Finding Flexible Systems In The Age of Converged Security

Considerations for selecting government-grade security solutions

  • By David Helbock
  • Jun 18, 2020

While access control is an essential consideration for any business, nowhere is it more necessary to maintain real-time oversight of who is on-premise than in a governmental facility — whether at the federal, state or local level. Leveraging the proper technology to achieve this goal helps create a space that is safe and secure, but also accessible to authorized individuals. In areas with highly sensitive information, having security measures in place that are cutting-edge, impenetrable, and trusted are of the utmost importance.

Considering that government facilities range from basic office space, often in shared buildings, to law enforcement, intelligence, diplomatic, military, judicial, correctional, and research facilities, physical access control and identity management systems must be flexible, reliable, connected, and secure at all times. In particular, there are a few key requirements to keep in mind when selecting a government-grade access control solution.

Federal Identity, Credential, and Access Management (FICAM)

Since its creation in the fall of 2008, the Identity, Credential, and Access Management (ICAM) program has focused on addressing challenges, pressing issues, and design requirements for digital identity, credential, and access management.

It also focuses on defining and promoting consistency across approaches for implementing ICAM programs as reflected in the FICAM Roadmap & Implementation Guidance (FICAM Roadmap). The FICAM Roadmap was developed to outline a common framework for ICAM within the federal government and to provide supporting implementation guidance for federal agencies as they plan and execute a segment architecture for ICAM management programs. FICAM compliance is mandatory in all government buildings, so it is crucial to choose a solution that abides by these protocols.

Advanced FICAM solutions will address the typical pain points associated with FICAM compliance through ease-of-use and by planning for future upgrades to PIV reader capabilities as standards evolve. Endusers should choose a technology partner that is established and has a portfolio of products dedicated to FICAM compliance; however, they should also select a provider that is well-positioned to develop new solutions as the threat landscape continues to evolve.

Trustworthy technology partners will be able to provide a convenient and compliant performance solution that is capable of leveraging existing systems while also being future-proof as new security recommendations are made down the road. Of all the considerations to take into account, FICAM compliance is the most necessary, as it is a federal requirement.

Scalability Potential

One of the most significant needs for flexibility is a result of the ongoing growth and changes an organization experiences. For example, if an enduser reaches out and wants to add a new building with 38 doors that need to be secured to the system, or if they decide to renovate a wing of an existing facility with drastically increased access protocols, they will want the ability to seamlessly add these functions on to their current platform.

Choosing an access control provider that has a mix of on-premises and cloud-based solutions ensures users have the scalability they need. In addition to the flexibility in the previous example, users can also save money on hardware by virtualizing environments.

For example, if a government agency has 60 systems all running on their own network, users can opt to centrally manage all of these locations. This approach allows users to leverage existing systems while simultaneously eliminating the need for 60 different systems, which is costly to maintain. From licensing to administrative costs, partnering with a provider that has the capability to converge the management of multiple solutions into one is necessary when planning for the future.

Cloud-based access control is one way to accomplish this by granting organizations the ability to effortlessly make changes to their systems when needed. Users can begin by defining their current demands and leverage the cloud to meet such needs, instead of investing in high-expense servers and technologies of traditional systems that may become obsolete or need to be expanded in the future at further expense to the organization. Agencies can work with cloudsmart companies to continually redefine their needs and establish a price that fits their specific use.

Ensuring Cybersecurity

According to the 2019 Verizon Data Breach Report, almost 80 percent of all network intrusions detailed in the survey were the result of the exploitation of weak authentication systems (password hacks), the same results of their 2013 study. It is no wonder Bill Gates himself declared the password dead in 2004.

But old habits die hard — especially if they are cheap and easy. When you consider that the average cost to U.S. companies of a data breach is more than $8 million, clinging to these single-factor authentication systems is anything but inexpensive.

