Constantly Evolving

Constantly Evolving

Cybersecurity is playing an intrinsic role supporting physical security devices

  • By Ben Williams
  • Dec 01, 2022

Security requirements are constantly evolving and one of the most pressing impacts of this evolution today centers on cybersecurity. Two aspects need to be addressed: the physical security of digital networks and the cybersecurity of physical security devices.

It should come as no surprise, then, that cybersecurity awareness is one of the predominant topics haunting all of us in the industry today. While it is not a new subject, the sense of urgency to address these vulnerabilities has increased exponentially over the past few years.

Interconnectivity is driving increased concern, now more than ever before. Every day, we learn how relentless cybercriminals are about discovering new ways to break into digital systems and networks, including those used for access control. This means that manufacturers must continuously level up to make sure we stay ahead of the curve. So, while at the door, access control looks relatively straightforward (you tap or swipe a card, you have ingress or egress), there is a complex set of processes happening on the back end with credentialing, monitoring and cybersecurity measures constantly in motion.

Recognizing that cybersecurity is of increasing importance, Underwriters Laboratories is working through some of these concerns with their release of the eighth edition of the UL294 standard. Additionally, there are already active laws in states like California and Oregon that go beyond simply creating awareness and aim to hold companies more accountable for protecting against cybersecurity threats in IoT devices.

These increasing threats have forced designers to take a step back from traditional methodologies to ensure that we are designing for security from the ground up. For example, in many commercial settings today, companies still require users to initiate firmware updates locally and manually. Ideally, updates would automatically uploaded to a device, just as they are for iPhone operating system updates. Until recent years, many of the traditional devices we have interacted with required an installer to go to each device to initiate patches and load updates.

Fast forward to today, and you are beginning to see more and more devices capable of receiving patches and updates without a person having to initiate the changes.

Providing Flexibility
Credential flexibility for access control solutions is another growing area of focus as credential technologies evolve. Facilities are seeking flexible and future-proof solutions that will help them migrate seamlessly to the latest credential technologies.

This also applies to other components of access control systems, such as controllers. The use of Open Supervised Device Protocol (OSDP) improves interoperability and provides secure channel serial communication between credential readers and the Physical Access Control System (PACS). Developing new ways to support emerging options like these, based on open system architecture and more robust interoperability means there is an even greater need for stronger cybersecurity precautions and policies.

Securing Network Access Points
Electronic access control is being more widely integrated into areas where network access points pose a potential risk, such as traffic control cabinets and in programmable logic controllers (PLC) that are prevalent on factory floors for controlling automation and robotics. OSDP technology uses wired, real-time bidirectional communication to provide the extra protection of detecting whether someone is trying to breach a signal with a “man-in-the-middle” attack.

This is a distinct advantage over single-direction communication in legacy protocols such as Wiegand. Using OSDP technology to secure files, IT assets, on-premises servers, and other critical infrastructure creates tighter electronic access control where it is more essential than ever.

Subsequently, OSDP-based access control technology is something that’s been very well received by Fortune 1000 clients like banks, major retail outlets, fast food chains and other potentially vulnerable operations. Not only are these enterprise customers benefitting significantly through increased overall security, integrators who can offer this added assurance to their customers. Within ASSA ABLOY, our product teams have begun leveraging OSDP technology in the server cabinet space with products like the HES KS210 and for traditional door openings with the SN210 integrated wired locks, with the goal of providing increased security for our customers.

Balancing Security and Convenience
The natural assumption is that increased security measures (physical and cyber) may lead to longer credential read times and delays at the door ─ the opposite of what most of us want. However, most credentials are read in less than a second, and have little to no impact on the natural flow of traffic. By applying new standards and innovating how we process credentials, we are able to increase security and further reduce delays or friction at the door.

As a security and access control manufacturer, we fully understand that in order for security practices to be effective, they have to be convenient for people to use. We are committed to improving read times and using technologies like mobile access to help accelerate a better user experience.

In fact, mobile acceptance is an important trend that continues to get attention as we see a proliferation of mobile credential applications. Now the capabilities of mobile wallets are expanding, and there is an ever-growing demand to use mobile credentials for access control. We are seeing the fastest adoption on college campuses where students use mobile wallets for just about every kind of transaction.

Leveraging Data
AI and machine learning opportunities are getting more attention. People have become more aware of the amount of data generated through access control. Within the next three to five years, you will see more companies starting to use that data in new ways to make better inferences and create better user experiences at the door. Consider how Tesla uses the way a driver walks up to their vehicle to determine how quickly to start the vehicle automatically. While that is a simple example, the potential benefits and opportunities are ripe for harvesting.

Change is constant, inevitable, and usually a good thing if it continues to advance the user experience and their security – physical and cyber alike. Whether it is embracing credential flexibility to make access control more secure, using data to enhance the customer experience, or recommending foolproof options for mitigating cyberattacks, staying on the leading edge of access control innovation and advancing the highest level of security are qualities that facilities and security operations will always be looking for from our industry.

This article originally appeared in the November / December 2022 issue of Security Today.

Featured

  • Tradeshow Work Can Be Fun

    While at ISC West last week, I ran into numerous friends and associates all of which was a pleasant experience. The first question always seemed to be, “How many does this make for you?” Read Now

    • Industry Events
    • ISC West

  • New Report Says 1 in 5 SMBs Would Be Forced to Shutter After Successful Cyberattack

    Small and medium-sized businesses (SMBs) play a crucial role in the U.S. economy, making up 99.9% of all businesses and contributing to half of the nation's GDP. However, these vital economic growth drivers face an escalating threat—cyberattacks that could put them out of business. Read Now

  • The Yellow Brick Road

    The road to and throughout Wednesday's and Thursday's ISC West was crowded but it was amazing. Read Now

    • Industry Events
    • ISC West

  • An Inside Look From Napco at ISC West

    Get a look into the excitement at ISC West 2025 from Napco. Hear from some of their top-tech executives live from the show floor. Read Now

    • Industry Events
    • ISC West

  • Upping the Ante

    I am not a betting man in terms of cards, dice, blackjack or that wheel with the black marble racing around the circumference of a spinning wheel, but I would bet on the success of ISC West this year. Read Now

    • Industry Events
    • ISC West
Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.