PSIM Ambulance Chasing in Brussels

Author: John Honovich, Published on Mar 03, 2013

Desperate, shady PSIM marketing tactics continue. Last month, $50 million of diamonds were stolen from the Brussels airport. Now, a PSIM marketing manager tries to capitalize on that to sell his products. Unfortunately, their case for PSIM is incredibly weak ignoring obviously more valuable fundamental countermeasures.

The Heist

**** *** ** *********, ********* ***** ***, ****** ****** ** inside ***********. *** **** * ****** ***** ********* **:

Vendor's ***************

****'* ********* *******'*******'*********** ********':

"*** ***** ** **** *** ** *** ********** *********** *** not ******* *** ********** ********* ** ******** ** *** ******* rooms **** ***** *** ** *** **** ***** *** ***** pumped *** ********* **** *********** ********."

*** ****** ** ****! ***? ** ********:

"[****] ***** **** ** ***** ** ** *** ********, *** *****, concourses, ****** *** *********, *** *******, ******* *** ********* *********, but ** **** ******** *** **** **** ****-**-**** ******** ** to *** ** ******* ** ***** ******** ** ********** **** pre-determined ****-******** *** ** ********** **** ******** ***********."

****'* **. *****'* ** **** **** *** * **** ***** directly ***** ** ****** * ***********, ********* *****, ******* *** carrying, ****** *********** ****** *********.

The *******

**'* ********* ******** **** *** ******** ******** ******** ****** ***** have *** ******** ****** ** ******** *** ******* ********.

** *** ********, ***** *** *** ***** **** ** ****** this:

  • ********** ******** / **********: *** ******** ****** *** ********* ** impact ** *** *********. * ************ ********* ***** **** ** far **** *********, ** *** **********, *** ******** ** ***** inside *** *******.
  • **** ******* ***** ** ***********: ***** *** **** ****** *** procedural ******** **** ***** ******* ******** ******* ***** ****** ** adversaries - **** *** **** ** *** ******, *** ******** of *** ********, ***. 

**** *********** **** **** ******** *********** *** *** *** **** near **** ******** **********, ** ******* ****** ********** *** *** computer ****** ** **** * ******* ** ******* *** ********* in **** *******.

Comments (22)

I LOL'd at the "ambulance chasing" reference :)

"Once adversaries have such critical information and are met with near zero physical resistance, it becomes nearly impossible for any computer system to stop a caravan of machine gun intruders in mere minutes."

Not this computer:

In fairness, Robocop is actually less expensive than a PSIM system :)

I wonder if they did any Red Team penetration testing?

The huge assumption made was that the $50M parcel was 'protected' by simply being inside the airport perimeter. Good red teams should expose this...

While it's fairly obvious that someone can ram through an airport fence, the big question is whether that is a threat that should actually be defended against. How often do such attacks happen?

Ramming through airport fences to rob airplanes is about as likely as a shoe bomber. You can make a case about defending against both but the value is certainly debatable.

I still have to take off my shoes when I fly :) ...but I agree that you can't protect from everything.

What SOP do you think they will change to avoid this kind of thing in the future?

while it was clearly an inside job (as noted above) the fact remains that a sack of diamonds worth $50M sat unprotected.

It's unfair to call it unprotected. There were lots of protections in place. That's why the attackers had to smash through a fence and hold up the plane with machine guns rather than walk up to the security guards and pickpocket them as they were walking down the street.

You can't protect aginst every scenario unless you want no freedom and are willing to pay absurd prices. The question, of course, remains whether this threat should be defended against.

Lots of SOPs are created only after someone figures out how to defeat incumbent SOPs... hence, I'm still taking off my shoes at airports in the U.S. I'm not sayng they are effective, just that they will most assuredly come...

Point being, this airport will most definitely be putting 'something' in place as a new SOP to try and 'stop' this from happening again at their joint (most likely ignoring the statistical chances of this same thing actually happening).

The most obvious and simple to implement is to have high-dollar items escorted on planes - it deflects (and maybe as you point out, rightly so) the responsibility to the package owner. Count on the insurance company that is paying this claim to mandate it.

The SOP can be: put guys with guns next to high value packages because if other guys with guns come you can respond / defend.

Implementing that in your PSIM is unlikely to make any difference because if someone can get in and out in minutes, the good guys with guns need to already be there.

