SourceSecurity.com
  • Products
    CCTV
    • CCTV cameras
    • CCTV software
    • IP cameras
    • Digital video recorders (DVRs)
    • Dome cameras
    • Network video recorders (NVRs)
    • IP Dome cameras
    • CCTV camera lenses
    Access Control
    • Access control readers
    • Access control software
    • Access control controllers
    • Access control systems & kits
    • Audio, video or keypad entry
    • Electronic locking devices
    • Access control cards/ tags/ fobs
    • Access control system accessories
    Intruder Alarms
    • Intruder alarm system control panels & accessories
    • Intruder detectors
    • Intruder warning devices
    • Intruder alarm communicators
    • Intruder alarm accessories
    • Intruder alarm lighting systems
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    Climax unveils Hybrid Security System

    Climax unveils Hybrid Security System

    Ava Aware Cloud: Simple, Smart Security

    Ava Aware Cloud: Simple, Smart Security

    Hanwha PNM-9085RQZ multi-sensor camera

    Hanwha PNM-9085RQZ multi-sensor camera

  • Companies
    Companies
    • Manufacturers
    • Distributors
    • Resellers / Dealers / Reps
    • Installers
    • Consultants
    • Systems integrators
    • Events / Training / Services
    • Manned guarding
    Companies by Product area
    • CCTV
    • Access control
    • Intruder alarm
    • IP networking products
    • Biometrics
    • Software
    • Digital video recording
    • Intercom systems
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
  • News
    News
    • Product news
    • Corporate news
    • Case studies
    • Events news
    Latest
    • Dahua to launch AI-based video surveillance system and smart IoT systems at the 2021 Kick off meeting
    • Legrand launches a smart video doorbell equipped with high definition wide angle camera
    • Airwards becomes the first global awards platform recognising groundbreaking drone work
    • Brinks Home Security announces long-term contract with its major Authorised Dealer, Skyline Security
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
  • Insights
    Insights
    • Expert commentary
    • Security beat
    • Round table discussions
    • Security bytes
    • Round Table Expert Panel
    • eMagazines
    • Year in Review 2020
    • Year in Review 2019
    Featured
    • Unlocking human-like perception in sensor-based technology deployments
    • How businesses can prepare their communications infrastructure and critical event management plans for the next chapter of the pandemic
    • What will be the security industry’s biggest challenge in 2021?
    • Looking back at 2020: Cloud systems expand in shadow of COVID
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
  • Markets
    Markets
    • Airports & Ports
    • Banking & Finance
    • Education
    • Hotels, Leisure & Entertainment
    • Government & Public Services
    • Healthcare
    • Remote Monitoring
    • Retail
    • Transportation
    • Industrial & Commercial
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    Dahua Technology installs HD CCTV cameras with smart analytics using AI to secure iconic Battle of Britain Bunker

    Dahua Technology installs HD CCTV cameras with smart analytics using AI to secure iconic Battle of Britain Bunker

    Oliver Law Security installs Vanderbilt ACT365 security system to protect one of Doncaster’s largest gyms, The Fitness Village

    Oliver Law Security installs Vanderbilt ACT365 security system to protect one of Doncaster’s largest gyms, The Fitness Village

    Hikvision IP CCTV systems protect visitors and stores at Somerset Mall in South Africa

    Hikvision IP CCTV systems protect visitors and stores at Somerset Mall in South Africa

    CLIQ® access control solution from ASSA ABLOY helps secure museums, shopping and indoor leisure sites

    CLIQ® access control solution from ASSA ABLOY helps secure museums, shopping and indoor leisure sites

  • Virtual events
    Virtual events
    • Video Surveillance
    • Access Control
    • Video Analytics
    • Video Management Systems
    • Integrated Systems
    • Asset Management
    Events
    • International security
    • Regional security
    • Vertical market
    • Technology areas
    • Conferences / seminars
    • Company sponsored
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    Capture new opportunities with computer vision and video analytics