Organizations, particularly government agencies, have woken up to the fact that the current cybersecurity situation is broken and are looking for better solutions. Many of those organizations rely on physical security solution providers to deliver secure, reliable physical access control solutions – and many are now turning to those same providers to achieve the same level of security to the virtual world. There are a few essential cybersecurity tools that all government agencies should leverage, many of which are also FICAM requirements.

Implementing Multi-Factor Authentication Protocols

Multi-factor authentication is essential for government security and is also a central component in achieving FICAM compliance. Every major hacking incident in the past decade — from Target to Ukraine’s power grid — has had one thing in common: the lack of multi-factor authentication. Usernames and passwords, even the most secure and frequently changed ones, are still susceptible to being compromised. The very best passwords can, with the right equipment, be cracked in a matter of weeks. With multi-factor authentication, users add an additional element to the log-in process that makes hacking nearly impossible.

Multi-factor authentication can include various elements, from the inclusion of biometrics to the use of one-time passwords. The most common form of multi-factor authentication is two-factor authentication. Two-factor authentication requires something you have and something you know. In 2004, President George W. Bush signed HSPD-11, which began the U.S. government’s road toward mandated two-factor authentication.

From that directive, the government settled on using a smart card with encrypted security certificates — something you have — and a six to eight digit personal identification number (PIN) — something you know — as a requirement for access to all government systems. The smart card also offers a third factor authentication — something you are — such as a biometric template (i.e., fingerprint).

Still, it is important to note that not all multi-factor authentication protocols are created equal. Both native and third-party tools for web access and email, the two most common needs of an employee on their mobile device, are either completely absent or else lack the features needed for an enterprise deployment.

Luckily, as manufacturers have specialized and become more acquainted with the government space, they have developed a series of applications that meet these challenges and conform to FICAM compliance. For Identiv, that meant developing an entire suite of different applications that provide users with the ability to use two-factor authentication to access websites and to sign, encrypt, and decrypt email (S/MIME).

Physical and Logical Access Control Convergence

Working with a PACS provider to strengthen LACS security issues by converging the two areas can provide several advantages, including the following:

  • Physical access control. PACS data can be encoded into a highfrequency portion of the card for organizations, like government agencies, demanding a more secure platform than proximity. This high-frequency contactless interface protects the data exchange between card and reader with a secure, standards-based encryption technique, eliminating the chance of anyone “cloning” the card data.
  • Two-factor logical access control. This protocol allows workers to securely log onto desktops, laptops, VPNs, and mobile devices. Some smart cards have a contact element that includes PKI public and private encryption keys and certificates, providing a secure means to log onto computers without having to remember complex passwords, or more likely, write them down.
  • Protect data in transit. Digitally sign and encrypt emails.
  • Protect data at rest. Encrypt files and hard drives.
  • Secure mobile devices. Generate One-time passwords (OTP) for secure login.
  • Secure access to web apps. Access Office 365, Google Drive, Salesforce. com, and more.
  • Physical ID. Design and print badges as would be done with any badging system.

The convergence of PACS and LACS solutions can significantly enhance the overall security of any organization. Applying advanced, two-factor physical access control concepts and technologies to cyber and network security can help overcome the inherent limitations of single-factor password technology.

As organizations begin this convergence in earnest, these advantages will undoubtedly result in reduced risk, improved risk management, and operational efficiencies, and are considerations all users should make when choosing an access control system.

Ask yourself: “Can my PACS provider also contribute to heightened levels of cybersecurity?” If the answer is no, you should continue your search elsewhere.

The Bottom Line

When choosing an access control system, it is vital to keep these tips in mind to be sure a system meets all compliance regulations and has room to grow as needs evolve.

When in doubt, partnering with a trusted technology provider that has established itself as a government-grade supplier is one way to be sure all of these points are considered. Federal security is unlike security for other vertical markets and requires a specialized and focused understanding of current trends and regulations.

This article originally appeared in the May/June 2020 issue of Security Today.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3