Security is a never-ending story — it seems that whenever one problem is solved, a new challenge arises. When criminals devise new ways of circumventing existing protections, defenders must find new ways to stop them. And, when defenders deploy new security technology, criminals will inevitably try to find new ways around it. So, the cycle continues. Like any good story, there are many sides to security, and it must be viewed from all angles to truly understand it. And, the latest threats require organizations to look up to see the latest threat.
Organizations first tend to focus on what they can see — physical, tangible things. But, in today’s world, organizations must consider possibilities they haven’t before — possibilities that go beyond monitoring entry and exit points or establishing a two-dimensional perimeter. This is especially true for vulnerable industries, like power and energy. Recently, New York’s Consolidated Edison (ConEd) adopted a novel approach designed to combat a rising threat that has flown (quite literally) under the radar: drones.
A 360 solution for a 360 problem
Security is of the essence at critical infrastructure facilities like electrical sub stations. If one facility is compromised and taken offline, the distribution of electricity responsibilities of that substation must be transferred to another. If the subsequent station is overloaded, it must find another way to ease that burden. In a worst-case scenario, rolling blackouts or a complete disruption of the electrical grid could occur. This can have a domino effect on other areas of critical infrastructure, including water and gas distribution, refrigeration systems for food storage, telecommunications, and transportation. It goes almost without saying that protecting those critical infrastructure sites is an extremely high priority.
Unfortunately, the advent of drone technology has posed significant problems for security teams used to protecting against intruders on foot or in vehicles. Though many cities and airspaces are designated federal “no fly” zones, drones are available to consumers for purchase with no license, training, or understanding of the law required — and, unfortunately, anything attainable by the general public has the potential to be used by criminals for malicious purposes. When all that is visible is a small spot in the sky, it is difficult — bordering on impossible — to determine whether a drone is being piloted by an innocent teenager or a bad actor casing a location, attempting to steal information, or engaged in other forms of criminal activity. For an organization like ConEd, with sensitive locations in need of protection throughout the city, drones pose a particular threat. This is a new chapter in the never-ending security story — and the rise of this new villain demands a new hero to combat it.
Like many modern security challenges, the solution lies with video analytics — and many organizations will be pleased to discover the capabilities they require to address the drone issue are already present on many of their existing security devices. The same loitering technology used to identify suspicious persons on the ground can be retrained to send an alert if a drone lingers in protected airspace for a specified amount of time (and because of how quickly drones move, this might be as little as a few minutes). Security personnel can be notified instantly, and the device will automatically begin to record footage the same way a camera in the lobby would track a loiterer. ConEd specifically implemented pan/tilt/zoom (PTZ) cameras capable of zeroing in on a threat once detected, giving them a 360 view and the ability to track objects in motion when necessary. This helped them achieve greater coverage with a smaller number of devices.
Leveraging data to generate insights
As drones are tracked and recorded, further analytics can be applied to chart their behavior. For instance, is a specific type of drone returning every day at the same time? Does that time correspond with a shift change, or when shipments normally arrive? As ConEd has discovered, the ability to correlate information across different data sets can provide valuable insights into the potential threat profile of a drone. When enforcing a no-fly zone, these recordings can also be useful if law enforcement becomes involved — particularly as the threat of weaponized drones still looms large.
Weapon detection is an important factor here. While uncommon, drones can be weaponized to carry a malicious payload. Despite what movies and tv shows might depict, this usually doesn’t come in the form of, say, a drone mounted gun—though the possibility of drone mounted explosive devices is very real. For ConEd, a simple copper wire dangling from the drone to short-circuit powerlines can be extremely destructive—and deploying video analytics capable of detecting such objects was critical. This drives home the point that no matter how big or small the threat, an organization can’t take action unless they know it exists and what to expect. In the short time since ConEd implemented its anti-drone measures, the organization has identified more than 7,500 drone incursions — highlighting both the necessity and the success of the new initiative.
It’s time to look up
Security is a story that never ends, and organizations need to be sure they’re paying close attention if they don’t want to miss crucial plot points. The advent of drones is one such development, and they represent a potentially serious threat to organizations, like ConEd, that provide critical services. In today’s threat landscape, most organizations have taken great pains to ensure they are protected from every other angle — but for many, now is the time to look up.