As we mentioned last month, video surveillance is one of the most popular security strategies that K-12 schools deploy. With the proper planning and technical knowledge, video can be an effective element of any institution’s physical-security program.
In February, we discussed designing a video surveillance system, where cameras should be placed for maximum benefit and what they could be used for. In this article, we’ll focus on factors to consider when implementing the system. These guidelines primarily apply to IP video, but advancements in high-definition analog video don’t necessarily limit installers to IP video only.
Power Considerations
Cameras require power to operate. Power over Ethernet (PoE) is an attractive option that uses a single cable to connect a camera to the data network and a power supply at once instead of connecting to each separately. PoE is the most common way to power IP cameras with one exception that might apply to a K-12 campus. For cameras connected via fiber optics because of distance constraints, such as athletic fields or large parking lots, cameras often are powered by local power supplies in the enclosure.
Most cameras can be powered by 15.4 watts or less. The power can be furnished by standard power sourcing equipment (PSE) using the 802.3af classification. For applications that might involve a pan, tilt and zoom camera or a challenging ambient environment that requires a heater or blower, PSE that’s capable of providing up to 30 watts of power might be necessary. For this, you’ll want PSE classified as 802.3at. If you bid on a project where a specification was prepared, you might see where the class ranges between Class 0 (the majority of PSE) and Class 8 for the highest power-consumption applications.
PoE essentially is limited to the same 100-meter distance as is non-PoE cabling. Data being carried by the cable will drop and degrade before the power drops below what the standard guarantees. In larger buildings, such as high schools, you might have to have PoE extenders to reach locations beyond the typical 100 meters. Some common providers for these types of devices include Axis and Veracity.
Wide Dynamic Range
In any K-12 setting, you’ll be asked to mount video cameras to monitor people who enter buildings at places such as main visitor entrances, employee entrances or student drop-off areas. One of the features available in IP video (not available in analog cameras) is called wide dynamic range. You should be familiar with this feature and ensure that it’s used on those cameras that will be affected by outside light sources. No industry standards exist for wide dynamic range, and manufacturers, naturally, make various claims, which underscores the value of field-testing cameras in the environment before purchase and installation.
Bandwidth and Storage
IP cameras move data across the network, which might create adverse effects and consume bandwidth required for more-critical business functions. As part of your design, you should be cognizant of the demands on the network and storage requirements. Bandwidth and storage calculators are available from a variety of sources. The one from BCDVideo is a good one: https://www.bcdvideo.com/bandwidth-storage-calculator/. You can register and download a copy of this tool at no cost.
If recorded video data is deemed critical by the owner, the system will become more expensive as you consider storage options. Single-hard-drive devices where the operating system (OS) uses the same drive as video storage are the riskiest, because the loss of the drive affects the entire system, and the unit will be dead until it can be replaced.
The next level is to put the OS and recording on separate drives. This prevents video from being lost should the OS drive fail. It also prevents complete failure of the unit if the video drive fails. The system still might be used for live viewing until the drive is replaced and archiving can begin again.
Finally, RAID, or redundant array of independent disks, provides an additional level of resiliency. When using RAID for storage, the system, including archiving, continues to run when a drive fails. Depending on the RAID level, one or more drives might fail without issue. When a new drive is inserted, the RAID array begins rebuilding lost data. During this process, performance (mainly throughput handling) might be reduced.
Cloud video solutions are emerging rapidly and shouldn’t be overlooked in the early stages of a project. These solutions alleviate some of the challenges with onsite recording but create other challenges and considerations as well.
Cybersecurity
One of the first places to start with respect to cybersecurity in your video surveillance design would be to understand the meaning and implications of the National Defense Authorization Act of 2018 (NDAA). For detailed information, visit https://ipvm.com/reports/ndaa-guide. The guide there provides extensive links and citations to U.S. government documentation. You should confirm with relevant government agencies on the applicability to your own sale or application.
Failure to consider NDAA might result in you unwittingly providing and installing products that could affect your customer’s ability to do business with the federal government. This was the case in a recent project at Business Protection Specialists, where we found that video surveillance equipment was selected based on low bid, only to later learn that the installer provided “banned” and nonsecure equipment in contradiction to the NDAA.
We’ll focus on the most fundamental strategies to secure video surveillance networks, which should be coordinated with the district’s IT department:
Application of Least Privilege. This means limiting the rights of the system user to the role required to perform job duties. A violation of the concept of “least privilege” would be to give every user administrative rights or allow all users to log in to the system through the factory default admin account.
Cyber Hardening Guides. Network and cyber hardening guides are becoming commonplace in the security industry. These documents outline recommendations to make the network and the security system more secure and include important guidance, such as controlling physical and login addresses, securing passwords or disabling ports. Companies that make these available include Axis, Bosch and Eagle Eye.
