How can cybersecurity impact physical security (and vice versa)?
29 Apr 2020
We are all more aware than ever of the need for cybersecurity. The Internet of Things is a scary place when you think about all the potential for various cyber-attacks that can disrupt system operation and negatively impact a customer’s business. Because most physical security systems today are IP-based, the two formerly separate disciplines are more intertwined than ever. We asked this week’s Expert Panel Roundtable: How can cybersecurity challenges impact the physical security of a company (and vice versa)?
IP cameras, routers, and NVRs are critical components of a physical security system, which makes them prime targets for ill-intentioned hackers or mindless botnets. The Mirai botnet “prefers” IP cameras, which alone has a high-powered processor capable of running analytics and an open-source operating system like Linux. What more could you ask for when searching for resources to execute a dedicated denial of service attack or to spy on a company? Imagine an attacker gaining access to both cameras and door controllers. A physical security system managed with cybersecurity best practices, like complex device passwords, segmentation from other traffic, and firewalls, can stop an internal attack from spreading or remain unseen by Internet bots and unscrupulous keyboard jockeys. Physical security works best when applied in layers as does cybersecurity, and now the two are more intertwined than ever before.
While cybersecurity employs firewalls and encrypted passwords to harden network data, that data is vulnerable the moment an intruder gets inside a facility with a flash drive. There are pen testers that have proven this, and even guards can be manipulated and fooled. So, the challenge to safeguard data from hacking from the inside requires a strategic physical security plan to secure entrances at a facility’s perimeter and interior doors. A secured entrance eliminates the risk of a data breach from unauthorised intrusion or tailgating, enhances identity authentication and provides access audit trails. Security entrances are not all the same, and the key is knowing the role they can play in intrusion prevention – some require supervision (tripod and optical turnstiles) and others can prevent intrusion completely (security revolving doors and mantrap portals). They bring a reliable standard operating procedure (SOP) to the table that can support security staff.
The convergence of cybersecurity and physical security is of major importance to how best to mitigate, detect and respond to alarms that may be triggered from applications that are separately monitoring events from their respective subsystems. The most significant challenges with respect to both technologies are in the correlation of alarms and events between the two as they are different by nature, and different in their use cases. However, as the relationship and use cases for addressing each respectively continue to more closely align with common mitigation and response measures and procedures, organisations will continue to take the approach of integrating as many, if not all, common alert and monitoring applications in order to take advantage of the technology advancements, in addition to gaining better return on investment (ROI).
Physical documents and cybersecurity are intrinsically linked and can present devastating security threats to companies who are complacent when dealing with data. And although businesses are stepping up their digital data procedures, they can’t afford to concentrate solely on cybersecurity. Companies also need to ensure that their physical, confidential documents, which can be equally as damaging as a digital breach, are appropriately destroyed (by shredding) at their end of life. If not, security breaches caused by careless neglect or abandonment can lead to harmful consequences and could undo an organisation’s cybersecurity efforts. One of the biggest risks to organisational data security is insider attack. Documents sitting for weeks in consoles can be easily accessed by a disgruntled employee, thus leaving the company vulnerable to further attack. By shredding in-house, organisations are able to destroy confidential documents to their required particle size and can be assured that it meets security standards.
Protecting customers' organisation(s) from hackers is imperative. Here are some ways cybersecurity remedies impact the physical security of access control systems:
- Integrators need to refer to manufacturer cybersecurity vulnerability checklists on any project. Checklists cover topics that can lead to hacks of contactless cards and readers. Sections include default codes, Wiegand issues, reader implementation tips, card protection solutions, leveraging long range readers, assuring anti-hacking compatibility throughout the system and leveraging additional security components.
- Default codes can lead the customer open to attack. Don't leave default installer codes in an unarmed state. Find the default installer codes. Otherwise, hackers find them online using simple Google searching. Don't use passwords embedded into shipped software code.
