Sunday, February 18, 2018

Graded requirements under CCTV

Graded requirements under BS EN 62676 Standards for CCTV

This is a pure technical guide for installers, specifiers and manufacturers under BS EN 62676 Standards for CCTV (Form No. 218). The BS EN 62676 series of standards are the first standards for CCTV video surveillance that will be used to any significant extent in the UK and include the use of security grading. This guide is intended to assist installers of CCTV and other interested parties to understand how a choice of grade is to be made and then used to determine the design requirements of a CCTV system.

It is important to understand that the majority of requirements given by the BS EN 62676 series of standards are not grade dependent. This guide deals only with the minority of requirements that are grade dependent. Most of these are to be found in BS EN 62676-1-1 but there are a few in BS EN 62676-1-2 (the names of the standards can be found in 2.1).

The approach to grading given in the BS EN 62676 series of standards is intended to allow for flexibility to overcome problems that a system designer may face. It is not intended to be complicated but the flexibility can give the appearance of complexity. Having an understanding of the flexible possibilities will benefit system designers whether they choose to use them or not.

A summary of the key points about grading detailed in this document are:
• System designers should choose the simplest approach that will work.
• The recommended approach is to choose a grade of system and apply that single grade throughout the system.
• The grading will affect the protection level and restriction of access to the system.
• It is the functions of the CCTV system that are graded rather than each component.
• Grading of a system does not determine the quality of the images captured by the system. BS EN 62676-4 includes requirements and recommendations that will determine the quality of image recording.
• The chosen grade(s) should be recorded in the Operational Requirement or System Design Proposal.
• Where use of a single grade for all system functions is not practical the standard permits the grading to be divided up by function. 18 Functions are described in the standard.
• Additional flexibility can be obtained by documenting specific requirements in the Operational Requirements or System Design Proposal.


Note: For security practitioners with a knowledge of intruder alarms (as installed under the PD 6662 scheme) it is important to note that the way that grading is described in the CCTV standards is not the same and confusion may arise if the differences are not understood. Additionally for intruder systems the installer’s life is made easy by the existence of component standards. For example an installer seeking a Grade 3 passive infra-red detector simply looks for a device that a manufacturer states meets the requirements of the associated standard. This is not the case for CCTV. There are currently no standards for CCTV system components specifying differences between their requirements at each grade.

Scope

These guidelines are for use in conjunction with the BS EN 62676 series of standards for “Video Surveillance Systems for Use in Security Applications”. In particular they give guidance to the requirements in BS EN 62676-1-1 “System Requirements – General”.

Note: The BS EN 62676 series of standards uses the term Video Surveillance System (VSS) for systems commonly known in the UK as CCTV (Closed Circuit Television) systems. Although CCTV is no longer technically correct in all situations the terms may be used interchangeably.

It is not mandatory to use Security Grading when installing systems to meet the standard but the use of Grading can give benefit and simplify matters.

Grading of a system does not specifically determine the quality of the images captured by the system although implementation of a higher grade may coincidentally result in an improvement. The grading will affect the protection level and restriction of access to the system.

BS EN 62676-4 includes recommendations that will determine the quality of image recording.


Referenced Standards

The following referenced documents are indispensable for the application of this document.
BS EN 62676 series: Video surveillance systems for use in security applications
BS EN 62676-1-1      : Video System Requirements
BS EN 62676-1-2      : Video Transmission – General Video Transmission – Requirements
BS EN 62676-2-1      : Video Transmission Protocols – General Requirements
BS EN 62676-2-2      : Video Transmission Protocols – IP Interoperability implementation based on HTTP & REST Services.
BS EN 62676-2-3      : Video Transmission Protocols – IP Interoperability implementation based on web services
BS EN 62676-3         : Analog and Digital Video Interfaces
BS EN 62676-4         : Application guidelines

How to Use this Guide

This guide consists of three main sections.
Section 6 “Grade Selection” explains how the Security Grade can be applied to all or to parts of the installation.
Section 9 “Commentary on the Requirements” looks at each of the graded requirements in the standard in turn and gives advice and commentary.
Section 10 “Graded Requirements” summarises the requirements in a checklist style.


