Subscribe to

Blogs

Guiliani keynotes ISC East and elsewhere

 - 
Thursday, August 21, 2008
So I was wondering this week, when Reed Exhibitions announced that former N.Y. Mayor Rudy Guiliani would deliver the keynote address at this year's (Oct. 29-30) ISC East, which personality Guiliani would be sporting: his super conservative primary personality which we saw during his spectacularly disastrous bid for the Republican nomination? or, since we'll be in Manhattan, the more socially liberal personality we saw during his tenure as mayor of New York? My guess, of course, given the security audience at this event, would be the former. Either way, Reed made a good choice, and I think people will be interested to hear and see Guiliani at ISC East. This morning I saw that we'll get a pre-ISC East view of the mayor speechifying at this year's Republican National Convention in Minnesota. It was announced this morning that he'll be keynoting there as well. Here's a CBS story with a Q & A with Guiliani about the presidential race and his RNC keynote.

Clear scores $44.4 Million in funding

 - 
Thursday, August 21, 2008
Well, I guess the money people aren't too upset about that laptop snafu: Clear announced today $44.4 Million in venture funding. Apparently, some rich people think this Registered Traveler thing has legs. I'm not totally sure I agree, after having covered many of the baby steps the various contenders have taken. This is the part that's supposed to convince me it all makes sense: Clear's annual membership fee is $128. The Clear concierge service alone has made Clear lanes 30 percent faster than regular security lanes and Clear plans to improve that even more through enhanced technology which, once approved by the US Government, could allow cardholders not to have to remove shoes, outer garments or laptops as they pass through the security checkpoint. Clear was recently featured in a Conde Nast Traveler story which reported that there are an estimated 8 million fliers who take at least two trips per month and who are Clear's target market. Okay, let's do a little math, then. Say there are 8 million people who might be interested (I sort of doubt it, actually, since 8 million is almost 3 percent of the entire U.S. population, and that seems high to me). I would count myself among them, even though I don't travel quite that often. However, I doubt I will be joining Clear anytime soon because I find it highly unlikely my home airport, Portland, Maine, is going to get a Clear lane anytime soon. Maybe I'm wrong. Either way, Clear is going to have to up its amount of airports with lanes in a major way. They say it takes about $1 million per lane, per airport. So, to get a large percentage of those 8 million people interested, they're probably going to blow all of that venture funding on 50 or so new lanes, not to mention all the registration stations with iris technology, etc., they need to buy, which will probably run them another $1 million per airport. So, say, ballpark, they need about $100 million to get to the point where they've got great U.S. coverage (but still probably not at Portland or Hilton Head airport, or very many regional airports at all). Now, what's the cash flow? $128 per member, per year? Say a quarter of that 8 million people make the plunge (that would be a huge amount to do it - people are cheap, and security really isn't that bad). And say 60 percent of that half go with Clear and not the FLO Alliance (who are doing some interesting things with non-airport security access). That would leave you with 1.2 million buyers of a $128 membership each year, in the best-case scenario. So that's a pot of about $150 million. And what's the net margin on a membership, after you've paid people to man the lanes and staff the registration stations and made the cards and done the paperwork and advertised, etc.? In a perfect world, maybe 20 percent? So, you're bringing in about $30 million in net income each year in the very best case scenario, which couldn't possibly be realized for about two years (and that would be very quick)? And you've got to pay back $44 million in investment, so say $60 million minimum, at some not too distant date? And you've got to make $100 million in investments to even get to that $30 million in net income? I don't know. Back of the envelope, it just doesn't make that much sense to me. Maybe there are a bunch of sponsorships they could sell - advertising in the lanes and partnerships with hotels and car rental joints, etc. But I think the average security experience is going to get better, not worse, as fewer people will fly now that it's more expensive and those fewer people flying will be more experienced. Plus, the laptop and shoes and jacket things will go away fairly soon for most people as technology is developed. So I'm not even sure they would ever get a quarter of their target market to sign up. Maybe I'm wrong. Steven Brill is a smart guy, and the investors aren't dummies, but it seems like irrational exuberance to me.

The weight of responsibility

 - 
Wednesday, August 20, 2008
This article is a tragic reminder that the security business is often a matter of life and death and that mistakes, even small ones, can have serious consequences. The widow of a firefighter killed in a house fire is suing two security companies, Pinnacle Security of Utah and Security Associates International of Illinois, alleging that the companies mishandled a fire alarm signal that led to the deaths of not only the widow's husband, but another firefighter and the two occupants of the house. Mistakes by an alarm company representative led to a nearly 10-minute delay from the moment the homeowners' fire alarm alerted her to when the first firefighter was dispatched, according to the lawsuit and a 122-page report by the Contra Costa Fire District, reported the Contra Costa Times. Here is more from the Contra Costa story: On the night of the fire, homeowner Grace Moore told a Pinnacle alarm company representative that there was an active fire in the their house over a two-way intercom system. The alarm representative called the Contra Costa fire nonemergency dispatch line and told an operator there was a fire alarm report instead of relaying that she had spoken to the homeowner and was told a fire was burning. The wrong terminology and incorrect phone line sent the call plummeting down the priority list. It's a sad situation all around. From that article it does seem like the operator mishandled the dispatch and highlights a point I made in an earlier blog about the importance of knowing local information as well as having well-trained operators who understand the severity of their job. I will be curious to see how this plays out in court and there could be a potential precedent set determining exactly how liable security companies are for their actions (or mis-actions, I guess).

