Issue link: https://securitytechnologyexecutive.epubxp.com/i/870734
46 SECURIT Y TECHNOLOGY E XECUTIVE • September/October 2017 • www. SecurityInfoWatch.com RISK MITIGATION standard metrics like VPU (video path uptime) or bandwidth used across different locations for CCTV systems, anomalies can be detected that would point to potential breaches in certain locations. For example, in a retail environment, one would expect low bandwidth utilization when the store is closed. A store showing activity outside of normal hours would be flagged in the metrics and action can then be then taken. At a high level, physical security leaders should be thinking about the digital nature of their secu- rity systems in order to craft the right solution. One such concept gaining a foothold in the IoT (Inter- net of Things) space is the digital twin: https:// en.wikipedia.org /wiki/Digital_twin. By capturing real-time metadata across the physi- cal security network (not the video or access control data), such a digital twin can be used to authenti- cate the integrity of the system. This will not inter- fere with its actual operations. The digital nature of today 's physical security systems makes such a twin not only practical but essential. It allows for deep understanding and deep interrogation of a security system to authenticate and verify it has not been hacked. If there is one imperative that you gain from this article it's that now is the time to act. The emer- gence of hackers targeting electronic security sys- tems is recent. Historically, when hackers embark on a new approach, they keep using it for several years. Think of phishing , DDoS attacks, clickjacking and other attacks. They all have had relatively long lives from when they first emerged. Taking action now allows you to use system and data verification technology to proactively understand when hacking is taking place. It puts you in a position to respond quickly. By working with leading security integra- tors, manufacturers and other technology providers, there are ways today you can prevent your organi- zation from appearing on the evening news as yet another victim of cyber crime. Internet connections. While this sounds good on the surface, the reality already seen is that the mal- ware agents can be installed in a variety of ways. USB sticks, VPN access, onsite technicians and even "Trojan Horse" types of malware embedded in other systems can lead hackers through a secret tunnel to compromise the security system. The Proactive Authentication Solution Given that current approaches are insufficient, what would the correct solution look like? In many ways, it would look like current cybersecurity solutions (the ones that protect IT infrastructure but not secu- rity infrastructure). The attributes the solution must have included: Automation: The number of cameras and access control devices; network connections, serv- ers, applications and storage that make up a mod- ern physical security system make manual methods inadequate. Not only would the data have to be manually gathered. More importantly, the analysis of that data into possible failure conditions would take a lot of people a long time. Automation also provides a "set it and forget it" approach, which is critical for ensuring 24/7 that the security system is secure. Proactive: Bud Broomhead, CEO of Viakoo, shared in a study they conducted in early 2016 "It typically takes a few days from when a problem is found in physical security systems (mean time to identify, MTTI) to when it is corrected (mean time to correct, MTTC). That kind of reactive approach gives potential hackers both access and time to take advantage of a crippled security system." As many recall, drug lord El Chapo tunneled out of his Mexican prison long before his guards discovered him missing. Scale: Corporate networks know no borders. Forensics up-front: Knowing when a secu- rity system is vulnerable to attack is one thing , but equally as important is having a fix to vulnerability as soon as possible. It's critical to have a security system instrumented in such a way that forensic analysis can be done in-line with detection. In other words, ubiquitous data gathering must be designed into the security system. Only then can data be analyzed for how, when and where the problem appeared and how to correct it. Scientific proof/metrics: Just as video evi- dence is only usable in court if there is a chain of custody, the integrity of a security system can only be judged if there are scientific methods used in data gathering and analysis. Likewise, by using About the Author: Eddie Meltzer is Founder and CEO of Securit y Cloud & Mobile Partners. A 30-year veteran of the electronic securit y industry, Melt zer is an industry champion for big data analysis of securit y operations. He is a subject-matter expert in ser v ice and support programs as well as global business development, cloud computing , and authentication methodologies. He welcomes your calls at 8 16.2 15.9398 or email him at EMelt zer@ securit ycloudmobile. comand v isit his website: w w w. securit ycloudmobile.com It's fair to say that efforts are being made, just not enough or of the right kind.