Author: Francesca Meyrick
It’s a slightly perverse question to ask: is your security really secure? But in an age of full security integration, the Internet of Things (IoT), and hyper-connectivity, there is a real danger that intruders can find new ways to circumnavigate physical security systems.
At TDSi we take cybersecurity just as seriously as physical security because any distinction between the two has dissolved away. However, with the almost infinite choice of system connectivity out there all security providers and operators need to be asking themselves whether their security really is secure.
The drive towards watertight cybersecurity in the physical security world has undoubtedly been led by Enterprise level customers. We particularly started to notice this some five or six years ago, when tenders from these larger projects all demanded full cybersecurity assurance even from the most seemingly mundane components.
It’s no real surprise when you consider the cyber-vulnerability of many organisations, especially large, cash-rich Enterprises, which are a key target for criminals and even rogue states. With the increasing threat of DDoS (Denial-of-service) attacks these organisations (rightly) need to be very careful about any systems they use, and especially any that are meant to protect them but could be hacked instead.
These organisations need reassurance that they can trust all their security systems and demand full end-to-end cybersecurity and unbreakable encryption throughout the process.
Much of the cyber secure approach in the physical security world was initially driven by the CCTV sector, which very early on realised the potential for products to be hijacked. Manufacturer’s built-in safeguards and designed hardware with cybersecurity built-in.
TDSi was an early adopter of this approach too, understanding that security needs to repel cyber threats just as much as physical ones. Some of our competitors still seem to be lacking this level of conviction, but we believe it is vital and gives our customers peace of mind that they can trust our products fully.
With the general integration of IoT systems, the whole security market is now very cyber-aware and it’s evident that all sizes of security customers, from the smallest SME office to the largest multi-national, need full reassurance from their physical security systems.
When access control simply consisted of keys and locks it was much easier to stop your credentials from being forged (criminals had to physically get hold of a key to make a copy!) With electronic ‘keys’ it has become far more complicated.
There have been more and more instances of access control credentials being hacked, particularly standard 125 kHz proximity cards. As is the way of technology supply and demand, you can readily buy card sniffers online to clone a card. In fact, given the right technology and know-how, you can clone some basic cards from the serial number.
In response, this has seen the adoption of far more sophisticated credentials such as MIFARE Plus and DESfire cards, which use 128-bit and 256-bit encryption to help tackle the problems of cloning and hacking. There has also been a lot of education (something TDSi is passionate about) from manufacturers and security experts to ensure that the market understands the need to update systems and eradicate ‘easy targets’ for hackers, criminals and intruders.
Cybersecurity is at the forefront of TDSi’s latest and forthcoming security products. A good example is our new GARDiS Controller which has Web and security capabilities embedded in the hardware.
The product is also intelligent when it comes to networking with associated controllers, taking away the guesswork of the installer that is incorporating it into a new or existing network. With security built into products, there is less chance of gaps being inadvertently left that can be exploited. This also makes security installations quicker, cheaper, and more effective in the long run.
Hyper-connectivity and the IoT have definitely moved the goalposts when it comes to providing, installing, and operating physical security systems. For all the benefits to those that security protects, there are inevitably increased opportunities to hack or misuse these systems. However, by building in cybersecurity and developing it as part of the overall system, we are making it much more difficult for criminals to use advances in technology to their own ends.