Most industry veterans thought the notion of placing security systems on networks and transmitting signals and data over the Internet was preposterous when it was first introduced about a decade ago. They were convinced that computer networks were far too unsecure and vulnerable to compromise, as well as prone to outages and failures for a variety of reasons.
Over time, computer, networking and logical security technology advanced and became more reliable, stable and secure. Along with that, electronic security products equipped with network connectivity began to proliferate and be adopted into the marketplace. Gradually, those dubious industry veterans began to open their minds and investigate the world of Internet protocol (IP)-based solutions. They were further pushed to embrace the technology by younger, IT-savvy entrants into the field; manufacturers eager to sell this new class of products; and end users interested in integrated control and functionality of their enterprise systems. Massive hype and promotion ensued touting the revolution of physical-IT security convergence.
It is indeed an exciting time in our industry’s history, and the technological, security and revenue potential can understandably be intoxicating. However, in our rush to IP ubiquity we can’t lose sight of some key tenants that lie at the core of what the security industry stands for, namely that security itself takes precedence over everything else. This includes convenience, bells and whistles, money, what’s cool — everything. That means our solutions must always remain at least one step ahead of the bad guys, who themselves are becoming ever-more sophisticated in their abilities to defeat and hack security devices, systems and networks.
I believe as our products are enabled to migrate onto networks we have to be especially vigilant in making sure there are no holes or back doors for hacker hobbyists or evildoers to take advantage of. This is true in both the design of the products themselves and the installation techniques deployed by the systems integrators/security dealers, as this is relatively new territory for us. We are no longer just dwelling in the physical or electronic world; we have now entered the cyberworld. And the risks are not confined to the hardwired network infrastructure as Wi-Fi and other network-based wireless communications carry access control data, intrusion signals, video surveillance images and other critical physical security information.
This is not to say the sky is falling, but it could if we are not careful. Two recent examples underscore how serious this is. The first was one of the latest in the news about the vulnerabilities of RFID as a federal judge in August granted the Massachusetts transit authority’s request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system. The second example concerns a technique known as “video sniffing” in which a strong transmitter can be used to hijack wireless networks and broadcast different images back to a security desk.
If such stories become too commonplace they could seriously undermine the credibility of networked security solutions like access control and video surveillance. The loosey-goosey state of standards in our industry doesn’t help. The time to get the bugs and kinks out is NOW before these systems become more prevalent and cause the problems to grow exponentially. Otherwise it could potentially be as damaging as false alarms have been in the intrusion alarm business.
Partnering and working closely with IT professionals is vital, but at the same time we must not yield to the security concepts of folks who think it’s acceptable to patch security holes in operating systems and other critical software after it’s already online. It’s up to our industry to teach them what security is really all about. For electronic security manufacturers, it’s imperative that products are thoroughly reviewed by IT-savvy professionals and put to the test by the craftiest, most hard-core hackers before they are released to the marketplace. That combined with installing security contractors being up to speed regarding IT and computer networking — and especially the new types of security threats that environment brings with it — will help our industry do itself proud.
What do you think? As always, thanks for reading.
Scott Goldfine
Editor-in-Chief
SECURITY SALES & INTEGRATION
posted @ Monday, October 20, 2008 10:33 AM