Bridging the realms between cyber and physical security

Can there be better automated incident response for physical security?

security
Pexels (CC0)

The recent tragic events in Las Vegas, Lakeland, Manchester – and most recently at the YouTube campus—have put the issue of gun-related violence and the response to these incidents in the headlines. But there are other physical dangers as well. In late March, some 64 people—many of them children—perished in a fire in a Russian mall.

The prevalence of such disasters—and the possibility of dual physical and cyberattacks—has prompted some firms and investors to propose tech-based solutions for physical security. The need for such solutions is widespread. A recent survey from GrandView Research predicted that the global physical security market would grow from about $134 billion today to $290.7 billion by 2025 – an annual compound growth rate of 9.2 percent. The impetus is the perception that there are growing threats across the globe and new tech-based solutions to mitigate them.

Some point to a parallel—15 to 20 years ago, cybersecurity was made up of scores of disparate solutions with no single interface to consolidate them all, and incident response was exclusively in the hands of “manual” services firms. Looking to the physical security industry, it would appear that there would be an attractive opportunity for someone to be the IBM/Resilient Systems or Phantom Cyber for this emerging category.

How it works

The idea of using technology to respond to and manage physical world or “offline” events wasn’t feasible until a few years ago, when sensors, cameras, and electronic door locks, among other technologies, became widely available and connected to IP networks using open APIs. The development of more mass market machine learning algorithms and systems has also made the opportunity for more automated physical incidents response a reality.

New systems being developed today can employ such technologies to sense potentially disastrous events and take steps to limit their impact or stop them altogether. For instance, a camera could pick up an intruder with a gun and lock all the doors and cut the lights, so the assailant is left befuddled and trapped before the police arrive.

In addition, there are scores of solutions on the market ranging from millimeter-wave imaging sensors to detect bombs or firearms, surveillance drones and robotic security guards. But what is needed is a comprehensive solution that tracks all activity within an area on a single dashboard, allowing these disparate systems to interact and be managed more automatically, with less human intervention, when an event occurs.   In a physical security crisis, the time delay caused by humans needing to manually pull up the appropriate sensor or camera data, make an accurate decision, and then launch the appropriate response can mean the difference between safety or a major crisis. 

Of course, such solutions need to be accurate to work correctly. An AI-based physical security system needs to be able to differentiate a cleaning person holding a broom from an intruder with a shotgun, even if they look somewhat similar in low lighting.

MIM and links to cybersecurity

While cybersecurity and physical security have been separate realms, perhaps they shouldn’t be. Some companies have realized that cyber and physical attacks both fall under the heading of MIM—Major Incident Management—and are pooling both teams.

It’s easy to see how a truly nefarious group of criminals could use simultaneous cyber and physical attacks to overwhelm an organization. And of course, a physical intruder could invade the perimeter to carry out a cyberattack as well. For instance, an intruder who gains entrance merely has to plug in a USB device that fools the system into thinking it’s a keyboard or storage system.

For businesses with large physical facilities – whether manufacturing plants or utilities – physical security is often a failure point. Common security methods like badges and security entrances are relatively easy to foil. Technologies like biometrics and facial recognition can provide another layer of security that is less vulnerable to human error. To truly secure a business environment then, you need what some have dubbed a “cyber-physical nexus” that addresses both physical and cyber threats.

Part of the solution

AI-based MIM security will become a key part of the infrastructure deployed in any facility that attracts large numbers of people – from large enterprise offices, to university campuses, to stadiums, auditoriums and large entertainment complexes.  While it would be a mistake to assume that a tech-based solution will solve all the problems related to violence, fires and natural disasters and other physical world issues, technology is one piece of the puzzle that can help limit the potential damage. Now that we have the tools available to keep us all safer, we should figure out how to use them effectively.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Winter 2018 issue of Security Smart