Constantly Evolving

Constantly Evolving

Cybersecurity is playing an intrinsic role supporting physical security devices

Security requirements are constantly evolving and one of the most pressing impacts of this evolution today centers on cybersecurity. Two aspects need to be addressed: the physical security of digital networks and the cybersecurity of physical security devices.

It should come as no surprise, then, that cybersecurity awareness is one of the predominant topics haunting all of us in the industry today. While it is not a new subject, the sense of urgency to address these vulnerabilities has increased exponentially over the past few years.

Interconnectivity is driving increased concern, now more than ever before. Every day, we learn how relentless cybercriminals are about discovering new ways to break into digital systems and networks, including those used for access control. This means that manufacturers must continuously level up to make sure we stay ahead of the curve. So, while at the door, access control looks relatively straightforward (you tap or swipe a card, you have ingress or egress), there is a complex set of processes happening on the back end with credentialing, monitoring and cybersecurity measures constantly in motion.

Recognizing that cybersecurity is of increasing importance, Underwriters Laboratories is working through some of these concerns with their release of the eighth edition of the UL294 standard. Additionally, there are already active laws in states like California and Oregon that go beyond simply creating awareness and aim to hold companies more accountable for protecting against cybersecurity threats in IoT devices.

These increasing threats have forced designers to take a step back from traditional methodologies to ensure that we are designing for security from the ground up. For example, in many commercial settings today, companies still require users to initiate firmware updates locally and manually. Ideally, updates would automatically uploaded to a device, just as they are for iPhone operating system updates. Until recent years, many of the traditional devices we have interacted with required an installer to go to each device to initiate patches and load updates.

Fast forward to today, and you are beginning to see more and more devices capable of receiving patches and updates without a person having to initiate the changes.

Providing Flexibility
Credential flexibility for access control solutions is another growing area of focus as credential technologies evolve. Facilities are seeking flexible and future-proof solutions that will help them migrate seamlessly to the latest credential technologies.

This also applies to other components of access control systems, such as controllers. The use of Open Supervised Device Protocol (OSDP) improves interoperability and provides secure channel serial communication between credential readers and the Physical Access Control System (PACS). Developing new ways to support emerging options like these, based on open system architecture and more robust interoperability means there is an even greater need for stronger cybersecurity precautions and policies.

Securing Network Access Points
Electronic access control is being more widely integrated into areas where network access points pose a potential risk, such as traffic control cabinets and in programmable logic controllers (PLC) that are prevalent on factory floors for controlling automation and robotics. OSDP technology uses wired, real-time bidirectional communication to provide the extra protection of detecting whether someone is trying to breach a signal with a “man-in-the-middle” attack.

This is a distinct advantage over single-direction communication in legacy protocols such as Wiegand. Using OSDP technology to secure files, IT assets, on-premises servers, and other critical infrastructure creates tighter electronic access control where it is more essential than ever.

Subsequently, OSDP-based access control technology is something that’s been very well received by Fortune 1000 clients like banks, major retail outlets, fast food chains and other potentially vulnerable operations. Not only are these enterprise customers benefitting significantly through increased overall security, integrators who can offer this added assurance to their customers. Within ASSA ABLOY, our product teams have begun leveraging OSDP technology in the server cabinet space with products like the HES KS210 and for traditional door openings with the SN210 integrated wired locks, with the goal of providing increased security for our customers.

Balancing Security and Convenience
The natural assumption is that increased security measures (physical and cyber) may lead to longer credential read times and delays at the door ─ the opposite of what most of us want. However, most credentials are read in less than a second, and have little to no impact on the natural flow of traffic. By applying new standards and innovating how we process credentials, we are able to increase security and further reduce delays or friction at the door.

As a security and access control manufacturer, we fully understand that in order for security practices to be effective, they have to be convenient for people to use. We are committed to improving read times and using technologies like mobile access to help accelerate a better user experience.

In fact, mobile acceptance is an important trend that continues to get attention as we see a proliferation of mobile credential applications. Now the capabilities of mobile wallets are expanding, and there is an ever-growing demand to use mobile credentials for access control. We are seeing the fastest adoption on college campuses where students use mobile wallets for just about every kind of transaction.

Leveraging Data
AI and machine learning opportunities are getting more attention. People have become more aware of the amount of data generated through access control. Within the next three to five years, you will see more companies starting to use that data in new ways to make better inferences and create better user experiences at the door. Consider how Tesla uses the way a driver walks up to their vehicle to determine how quickly to start the vehicle automatically. While that is a simple example, the potential benefits and opportunities are ripe for harvesting.

Change is constant, inevitable, and usually a good thing if it continues to advance the user experience and their security – physical and cyber alike. Whether it is embracing credential flexibility to make access control more secure, using data to enhance the customer experience, or recommending foolproof options for mitigating cyberattacks, staying on the leading edge of access control innovation and advancing the highest level of security are qualities that facilities and security operations will always be looking for from our industry.

This article originally appeared in the November / December 2022 issue of Security Today.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
  • Live From ISC West 2024: Post-Show Recap

    ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now

    • Industry Events
    • ISC West
  • ISC West 2024 is a Rousing Success

    The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

Webinars

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3