Constantly Evolving

Constantly Evolving

Cybersecurity is playing an intrinsic role supporting physical security devices

Security requirements are constantly evolving and one of the most pressing impacts of this evolution today centers on cybersecurity. Two aspects need to be addressed: the physical security of digital networks and the cybersecurity of physical security devices.

It should come as no surprise, then, that cybersecurity awareness is one of the predominant topics haunting all of us in the industry today. While it is not a new subject, the sense of urgency to address these vulnerabilities has increased exponentially over the past few years.

Interconnectivity is driving increased concern, now more than ever before. Every day, we learn how relentless cybercriminals are about discovering new ways to break into digital systems and networks, including those used for access control. This means that manufacturers must continuously level up to make sure we stay ahead of the curve. So, while at the door, access control looks relatively straightforward (you tap or swipe a card, you have ingress or egress), there is a complex set of processes happening on the back end with credentialing, monitoring and cybersecurity measures constantly in motion.

Recognizing that cybersecurity is of increasing importance, Underwriters Laboratories is working through some of these concerns with their release of the eighth edition of the UL294 standard. Additionally, there are already active laws in states like California and Oregon that go beyond simply creating awareness and aim to hold companies more accountable for protecting against cybersecurity threats in IoT devices.

These increasing threats have forced designers to take a step back from traditional methodologies to ensure that we are designing for security from the ground up. For example, in many commercial settings today, companies still require users to initiate firmware updates locally and manually. Ideally, updates would automatically uploaded to a device, just as they are for iPhone operating system updates. Until recent years, many of the traditional devices we have interacted with required an installer to go to each device to initiate patches and load updates.

Fast forward to today, and you are beginning to see more and more devices capable of receiving patches and updates without a person having to initiate the changes.

Providing Flexibility
Credential flexibility for access control solutions is another growing area of focus as credential technologies evolve. Facilities are seeking flexible and future-proof solutions that will help them migrate seamlessly to the latest credential technologies.

This also applies to other components of access control systems, such as controllers. The use of Open Supervised Device Protocol (OSDP) improves interoperability and provides secure channel serial communication between credential readers and the Physical Access Control System (PACS). Developing new ways to support emerging options like these, based on open system architecture and more robust interoperability means there is an even greater need for stronger cybersecurity precautions and policies.

Securing Network Access Points
Electronic access control is being more widely integrated into areas where network access points pose a potential risk, such as traffic control cabinets and in programmable logic controllers (PLC) that are prevalent on factory floors for controlling automation and robotics. OSDP technology uses wired, real-time bidirectional communication to provide the extra protection of detecting whether someone is trying to breach a signal with a “man-in-the-middle” attack.

This is a distinct advantage over single-direction communication in legacy protocols such as Wiegand. Using OSDP technology to secure files, IT assets, on-premises servers, and other critical infrastructure creates tighter electronic access control where it is more essential than ever.

Subsequently, OSDP-based access control technology is something that’s been very well received by Fortune 1000 clients like banks, major retail outlets, fast food chains and other potentially vulnerable operations. Not only are these enterprise customers benefitting significantly through increased overall security, integrators who can offer this added assurance to their customers. Within ASSA ABLOY, our product teams have begun leveraging OSDP technology in the server cabinet space with products like the HES KS210 and for traditional door openings with the SN210 integrated wired locks, with the goal of providing increased security for our customers.

Balancing Security and Convenience
The natural assumption is that increased security measures (physical and cyber) may lead to longer credential read times and delays at the door ─ the opposite of what most of us want. However, most credentials are read in less than a second, and have little to no impact on the natural flow of traffic. By applying new standards and innovating how we process credentials, we are able to increase security and further reduce delays or friction at the door.

As a security and access control manufacturer, we fully understand that in order for security practices to be effective, they have to be convenient for people to use. We are committed to improving read times and using technologies like mobile access to help accelerate a better user experience.

In fact, mobile acceptance is an important trend that continues to get attention as we see a proliferation of mobile credential applications. Now the capabilities of mobile wallets are expanding, and there is an ever-growing demand to use mobile credentials for access control. We are seeing the fastest adoption on college campuses where students use mobile wallets for just about every kind of transaction.

Leveraging Data
AI and machine learning opportunities are getting more attention. People have become more aware of the amount of data generated through access control. Within the next three to five years, you will see more companies starting to use that data in new ways to make better inferences and create better user experiences at the door. Consider how Tesla uses the way a driver walks up to their vehicle to determine how quickly to start the vehicle automatically. While that is a simple example, the potential benefits and opportunities are ripe for harvesting.

Change is constant, inevitable, and usually a good thing if it continues to advance the user experience and their security – physical and cyber alike. Whether it is embracing credential flexibility to make access control more secure, using data to enhance the customer experience, or recommending foolproof options for mitigating cyberattacks, staying on the leading edge of access control innovation and advancing the highest level of security are qualities that facilities and security operations will always be looking for from our industry.

This article originally appeared in the November / December 2022 issue of Security Today.

Featured

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

  • ASIS Announces ANSI-Approved Cannabis Security Standard

    ASIS International, a leading authority in security standards and guidelines, proudly announces the release of a pioneering American National Standards Institute (ANSI)-approved standard dedicated to cannabis security. This best-in-class standard, meticulously developed by industry experts, sets a new benchmark by providing comprehensive requirements and guidance for the design, implementation, monitoring, evaluation, and maintenance of a cannabis security program. Read Now

  • ISC West Announces Keynote Lineup

    ISC West, in collaboration with premier sponsor the Security Industry Association (SIA), announced this year’s dynamic trio of speakers that will headline the Keynote Series at ISC West 2024. Read Now

    • Industry Events
  • Government is Top Targeted Industry for DDoS Attacks in Q4 2023

    The government sector experienced a surge of DDoS attacks in Q4 according to Lumen Technologies (NYSE: LUMN), a global leader in integrated network and cybersecurity solutions. The Lumen Quarterly DDoS & Application Threat Report for Q4 2023 analyzes data from its DDoS mitigation platform and application protection partner, ThreatX, to provide an overview of the DDoS and application-layer attacks that targeted organizations in the last quarter of 2023. Read Now

Featured Cybersecurity

Whitepapers

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3