This is the 44th article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
Evolution of the Web has had a profound impact on physical security, both positive and negative.
All-in-one RWOB
MAXIMIZE YOUR SECURITY OPERATIONS CAPABILITIES
Upgrade your security operations effectiveness through Security Technology Strategic Planning. Provably get more for your company's security technology investment.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
#51 H.264 - Part 3: Once seen as just a marketing term, ‘smart codecs’ have revolutionized video compression.
#52 Presence Technologies: The proliferation of IoT sensors and devices, plus the current impacts of the COVID-19 pandemic, have elevated the capabilities and the importance of presence technologies.
#53 Anonymization, Encryption and Governance: The exponential advance of information technologies requires an exponential advance in the application of data protection.
#54 Computer Vision: Why a good understanding of the computer vision concept is important for evaluating today’s security video analytics products.
#55 Exponential Technology Advancement: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#56 IoT and IoT Native: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#57 Cloud Native IoT: A continuing look at what it means to have a 'True Cloud' solution and its impact on today’s physical security technologies.
#58 Bluetooth vs. Bluetooth LE: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#59 LPWAN - Low-Power Wide Area Networks: Emerging IoT smart sensor devices and systems are finding high-ROI uses for building security and safety.
#60 Edge Computing and the Evolving Internet: Almost 15 billion personal mobile devices and over 22 billion IoT devices operating daily worldwide have shifted the Internet’s “center of gravity” from its core to its edge – with many implications for enterprise physical security deployments
#61 Attack Surface: (Published as a Convergence Q&A Column article)An attack surface is defined as the total number of all possible entry points for unauthorized access into any system.
#62 Autonomous Compute Infrastructure: We’re on the brink of a radical new approach to technology, driven by autonomous operations.
#63 Physical Security Watershed Moment: We have reached a juncture in physical security technology that is making most of our past thinking irrelevant.
#64 Access Chaos: For 50 years we have had to live with physical access control systems that were not manageable at any large scale.
#65 AI and Automatiom: Will engineering talent, business savvy and capital investment from outside the physical security industry bring technology startups that transform reactive security to proactive and preventive security operations?
#66 Interoperability: Over the next five years, the single greatest determinant of the extent to which existing security industry companies will thrive or die is interoperability.
#67 AI Model : One key factor affects the accuracy, speed and computational requirements of AI
#68 Interoperability – Part 2: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#69 Interoperability – Part 3: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#70 Operationalizing AI: AI is not a product, but a broad category of software that enables products and systems to do more than ever before possible. How do we put it to good use?
#71 Shallow IT Adoption – Part 1: It’s not just about being IT compliant, it’s also about leveraging IT capabilities to properly serve the needs and wants of today’s technologically savvy customers.
#72 E-waste – an important security system design issue: Now e-waste is an important design issue not just because of growing e-waste regulations, but because educated designers can save enterprise security system customers a lot of money.
#73 LRPoE - Long Reach Power over Ethernet: A dozen factors have improved the business attractiveness of network cameras, making it more desirable to place cameras further from existing IT closets than the 328 foot limitation of standard Ethernet cable.
#74 NIST Declares Physical Access Control Systems are OT: Does it really mean anything that OT has joined the parade of labels (IT, IoT, and then IIoT) variously getting applied to security systems?
#75 Future Ready: Google sees the term "future-ready" trending up across many subject domains. But does that term apply to the physical security industry and its customers?
#76 Data KLiteracy: AI needs data. Thus, the ability of any department or division in an organization (including security) to use AI effectively depends on its ability to effectively obtain and utilize data – including security.
#77 Security Intelligence (upcoming): AI brings two kinds of intelligence to physical security systems – people bring the third.
More to come about every other week.
Cyberspace is the total collection of computerized systems and devices which we interact with through the World Wide Web and its Internet network. Cyberspace was once just a small reflection of the world around us – a few thousand web pages. The public Web was just three years old when my company launched its first website, the 2,319th website in the world at that time. No physical security industry companies had a website yet. Cyberspace then was a very small ideological and commercial influence. Today, its influences are in a practical sense immeasurable, mostly for good but not entirely so.
I’m using four articles to discuss Cyberspace as it relates to physical security threats and their countermeasures. This is the second article; its purpose is to set the Cyberspace perspectives for the next two articles in the series.
Web 1.0 to Web 3.0
The Cyberspace experience started with Web 1.0, the World Wide Web with static web pages for people to consume fixed content. It was mostly free or very affordable, and it was exciting to have so much information so instantly available at home and at work. The Britannica Encyclopedia Online was amazing at that time. Technology advanced to Web 2.0, called the Interactive Web, Social Web, and Collaborative Web and was intended for people to share content. This gave us Wikipedia, Facebook, LinkedIn, YouTube, Twitter and so on. We’re now currently experiencing the emerging Web 3.0 capabilities, also known as the Semantic Web (with information that can be consumed by intelligent machines, not just people), the Enhanced Web (with AI-enabled text and voice chat-bots), the 3D Web (with online games, augmented reality and other 3D graphics capabilities), the Intelligent Web (providing computer-based and computer-aided medical diagnosis, for example), the Ubiquitous Web (meaning that it’s available everywhere anytime thanks to wireless technologies), and the Multi-lingual Web (providing real-time language translation).
