Unifying Physical and Cyber Security
Unifying Physical and Cyber Security
Data from physical security systems should not be seen as separate to that from network monitoring.
A web search for security systems will bring up a list of suppliers of cameras, alarms and monitoring systems together with a brief tip of the hat to cyber security solutions. A closer look at the physical systems on offer reveals that the majority include some aspect of electronic data gathering and reporting. At Kindus we have already described the use of face recognition software and biometrics in passwordless systems.
Automatic number plate recognition (ANPR) was initially seen as a tool to track untaxed or stolen vehicles. As systems have evolved the technology has become widely used in car parks to track how long the vehicle has stayed and to calculate the final charge. Pass-cards are scanned to enter buildings or use public transport with the calculation of any related timings or usage costs. In both these cases it is the token not the owner that is tracked. Number plates can be swapped to fool ANPR and pass-cards lent to other users. These loopholes require other systems to enhance security. Additional cameras will capture the make, colour and model of vehicles. Face recognition cameras can match photographs to faces although these do depend on the quality and age of the image. Even if the token does not match to its expected holder useful data will have been gathered that an event occurred at a particular place and time. Even as simple a system as having a light come can record where that light was and what time it activated.
Security should be seen as a holistic whole, combining data for prevention and detection of breaches. If a cyber-attack is suspected from within a network then network logs will provide details on the time and account used together with the network address used. Physical systems can report on who was present or at least who they were pretending to be. A proficient attacker will have spoofed all of this information except the time when an attack went live. Even so by combining a trail of falsified information trends will emerge and possibly a clue as to the source. Actions by an opportunistic or disgruntled employee will be relatively easy to trace. Promoting staff and client awareness of the capabilities of an integrated security system will be an efficient deterrent.
The hardware and IoT technologies are already in place to merge cyber and physical security systems. The goal needs to be to get all the information to work together and produce meaningful reports. Dedicating staff resources is an excellent if costly solution. Several data systems may need to be monitored. Reporting could involve writing bespoke code to interrogate one data store and compare that with another. This work pays off when investigating a suspected incident, identifying the cause and reducing the chance of it occurring again. Most monitoring, however, consists of looking at reports and alerts which in general only confirm that there is nothing of concern to look at. This is not a good allocation of skilled staff resources. The perfect monitoring system will do all this busy work and focus on meaningful reports and alerts.
Like a chain a security system is as secure as its weakest link. Any combined approach needs to consider the access rights of all connected devices. In 2014 the USA retain chain Target blamed its credit card data breach on security credentials used to access its air conditioning and heating system. Devices such as Internet surveillance and doorbell cameras are easily compromised if the default manufacturer account credentials are not changed. Ideally such devices should be wired to the network but sometimes WiFi is the only option. Some early IoT devices had limited computing power with the resulting difficulty in working with modern secure access systems. The risk can be minimised by restricting IoT devices to collecting data which in turn will be processed by more secure ‘edge servers’. This will limit the data lost from an attack and prevent a hacker from elevating their access to more valuable systems.
When replacing physical security systems businesses should consider the data connectivity of new devices. Ideally the software should come with access options such as APIs to allow integration into existing business systems even if there are no immediate plans to do so. If the supplied software is locked down with access limited to cloud based supplier reporting engines then future options for an integrated cyber security network may be closed off.
Kindus have experience in cyber security and IoT systems. We are well positioned to advise on the choice and adaption of physical security systems to integrate with cyber security solutions.