Get famous "hacking" the Olympics

 - 
Wednesday, August 20, 2008
Well, this is pretty marginally security related. But it proves that you need to work hard to keep things secret. Remember how everybody questioned the ages of the Chinese gymnasts? Well, somebody googled their way to the truth. I'm totally convinced. Guess maybe the Chinese government should put some official documents behind a firewall or something if they want to keep them secret?

Getting famous hacking RFID

 - 
Wednesday, August 20, 2008
I come across stories about computer nerds hacking RFID and MIFARE systems from time to time and don't think much of them, really, but maybe I should be paying more attention. In the latest case making the rounds of the Internet, three MIT students hacked the MBTA's (that's the T, in Boston) RFID-based ticketing system and made it so they could ride for free - then looked to publish a paper about how they did it. The MBTA sued to stop them, but lost. The thing is, no one else seems to be taking this overly seriously either: Located across the Charles River from Boston, MIT's students are known for their love of pranks -- "hacks" in the school's vernacular -- that show off their engineering skills. Among the most famous was a 2006 incident in which students placed a 25-foot (7.6-meter)-long fire truck atop the dome of a campus library building. So, Reuters is equating hacking into an access control system with practical jokes? Is Reuters so clueless that it thinks a "hack" is a prank? First, just this simple hack, while not a major security threat, could mean a ton of lost revenue for the MBTA if it became widely used. Second, this type of technology is the basis for a number of access control systems. Could this same hack allow access to restricted areas at other locations? Could the wrong people get into sensitive areas for reasons of theft or violence? One of the reasons I tend to not take these things seriously is that I think I naively assume that people smart enough to figure this stuff out aren't likely to engage in terrorist acts or other violent acts. These guys are nerds, right? Nerds are nice. Nerds are benevolent. They're interested in the pursuit of knowledge, not blowing people up. But I actually know some nerds who aren't all that nice. And I'm sure Al Qaeda, etc., have plenty of nerds on staff. I think it's important that we pay more attention to these security vulnerabilities, whether in IT/IP-based systems or otherwise, and not make light of the victims of such "hacks."

What's Apple up to?

 - 
Tuesday, August 19, 2008
So, some of you out there may have been invited to a forum that videoNEXT is putting on at ASIS. At first glance, it's the same-old, same old: "The Future of Video Surveillance." Ho, hum. And look at the panelists: Steve Hunt, CPP, CISSP, Founder, Hunt Business Intelligence I think he's actually cloned himself so he can speak more often. Fredrik Nilsson, General Manager, Americas, Axis Communications Always enjoyable, but you can catch him pretty often, too. John Honovich, PSP, Founder of the popular www.ipvideomarket.info Good new voice in the marketplace, but, hey, you can read what he thinks pretty much any time you want. Peter Michael, P.E., PMP, Principal Engineer, Surveillance, SAIC Don't know this guy at all, but SAIC is a high-technology integrator. Should be pretty interesting if Hunt lets him talk. Christopher C. Gettings, Founder & Chairman, videoNEXT Well, videoNEXT is hosting the thing, so not surprising they're involved. Hmmm, let's see who's moderating this thing: Moderator: Garrett Rice, Sr. Manager, Enterprise Sales, Apple Inc. Um, what? It's funny, because you'd think that computer company Apple would get mad that there's a security firm out there calling themselves Apple Inc. I'd have thought that was a trademark infringement or something. What's that you say? It's the same company. Like the Apple that recently decided it would completely dominate and take over the worlds of recorded music, wireless phones, and cool commercials? Now they're interested in video surveillance? (They're sort of modestly included on videoNEXT's partner page. I've never seen Apple on a security company's partner page.) I hope you people are paying attention. Steve Jobs and Apple do not enter marketplaces half-assedly. They enter marketplaces with the idea of completely changing the way people do business. Let me be clear: The iPod radically changed my life for the better. There are millions and millions of people who agree with that statement. There's no reason Apple couldn't figure out a way to change a security installer's life for the better. Oh, and Apple has $20 billion in cash on hand. $20 billion. Like, just about the same amount as Microsoft. I find Apple's interest in surveillance and security very interesting and I'll have a report with some of the players very soon. In the meantime, if you're looking for a good download to the iPod, grab the new Dr. Dog disc. Bad name, great band.