How does the customer benefit by the use of Grading

This guide is primarily aimed at those wishing to understand the technical issues associated with grading in terms of how the requirements differ by grade and also how to apply the graded requirements to the system. BSIA have a separate guide (Form 217) that is intended to help customers of CCTV systems understand the differences between an installation meeting the requirements of the BS EN 62676 series of standards and other systems (e.g. systems that pre-dated those standards). This includes an overview of the differences introduced by grading.

It is important that the customer realises that the choice of one grade over another will not affect the quality of images obtained by the system. The use of different grades will however affect the robustness and integrity of the system and its ability to continue to serve its purpose in the face of a criminal attack or likely fault conditions.

The factors that are affected by the grade choice are indicated by the function titles in section 6.3.1 and section 8.

As can be seen by the table in section 8, the majority of differences between system requirements are associated with the step from Grade 2 to Grade 3. 13 of the 18 functions have identical requirements in Grades 1 and 2 and 9 of the 18 are the same in Grades 3 and 4.

BS EN 62676-4 describes how the selection of security grades should be based on a risk assessment and the system should be designed to mitigate the assessed risks. As the graded requirements primarily affect the protection of the system itself then it is these aspects of a risk assessment that would determine the grade.

Therefore typically the grade will be the result of risks associated with threats and hazards such as:
• Vandalism or malicious attack on the CCTV system (without other criminal intent).
• Deliberate attack on the CCTV system (to assist with a crime).
• Environmental factors (e.g. flood damage to equipment, radio interference, lightning) and possible power outages.
A higher risk will be associated with increased likelihoods of events. These may be indicated by:
• How attractive the criminal target is (e.g. valuables / persons at risk of kidnap).
• Lack of other security measures.
• Location in a high crime area or close to easy escape routes.
• Lack of occupancy.
• Easy public access.
• High crime history.

A higher risk will also be associated with a high impact. Many things might cause a high impact, including:
• Potentially high losses.
• Disruption to site activities.

Some aspects of the graded functions do not directly relate to the threat but are a consequence of the risk assessment. An example is the need to preserve evidential data of good quality images. Although this is unlikely to prevent a crime it is more likely to be important when a criminal will go to greater lengths to protect their identity. This is associated with higher risks.

To keep in shot we can summarized of Grading

1.   System designers should choose the simplest approach that will work.
2.  The recommended approach is to choose a grade of system and apply that single grade throughout the system.
3.    The grading will affect the protection level and restriction of access to the system.
4.    It is the functions of the CCTV system that are graded rather than each component.
5.   Unlike the other functions, tamper protection and detection requirements may be applied with different grades in various locations because of the varying risk of tamper in those locations.
6.    Grading of a system does not determine the quality of the images captured by the system. BS EN 62676-4 includes requirements and recommendations that will determine the quality of image recording.
7.    CCTV security systems are installed to mitigate the risks associated with a number of threats
8.    If the mitigation by CCTV for a particular threat is not the primary mitigation then grading is optional for that threat but may apply for other threats. If CCTV is not the primary mitigation for any threat then grading is optional for the whole system.
9.     Grade 1 is the minimum grade that can be assigned.
10. If necessary, any of the 18 functions (listed in 6.3.1) can be graded separately but the grade for that function applies throughout the system.
11. It is recommended that if any of the 18 functions (with the exception of tamper protection and detection) are graded differently the overall system grade be that of the majority of the functional grades chosen. 

If a VSS is designed and configured in a way that single or multiple operators request video images via common interconnections, the design of the system shall ensure that the available capacity is sufficient for the anticipated operation of the VSS. This may be achieved by configuring the maximum throughput of image streams on the VSS.

The following table can be used as a checklist.
Key:
Op = Optional
M = Mandatory
R = Recommended
Clause number (e.g. 6.1.2.2) means a clause in 62676-1-1, if a standard number is also given then it is the clause in that standard.
Tm.n (e.g. T1.4) means the nth row in table m (e.g. 4th row of table 1).

