Given now is a time where all systems are interconnected and Internet-supported, the distinctions between cyber and physical security are increasingly blurred. That means that a firm’s network-connected physical security systems have to be protected robustly.
In a recent article for SecurityInfoWatch.com, Antoinette King, outlines the best practices for protecting these systems in an IoT-centric age.
From analogue to digital — The evolution of modern physical security
King starts out by stressing that connected devices foster efficiency for companies, but they bring risks that didn’t exist in the pre-Internet era.
She writes that, two decades ago, physical security systems were designed to be stand-alone tools that were separate from one another. Exterior security was different from interior security, which was different from closed security television, in turn.
All of this made for an unwieldy system. That all changed with physical security information management systems (P-SIMS).
“Physical Security Information Management Systems (PSIM) were software that provided platforms and applications created by middleware developers. They were designed to integrate multiple unconnected security applications and devices and control them through one comprehensive user interface,” King explains.
This didn’t last because middleware is exactly what it sounds like — a midway connection point, another unwieldy step in between two different systems.
Hence came the “single pane of glass” approach of today, with integrated physical security solutions becoming the name of the game.
Recommendations to keep these systems safe
While these systems are efficient, they possess inherent vulnerabilities. She cites weak authentication and authorization, which can be targeted easily by hackers. Additionally, many of these systems feature outdated firmware and software, possess insufficient encryption, and hold secure boot mechanisms that leave a lot to be desired.
Outside of this, external flaws of the day such as lax auditing standards and the presence of global supply chain vulnerabilities mean many physical security systems are left exposed to attacks.
Some of King’s recommendations to address these concerns are:
Protect data rooms — King says many of these spaces are used for data storage and often are left without the needed updates and renovations to protect the sensitive information they contain. She says that the physical rooms should be “reconstructed from floor to ceiling with solid, impenetrable construction.”
Emphasize access control protocols — Given that access control systems like card readers and digital credentials are connected to WiFi and Bluetooth today, King stresses just how vulnerable they are to hacks. One way to protect these systems is to do a full audit — when someone leaves a role at a company, make sure their credentials are taken away. No one should have power over access control systems that they no longer need. It’s too easy for a bad actor to get their hands on them.
Fasten the locks — When it comes to traditional manual locks, King says “ensure they are of suitable security construction, six or seven pins keyways, a long throw deadbolt, and a regularly audited key control system with no master keys issued.”
With the rise of new technologies — time will tell how tech like AI will disrupt the physical security space — it’s important that every member of the team does everything they can to keep a company’s physical security systems hacker free.