I think before any product/solution can be introduced/incorporated...A risk assesment should be done. Without a true risk assesment...you have no idea what the problem is. NICE let their marketing department spew information, without doing a risk assesment, for a shot at an opportunity or publicity that makes them look like an expert. It is also unfair for all of us to judge if a PSIM would have worked, or not, without doing a proper risk assesment. It is easy to be a Monday Morning Quarterback:)

Remember when that guy walked into the JFK runway area? Many people jumped with expert oppinions with that as soon as it happend. The reality of what happend to that was an operator just got tired of all the alarms and he turned the setting off on their PSIM.

Jeremiah, I had not heard this: "The reality of what happened to that was an operator just got tired of all the alarms and he turned the setting off on their PSIM."

However, if it is true, that is deeply concerning because it implies that their detection systems (analytics/radar, etc.) was not working properly.

Jeremiah, I am aware of the story but that article does not talk about what caused it, i.e., there's not mention of tuning 'the setting off on their PSIM.'

I don't know if Raytheon would refer to their Clearview C2 software as a PSIM, although I'll bet it might even cost more! They are proposing same software for border protection under the IFT program.

Luckily there are not so many jetskiers on the Arizone border....

We discussed this on another thread at length. I also have not heard this quote, so it's still unclear whether the sensors failed to detect, the software failed to alarm, or if the operators just ignored an alarm as often happens in a system with excessive alarms, false or otherwise.

Marc, that's funny, "Luckily there are not so many jetskiers on the Arizone border...."

Thanks for the link. I'll ask Carlton to track that program and request RFP and contracting documents / updates.

A lot of times a big part of the mechanism protecting an asset is the lack of knowledge that it exists. That is why our governments have state secrets and we install hidden safes in our homes. A large portion of the diamonds traded in the world is transported on plain bags by plain unarmed folks. The security of those diamonds rests on the fact that nobody other than the carriers knows they are there.

At the end of the day, if it is known that a 50 million item is being transported, there always be someone willing to take it. The question is how many people that person is willing to kill or hurt in the process. After all, armored trucks get hit every day worldwide for a lot less money. Unless you are willing to have a portable Fort Knox, if a bad guy knows, you’ll probably be hit.

I agree with John, you cannot protect against every scenario and since this is not an everyday situation, it does not make sense for an airport to spend exorbitant amounts of money to protect against it. There is a balance between security, reasonable mobility of people and goods thru an airport and budget.

Instead, maybe the carrier should have taken more precautions like having a security force in place to defend the asset and/or use private transport opposed to scheduled airlines.

Mario: we used to call that "security by obscurity" :)

BTW, seems to me that protecting against a truck smashing through the fence shouldn't be a difficult thing - what's the cost to erect a line of Jersey barriers along any sections of the fenceline that would be accessible by a vehicle? Job could probably be done in a couple days, probably at well under $100,000.

Matt, but can jersey barriers automate SOPs? I don't think so :)

Barriers, though, are the obvious choice if one wants to stop vehicles busting through the perimeter.

Btw, while 'security by obscurity' routinely gets criticized in the industry, as Mario points out, it is commonly used and often useful, especially relative to the costs of building out full infrastructure to defend. Obviously, if the information leaks, there's goes both obscurity and security.

I was thinking as I posted that, given the relative cost, it's amazing the airport didn't already have such barriers in place... for even something like a "Hercules fence":

Then I got thinking about it... and I don't know that I've EVER seen such measures on an airport's fenceline, even in places where it would be easy to drive a lowered car right up to the fence.

Guess that tells you how often someone driving through the fences really happens... like, almost NEVER.

John, that RFP and surrounding documents were sensitive so it's unlikely you'll be able to get anything further. Also it was a design build performance spec so it still would not tell you about what was deployed.

Matt, a number of airports in the USA have had intrusions through the perimteter, either by driving through a gate (solved with pop-up barriers of various ratings) or through the fence. I know of at least 3 or 4 sites myself that have deployed the jersey barrier base with chain link fence on top, although the ones I know were full 8' fence on top of the barrier, and then 3 strands of barbed wire- except were FAA limits the heights of all objects in specific zones.

In the USA it's been my experience that there's not much deployment of security on the 5-30 perimeter fence, but lots at the TSA checkpoints. Like having a guarded vault door in the front, but a swinging screen door in the back. And of course, thousands of people with access to secure areas who have been screened for past criminal record but not much else. Don't get me started- sorry, too late!

