Security Business

JUL 2019

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link: https://sdi.epubxp.com/i/1141282

Contents of this Issue

Navigation

Page 100 of 108

S40 ACCESS CONTROL Trends And Technology | JULY/AUGUST 2019 Finding the Right Solution for the Threat Carter, who is a former NASA engineer, SIA Board Member and Homeland Security Advisory Group chair, has been involved in the security and access control space for more than 25 years. His background provided insights into the world of cyber and network vulnerabilities as physical access control and video surveillance began to migrate into the IP space. He says that as he and those he has worked with along the way saw where this convergence of physical and logical technologies was taking the industry, it mandated that the way physical security vendors approach solutions require they tread in both worlds. He advises that they create technologies that would move beyond traditional reactive methods to robust proactive and analytical solutions. “At ReconaSense we decided to go out and build a system, first and foremost, that is an open platform. From my days being on the Security Industry Association board of directors and driving open standards for so long, it only made sense to start from the very beginning with an ability to deal with the open systems and physical security that we are all familiar with, but do it with an eye towards complete interaction with cybersecurity technology. We need to be able to communicate and alert, not just the obvious breach where my system will tell you a couple of things and your system tells me a couple of things, but a real handshake, a real discussion, so to speak, between systems,” Carter stresses. “We have built the system using artificial neural networking and artificial intelligence as a layer above all of the standard systems that we are all used to: physical security, access control, video systems, intruding detection, data systems, and even weather plug-ins at this point. We’ve done it with an eye towards looking at things that are not traditional policy breaches.” Carter points out that the ability to incorporate artificial neural networking, where an access control system is learning and training itself to “think” and identify unusual activity that has not broken the defined policy, but provides a scoring matrix that can evaluate risk is a step towards making physical security systems behave analytically. “When you look at it (physical security systems) in conjunction with a cyber system, they do very much the same thing, looking at the trends, and the habits, and the use of traffic on them, and when they would expect traffic, what files would expect to be hit, and how they would expect those to be looked at and used and manipulated throughout the day. We do the same thing with the physical side and with our cyber-side protection,” Carter says. Owning the Data and Analyzing It The hard truth is that many physical security departments rely on an IT department to protect hard data or information – basically leaving cyber network protection to the cyber-side of the house. “When we look at what happened with the Pyramid Group, we see that really didn’t take place. Our system is like a cyber-based system; constantly monitoring the activity of the data systems that we manage and control. That’s critical. It is just as critical as being able to lock down a door in an active shooter situation. It is just as critical as being able to dispatch life safety in a physical security event because the data that we’re protecting, just like the cyber side of the equation, is life safety, is human assets,” Carter adds. Carter is adamant about bringing the sophistication and analytic levels of access control systems on par with advanced video surveillance where data-gathering and analytics are scored, and risk dashboards enhanced as a result. He alludes to the fact that many organizations face insider threats that escapes conventional security and risk analytics until it is too late. “If you look at the hospitality groups, like the one that we just read about, they’re open to public areas. There’s a lot of activity that is going on, where no rules are obviously being broken, or nothing is being scored, evaluated, or monitored by an AI security-controlled system,” says. Carter. “If you assess video analytics, you’re looking for specifics. You might count the number of people that cross a line. You might look for a crowd gathering. You might look for particular license plates. But unless it is breaking a rule, you don’t do anything with it. It is crucial now that we do a lot of associations on the physical security side. Say for instance, that a staffer has started coming in later in the evening or coming in on holidays when nobody else is around. That staffer can do that because your role-based access control system allows him to do that, because it can’t adapt to risk.” " They said that in a worst case scenario the leak not only put the hotel networks at risk, but also endangered the physical security of hotel guests and other patrons…"

Articles in this issue

Archives of this issue

view archives of Security Business - JUL 2019