Constantly Evolving -- Security Today

Constantly Evolving

Cybersecurity is playing an intrinsic role supporting physical security devices

By Ben Williams
Dec 01, 2022

Security requirements are constantly evolving and one of the most pressing impacts of this evolution today centers on cybersecurity. Two aspects need to be addressed: the physical security of digital networks and the cybersecurity of physical security devices.

It should come as no surprise, then, that cybersecurity awareness is one of the predominant topics haunting all of us in the industry today. While it is not a new subject, the sense of urgency to address these vulnerabilities has increased exponentially over the past few years.

Interconnectivity is driving increased concern, now more than ever before. Every day, we learn how relentless cybercriminals are about discovering new ways to break into digital systems and networks, including those used for access control. This means that manufacturers must continuously level up to make sure we stay ahead of the curve. So, while at the door, access control looks relatively straightforward (you tap or swipe a card, you have ingress or egress), there is a complex set of processes happening on the back end with credentialing, monitoring and cybersecurity measures constantly in motion.

Recognizing that cybersecurity is of increasing importance, Underwriters Laboratories is working through some of these concerns with their release of the eighth edition of the UL294 standard. Additionally, there are already active laws in states like California and Oregon that go beyond simply creating awareness and aim to hold companies more accountable for protecting against cybersecurity threats in IoT devices.

These increasing threats have forced designers to take a step back from traditional methodologies to ensure that we are designing for security from the ground up. For example, in many commercial settings today, companies still require users to initiate firmware updates locally and manually. Ideally, updates would automatically uploaded to a device, just as they are for iPhone operating system updates. Until recent years, many of the traditional devices we have interacted with required an installer to go to each device to initiate patches and load updates.

Fast forward to today, and you are beginning to see more and more devices capable of receiving patches and updates without a person having to initiate the changes.

Providing Flexibility
Credential flexibility for access control solutions is another growing area of focus as credential technologies evolve. Facilities are seeking flexible and future-proof solutions that will help them migrate seamlessly to the latest credential technologies.

This also applies to other components of access control systems, such as controllers. The use of Open Supervised Device Protocol (OSDP) improves interoperability and provides secure channel serial communication between credential readers and the Physical Access Control System (PACS). Developing new ways to support emerging options like these, based on open system architecture and more robust interoperability means there is an even greater need for stronger cybersecurity precautions and policies.

Securing Network Access Points
Electronic access control is being more widely integrated into areas where network access points pose a potential risk, such as traffic control cabinets and in programmable logic controllers (PLC) that are prevalent on factory floors for controlling automation and robotics. OSDP technology uses wired, real-time bidirectional communication to provide the extra protection of detecting whether someone is trying to breach a signal with a “man-in-the-middle” attack.

This is a distinct advantage over single-direction communication in legacy protocols such as Wiegand. Using OSDP technology to secure files, IT assets, on-premises servers, and other critical infrastructure creates tighter electronic access control where it is more essential than ever.

Subsequently, OSDP-based access control technology is something that’s been very well received by Fortune 1000 clients like banks, major retail outlets, fast food chains and other potentially vulnerable operations. Not only are these enterprise customers benefitting significantly through increased overall security, integrators who can offer this added assurance to their customers. Within ASSA ABLOY, our product teams have begun leveraging OSDP technology in the server cabinet space with products like the HES KS210 and for traditional door openings with the SN210 integrated wired locks, with the goal of providing increased security for our customers.

Balancing Security and Convenience
The natural assumption is that increased security measures (physical and cyber) may lead to longer credential read times and delays at the door ─ the opposite of what most of us want. However, most credentials are read in less than a second, and have little to no impact on the natural flow of traffic. By applying new standards and innovating how we process credentials, we are able to increase security and further reduce delays or friction at the door.

As a security and access control manufacturer, we fully understand that in order for security practices to be effective, they have to be convenient for people to use. We are committed to improving read times and using technologies like mobile access to help accelerate a better user experience.

