Earlier this summer the Center for Cyber and Homeland Security (CCHS) at Auburn University in conjunction with the International Security Management Association (ISMA) released a new survey that reflected how the C-suite views the evolving roles of cyber and physical security risks and mitigation strategies within their organizations. As October is National Cybersecurity Awareness Month, the timely findings of the research highlight the fact there has been a seismic shift in how organizations approach the relationship between the cyber and physical security threats they face.
If you’re responsible for physical security, then you might be familiar with the concept of “mean time to innocence”. It’s an IT term that highlights how the network is often blamed for problems, and how the IT team needs to quickly get to the real root cause in order to show that the network is “innocent”. Same thing happens in physical security; for example, if video is not recording properly it often is blamed on the camera device when the root cause may be an issue with storage.
Because they model a part of the real world, “digital twins” are quickly becoming important business tools for organizations that deploy Internet of things (IoT) devices. Digital twins can help maintain industrial processes, explore new business opportunities, and develop new and enhanced connected products and services. They are particularly applicable to distributed systems such as physical security systems that include many IoT devices, where they can help solve operational issues more quickly and effectively than field diagnostics.
A few years ago at physical security industry conferences the word I heard the most was “convergence”. At that time the meaning of it was how Physical Security and IT were coming closer together, and it was a hot topic because analog technology was quickly giving way to IP-based approaches. With access control becoming tied to identity management, and surveillance being managed, stored, and analyzed on computer networks, it’s easy to see now why that convergence was critical for the industry and one that required rethinking old approaches.
The now infamous Target data breach was transacted by malware being placed on the HVAC system servers. A casino had its “high roller” database stolen by leveraging the network connection of an aquarium thermostat to export the file from the internal network. Leveraging the physical security system’s camera devices a bank was hacked, revealing confidential information. These are just some of the examples of how IoT devices, especially at the edge of a network, can be exploited by cyber-criminals.
Every security integrator faces this issue. Your customers purchase new physical security systems and devices in order to benefit from the security and risk-reduction features they offer. Once deployed, however, these devices can actually increase risk and liability if they stop operating properly without the user becoming aware of the disruption. The risk compounds when you consider that new IoT (Internet of Things) enabled devices are being introduced to the market and added to users’ networks at an accelerating rate.
To sense the scale and magnitude of changes happening in physical security it helps to put numbers to what is happening across the industry. There is no doubt that the last 5 years have brought a lot of changes to the industry – but can you put data to those changes and trends? To be able to do so is useful for multiple reasons.
Everybody is talking about it, and more and more people are using it. From self-driving cars to predictive analysis and everything in between, artificial intelligence, or AI, is the next big thing in technology (including physical security). 85% of Americans already use AI in some way, from smart devices to complex intelligence for business operations. AI can detect and react much faster than human eyes and hands, and manage complex technology easily, relying on highly sophisticated software to ensure constant and repeatable success. Most importantly, problems or issues that may get missed or overlooked by humans can be reacted to and prevented from becoming serious. In physical security, what might be easily overlooked can quickly become life safety critical.
There are ideas and concepts that you come across that you realize immediately were not developed for your particular endeavor, but nonetheless are very appropriate. As physical security is becoming more oriented around industrial IoT, Big Data, machine learning, and other areas of data science there are some useful ideas for physical security professionals to consider. One of these is “data gravity”; the nature of large amounts of data to draw in applications and processes that take advantage of the presence of that data. If you’re running an IP-based physical security system, you may have already noticed that whether it’s a PSIM (physical security information management), Viakoo for automated system verification, or numerous advanced video analytics applications, there are now a lot more applications being drawn towards the data present in IP-based physical security systems.
As with most things in life that develop at a rapid pace, the Internet of Things (IoT) may have early adoption issues but ultimately will function smoothly over time. Both the personal and enterprise benefits of living in a fully connected world where everything has some connection to a network will ensure that IoT adoption continues to expand. The current issues around cyber secure and functionality of systems are being addressed, paving the way for future IoT growth. But with today’s reality no CSO or CISO wants to be responsible for IT and/or physical security operations when they don’t have control of what’s connected to the network; they don’t know which security systems were offline or not working; and can’t easily determine which devices were impacted by downtime, data breaches, or compliance issues. No one wants to be that person.