NAPCO buys Marks

 - 
Tuesday, August 19, 2008
Fairly big news in the lock world today: NAPCO has agreed to buy Marks USA for $25 million. NAPCO's not huge, doing about $65 million annually right now, but it's being aggressive and has had some fast growth in its recent past. Plus, it's starting to show some nice profitability, with a roughly 20 percent net margin in its most recent report. However, revenues have been relatively stagnant for the past year or so, so it's not surprising the company looked for some non-organic growth. Marks pretty much is what it is: a company that makes locks. I'm not sure how impressed I am with a little under $4 million in net income on $25 in revenue. I would have guessed higher than a 16 percent net margin for a well established private manufacturer, but I don't totally know what I'm talking about there.

Stealing blues

 - 
Monday, August 18, 2008
You hear more and more about metal thefts due to the increasing price of scrap, but what about the increasing cost of food leading to more crop thefts? Here in Maine blueberry season is at its peak and according to this local article, blueberry-thieving is too. I'm guessing most of you are unaware how blueberries are harvested, but it involves using this short-handled upside-down rake tool that scoops up the berries. In short, it's back-breaking work, but apparently well worth the effort (from the farmer's perspective maybe not from the laborers). Blueberries are yielding about $1 per pound so we're talking pretty big money for farmers, according to this article. David Bell, executive director of the Wild Blueberry Commission of Maine, said blueberry thefts total an estimated $100,000 annually. “It’s definitely a six-figure problem,” he said. “Any pound of berries that is stolen is pure profit to the person who stole them, so it’s a very serious concern to growers.” ... “It’s hard to catch someone blue-handed, so to speak, but with berries moving in transit that’s another opportunity to catch the thieves,” said Bell of the blueberry commission. First of all, I love that there is a Wild Blueberry Commission at all and secondly, it's priceless that he used the phrase "blue handed." Who couldn't love Maine? Anyway, to counter thefts, farmers have begun hiring security guards to patrol their fields, some of which are really out in the middle of Nowheresville, Maine. Apparently the thieves are coming in on four-wheelers and illegally harvesting the crop. Local police have also ramped up efforts to monitor vehicles transporting the precious fruit (you're only allowed to have 25 pounds without a permit) and are also targeting buyers of illegal blues. But, with all the tourist traffic here in Maine, apparently police can't dedicate the manpower needed to protect one of Maine's precious commodities. I guess nothing is safe in this economy.

When security and commerce collide

 - 
Monday, August 18, 2008
I'm almost completely enraptured by the Olympics so forgive me if that's where I'm pulling all my source material lately. I just think it's an event of unparalleled world interest (maybe the World Cup rivals it, but I don't think there's nearly the universal interest coming from the U.S., particularly, and from women the world over), and as such fascinating, as much for the sporting achievements as for the human drama. Did anyone else see Chinese gymnast Cheng Fei just completely choke and still manage to beat out Alicia Sacramone on the women's vault last night? The woman was so nerved up she actually let out a loud scream before she started her second vault (something commentator Tim Daggett said he'd never seen a gymnast do before), then totally shanked her vault, landing on her knees. But by the vagaries of gymnastic scoring, the difficulty of the vault she attempted made up for the suck of her performance. That, plus the fact that a 33-year-old woman who moved from Russia to Germany to get better health care for her cancer-stricken son won the silver medal, made for some serious human drama. How can you not get into something like that? And what is security if not the attempt to avoid human drama at all costs, I suppose. It's always interesting to see just how highly people value security (or not). Check out this story about about the Olympic sponsors being peeved that security is keeping people from seeing their ads. I guess I don't blame them. If you're paying $67 million to be a sponsor, I guess you might want people to see your ads. But when does that become just a little selfish? How much sponsorship money is worth how much increased threat and risk? And how's this for objectivity: The excessive security, which the Chinese Communist Party (CCP) had boasted about being its top priority, has made access to the advertising pavilions in the Olympic Green almost completely closed off to the public. So it's excessive, is it? Says who? Being in this industry, I've grown to have a real appreciation for security practitioners. If something bad happens, the security wasn't good enough. If nothing happens, the security was excessive. There's no way to win there.

What's the meaning of Security Wednesday?

 - 
Thursday, August 14, 2008
According to a story in yesterday's Washington Post the line-up of speakers for the Aug. 25-28 Democratic Convention gives some clues about who Barack Obama will choose for a running mate. The story says the choice of ex-Virginia Gov. Mark Warner as a keynote speaker means that former Virginia governor Tim Kaine will likely not be the chosen as Obama's running mate. Those in the know say back-to-back speaking roles for Virginians would be unlikely. (Unless of course you think that might help you win Virginia in November.) There are more clues too. From the story: "Obama's decision to make security the theme on the night his running mate speaks [Wednesday, Aug. 27] is regarded by party observers as a subtle hint that Kaine and other governors without foreign policy credentials might be less likely choices." Veep short listers Sens. Joe Biden and Evan Bayh are both slated to speak on Security Wednesday, however. Who do you think Obama will choose?

Pages