11. Crowded Places: Closed Circuit Television (CCTV)


New Zealand Police’s ‘Protecting Our Crowded Places from Attack: New Zealand’s Strategy’ provides guidance to venue operators and event organisers in relation to protecting staff and visitors from armed attacks. In this series of posts, FIRST Security’s COO Steve Sullivan looks at how you can implement the strategy and keep your people safe.
In my last post, I wrote about the Security Audit Tool that forms part of the Crowded Places strategy. Specifically, I discussed its audit questions around the prevention of hostile vehicles.
The audit is designed to assist owners and operators of crowded places to check which security matters are relevant to the type, size and risk profile of their site, and its attractiveness to would-be attackers; identify any security gaps that need to be resolved, and create an action plan to resolve them.
In this post, we continue our look at the strategy’s Security Audit Tool, this time in relation to Closed Circuit Television (CCTV). The document’s CCTV checklist lists 21 questions that require a ‘yes’, ‘no’ or ‘n/a’ answer, and we’ll explore some of these questions here.
From the outset, it’s important that I stress that CCTV is a specialised area, and if it’s an area you need to tackle then you should seek professional advice. This post provides just a brief introduction.
Not a ‘closed circuit’?
If your CCTV system is web-based, are its usernames and passwords secure?
If your CCTV system is web-based, do you change the usernames and passwords regularly?
It’s important to understand that these days CCTV is a bit of a misnomer. Unlike the analogue cameras of decades past, contemporary Closed Circuit Television cameras are online digital devices that are part of what’s become known as the Internet of Things (IoT).
The smart cameras of today have many advantages over their forebears in that they can be accessed remotely and that their computer vision can provide analytical capability. The downside is that because they’re part of the IoT they are susceptible – like any connected device – to being compromised by cyberattack.
This means that password security is a must. Ensure that whoever installed your CCTV components has replaced the manufacturer’s default password with a new one, that passwords and usernames are changed regularly, and that they are kept secure.
Deploy the same password hygiene measures you’d use for any online application: long passwords that are complex and combine uppercase letters, lowercase letters, numbers, and symbols; don’t use a password that you’re using for something else; and never reuse passwords.
Fitness for purpose
Do you regularly maintain your CCTV cameras?
Do each of the CCTV cameras at your location or event do what they were installed to do?
In general, surveillance cameras perform a number of key security functions, including:
- Deterrence: well installed surveillance cameras and CCTV signage provide a ‘deterrence factor’ that may result in a would-be attacker taking their plans elsewhere.
- Surveillance: cameras provide a ‘force multiplier’ for security teams and provide for more ‘eyes on the ground’ without the need for more ‘boots on the ground’.
- Evidence: In the case of an incident occuring, CCTV footage can be reviewed post-event to identify persons of interest and provide evidence for conviction.
In addition to these, the intended purpose of a camera will (or should) determine the type of camera installed and where it is installed.
Certain camera types are designed for different purposes and deployment scenarios, generally the types of cameras are:
- Dome
- Bullet
- PTZ (Pan, Tilt, Zoom)
- Infrared (IR) and
- Licence Plate Recognition (LPR/ANPR)
For example, an IR camera is designed to work in pitch black conditions. A PTZ camera gives your security team the ability to control the field of vision. A bullet camera’s iconic cylindrical shape provides for maximum deterrence.
Placement of a camera should reflect its purpose. If it’s being deployed for facial recognition, for example, then it needs to be installed at a distance and height that make facial recognition possible. If it’s being deployed outdoors for perimeter surveillance, it needs to be pointed in the right direction and it needs to be designed for outdoor use.
Importantly, whatever its purpose, a camera will not perform optimally unless it is well maintained and its vision is clear of dust and other obstructions.
Procedures and training
Have you implemented operating procedures, codes of practice and audit trails for your CCTV?
Do you train your staff regularly on how to use the CCTV systems?
CCTV isn’t just about cameras and the software and hardware components that make up a video surveillance system. As with any security solution, the ‘human factor’ is key in ensuring the right outcomes.
Apart from the technical aspects of operating the equipment itself, your security staff also need to be clear on procedures, such as how to respond to an alarm, incident or suspicious activity, and how to liaise with the police. There are also a range of security, privacy and evidentiary requirements pertaining to CCTV, which should be well documented and well-known to your security staff.
Coming up...
The next crowded places post will be the twelfth and final post in the series. We’ll take the opportunity in that post for a wrap-up and some final reflections on Protecting Our Crowded Places from Attack: New Zealand’s Strategy.
As always, if you’d like to have a discussion about how to keep your staff and visitors safe, feel free to contact Steve at steven.sullivan@firstsecurity.co.nz