Thanks, Marc. I will admit, I haven't been through a lot of airports, and rarely have I looked at the fences. I have several times over the years visited the viewing areas at the east end of YVR's runways and seen nothing except the fence. In fact, there are driveways with gates in both sections of fence and I often pondered how easy it would be to simply drive out onto the field...

I grabbed a couple GMaps shots from YVR's northern runway:

Funny, I don't remember the yellow barricade being there last time I was out... but it's been a couple years.

[Editor's note: links broken]

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Rare Video Surveillance Fundraising - Verkada $15 Million on Apr 19, 2018
Fundraising in video surveillance (and the broader physical security market) has been poor recently. Highlights are few and far in between...
'Best In Show' Fails on Apr 19, 2018
ISC West's "Best In Show" has failed. For more than a decade, it has become increasingly irrelevant as the selections exhibit a cartoon level...
Best and Worst ISC West 2018 on Apr 16, 2018
ISC West 2018 had strong attendance, modest overall new products, and a surge in Artificial Intelligence marketing. First, here are 20+...
Hikvision Hires Ex-Herbalife MLM Scheme PR Director on Apr 09, 2018
Hikvision has hired Michael Gutierrez, a 'crisis management excellence' award-winning PR director for his work at Herbalife, as Gutierrez...
Hikvision Hires Ex-Milestone Head To Lead Global PR on Apr 06, 2018
Hikvision has PR problems. From its failed attempt at hiring a crisis communication writer to their failed anti-IPVM blog series to the increasing...
VMS New Developments Spring 2018 (Avigilon, Exacqvision, Genetec, Hikvision, Milestone, Network Optix) on Apr 04, 2018
What's new with VMS software? In this report, we examine new features and releases for Spring 2018 to track different areas of potential...
P2P 'Fail To' 'Quick And Steady Access' - Hikvision Defends Port Forwarding on Apr 02, 2018
Following criticism of Hikvision's ongoing port forwarding recommendation (e.g., Hikvision Hardening Guide Recommends Port Forwarding and Hikvision...
Beware Scam Market 'Research' on Mar 30, 2018
The 'data' and 'research' that headlines many articles is a scam, perpetrated by a variety of Indian firms that have exploited the carelessness and...
Stats: Disclosing Vulnerabilities Responsibility? Researcher or Manufacturer on Mar 30, 2018
Getting prompt and appropriate information on vulnerabilities is important for integrators and end users to ensure that their systems are best...
Hanwha / Kaspersky Vulnerability Dispute Examined on Mar 29, 2018
IT media ran numerous reports in the past month featuring two prominent companies - Hanwha (previously part of mega manufacturer Samsung) Techwin...

Most Recent Industry Reports

May 2018 Camera Course on Apr 20, 2018
Save $50 on early registration until this Thursday, the 26th. Register now (save $50) for the Spring 2018 Camera Course This is the only...
Global Real-Time Video Surveillance - EarthNow on Apr 20, 2018
A new company, EarthNow, with backing from Bill Gates, Airbus and more, is claiming that: Users will be able to see places on Earth with a delay...
Dedicated Vs Converged Access Control Networks (Statistics) on Apr 20, 2018
Running one's access control system on a converged network, with one's computers and phones, can save money. On the other hand, hand, doing so can...
April 2018 IP Networking Course on Apr 19, 2018
This is the last chance to register for our IP Networking course. Register now. NEW - 2 sessions per class, 'day' and 'night' to give you double...
Rare Video Surveillance Fundraising - Verkada $15 Million on Apr 19, 2018
Fundraising in video surveillance (and the broader physical security market) has been poor recently. Highlights are few and far in between...
'Best In Show' Fails on Apr 19, 2018
ISC West's "Best In Show" has failed. For more than a decade, it has become increasingly irrelevant as the selections exhibit a cartoon level...
Security Camera Cleaning Frequency Statistics on Apr 18, 2018
150+ integrators told IPVM how often they clean cameras on customer's sites and why.  Inside we examine their answers and break down feedback...
Worst Access Control 2018 on Apr 18, 2018
Three access control providers stood out as providing the most problems for integrators. In this report, we analyze the answers to: "In the...
Axis VMD4 Analytics Tested on Apr 17, 2018
Axis is now on its 4th generation of video motion detection (VMD), which Axis calls "a free video analytics application." In this generation, Axis...
Arecont CEO And President Resign on Apr 17, 2018
This is good news for Arecont. Arecont's problems have been well known for years (e.g., most recently Worst Camera Manufacturers 2018 and starting...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact