Physical security vendors must collaborate beyond their industry to eliminate cyber vulnerabilities
Vendors of physical security systems lack the specialist expertise to protect customers against digital intrusions and data theft. Reinoud Weijmans of AET Europe and Hans Schipper of Nedap explain why collaboration with the cyber security industry is a must to eliminate cyber vulnerabilities. Why collaboration is needed to protect physical security systems against cyber threats Hans Schipper, business development, Nedap The fact that those of us who work in physical access control are not used to giving devices a strong digital identity has led to the present situation in which we lack sufficient protection from cyber-threats.
This was one of the reasons we sought collaboration with AET Europe. They are specialised in assigning identities to devices, which makes it possible to establish trusted communication between devices in a system. Why is it so important to make sure you are communicating with trusted devices? Reinoud Weijman, AET Europe When we communicate online we want to know who is sending us a message and be certain a message we send arrives at its destination and has not been intercepted along the way. This becomes even more important in the case of digital communication with a party such as a bank. This is why a secure HTTPS connection is established when we bank via the internet; that way we know we are truly communicating with our own bank. Similarly, a digital identity ensures that only devices that know each other can communicate with each other. Therefore it is also a way to prevent hackers from sabotaging a system or sending messages to devices. Because when you give devices in a system a digital identity, only trusted devices get access.
People a passport, devices a digital certificate So how do we give devices an identity? This can be done by assigning them a digital certificate a kind of digital passport authorised by an independent party, namely a certificate authority. This has long been common practice in the world of IT security, but the concept hasn t yet truly taken hold for physical security. But why? Why physical devices aren t assigned a digital identity Hans Schipper, business development, Nedap In the physical security world we have been connecting door controllers to the IP network for around fifteen years now. Those controllers obtain important information through this network: whether or not a person should be granted access. Currently we mainly just see the practical aspect of that communication: I need an IP address to enable the controller to communicate with the system. But if this door controller determines whether or not someone is given access to an organisation, we need to be sure these door controllers and devices can be trusted. We also need to know beyond a doubt that no other devices can access the system and send commands to these controllers.
Because that would mean that a hacker can open doors for people who are not authorised to enter. And, once inside, those people can wreak havoc, both physically and digitally. The Nedap-AET Europe collaboration Hans Schipper, Nedap Convergence of IT and physical security has been a hot topic in our market for years. In order to address this market demand, we saw the need to apply IT principles to our access control system. And to do this properly we turned to AET for their expertise. In our opinion, the most secure system uses digital certificates and these should be stored in a Secure Access Module (SAM) similar to the SIM card we are all familiar with from mobile phones. And it must also be simple to manage these certificates. Reinoud Weijman, AET Europe AET Europe offers a management system for digital certificates. We have integrated this system in Nedap s AEOS access control system.
This way a customer can place digital certificates, authorised by their own Certificate Authority, on SAM cards themselves. The SAM cards are then installed in AEOS door controllers, after which trusted communication takes place to and from the AEOS server. Highest security level achieved Hans Schipper, Nedap We see that that companies and particularly those that take security seriously want to maintain complete control themselves. Therefore digital certificates are generated within the organisation and are not known to the manufacturer or supplier. This way the organisation has exclusive control over the trusted communication. More importantly, it is impossible for hackers to establish communication with these door controllers. The system is secure from end to end and meets today s highest security standards.
Download: The Video Surveillance Report 2016 This exclusive report covers the security needs of surveillance systems as shaped by the physical environment including: What do security professionals think about plug-and-play systems Challenges like low-light conditions or large spaces and the threats posed in various sectors Which cutting-edge features such as mobile access, PTZ smart controls or 4K resolution are most important to security professionals What are the most important factors driving upgrades and would end users consider an upgrade to HD analogue Download the full report here.