    Capture new opportunities with computer vision and video analytics

    Real-time trends: How to enable a safe work environment with location services

    Real-time trends: How to enable a safe work environment with location services

    Mission Control webinar: Improving safety at airports

    Mission Control webinar: Improving safety at airports

    The World of Access Control Webinar - Part 1

    The World of Access Control Webinar - Part 1

  • White papers
    White papers
    • Video Surveillance
    • Access Control
    • Video Analytics
    • Video Compression
    • Security Storage
    White papers by company
    • HID Global
    • Nedap Security Management
    • Hanwha Techwin America
    • Eagle Eye Networks
    • FLIR Systems
    Other Resources
    • eMagazines
    • Videos
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    10 step guide to staying ahead of emerging security threats

    10 step guide to staying ahead of emerging security threats

    2021 Trends in Video Surveillance

    2021 Trends in Video Surveillance

    Exploring new vertical markets for professional security systems

    Exploring new vertical markets for professional security systems

    5 security lessons for navigating COVID-19

    5 security lessons for navigating COVID-19

About us Advertise
  • Artificial intelligence (AI)
  • Counter Terror
  • Cyber security
  • Robotics
  • Thermal imaging
  • Intrusion detection
  • Body worn video cameras
  • ISC West
  • Video management software
  • Video analytics
  • COVID-19
  • View all
Cyber security
  • Home
  • About
  • News
  • Expert commentary
  • Security beat
  • Case studies
  • Round table
  • Products
  • White papers
  • Videos
Cyber security

How can cybersecurity impact physical security (and vice versa)?

29 Apr 2020

How can cybersecurity impact physical security (and vice versa)?
Larry Anderson
Larry Anderson
29 Apr 2020
Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook

Editor Introduction

We are all more aware than ever of the need for cybersecurity. The Internet of Things is a scary place when you think about all the potential for various cyber-attacks that can disrupt system operation and negatively impact a customer’s business. Because most physical security systems today are IP-based, the two formerly separate disciplines are more intertwined than ever. We asked this week’s Expert Panel Roundtable: How can cybersecurity challenges impact the physical security of a company (and vice versa)?


Card image cap
Kyle Smith Razberi Technologies

IP cameras, routers, and NVRs are critical components of a physical security system, which makes them prime targets for ill-intentioned hackers or mindless botnets. The Mirai botnet “prefers” IP cameras, which alone has a high-powered processor capable of running analytics and an open-source operating system like Linux. What more could you ask for when searching for resources to execute a dedicated denial of service attack or to spy on a company? Imagine an attacker gaining access to both cameras and door controllers. A physical security system managed with cybersecurity best practices, like complex device passwords, segmentation from other traffic, and firewalls, can stop an internal attack from spreading or remain unseen by Internet bots and unscrupulous keyboard jockeys. Physical security works best when applied in layers as does cybersecurity, and now the two are more intertwined than ever before.

Card image cap
JC Powell Boon Edam

While cybersecurity employs firewalls and encrypted passwords to harden network data, that data is vulnerable the moment an intruder gets inside a facility with a flash drive. There are pen testers that have proven this, and even guards can be manipulated and fooled. So, the challenge to safeguard data from hacking from the inside requires a strategic physical security plan to secure entrances at a facility’s perimeter and interior doors. A secured entrance eliminates the risk of a data breach from unauthorised intrusion or tailgating, enhances identity authentication and provides access audit trails. Security entrances are not all the same, and the key is knowing the role they can play in intrusion prevention – some require supervision (tripod and optical turnstiles) and others can prevent intrusion completely (security revolving doors and mantrap portals). They bring a reliable standard operating procedure (SOP) to the table that can support security staff.

