Skip to content

Guest Contributor Blog: Maslow’s Hammer and the Double-Edged Sword of Security Cameras

2012 June 1
by Jason Nairn, CPP, CISSP

Photo Credit: Bansky

This week at HLSR we are pleased to welcome a guest blogger, Nick Catrantzos.  Mr. Catrantzos is an adjunct professor of homeland security and emergency management at the University of Alaska, Fairbanks, and a recently retired security director who, post-9/11 oversaw a $30,000,000 capital investment in security technology, including surveillance cameras, for a large public institution.  Nick Catrantzos is the author of No Dark Corners: Managing the Insider Threat available from publisher CRC Press at Amazon here.

We at HLSR are a fan of Nick’s writing and have benefited from his expertise via his All Secure blog.  Nick is a graduate of the Naval Postgraduate School’s Center for Homeland Defense and Security (CHDS) and wrote an award-winning thesis upon which his book is based.  This article, written and published in blogs before, has been shared extensively with our partners in the security industry.  Surveillance cameras are often thought of as a security panacea.  Nick reminds us that not every security problem is measured in pixels…

Maslow’s Hammer and the Double-Edged Sword of Security Cameras
By: Nick Catrantzos

(Originally published as See More Nails? Get More Hammers, September 13, 2011, on All Secure blog, http://all-secure.blogspot.com/2011/09/security-video-see-more-nails-get-more.html.  Subsequently published as Maslow’s Hammer and the Double-Edged Sword of Security Cameras, September 20, 2011, on HLS Watch blog, http://www.hlswatch.com/2011/09/20/maslow%E2%80%99s-hammer-and-the-double-edged-sword-of-security-cameras)

Specialists see the world in terms of their specialty.

Every time an attorney specializing in litigation or a vendor specializing in camera sales opines about the relative merits or perils of security surveillance, their natural bias competes against respective areas of ignorance to limit the value of their attending pronouncements. Either may have colorful things to say. Both omit points important for a deeper understanding of the issue.

Beginning with the lawyerly lament about too many cameras not only impinging on individual privacy but potentially leading to profligate spending in a time of fiscal constraint, the useful analytical point submerged in this hackneyed observation needs only a little more digging to unearth. The unstated point is that any flawed implementation is likely to waste money and produce unintended consequences undermining its desired benefits. Too much of a good thing can kill, hence the double-edged sword of elemental boons like fire and water, which await only arson or storm surge to turn from life-savers to life-extinguishers. So, yes, too many cameras multiply the potential for abuse, for someone using them to nefarious purposes, whether in adjusting fields of view to look not at the parking lot where assaults occur at night but at a nearby residence in whose yard a teenager is sunbathing immodestly during the day. Waste is also likely, particularly if the absence of intelligent oversight means that a security camera vendor receives carte blanche to clear the warehouse of every high-end, pan-tilt-zoom, infrared, weatherized camera in an installation where three quarters of the cameras could have easily been fixed-position devices costing a fraction of the price and requiring significantly less maintenance. The vendor gets a bonus for exceeding sales targets, while the customer gets an impressive quantity of modern devices to demonstrate how serious the end user is about security. Win-win, or lose-lose? More on this soon.

As for Maslow’s hammer, …

It comes from what the psychologist and founder of the hierarchy of needs once observed when noting that if one’s only tool is a hammer, one sees every problem as a nail. Rare is the special product vendor who can see or propose any solution other than his or her stock in trade. Thus, to the average security camera vendor, there is no security problem that cannot be solved without the addition of another surveillance camera. By comparison, an average purveyor of guard services tends to do precisely the same, only with services instead of products. Thus, to the latter, every security problem is just another guard assignment away from being solved. Each provider is selling only a hammer, therefore each sees the security problem only as a nail.

What is the real solution to this institutionalized myopia borne either of over specialization or limited range of implements in one’s tool chest?

The answer is the kind of infusion of mind into the swirl of events that requires a seasoned managerial or security perspective, and preferably both. What do seasoned professionals do when facing security surveillance as a management issue? They begin with objectives, focus on the results their organizations need to achieve, and defend against scope creep or one-off distractions that enfeeble the chances of attaining identified objectives. This approach, incidentally, applies equally to technology implementations unrelated to security. Why? Because champions of new systems invariably oversell and continue to offer product and service extensions, often with little regard for whether their initial offerings have satisfied original criteria. If your security camera implementation has done nothing to limit parking lot assaults, for example, the vendor may well propose adding more cameras to more places, including hidden cameras outside of reception areas and extra ones at entrances and exits. Similarly, if your guard force contractor has failed to deliver on advertised loss reductions, he or she may suggest more guard posts and patrols, and even using uniformed guards as lobby ambassadors in reception areas.

