The Game Changer
How Artificial Intelligence changes the access control game
- By John Carter
- Jun 01, 2019
Most access control systems are focused on improving
security and protecting the business, ensuring that
only the right people have the right access to the
right areas. It keeps the bad guys out and the good
guys in. But what happens when the environment
changes and becomes a potential danger to the individuals inside or
when a crisis strikes?
Modern access control technology is now able to leverage innovations
in artificial intelligence (AI) and open standards to adapt to
environmental changes. It can move from a gatekeeper to a life saver
enabling safe passage for those who need to enter and assist, or to
route people inside to a safer area of the building. With new levels of
intelligent insights, risk adaptability and interoperability, physical access
control systems are now able to significantly improve life safety,
while also minimizing risk to the organization.
AI and Access Control—
Sensory-based Security
The first important innovation we need to discuss is artificial intelligence.
AI is based on an Artificial Neural Network, which works like
the human brain—just as humans have senses to see, hear, smell, taste
and feel. Humans can make decisions based on the combination of
activity our senses report to our brains. We can identify a wide variety
of safety risks based on our senses.
In the case of an AI-equipped access control system, like the human
brain, it too has a wide array of inputs that it constantly evaluates.
The more connections and integrations it has with security
systems and non-security applications and data, the more informed
it is. Leveraging AI, the modern access control system can characterize
activity and incoming data to identify patterns and recognize
certain conditions that increase the threat to a facility and to the people inside the facility.
It can recommend or automate higher levels
of control to avoid life safety consequences.
Compared to a human security guard,
an AI-based system can monitor more data,
faster and more accurately without bias or
distraction. It can leverage that intelligence
to become risk-adaptive—adjusting access
permissions based on risk levels.
A Shift from Role-Based
to Risk-Adaptive Access
Control
Risk comes in many forms. Dynamic by nature,
it can increase exponentially in severity
in a just matter of moments. Unfortunately,
traditional access control systems are static
by nature and cannot independently adapt to
a changing environment. That inability can
be detrimental to life safety and security.
Most traditional physical access control
systems are role-based. Access is assigned
based on a person’s role within an organization,
assigning access to an access group
representing a collection of doors that role
can access at specific times. While this meets
a very fundamental need, it controls access
strictly by those static roles and does not
adapt as the situation dynamically changes.
If an incident occurs that could affect life
safety, it requires a human, i.e., a security officer,
to react to an alarm or situation and
make changes to the access control system
in order to protect someone who could unknowingly
enter a bad situation or dangerous
environment.
Today, we see the emergence of riskadaptive
technology based on AI and new
levels of interoperability. When applied to
access, risk can be based on multiple criteria
and access permissions can be adjusted
as situations or individuals change. A riskadaptive
system can monitor key data points,
activity and risk levels for an individual or
facility. Let’s look at some examples.
Environmental Risks:
Mitigating danger
An employee may have authorized access to
a specific location, but there may be a reason
at that particular moment that the employee
should not enter. There might be a safety
threat and the risk-adaptive access control
system would recognize this and prevent him
or her from entering.
Consider some of the high-risk situations
and what could occur if an unsuspecting
person entered an area of risk. In critical infrastructure
facilities, for example, there is always
higher than average risk. Chemical spills,
radioactivity, fire and other incidents are the
dangerous examples to name a few. Those are
relatively obvious risks and even legacy access
control systems can provide some rudimentary
measures to seal off areas of concern.
However, without added intelligence and insight
capabilities such as risk scoring and artificial
intelligence (AI) to identify these risks,
the current access control systems cannot adjust
based on rising or sudden threats.
Beyond the facility, external threats such as
weather events or potential riots in a particular
area of the city, can impact the risk of entering
a building or create a need for access to a
safer area within the building. In those cases,
the system would need to recognize the external
threat and adjust access permissions while
directing the employees to find safe shelter.
Emergency Response:
Changing Access
Permissions on the Fly
Conversely, I may normally not be authorized
to access a certain area, but because
of a high-threat condition and who I am, I
can now enter. The combination of these two
factors provided an exception to the access
permissions. An intelligent access control
system can analyze that data and adjust permissions
on the fly.
A perfect example of this scenario would
be in an emergency lockdown situation at a school. Upon arrival, with a smart device and the proof of identity,
the first responder could quickly gain access to a school door or even
be allowed to access the video surveillance system to see inside the
school before entering. Today, with legacy access control systems, the
first responder would be locked out and unable to quickly get eyes on
the situation. Further, once the approved first responder has entered
the school, the access-controlled door can secure behind him and a
teacher or someone who may normally have authorized access would
not be allowed to enter because of the elevated risk identified by the
risk-aware access control system.
Going Beyond Forensic, Alarm-based
to Reactive, Risk-Aware Controls
Like traditional systems, as incidents occur involving a policy breach
or alarm trip, intelligent systems can immediately provide alert notifications
and a plan of action for the security team to follow. An intelligent
access control system can take this a step further. For example,
imagine a chemical spill occurs and no one reports the incident, trips
an alarm or initiates a fire pull. Without a human notification, the
incident may go unnoticed.
However, with an intelligent access control system that leverages
AI and integrates with other systems, it can monitor a wide array of
sensor technology, data inputs, cameras, access activity and even external
data sources. The system can identify anomalies that raise the
threat level automatically at a facility. Leak detection, radioactivity,
chemical spills and other incidents can be identified with traditional
and IoT sensors and other data systems to predict what has occurred
or what could occur. Further, integration with building controls systems
can provide additional insight into a rising threat.
When a risk-adaptive access control system identifies threat conditions
such as those mentioned above that could harm an individual,
it can dynamically adjust the access permissions overriding any
pre-defined rules or role profiles. Intelligent systems are predictive,
proactive and can increase life safety. While a human remains in the
loop and can override intelligent systems, the system can be set up to
protect safety first.
It may deny access to an individual who normally has access, but
is untrained or designated as a responder for the type of situation
detected. Similarly, system operators, such as lobby guards, who may
have the ability to temporarily open doors for visitors, but are unaware
of the elevated threats around them, can be immediately denied
that system-level ability to avoid further risk.
Endless Possibilities for
Improved Life Safety
In today’s world, threats are increasing in sophistication and number.
Our users are dynamic, our environments are always changing,
and we have a wide range of systems and sensors providing important
security-related data. We are overloading our security teams
with information to the point where they cannot process it. Now,
more than ever, is the time to provide them with
AI assistance and risk-adaptive access control.
Once you move to an environment that provides
insights to your security team, the possibilities
are endless.
This article originally appeared in the May/June 2019 issue of Security Today.