Page 5 of 3

Finding Flexible Systems In The Age of Converged Security

While access control is an essential consideration for any business, nowhere is it more necessary to maintain real-time oversight of who is on-premise than in a governmental facility — whether at the federal, state or local level. Leveraging the proper technology to achieve this goal helps create a space that is safe and secure, but also accessible to authorized individuals. In areas with highly sensitive information, having security measures in place that are cutting-edge, impenetrable, and trusted are of the utmost importance.

Considering that government facilities range from basic office space, often in shared buildings, to law enforcement, intelligence, diplomatic, military, judicial, correctional, and research facilities, physical access control and identity management systems must be flexible, reliable, connected, and secure at all times. In particular, there are a few key requirements to keep in mind when selecting a government-grade access control solution.

Federal Identity, Credential, and Access Management (FICAM)

Since its creation in the fall of 2008, the Identity, Credential, and Access Management (ICAM) program has focused on addressing challenges, pressing issues, and design requirements for digital identity, credential, and access management.

It also focuses on defining and promoting consistency across approaches for implementing ICAM programs as reflected in the FICAM Roadmap & Implementation Guidance (FICAM Roadmap). The FICAM Roadmap was developed to outline a common framework for ICAM within the federal government and to provide supporting implementation guidance for federal agencies as they plan and execute a segment architecture for ICAM management programs. FICAM compliance is mandatory in all government buildings, so it is crucial to choose a solution that abides by these protocols.

Advanced FICAM solutions will address the typical pain points associated with FICAM compliance through ease-of-use and by planning for future upgrades to PIV reader capabilities as standards evolve. Endusers should choose a technology partner that is established and has a portfolio of products dedicated to FICAM compliance; however, they should also select a provider that is well-positioned to develop new solutions as the threat landscape continues to evolve.

Trustworthy technology partners will be able to provide a convenient and compliant performance solution that is capable of leveraging existing systems while also being future-proof as new security recommendations are made down the road. Of all the considerations to take into account, FICAM compliance is the most necessary, as it is a federal requirement.

Scalability Potential

One of the most significant needs for flexibility is a result of the ongoing growth and changes an organization experiences. For example, if an enduser reaches out and wants to add a new building with 38 doors that need to be secured to the system, or if they decide to renovate a wing of an existing facility with drastically increased access protocols, they will want the ability to seamlessly add these functions on to their current platform.

Choosing an access control provider that has a mix of on-premises and cloud-based solutions ensures users have the scalability they need. In addition to the flexibility in the previous example, users can also save money on hardware by virtualizing environments.

For example, if a government agency has 60 systems all running on their own network, users can opt to centrally manage all of these locations. This approach allows users to leverage existing systems while simultaneously eliminating the need for 60 different systems, which is costly to maintain. From licensing to administrative costs, partnering with a provider that has the capability to converge the management of multiple solutions into one is necessary when planning for the future.

Cloud-based access control is one way to accomplish this by granting organizations the ability to effortlessly make changes to their systems when needed. Users can begin by defining their current demands and leverage the cloud to meet such needs, instead of investing in high-expense servers and technologies of traditional systems that may become obsolete or need to be expanded in the future at further expense to the organization. Agencies can work with cloudsmart companies to continually redefine their needs and establish a price that fits their specific use.

Ensuring Cybersecurity

According to the 2019 Verizon Data Breach Report, almost 80 percent of all network intrusions detailed in the survey were the result of the exploitation of weak authentication systems (password hacks), the same results of their 2013 study. It is no wonder Bill Gates himself declared the password dead in 2004.

But old habits die hard — especially if they are cheap and easy. When you consider that the average cost to U.S. companies of a data breach is more than $8 million, clinging to these single-factor authentication systems is anything but inexpensive.

Organizations, particularly government agencies, have woken up to the fact that the current cybersecurity situation is broken and are looking for better solutions. Many of those organizations rely on physical security solution providers to deliver secure, reliable physical access control solutions – and many are now turning to those same providers to achieve the same level of security to the virtual world. There are a few essential cybersecurity tools that all government agencies should leverage, many of which are also FICAM requirements.

Implementing Multi-Factor Authentication Protocols

Multi-factor authentication is essential for government security and is also a central component in achieving FICAM compliance. Every major hacking incident in the past decade — from Target to Ukraine’s power grid — has had one thing in common: the lack of multi-factor authentication. Usernames and passwords, even the most secure and frequently changed ones, are still susceptible to being compromised. The very best passwords can, with the right equipment, be cracked in a matter of weeks. With multi-factor authentication, users add an additional element to the log-in process that makes hacking nearly impossible.

