Constantly Evolving

Constantly Evolving

Cybersecurity is playing an intrinsic role supporting physical security devices

  • By Ben Williams
  • Dec 01, 2022

Security requirements are constantly evolving and one of the most pressing impacts of this evolution today centers on cybersecurity. Two aspects need to be addressed: the physical security of digital networks and the cybersecurity of physical security devices.

It should come as no surprise, then, that cybersecurity awareness is one of the predominant topics haunting all of us in the industry today. While it is not a new subject, the sense of urgency to address these vulnerabilities has increased exponentially over the past few years.

Interconnectivity is driving increased concern, now more than ever before. Every day, we learn how relentless cybercriminals are about discovering new ways to break into digital systems and networks, including those used for access control. This means that manufacturers must continuously level up to make sure we stay ahead of the curve. So, while at the door, access control looks relatively straightforward (you tap or swipe a card, you have ingress or egress), there is a complex set of processes happening on the back end with credentialing, monitoring and cybersecurity measures constantly in motion.

Recognizing that cybersecurity is of increasing importance, Underwriters Laboratories is working through some of these concerns with their release of the eighth edition of the UL294 standard. Additionally, there are already active laws in states like California and Oregon that go beyond simply creating awareness and aim to hold companies more accountable for protecting against cybersecurity threats in IoT devices.

These increasing threats have forced designers to take a step back from traditional methodologies to ensure that we are designing for security from the ground up. For example, in many commercial settings today, companies still require users to initiate firmware updates locally and manually. Ideally, updates would automatically uploaded to a device, just as they are for iPhone operating system updates. Until recent years, many of the traditional devices we have interacted with required an installer to go to each device to initiate patches and load updates.

Fast forward to today, and you are beginning to see more and more devices capable of receiving patches and updates without a person having to initiate the changes.

Providing Flexibility
Credential flexibility for access control solutions is another growing area of focus as credential technologies evolve. Facilities are seeking flexible and future-proof solutions that will help them migrate seamlessly to the latest credential technologies.

This also applies to other components of access control systems, such as controllers. The use of Open Supervised Device Protocol (OSDP) improves interoperability and provides secure channel serial communication between credential readers and the Physical Access Control System (PACS). Developing new ways to support emerging options like these, based on open system architecture and more robust interoperability means there is an even greater need for stronger cybersecurity precautions and policies.

Securing Network Access Points
Electronic access control is being more widely integrated into areas where network access points pose a potential risk, such as traffic control cabinets and in programmable logic controllers (PLC) that are prevalent on factory floors for controlling automation and robotics. OSDP technology uses wired, real-time bidirectional communication to provide the extra protection of detecting whether someone is trying to breach a signal with a “man-in-the-middle” attack.

This is a distinct advantage over single-direction communication in legacy protocols such as Wiegand. Using OSDP technology to secure files, IT assets, on-premises servers, and other critical infrastructure creates tighter electronic access control where it is more essential than ever.

Subsequently, OSDP-based access control technology is something that’s been very well received by Fortune 1000 clients like banks, major retail outlets, fast food chains and other potentially vulnerable operations. Not only are these enterprise customers benefitting significantly through increased overall security, integrators who can offer this added assurance to their customers. Within ASSA ABLOY, our product teams have begun leveraging OSDP technology in the server cabinet space with products like the HES KS210 and for traditional door openings with the SN210 integrated wired locks, with the goal of providing increased security for our customers.

Balancing Security and Convenience
The natural assumption is that increased security measures (physical and cyber) may lead to longer credential read times and delays at the door ─ the opposite of what most of us want. However, most credentials are read in less than a second, and have little to no impact on the natural flow of traffic. By applying new standards and innovating how we process credentials, we are able to increase security and further reduce delays or friction at the door.

As a security and access control manufacturer, we fully understand that in order for security practices to be effective, they have to be convenient for people to use. We are committed to improving read times and using technologies like mobile access to help accelerate a better user experience.

In fact, mobile acceptance is an important trend that continues to get attention as we see a proliferation of mobile credential applications. Now the capabilities of mobile wallets are expanding, and there is an ever-growing demand to use mobile credentials for access control. We are seeing the fastest adoption on college campuses where students use mobile wallets for just about every kind of transaction.

Leveraging Data
AI and machine learning opportunities are getting more attention. People have become more aware of the amount of data generated through access control. Within the next three to five years, you will see more companies starting to use that data in new ways to make better inferences and create better user experiences at the door. Consider how Tesla uses the way a driver walks up to their vehicle to determine how quickly to start the vehicle automatically. While that is a simple example, the potential benefits and opportunities are ripe for harvesting.

Change is constant, inevitable, and usually a good thing if it continues to advance the user experience and their security – physical and cyber alike. Whether it is embracing credential flexibility to make access control more secure, using data to enhance the customer experience, or recommending foolproof options for mitigating cyberattacks, staying on the leading edge of access control innovation and advancing the highest level of security are qualities that facilities and security operations will always be looking for from our industry.

This article originally appeared in the November / December 2022 issue of Security Today.

Featured

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

Most   Popular

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.