Page 42 - Security Today, March 2017
P. 42
Always On
Assessing physical security and availability via IIoT
BTy Robert Otto
he momentum we’ve seen the industrial Internet of Things (IIoT) gain in recent years has led to an in- creased awareness of security threats. As a direct result, we’re seeing more connected devices alongside our ac- cess control, cameras, alarms and other investments in
perimeter security being deployed to mitigate this risk.
One example of this melding between physical security and build- ing automation is evidenced by the merger last September between Johnson Controls, a top provider of building efficiency solutions, and Tyco, a key provider of fire and security solutions. This merger opens the door to future technological innovations in smart buildings that
can bring the real value of the IIoT to life.
However, for most companies in the building security industry,
full transition to the IIoT is a long road ahead, and many are still dependent on their existing perimeter security systems.
Every company takes their approach to securing their systems dif- ferently and, more often than not, they’ve opened themselves up to risk along the way in some form or another. On one end of the spec- trum, a company could have a single server supporting its security system tucked away in an equipment closet somewhere. On the other, a company may have updated their technology to deploy virtualized servers that efficiently support a range of physical security or other building systems. Both have their risks and if a company considers the IIoT and expanded connectivity to be on its horizon, it needs to understand where these risks exist.
40
0317 | SECURITY TODAY
What Are the Risks?
Imagine an access control system that relies on a dedicated server that can be anywhere from a decade to a century old. It’s been out of sight, out of mind literally until the day it reaches its inevitable end of life, which is when it really starts causing more significant problems. It may initially deny you access. It may create a lapse in security with a lost or corrupted database that supports perimeter card readers. It may even require the rebuilding of certain databases manually. Ironi- cally, even with virtualization, you can actually compound risk fur- ther by creating a single point of failure where a range of critically- important security systems can be taken down all at once.
At a major U.S. international airport, there is a glimpse into just how far the effects of downtime on security systems can reach. This particular airport maintains an extensive automated infrastructure but was experiencing too much unplanned downtime with two key systems: physical badge tracking/door access security systems and the baggage handling system for security screening, storage, sorting and transportation of baggage.
Outages of these systems required costly human intervention to maintain customer service levels, minimize safety risks and ensure compliance with Federal Transportation Security Administration (TSA) requirements. The airport was forced to deploy staff to manu- ally monitor every door within their secure areas, leading to addi- tional labor costs, TSA fines or, worse, the potential shutdown of airport operations and significant lost revenue.
PERIMETER SECURITY
Montri Nipitvittaya/Shutterstock.com