See more nails? Get more hammers.

Here is why this cycle of repetitive failures turns into a lose-lose situation.

Both provider and beneficiary have lost sight of original objectives and, quite often, neither had thought these objectives through in the first place.

What needs to happen instead?

Begin by deciding the larger objective.

Are the security cameras intended to prevent loss or to apprehend adversaries after the fact?  A serious answer to this question guides the entire scope and investment of the surveillance camera implementation effort, and it is only a fool who will ask the hammer seller for a tool selection that also includes screwdrivers, pliers, and saws. Of course the vendor will offer to do it all. Turn on the blue light; the man wants a blue suit. But the reality is that attempts to do it all invariably end up diffusing effort, overextending systems, budgets, and schedules, and delivering flawed implementations, resulting in strained customer-provider relations. You can do one thing well or all things badly. What does your organization need?

Assume your organization is more interested in prevention than apprehension.

This is the private sector security model as contrasted with the public safety model. The latter has a societal objective of chasing down offenders to capture and punish them and, by doing so, demonstrate to society at large that crime does not pay. [Incidentally, this public safety bias limits the ability of most police to operate surveillance cameras solely for prevention. Their invariable tendency is to use them more for investigation. Also, because they hired on to chase malefactors, watching cameras or defending assets are unattractive to cops in their prime.] In the context of running a business or even a public institution, however, few organizations can afford the resources for this hunt. Instead, their security functions earn their keep by preventing losses – which cost significantly less in time and staffing than trying to shadow the responsibilities of a police force without the same powers of arrest or investigation.

How does this assumption affect security camera implementation?

First and foremost, if you are interested mainly in prevention, then you optimize your surveillance system for intrusion detection, period. This means that you place cameras along perimeters and entry points, and reduce to an absolute minimum the impulse to stockpile data unrelated to intrusion. This means you do not warehouse video images for months or years at a time because they may come in handy in some event reconstruction or one-off investigation into something at some point in time. Someone in the organization will always make the case that such capabilities are nice to have. But that someone will be an individual or department that has no idea of or responsibility for the burden of keeping such data, in terms of staff hours and capital investment. Absent a regulatory requirement that compels you to do otherwise, you must decide whether you are in the prevention business or in the monitoring-to-help-everyone-else-out business.

If in the first, you overwrite your video files at the first logical opportunity – perhaps a week or two – and keep only what you flag for retention – perhaps within a few days of a loss or suspicious incident. This protocol puts you squarely in the prevention business rather than in the internal snooping business. It limits the audit trails that institutionalized snooping occasionally seeks, however. This means that the supervisor too inept to monitor or discipline an underperforming employee will not be able to look to your surveillance system to say, “Aha, Harry isn’t showing up on time and is always leaving early on days when I have to go out of the office.”

What will such supervisors have to do if the surveillance system is unavailable to supply evidence to back disciplinary action?  They will have to do the same thing they had to do in the days before such a system was around: supervise. Indeed, an employee relations manager told me that any time a supervisor wants to rely on security audit trails to catch an employee in some kind of routine performance deficiency, this proclivity signals a lack of supervision.

It is no surprise that specialists seeing the world in terms of their specialty offer up flawed solutions, without necessarily doing so in bad faith.

They have hammers, so they see nails.

The finesse in vaulting over this common hurdle, when it comes to security surveillance cameras, is in looking past the myopic vision of the hammer sellers to understand the bigger picture. Although it is rare to find this capacity in specialists, it is not entirely absent. I have worked with the occasional security systems vendor – usually a seasoned one who is secure in tenure and sufficiently senior in the organization to be insulated from sales quotas – who can and will advise against more cameras than anyone can usefully monitor. Such advice benefits the client and serves the enlightened self-interest of the provider.

Every customer appreciates a hammer seller with the nerve to refuse to sell you another mallet when you clearly need a screwdriver.

Special thanks to Nick Catrantzos for allowing HLSR to publish his article.

from → Critical Infrastructure Protection, Surveillance, Tips for Security Professionals

No comments yet

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS

Anti-Bot Tool *