Seeing security in a physical sense

Opinion by Dan Raywood

While the rest of the information security industry decamped to the RSA conference in San Francisco, I piggybacked on to a US media tour of Holland's security infrastructure.


While the rest of the information security industry decamped to the RSA conference in San Francisco, I piggybacked on to a US media tour of Holland's security infrastructure.


Led, organised and hosted by the Netherlands Foreign Investment Agency (NFIA), I spent three days in Den Haag, Rotterdam and Amsterdam learning about the physical security offered by the Netherlands throughout its various ministries and organisations.


Now I will be the first to admit that this was not a typical SC jaunt. There was no discussion of endpoint security, malware, cloud computing, data loss prevention, the Information Commissioner or the virtual private network that usually dominate my day, instead the focus was definitely on physical security.


So why should you keep reading? Although it may seem a bit too far from SC's usual remit, I did see policies and practise that could be apparent to businesses such as data centres, server rooms and IT departments.


So I am not intending to give you a diary or a step-by-step guide through the experience, rather an image of what I learnt from what was said.


The week began at the ministry of economic affairs, part of the NFIA, where I met the NFIA and Rini Goos, commissioner for military production, ministry of economic affairs. He claimed that the NFIA was ‘working to a more open market in Europe' and he hoped that ‘what we're doing is not just for Dutch but we're looking transatlantic-ly, where we can all benefit for the security arena.'


His opinion was echoed by both director for investment climate and promotion Serv Wiemers and Jaap Lems, harbour master at the Port of Rotterdam, who both claimed that there was a desire to be open. Serv said that the culture in Holland is very open and transparent, perhaps not a surprise to most of us, but it seemed that the challenge for professionals involved in any area of security in Holland is to keep the door locked while still being able to see through the window.


Lems further commented on the challenge of the clash between Dutch culture and security, claiming: “If you say it is safe, it is safe. If you're lying you lose your credibility, be open because that can only be a good thing.”



Responsible for the delivery and deployment of 12 million containers every year in the 54 bases on the harbour, the Port of Rotterdam is a prime example of how to manage something potentially dangerous in a challenging situation – although this is more literal than IT security.


Lems claimed that one of the greatest challenges is that it is ‘important to know who and what cargo is on the terminal but depends on each terminal, which has its own risk analysis. Sometimes incidents are the trigger for more innovation'.


Trying to avoid any comparisons with CSI, a visit to the National Forensics Institute gave a fascinating insight into the world of the crime scene and biology, pathology and toxicology.


Forensic scientist Jurrien Bijhold claimed that one of the problems, when it comes to identification, is CCTV.


Bijhold said: “You can never get high-res unless you focus on someone, an officer may not be looking at the screen, cannot be sure that identification is the same. If you want to check you have to go to the scene, there is no correlation between screens. Convert files into standard video files into video footage, so they play normally, use maps and 3D models of cities and use as a tool and compare footage or real and fake from the model.”


He claimed that the aim of the institute was to get funding in order to further develop CCTV, allowing for the conversion of data in general from files, update the technology and find better methods for training people.


The area of IT security did briefly raise its head while on a visit to Thales, where Dr Kees Nieuwenhuis, managing director of the D-CIS lab claimed that actor agent communities (AAC) is the future and ‘can tackle a problem of how to solve interactive problems to guarantee a level of performance'.


He also claimed that whenever there is order you can automate, as there is always a human in the loop and asked ‘what makes the human process most capable?' This led to some discussion among the assembled group of press, where the general consensus was that with human involvement, there is still the human brain present to solve a problem.


Later in the day I was given a set of short presentations. Cap Gemini detailed their plan for Den Haag as a ‘secure haven' and an overall plan for Veilig Nederland (safe and secure Netherlands) where companies work together to develop security and integrate security solutions in the city.


I also met Leonde Bruijn from the Public Security Innovation Center of the Netherlands (PSIC), a Dutch organisation for technology innovation that focuses on information sharing among commercial and government public security technologies.


Bruijn described it as an ‘environment where the scenario base is analysed' and as a showcase which is nothing new, but with an aim to focus on the small-to-medium enterprise.


On the final day the group took to the skies, with a visit to the National Aerospace Laboratory (NLR). Michiel Selier spoke on air to ground surveillance for defence and security, and delivered probably the best line of the week: “security is a feeling; you perceive it and are prepared for it.”


Another spokesperson, who chose to conceal his identity, spoke on security on board aircrafts, and claimed that it ‘can never be 100 per cent protected' as there is no way to limit events. He also said that legislation has been created reactively and should be proactive.


He also claimed that the biggest challenge in data protection is encryption key management, as the protection of communication channels is feasible. Generally contravening what Thales had said about automation on the previous day, he said: “technology can help but human judgement remains critical.”


The trip ended with a visit to Amsterdam's Schiphol airport, where new security scanning systems were demonstrated and plans for the revamp of the control room infrastructure (GMI), where the objective is to optimise all security, and have a large network with the control room as a central point with the expansion of security cameras from 1,000 to 3/4,000 in the airport.


So overall this was a real learning experience for me, to be given such an insight into different types of access, military and technical security was very much an eye-opener, and as we move to Infosec, it will be interesting to see what advances are made in the next 12 months both in Den Haag, and around the world.



Dan would like to thank John Orr and all at the NFIA for the opportunity and their hospitality.





Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events