- If the new system leverages the Security Industry Association's (SIA) Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fostering interoperability among security devices.
With modern integrated IP systems and IoT connectivity, cybersecurity is crucial for the physical security provision but can be compromised if not properly considered and protected. During security operations end users need to ensure they change the default passwords as soon as the systems go live. Unfortunately, this is often not the case, and savvy criminals can use this weakness to potentially devastating effect. It’s also important to have policies in place to guard the cybersecurity and credentials of physical security systems. Any sensors that are IP-enabled should ideally be protected behind a firewall to prevent unauthorised access from the outside world. There is also a responsibility for manufacturers to design and supply products that are cyber secure by design. This means adding the likes of SSL encryption to systems to ensure they are suitable to operate as part of wider networks and are well protected against potential cyber threats.
With so many working remotely, cybersecurity challenges can impact organisations as they endeavor to safely access security systems remotely. Companies need to test their remote access capabilities for their video security and access control systems beyond basic mobile applications that simply provide monitoring versus full control. They might find that previously implemented cybersecurity measures have blocked remote access for permitted users. Security professionals need to confirm that cybersecurity policies are correctly securing network devices, while simultaneously supporting business continuity with reduced staff. Empty buildings can be particularly vulnerable from a physical security standpoint, while hackers are keen to exploit any weaknesses exposed by the rush to remote access. It’s not a time to let your guard down. In a time of social distancing, it’s never been more important to secure and protect video surveillance and access control systems from exploits so they can also help to protect assets and staff.
In the current world of physical security, there is hardly any security left that isn’t digital, and as such, a potential target for cyber-attacks. An electronic access control system that is capable of being accessed from the corporate network can be exploited to open physical doors, due to vulnerabilities in the communications between different devices in the system. Additionally, negligent access control and surveillance measures can expose companies to data theft by leaving open vulnerable workstations or local data storage and employee badges. Other concerns are phishing attacks or the use of social engineering on employees or contractors to gain the necessary credentials for access, neither of which require an active Internet connection to be successful. Companies should be aware of the importance of a well-rounded, holistic security program that takes into account these many different areas of risk – and take the steps to ensure proper procedures are in place.
The rapid proliferation of Internet of Things devices has ushered us into a more connected and digital world. The impact of IoT is felt across many industries. In fact, Peter Middleton, senior research director at Gartner, said “physical security, where building intruder detection and indoor surveillance use cases will drive volume, will be the second largest user of IoT endpoints in 2020” following the utilities sector. Physical security IoT endpoints is forecasted to reach 1.09 billion units globally in 2020. While more devices are connected to the Internet than ever before, this also creates a greater risk for cyber breaches if data is not properly encrypted when data is in transit and when data is at rest. For example, data can be accessed from the camera wire during transmission, from the network through stolen passwords, and from hard drives if they are not properly disposed.
In today’s day and age, there’s no reason any company should be looking at cyber and physical security as separate entities. Especially as many workforces are transitioning to a more remote yet connected approach, seeing both sides of the security equation as a whole is more important than ever. There are three critical facets that organisations should consider when defining a holistic security strategy: malware that travels bi-laterally across networks to connected systems, physical attacks that originate on the internet and are fueled by adversaries communicating across social media platforms, and the emergence of highly-sophisticated, coordinated attacks that utilise malware to exploit vulnerabilities in various systems to enable physical attacks on mission-critical operations. Simply put, a lack of coordination between information and physical security operations creates significant risk for any organisation. It’s abundantly clear that convergence is critical to defend against today’s multi-layered and sophisticated security threats.
Our expert panelists express with confidence the need for greater cooperation between physical and cybersecurity. They offer multiple examples of why such cooperation is important, and they itemise the list of possible consequences when either discipline falls short. Awareness of cybersecurity issues in the physical security industry is higher than ever, and we are also making progress in terms of working together to maximise the “broader” security posture of companies and institutions. However, we can always do more, and we must.