Table & Row or Clause
Subject
Security Grade
G1
G2
G3
G4
FUNCTION: Common Interconnections
6.1.2.2
Common Interconnections
Op
Op
M
M
If a VSS is designed and configured in a way that single or multiple operators request video images via common interconnections, the design of the system shall ensure that the available capacity is sufficient for the anticipated operation of the VSS. This may be achieved by configuring the maximum throughput of image streams on the VSS.
FUNCTION: Storage
Table 1
Storage




T1.1
Data backup and/or redundant recording
Op
Op
M
M
T1.2
Operating a fail-safe storage (e.g. RAID 5, continuous mirror) or switching automatically over from one storage media to another in case of storage failure
Op
Op
Op
M
T1.3
Reacting to a trigger with a maximum latency time of
-
1 s
500ms
250ms
T1.4
Replaying an image from storage with a maximum time after the incident or actual recording of after the incident or actual recording of
-
-
2s
1s
FUNCTION: Archiving and backup
Table 2
Archiving and Backup




T2.1
Authentication of every single image and image sequence
Op
Op
Op
M
T2.2
An automatically scheduled backup of alarm image data
Op
Op
Op
M
T2.3
A backup of alarm image data by manual request
Op
Op
M
M
T2.4
Verify the successful image backup
Op
Op
M
M
FUNCTION: Alarm Related Information

6.2.2.3
The VSS system shall be able to display alarm related information. The information presented for each alarm message shall include: a) the origin or source of alarm; b) the type of alarm; c) the time and date of alarm.
Op
Op
M
M
FUNCTION: System Logs




Table 3
System Logs




T3.1
Alarms
Op
M
M
M
T3.2
Tampers
Op
Op
M
M
T3.3
Video loss and recovery from video loss
Op
Op
M
M
T3.4
Power loss
Op
M
M
M
T3.5
Essential function failure and recovery from failure
Op
Op
M
M
T3.6
Fault messages displayed to the user
Op
Op
Op
M
T3.7
System reset, start, stop
Op
M
M
M
T3.8
Diagnostic actions (health check)
Op
Op
Op
M
T3.9
Export, print/ hardcopy incl. the image source identifier, time range
Op
M
M
M
T3.10
User log in and log out at workstation with time stamp, successful and denied logins (local/remote) including reason of denial (wrong password, unknown user, exceeded account
Op
M
M
M
T3.11
Changes in authorisation codes
Op
Op
M
M
T3.12
Control of functional cameras
Op
Op
Op
M
T3.13
Search for images and replay of images
Op
Op
M
M
T3.14
Manual changes of recording parameters
Op
Op
M
M
T3.15
Alarm acknowledge / restore
Op
Op
M
M
T3.16
System configuration change
Op
Op
M
M
T3.17
Date and time set and change with current time and new time
Op
Op
M
M
FUNCTION: Backup and Restore of System
6.3.2.1
Capable of backup and restore of all system data.
Op
M
M
M
FUNCTION: Repetitive Failure Notification




6.3.2.2.1
The system shall be able to detect repetitive failures from a component and shall be configurable to generate a single message which shall only be repeated each time a new user logs in or the system restarts.
Op
Op
M
M
FUNCTION: Image Handling Device PSU Monitoring
6.3.2.2.2
Failure of the primary and, if available alternative, power supplies to the system shall be monitored, with notification according to clause 6.3.2.2.1.
Op
Op
Op
M
6.3.2.2.2
In any case power supply failure shall always be indicated locally.
Op
Op
Op
M
6.3.2.2.2
The VSS shall attempt to resume normal operation after recovering from power loss. If the system is unable to resume after power has been restored, with the settings which existed before the power failure, this shall be logged and also indicated to an operator
Op
Op
Op
M
FUNCTION: Image Buffer Holding Time
6.3.2.2.2
Images shall not be held in a buffer for longer than 5 seconds without being written into the storage medium
Op
Op
M
M
FUNCTION: Essential Function Device Failure Notification Time
6.3.2.2.3
The VSS shall manage device failure by indicating any failure of the essential functions within 100 s of the failure.
Op
Op
M
M
FUNCTION: Monitoring of Interconnections
Table 4
Monitoring of interconnections