Multi-factor authentication can include various elements, from the inclusion of biometrics to the use of one-time passwords. The most common form of multi-factor authentication is two-factor authentication. Two-factor authentication requires something you have and something you know. In 2004, President George W. Bush signed HSPD-11, which began the U.S. government’s road toward mandated two-factor authentication.

From that directive, the government settled on using a smart card with encrypted security certificates — something you have — and a six to eight digit personal identification number (PIN) — something you know — as a requirement for access to all government systems. The smart card also offers a third factor authentication — something you are — such as a biometric template (i.e., fingerprint).

Still, it is important to note that not all multi-factor authentication protocols are created equal. Both native and third-party tools for web access and email, the two most common needs of an employee on their mobile device, are either completely absent or else lack the features needed for an enterprise deployment.

Luckily, as manufacturers have specialized and become more acquainted with the government space, they have developed a series of applications that meet these challenges and conform to FICAM compliance. For Identiv, that meant developing an entire suite of different applications that provide users with the ability to use two-factor authentication to access websites and to sign, encrypt, and decrypt email (S/MIME).

Physical and Logical Access Control Convergence

Working with a PACS provider to strengthen LACS security issues by converging the two areas can provide several advantages, including the following:

  • Physical access control. PACS data can be encoded into a highfrequency portion of the card for organizations, like government agencies, demanding a more secure platform than proximity. This high-frequency contactless interface protects the data exchange between card and reader with a secure, standards-based encryption technique, eliminating the chance of anyone “cloning” the card data.
  • Two-factor logical access control. This protocol allows workers to securely log onto desktops, laptops, VPNs, and mobile devices. Some smart cards have a contact element that includes PKI public and private encryption keys and certificates, providing a secure means to log onto computers without having to remember complex passwords, or more likely, write them down.
  • Protect data in transit. Digitally sign and encrypt emails.
  • Protect data at rest. Encrypt files and hard drives.
  • Secure mobile devices. Generate One-time passwords (OTP) for secure login.
  • Secure access to web apps. Access Office 365, Google Drive, Salesforce. com, and more.
  • Physical ID. Design and print badges as would be done with any badging system.

The convergence of PACS and LACS solutions can significantly enhance the overall security of any organization. Applying advanced, two-factor physical access control concepts and technologies to cyber and network security can help overcome the inherent limitations of single-factor password technology.

As organizations begin this convergence in earnest, these advantages will undoubtedly result in reduced risk, improved risk management, and operational efficiencies, and are considerations all users should make when choosing an access control system.

Ask yourself: “Can my PACS provider also contribute to heightened levels of cybersecurity?” If the answer is no, you should continue your search elsewhere.

The Bottom Line

When choosing an access control system, it is vital to keep these tips in mind to be sure a system meets all compliance regulations and has room to grow as needs evolve.

When in doubt, partnering with a trusted technology provider that has established itself as a government-grade supplier is one way to be sure all of these points are considered. Federal security is unlike security for other vertical markets and requires a specialized and focused understanding of current trends and regulations.

This article originally appeared in the May/June 2020 issue of Security Today.

About the Author

David Helbock is the senior sales engineer at Identiv.

Featured

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

  • ASIS Announces ANSI-Approved Cannabis Security Standard

    ASIS International, a leading authority in security standards and guidelines, proudly announces the release of a pioneering American National Standards Institute (ANSI)-approved standard dedicated to cannabis security. This best-in-class standard, meticulously developed by industry experts, sets a new benchmark by providing comprehensive requirements and guidance for the design, implementation, monitoring, evaluation, and maintenance of a cannabis security program. Read Now

  • ISC West Announces Keynote Lineup

    ISC West, in collaboration with premier sponsor the Security Industry Association (SIA), announced this year’s dynamic trio of speakers that will headline the Keynote Series at ISC West 2024. Read Now

    • Industry Events
  • Government is Top Targeted Industry for DDoS Attacks in Q4 2023

    The government sector experienced a surge of DDoS attacks in Q4 according to Lumen Technologies (NYSE: LUMN), a global leader in integrated network and cybersecurity solutions. The Lumen Quarterly DDoS & Application Threat Report for Q4 2023 analyzes data from its DDoS mitigation platform and application protection partner, ThreatX, to provide an overview of the DDoS and application-layer attacks that targeted organizations in the last quarter of 2023. Read Now

Featured Cybersecurity

Whitepapers

New Products

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3