In fact, mobile acceptance is an important trend that continues to get attention as we see a proliferation of mobile credential applications. Now the capabilities of mobile wallets are expanding, and there is an ever-growing demand to use mobile credentials for access control. We are seeing the fastest adoption on college campuses where students use mobile wallets for just about every kind of transaction.

Leveraging Data
AI and machine learning opportunities are getting more attention. People have become more aware of the amount of data generated through access control. Within the next three to five years, you will see more companies starting to use that data in new ways to make better inferences and create better user experiences at the door. Consider how Tesla uses the way a driver walks up to their vehicle to determine how quickly to start the vehicle automatically. While that is a simple example, the potential benefits and opportunities are ripe for harvesting.

Change is constant, inevitable, and usually a good thing if it continues to advance the user experience and their security – physical and cyber alike. Whether it is embracing credential flexibility to make access control more secure, using data to enhance the customer experience, or recommending foolproof options for mitigating cyberattacks, staying on the leading edge of access control innovation and advancing the highest level of security are qualities that facilities and security operations will always be looking for from our industry.

This article originally appeared in the November / December 2022 issue of Security Today.

Verkada Hits 25,000 Customers Globally
07/26/2024
IDIS Video Technology Provides Foundation For Indian Railways Growth Plans
07/19/2024
SIA, International Association of Professional Security Consultants Announce Partnership
07/19/2024
Empowering Boutique Security Companies to Play Big
07/16/2024
dormakaba Consolidates Sites and Opens New Hub and Production Facility in Montreal
07/15/2024
NAPCO Access Pro Sales Division Announces Personnel Changes
07/15/2024
RAD Joins ZeroNow as a Partner in Making Schools Safer
07/15/2024
Traka ASSA ABLOY Wins 2024 Red Dot Award for Touch Pro Series of Electronic Key Management Cabinets
07/01/2024

Featured

The Next Generation

Video security technology has reached an inflection point. With advancements in cloud infrastructure and internet bandwidth, hybrid cloud solutions can now deliver new capabilities and business opportunities for security professionals and their customers. Read Now
- IP Video
Help Your Customer Protect Themselves

In the world of IT, insider threats are on a steep upward trajectory. The cost of these threats - including negligent and malicious employees that may steal authorized users’ credentials, rose from $8.3 million in 2018 to $16.2 million in 2023. Insider threats towards physical infrastructures often bleed into the realm of cybersecurity; for instance, consider an unauthorized user breaching a physical data center and plugging in a laptop to download and steal sensitive digital information. Read Now
- Cybersecurity
Enhanced Situation Awareness

Did someone break into the building? Maybe it is just an employee pulling an all-nighter. Or is it an actual perpetrator? Audio analytics, available in many AI-enabled cameras, can add context to what operators see on the screen, helping them validate assumptions. If a glass-break detection alert is received moments before seeing a person on camera, the added situational awareness makes the event more actionable. Read Now
- Artificial Intelligence
Transformative Advances

Over the past decade, machine learning has enabled transformative advances in physical security technology. We have seen some amazing progress in using machine learning algorithms to train computers to assess and improve computational processes. Although such tools are helpful for security and operations, machines are still far from being capable of thinking or acting like humans. They do, however, offer unique opportunities for teams to enhance security and productivity. Read Now
- Artificial Intelligence

Webinars

Hanwha Vision (formerly Hanwha Techwin), Eagle Eye Networks Inc, Salient Systems

Smart Buildings: Focus on Networking and Video Surveillance
The State of Safe Web Browsing in Enterprises Today
BriefCam

AI-Driven Video Analytics: The Foundation for Your Security Tech Stack

Whitepapers

Axis Communications, Inc.

Virginia School Security Grants
ASSA ABLOY

The evolution of data center security: Safeguarding critical assets in today’s data centers
Winsted Corporation

All-Star Lineup

New Products

QCS7230 System-on-Chip (SoC)

The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3
Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3
Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3