T4.1
Repeatedly verify the interconnection at regular intervals with a maximum of
-
-
30s
10s
T4.2
Try to re-establish a interconnection with following number of retries before notification
-
-
5
2
T4.3
Maximum time permitted before notification to an operator of an interconnection failure
-
-
180s
30s
62676-1-2 T7.1
Maximum permitted duration of device unavailability
-
-
180s
30s
FUNCTION: Tamper Detection
Table 5
Tamper Detection




T5.1
Video loss
Op
M
M
M
62676-1-2 T7.2
Maximum detection time for live signal loss
-
8s
4s
2s
T5.2
If an image capturing device with a fixed field of view no longer includes the entire specified field of view
Op
Op
M
M
T5.3
Deliberately obscuring or blinding of the imaging device range
Op
Op
M
M
T5.4
The substitution of any video data at image source, interconnection or handling
Op
Op
Op
M
T5.5
Significant reduction of the contrast of the image
Op
Op
Op
M
6.3.2.3.2
Image capturing devices shall be protected against tamper
Op
Op
M
M
FUNCTION: Authorisation Code Requirements
Table 7
Authorisation Code Requirements




T7.1
Minimum number of possible logical authorisation keys
-
10,000
100,000
1,000,000
T7.2
Minimum number of possible physical authorisation keys
-
3,000
15,000
50,000
FUNCTION: Time Synchronisation
6.3.2.5
Time settings of various components of a VSS system shall always be within +/- 10 seconds of UTC.
Op
Op
M
M
FUNCTION: Data Labelling
Table 11
Data Labelling




T11.1
Location (e.g. name of site)
Op
M
M
M
T11.2
Source (e.g. capturing device labelled by camera number)
Op
M
M
M
T11.3
Date and time
Op
M
M
M
T11.4
Date and time in UTC including offset for local time
Op
Op
Op
M
FUNCTION: Data Authentication
6.3.3.2
Provide a method (e.g. watermarking, checksums, fingerprinting) to authenticate image and meta data and their identity.
Op
Op


The authentication method shall be applied at the time the data is recorded and shall notify the user if any of the following has occurred:
•      Any of the images has been changed or altered;
•      One or more images have been removed from a sequence;
•      One or more images have been added to a sequence;
•      The data label has been changed or altered.
FUNCTION: Export / Copy Authentication
6.3.3.2
Provide a method by which the authenticity of copied and exported data is verified
Op
Op
M
M
FUNCTION: Data (manipulation) Protection
6.3.3.3
Provide a method (e.g. encryption) to prevent unauthorized persons viewing the images and other data without permission
Op
Op
Op
M
6.3.3.3
Provide a method to protect the confidentiality of copied and exported data
Op
Op
Op
M
62676-1-2 Clause 12.1
All data communication outside secured technical room areas shall be encrypted in the security grade 4. AES with 128 bit key for symmetric and RSA with 1024 bit key shall be provided. Native encryption shall not be accepted. The VTDs shall not store any form of passwords in clear text. All such passwords either in configuration files or a database shall be encrypted.
Op
Op
Op
M
A VTD according to this standard shall support transport level security for the security grade 4.
62676-1-2 Clause 12.2
A VTD compliant to this standard shall support in security grade 4 TLS 1.0 according to the IETF standard RFC 2246 and TLS 1.1 according to RFC 4346. Optionally the VTD may support TLS 1.2 according to RFC 5246.
Op
Op
Op
M
62676-1-2 Clause 8.3.4
Digest Access Authentication is recommended in security grade 3 and 4 systems, because of the higher security provided.
Op
Op
R
R
Note: VTD is an abbreviation for Video Transmission Device
Ref: BS EN 62676 series books.

Summary

Expecting an installer or integrator to analyse the specification of every product used to form a system is somewhat impractical but it is also difficult for a manufacturer to guarantee the suitability of a product with regard to graded requirements given the diverse possibilities for an installation.
Assessment by the manufacturer of the potential grading of their products (or at a minimum a statement about the best possible grade that could be achieved) and the presentation of this in a standard format, such as that shown above, will assist all parties in meeting the operational requirements of the CCTV system.