If you’re responsible for physical security, then you might be familiar with the concept of “mean time to innocence”. It’s an IT term that highlights how the network is often blamed for problems, and how the IT team needs to quickly get to the real root cause in order to show that the network is “innocent”. Same thing happens in physical security; for example, if video is not recording properly it often is blamed on the camera device when the root cause may be an issue with storage.
This past week I was fortunate to attend the Campus Safety Conference in Las Vegas as a sponsor, and to meet with many education safety professionals. School safety has been around for as long as schools have, but the last few years have changed the nature of it – a lot more focus now is on shootings (in particular) and dealing with traumatic incidents (in general). In no particular order here’s what really stood out to me:
This past Thursday evening Viakoo participated in a great event hosted by CapitolSec 2020 in Sacramento – a “pitchfest” where multiple technology companies came to share ideas in front of a judging panel on how their technology could be used to improve the security of election systems. While we’re proud that we were awarded as the winner based on having the most compelling technology solution to this problem, the more important takeaway is that solutions for IoT service assurance and cyber hygiene are needed for broad societal issues, not just commercial or industrial applications.
Because they model a part of the real world, “digital twins” are quickly becoming important business tools for organizations that deploy Internet of things (IoT) devices. Digital twins can help maintain industrial processes, explore new business opportunities, and develop new and enhanced connected products and services. They are particularly applicable to distributed systems such as physical security systems that include many IoT devices, where they can help solve operational issues more quickly and effectively than field diagnostics.
A few years ago at physical security industry conferences the word I heard the most was “convergence”. At that time the meaning of it was how Physical Security and IT were coming closer together, and it was a hot topic because analog technology was quickly giving way to IP-based approaches. With access control becoming tied to identity management, and surveillance being managed, stored, and analyzed on computer networks, it’s easy to see now why that convergence was critical for the industry and one that required rethinking old approaches.
The now infamous Target data breach was transacted by malware being placed on the HVAC system servers. A casino had its “high roller” database stolen by leveraging the network connection of an aquarium thermostat to export the file from the internal network. Leveraging the physical security system’s camera devices a bank was hacked, revealing confidential information. These are just some of the examples of how IoT devices, especially at the edge of a network, can be exploited by cyber-criminals.
It’s happened: you had a major failure of one (or all) parts of your physical security system. Maybe it’s something relatively minor (like the CEO not being able to get access to their office), or something truly catastrophic that is in the news and has dramatically impacted the reputation of your company (and your team). What you should do (after taking a deep breath) to regain and rebuild not just the protection offered by physical security, but the trust and belief that this will never happen again? Here’s a few “best practices” that will start to repair the damage done.
Every security integrator faces this issue. Your customers purchase new physical security systems and devices in order to benefit from the security and risk-reduction features they offer. Once deployed, however, these devices can actually increase risk and liability if they stop operating properly without the user becoming aware of the disruption. The risk compounds when you consider that new IoT (Internet of Things) enabled devices are being introduced to the market and added to users’ networks at an accelerating rate.
Physical Security competes with other industries for talent, and there is (right now) a giant opportunity for the industry to be a career magnet for people at the forefront of technology and innovation. To be deeply involved in IoT, cyber-security, machine learning, and cool-as-could-be drone technology and robotics is a giant draw for the best new talent. And those are exactly the leading-edge needs facing the physical security industry.
As with most things in life that develop at a rapid pace, the Internet of Things (IoT) may have early adoption issues but ultimately will function smoothly over time. Both the personal and enterprise benefits of living in a fully connected world where everything has some connection to a network will ensure that IoT adoption continues to expand. The current issues around cyber secure and functionality of systems are being addressed, paving the way for future IoT growth. But with today’s reality no CSO or CISO wants to be responsible for IT and/or physical security operations when they don’t have control of what’s connected to the network; they don’t know which security systems were offline or not working; and can’t easily determine which devices were impacted by downtime, data breaches, or compliance issues. No one wants to be that person.