As systems connect online, they become hackable, meaning cyber attacks now threaten businesses, governments, and people, even on a physical level.
In this blog post, we will give an overview of physical security systems before delving into how they can be further strengthened by cybersecurity measures.
Systems protect people, property, and data. Here are some common examples.
- Surveillance systems, such as parking lot camera systems, to monitor sites.
- Access control solutions managing access to restricted areas (locks, badges, PINs)
- Alarm systems detect threats and alert security staff.
Properly set up, these instruments deter threats and enable fast response, too. Many now connect online, thus exposing themselves to new cyber risks.
CCTV means closed circuit television and refers to cameras that record video 24/7. Advanced cameras have low light and high resolution, while other useful features include motion sensing, object tracking, and remote control.
Live feeds go to monitors in a control room, and recordings are saved in a storage device. Some systems now connect to the internet, which allows remote viewing and management.
Access controls restrict access, meaning both physical access to places and digital access to networks or systems.
For physical security, they use barriers like doors with additional authentication needed to enter. This includes PIN codes, swipe cards, and biometrics.
Alarms detect incidents and intrusions. Here are some of the most common types.
- Intruder alarms which sense motion and trigger alerts.
- Fire detection and suppression solutions that detect smoke, heat, and flames.
- Environmental monitoring solutions that check air quality, water, and temperature.
Sensors feed data to a control panel. Analyzing this information can identify threats before response protocols are engaged (e.g., notifying security staff or calling emergency services.
Here’s what well-implemented systems provide.
- Deterrence: Signs and cameras make people think twice.
- Monitoring: Capturing activities in monitored areas.
- Access control: Allowing entry for authorized persons only.
- Rapid response: Detecting incidents quickly to accelerate response.
- Evidence: Providing video/data to aid investigations.
As pointed out earlier, many physical security systems now connect to IP networks. This enables remote management and analytics but also creates cyber risks.
Weak authentication leaves remote access systems vulnerable. Outdated software contains bugs and gaps. Poor network security exposes systems to attacks.
Threats come from cyber criminals, hackers, and insiders. All leverage increased connectivity to infiltrate systems.
Here is what successful cybercriminals allow criminals to do.
- Evade and disable security measures. For example, they may open doors and turn off cameras.
- Steal private data by disabling access control systems that store sensitive assets and info.
- Spy on users by viewing camera feeds and tracking people.
- Damage systems by corrupt footage and crashing networks.
- Endanger people by disabling alarm systems and emergency alerts.
Major attacks could cripple operations, as well as cause property damage or loss of life.
Attacks are increasing in scale and cost.
- 60% of businesses that suffered a cyber attack go out of business within six months.
- The average cost of a breach is $4.45 million.
- The time to identify and contain attacks averages 287 days.
As more devices connect, trends will likely continue, making the need to defend systems higher.
In 2018, Atlanta suffered a large ransomware attack with hackers disrupting government systems citywide. Over a third of Atlanta’s CCTV cameras went down. The cameras could not be monitored or recorded during the attack. This happened amid protests over a police shooting. With cameras down, situational awareness suffered, and responding to incidents grew more difficult. The attack highlighted risks to public safety systems, and many cities reviewed and improved their cyber defenses as a result.
In 2016, ransomware struck a Los Angeles hospital, with the hackers targeting access control servers. Doors controlled by electronic access cards suddenly stopped working. This included operating rooms, patient wards, and more. Staff had to check IDs and manually unlock doors, and some resorted to propping doors open. Safety and security suffered during the outage.
It took over a week to fully restore systems, which led to the hospital strengthening coordination between systems.
In 2017, Dallas’ emergency sirens were triggered by a cyber attack. All 156 of the city’s tornado sirens started sounding citywide. This occurred at night when no emergency was happening.
The attack used stolen radio system credentials and manipulated siren controllers into activating.
Hackers have varying motivations. Here are some of the most common scenarios.
- Cybercriminals seeking financial gain.
- Activists causing disruption to make political points.
- Insiders abuse access for reasons like revenge or theft.
- State-sponsored groups advancing strategic interests.
Attacks come from both organized cybercrime groups and solo hackers. They identify and exploit weaknesses in security systems connected online. The more systems connect to the internet, the more opportunities emerge. Attackers are aggressive at finding and leveraging vulnerabilities.
Organizations must take action to prevent attacks on their security systems through cyber threats. Here are some ways to do so.
- Install the latest security patches always, as outdated software is vulnerable.
- Isolate systems from the public internet if possible, as this limits exposure.
- Require strong passwords and multi-factor login for users as this reduces the likelihood of unauthorized access.
- Monitor networks closely for anything suspicious, as this allows you to detect intrusions early.
- Have incident plans ready for physical security systems.
Outdated firmware or software contains security flaws. Vendors issue updates and patches to address discovered vulnerabilities. Regularly updating all systems and software is critical. Here are some helpful tips.
- Enable automatic updates where possible, as this ensures new patches are installed promptly.
- Have a schedule and process to check for and install updates manually otherwise. Be consistent.
- Update operating systems and applications, too, as malware often exploits older versions.
Updated software improves security and removes known attack vectors.
Properly configuring systems also reduces risk.
- Change default passwords and use strong and unique credentials for each device.
- Disable unnecessary services and ports to minimize pathways attackers could leverage.
- Enable logging and alerts to detect issues early.
- Restrict device access to authorized users and networks only.
Limiting connections to the public internet reduces exposure. Follow these tips for maximum effectiveness.
- Disconnect systems if they don’t require external access.
- Place internet-connected systems in a DMZ network isolated by a firewall.
- Require VPN connections for remote management access.
Segmentation and controlled access prevent attacks from coming from the outside.
When more devices connect online, threats to your physical security system will grow. Therefore, businesses must secure systems through:
- constant system updates and patches
- isolating systems from the internet
- strong user access policies
- network monitoring and quick response