Card image cap
Maurice Singleton Vidsys

The convergence of cybersecurity and physical security is of major importance to how best to mitigate, detect and respond to alarms that may be triggered from applications that are separately monitoring events from their respective subsystems. The most significant challenges with respect to both technologies are in the correlation of alarms and events between the two as they are different by nature, and different in their use cases. However, as the relationship and use cases for addressing each respectively continue to more closely align with common mitigation and response measures and procedures, organisations will continue to take the approach of integrating as many, if not all, common alert and monitoring applications in order to take advantage of the technology advancements, in addition to gaining better return on investment (ROI).

Card image cap
Mark Harper HSM (UK) Ltd.

Physical documents and cybersecurity are intrinsically linked and can present devastating security threats to companies who are complacent when dealing with data. And although businesses are stepping up their digital data procedures, they can’t afford to concentrate solely on cybersecurity. Companies also need to ensure that their physical, confidential documents, which can be equally as damaging as a digital breach, are appropriately destroyed (by shredding) at their end of life. If not, security breaches caused by careless neglect or abandonment can lead to harmful consequences and could undo an organisation’s cybersecurity efforts. One of the biggest risks to organisational data security is insider attack. Documents sitting for weeks in consoles can be easily accessed by a disgruntled employee, thus leaving the company vulnerable to further attack. By shredding in-house, organisations are able to destroy confidential documents to their required particle size and can be assured that it meets security standards.

Card image cap
Scott Lindley Farpointe Data, Inc.

Protecting customers' organisation(s) from hackers is imperative. Here are some ways cybersecurity remedies impact the physical security of access control systems:

  1. Integrators need to refer to manufacturer cybersecurity vulnerability checklists on any project. Checklists cover topics that can lead to hacks of contactless cards and readers. Sections include default codes, Wiegand issues, reader implementation tips, card protection solutions, leveraging long range readers, assuring anti-hacking compatibility throughout the system and leveraging additional security components.
  2. Default codes can lead the customer open to attack. Don't leave default installer codes in an unarmed state. Find the default installer codes. Otherwise, hackers find them online using simple Google searching. Don't use passwords embedded into shipped software code.
  3. If the new system leverages the Security Industry Association's (SIA) Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fostering interoperability among security devices.
Card image cap
John Davies TDSi

With modern integrated IP systems and IoT connectivity, cybersecurity is crucial for the physical security provision but can be compromised if not properly considered and protected. During security operations end users need to ensure they change the default passwords as soon as the systems go live. Unfortunately, this is often not the case, and savvy criminals can use this weakness to potentially devastating effect. It’s also important to have policies in place to guard the cybersecurity and credentials of physical security systems. Any sensors that are IP-enabled should ideally be protected behind a firewall to prevent unauthorised access from the outside world. There is also a responsibility for manufacturers to design and supply products that are cyber secure by design. This means adding the likes of SSL encryption to systems to ensure they are suitable to operate as part of wider networks and are well protected against potential cyber threats.

Card image cap
Aaron Saks Hanwha Techwin America

With so many working remotely, cybersecurity challenges can impact organisations as they endeavor to safely access security systems remotely. Companies need to test their remote access capabilities for their video security and access control systems beyond basic mobile applications that simply provide monitoring versus full control. They might find that previously implemented cybersecurity measures have blocked remote access for permitted users. Security professionals need to confirm that cybersecurity policies are correctly securing network devices, while simultaneously supporting business continuity with reduced staff. Empty buildings can be particularly vulnerable from a physical security standpoint, while hackers are keen to exploit any weaknesses exposed by the rush to remote access. It’s not a time to let your guard down. In a time of social distancing, it’s never been more important to secure and protect video surveillance and access control systems from exploits so they can also help to protect assets and staff.

Card image cap
Adam Wynne Security & Safety Things

In the current world of physical security, there is hardly any security left that isn’t digital, and as such, a potential target for cyber-attacks. An electronic access control system that is capable of being accessed from the corporate network can be exploited to open physical doors, due to vulnerabilities in the communications between different devices in the system. Additionally, negligent access control and surveillance measures can expose companies to data theft by leaving open vulnerable workstations or local data storage and employee badges. Other concerns are phishing attacks or the use of social engineering on employees or contractors to gain the necessary credentials for access, neither of which require an active Internet connection to be successful. Companies should be aware of the importance of a well-rounded, holistic security program that takes into account these many different areas of risk – and take the steps to ensure proper procedures are in place. 

