offer insight into business operations from real-time alerting to reports. This data can be used to improve the customer service experience, identify where employees need assistance or training, and prevent downtime.
  6. Ease of use. Cloud managed systems provide faster, easier and timely training via their intuitive interface. They provide more security and speed up the gathering of evidence when needed. The cloud systems offer greater flexibility by being accessed from a desktop, web browser or mobile device; therefore, easier and less work for IT teams.

Let the security consultants at KB answer your questions about moving your access control to a cloud based solution. We’re here to help!