Physical Security IoT – is there an iota of assurance?

    [fa icon="calendar"] Dec 6, 2017 7:58:25 PM / by John Gallagher

    An article I saw recently started with this compelling question:

    How many must be killed in the Internet of Deadly Things train wrecks?*

    And in the article the author highlights the question: “History tells us that technology doesn't get regulated properly until people start to die. Why will IoT be any different?”.

    From the perspective of emerging IoT technologies, like self-driving cars, robot-driven surgery, and botnets controlling large-scale infrastructure, the author certainly has a point. Without well planned and well proven approaches to service assurance in place, these emerging IoT technologies could go a little crazy and become a danger and risk to the organizations deploying them. Clearly before introducing such technology into the wild, we’d figure out how to measure, validate, and enforce the operation of that technology as both a safety measure and an ongoing way to manage operations. Wouldn’t we?

    Well, maybe not. We can already look at current industrial IoT deployments and see that not all were designed with service assurance in mind – specifically video surveillance and physical security systems. The past couple years have demonstrated that physical security systems were easy for cyber-criminals to hack and infect with malware, they don’t always capture needed video evidence, and when they fail it takes time for someone to notice. Compounding the service assurance problem is that almost all physical security systems are a mix of different vendors and vintages, meaning that a service assurance solution must be able to work across all of them.

    The danger of physical security systems without service assurance is clear. At best a false sense of security might be in place, and at worst lives are endangered. A case at San Francisco General Hospital a few years ago demonstrates that – despite California law requiring surveillance within the hospital, a woman went “missing” for over three weeks before her body was found in a remote part of the hospital. The failure of the “eyes” of video surveillance can cost lives, and present much higher risk than needed to people and organizations.

    Would you want a robot surgeon operating on you without having assurance about its operation? Or any other form of industrial IoT? Of course the answer is no, as it should be for physical security systems.

    Over the past four years Viakoo has shown that service assurance and automated verification of physical security system performance can minimize downtime dramatically, while also making detection of cyber threats possible and enforcing tighter control of policies (like not using default passwords). If you don’t currently have a service assurance solution operating on your security system, check out Viakoo – visit www.viakoo.com/start for your demo account to see for yourself. Don’t wait for a deadly “IoT trainwreck” to happen in your organization; unlike self-driving cars we’ve got over 100 million hours of operational proof with security systems that that proves the IoT nature of physical security can be made safe and secure.

    * http://www.zdnet.com/article/how-many-must-be-killed-in-the-internet-of-deadly-things-train-wrecks/

    John Gallagher

    Written by John Gallagher