Card image cap
Jason Bonoan Seagate Technology

The rapid proliferation of Internet of Things devices has ushered us into a more connected and digital world. The impact of IoT is felt across many industries. In fact, Peter Middleton, senior research director at Gartner, said “physical security, where building intruder detection and indoor surveillance use cases will drive volume, will be the second largest user of IoT endpoints in 2020” following the utilities sector. Physical security IoT endpoints is forecasted to reach 1.09 billion units globally in 2020. While more devices are connected to the Internet than ever before, this also creates a greater risk for cyber breaches if data is not properly encrypted when data is in transit and when data is at rest. For example, data can be accessed from the camera wire during transmission, from the network through stolen passwords, and from hard drives if they are not properly disposed.

Card image cap
Alan Stoddard Verint Systems

In today’s day and age, there’s no reason any company should be looking at cyber and physical security as separate entities. Especially as many workforces are transitioning to a more remote yet connected approach, seeing both sides of the security equation as a whole is more important than ever. There are three critical facets that organisations should consider when defining a holistic security strategy: malware that travels bi-laterally across networks to connected systems, physical attacks that originate on the internet and are fueled by adversaries communicating across social media platforms, and the emergence of highly-sophisticated, coordinated attacks that utilise malware to exploit vulnerabilities in various systems to enable physical attacks on mission-critical operations. Simply put, a lack of coordination between information and physical security operations creates significant risk for any organisation. It’s abundantly clear that convergence is critical to defend against today’s multi-layered and sophisticated security threats.


Editor Summary

Our expert panelists express with confidence the need for greater cooperation between physical and cybersecurity. They offer multiple examples of why such cooperation is important, and they itemise the list of possible consequences when either discipline falls short. Awareness of cybersecurity issues in the physical security industry is higher than ever, and we are also making progress in terms of working together to maximise the “broader” security posture of companies and institutions. However, we can always do more, and we must.  

Related articles
What are the new trends and opportunities in video storage?

What are the new trends and opportunities in video storage?

How can cybersecurity impact physical security (and vice versa)?

How can cybersecurity impact physical security (and vice versa)?

Security and Safety Things demonstrates growing IoT platform for security cameras at CES 2020

Security and Safety Things demonstrates growing IoT platform for security cameras at CES 2020

Follow us

Sections CCTV Access Control Intruder Alarms Companies News Insights Case studies Markets Virtual events Events White papers Videos April 2020 news RSS
Topics Artificial intelligence (AI) Counter Terror Cyber security Robotics Thermal imaging Intrusion detection Body worn video cameras ISC West Video management software
About us Advertise About us 10 guiding principles of editorial content FAQs eNewsletters Sitemap Terms & conditions Privacy policy and cookie policy
About this page

Security experts from Razberi Technologies, Boon Edam, Vidsys, HSM (UK) Ltd., , TDSi, Hanwha, Security & Safety Things, Seagate Technology, Verint Systems discuss "How can cybersecurity impact physical security (and vice versa)?"

See this on SecurityInformed.com

Subscribe to our Newsletter

Stay updated with the latest trends and technologies in the security industry
Sign Up

DMA

SourceSecurity.com - Making the world a safer place
Copyright © Notting Hill Media Limited 2000 - 2021, all rights reserved

Our other sites:
SecurityInformed.com | TheBigRedGuide.com | HVACInformed.com

Subscribe to our Newsletter


SourceSecurity.com
SecurityInformed.com

Browsing from the Americas? Looking for our US Edition?

View this content on SecurityInformed.com, our dedicated portal for our Americas audience.

US Edition International Edition
Sign up now for full access to SourceSecurity.com content
Download Datasheet
Download SourceSecurity.com product tech spec