Strong Passwords. This applies to the application as well as to devices connected to the system. Passwords should be changed from the factory default, and although some manufacturers require this when the device is first connected, not all do. A strong password is one that:
- Consists of a minimum of nine characters with a combination of alphanumeric characters in uppercase and lowercase, numbers and special characters, such as ~ or $.
- Doesn’t use information that a hacker could obtain easily or guess about the installation or client, such as website, business or contact name, address name, city or state of business.
Deny Physical Access. To the extent possible, deny physical access to cameras, cabling and recording equipment.
Disable Unused Switch Ports. This step reduces the risk of an unauthorized person trying to access a security device or network by plugging a cable into a switch or unused network jack.
MAC Address Filtering. MAC address filtering allows only a specific list of devices, such as cameras, to connect to the switch. Other devices plugged into the switch are ignored. A managed switch is required to enable MAC filtering.
Locking plugs. Another layer of security that physically prevents connection or tampering with network cabling by unauthorized devices are port plugs and cable locks. These devices mechanically lock a cable into a switch, patch panel or wall jack, or fill unused switch ports, and can be removed only by using a proprietary tool.
Mitigating Vandalism
Cameras in the K-12 setting are at risk for vandalism. This should be considered in the camera selection. IK ratings are standard measurements of impact resistance defined in EN 62262, ranging from IK00 to IK10. IK10 or 10++ should be specified for cameras that might be accessible, such as indoor ceiling-mounted domes. For elevators, there are corrections-grade cameras, and for high-crime exterior cameras, bullet-resistant housings are available.
Other Considerations
Software support agreements might be required by some video management system providers. Ensure that owners are presented with an operating cost projection, so the appropriate fees can be budgeted each year.
Health-monitoring functions are available from some video management system providers. Coordinate with the owner’s IT department to ensure that health reports are reviewed periodically to detect trouble before the system fails.
Hard drives fail. This should be considered a recurring cost for video storage.
Remember the following areas for training the end user:
- Video is typically 99 percent write. Ensure that owners are trained and conversant to write data to an external media in the event of a security incident to prevent data loss.
- Ensure the owner is trained and has a written procedure on how to set up and facilitate remote access for system users if this is permitted by the District’s IT department. This is a common service call otherwise.
- Ensure that any and all video-failure alarms are activated so the owner can be alerted at the earliest possible time as to the loss of video.
With the proper design, installation and effective management of key issues, video can be an effective element of the K-12 physical security program. As children age, the threat from the inside increases and threats from external sources decrease, so the video design should reflect this risk reality.
Remember, security technology deployment should be preceded by a risk assessment, and video surveillance should be installed consistent with industry standards and reports, such as the Partner Alliance for Safer Schools “Safety and Security Guidelines.” For more information, go to www.securingpeople.com.
For complex video surveillance projects, consider retaining an independent physical-security consultant to help your customer in specifying and selecting the correct video surveillance system to protect students, faculty and staff.
Frank Pisciotta, CSC, is president of Business Protection Specialists Inc., an independent security consulting firm focusing on K-12, industrial, manufacturing and corporate security program development, including video surveillance design services. He can be reached at [email protected].
Video Deployment Considerations
When deploying a video surveillance system, remember to consider the following:
- The presence of video has little effect on violent crime, but it can decrease property crime in a facility.
- Operators can maintain focus on observing video only for limited periods, nominally about 20 minutes, before effectiveness of observation degrades significantly.
- Nonoperating “dummy” cameras shouldn’t be deployed.
- Video cameras don’t make a good first line of defense, and on their own will not prevent incidents.
Video Storage Providers
- Arxys: www.arxys.com
- BCDVideo: www.bcdvideo.com
- Bosch: www.boschsecurity.com/xc/en/solutions/video-systems
- Cozaint: www.cozaint.com
- DDN: www.ddn.com/industries/video-surveillance
- Dell: www.dell.com/support/kbdoc/en-us/000147660/dell-emc-video-solutions
- Dragonfruit: https://dragonfruit.ai
- Genetec: www.genetec.com
- GeoVision: www.geovision.com.tw
- NetApp: www.netapp.com
- Rasilient: https://rasilient.com
- Proactive: https://proactive-cctv.com
- Razberi: www.razberi.net
- Scale Computing: www.scalecomputing.com
- Seagate: www.seagate.com
- SecureLogiq: www.securelogiq.com
- Seneca: www.senecadata.com
- Synology: www.synology.com/en-us
- Veracity: www.veracityglobal.com
- Wasabi: https://wasabi.com
- Western Digital: www.westerndigital.com