The negative security impacts of our currently evolving Web 3.0 technologies include:
- Threat actors use these technologies for attack planning, reconnaissance, execution and escape.
- Threat actors utilize these technologies to defeat or out-perform our less technically capable security measures and incident response actions.
The positive security impacts of the same Web 3.0 technologies include:
- Web 3.0 is powered by data intelligence technologies that ferret out data relationships and contexts at super-human speeds and scales, providing real-time risk analysis and event response capabilities that exceed any of our previous security capabilities.
- Our physical security systems are cyber-physical systems, meaning that they can sense the physical environment we’re protecting as well as its surroundings, and instantaneously react with physical measures that threat actors can’t counter because the physicality involved isn’t portable. Our site security measures don’t have to be portable, and so the threat actors can’t bring effective countermeasures to the field of conflict.
For example, agricultural sites have been highly vulnerable to overrun and physical attacks by political and other terrorists transporting destructive chemical and bio-weapons. Such sites can now use modern technologies to predict, detect, and pre-emptively respond to attacks using automated sound canons, LED strobe lights, irrigation sprinklers and directional EMP weapons and stink bombs to overwhelm physical attackers and disable their communications, vehicles, and mobile electronics while at the same time physically incapacitating the attackers, who can then be safely arrested and transported away. While these are extreme security measures that are not appropriate for most facilities, this example serves to highlight the fact that modern technologies can defeat even highly cyber-enabled attackers.
Cyberspace Modeling and Control
As I mentioned earlier, initially Cyberspace was just a small reflection of the world around us. It started with just a few thousand text web pages. Now it consists of nearly two billion websites with several billion web databases and applications, and tens of billions of active Internet of Things (IoT) touchpoints into the world around us. Many parts of Cyberspace are now managing parts of our physical world.
Each one of us is listened to and visually observed daily by dozens to hundreds of interconnected AI-enabled devices. Cyberspace now contains virtual realities and social communities that have no physical world counterparts, yet which can have substantial real-world impacts at scales previously unimaginable.
Digital twin technology, which refers to a Cyberspace model of key aspects of a physical world device or system, is a very helpful technical support tool. It is, for example, a critical tool used to predict jet engine maintenance needs for jets in flight, so that service personnel and parts can be standing by to service the jet engines instantly upon landing. Cyberspace holds the jet engine models that run simultaneously to the real-world engines. Yet cyberspace models are not limited to just a single “twin” copy.
We’re looking at a very near future where our vehicles talk to each other, to local roadway sensors and to city traffic management devices, all of which can be acted on by an AI-driven traffic management system capable of running thousands of roadway traffic scenarios using parallel traffic models in real time. Whereas Cyberspace was once just a collection of small reflections of our world, it will soon contain many virtual worlds that in total are much larger than our physical world whose built environments will be under Cyberspace control.
The same modeling technologies described above are available through public cloud services to threat actors, who can model an organization’s physical security measures and run hundreds of attack scenarios simultaneously, and even update them in real time during attack execution. Drones with visible light and infrared camera capabilities can track security and emergency responses and update attack models in real time. Colleges and universities are training young people in the use of these technologies. What we think of as very advanced technology, young students are learning to use as part of their routine homework.
Upcoming Cyberspace Considerations
This article series looks closely at the evolution of Cyberspace and its implications for security practitioners and security technologists.
That’s where Parts 3 and 4 of our Cyberspace discussions go in detail, including emerging physical security technologies and the role of artificial intelligence. You will happily take these ideas with you to the ASIS GSX conference in Chicago in September.
Cyber-Physical Systems Special Note: I have put together an outstanding panel of experts whom I’m moderating for a special session at the September ASIS GSX event in Chicago. Here is a short description of that session.
The Flat and the Furious
Session # 6210 on Wednesday, September 11 from 2:15 p.m. to 3:15 p.m.
Global cyber-physical gamers can seriously kick your assets and disappear into thin air! Thomas Friedman’s best-selling book – The World is Flat – doesn’t mention cyber-risk or the Internet of Things. Yet today our super-flattened physical world is cyber-activated with over 23 billion cyber-physical touchpoints. Being furious in the cyber world has levels of energy, violence and intensity of scale and speed that you don’t want to come at your physical world assets. Don’t have your security cameras hijacked and weaponized for cyber-attacks, or your factory machinery or cars going wild. Cyber-physical experts (security, insurance and technology) explain where cyber-physical threats and countermeasures are going and how you can and must cover your assets now.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.
© 2019 RBCS