This is the 37th article in the “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
The Internet has evolved into much more than the information superhighway it was originally conceived to be.
All-in-one RWOB
MAXIMIZE YOUR SECURITY OPERATIONS CAPABILITIES
Upgrade your security operations effectiveness through Security Technology Strategic Planning. Provably get more for your company's security technology investment.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
#51 H.264 - Part 3: Once seen as just a marketing term, ‘smart codecs’ have revolutionized video compression.
#52 Presence Technologies: The proliferation of IoT sensors and devices, plus the current impacts of the COVID-19 pandemic, have elevated the capabilities and the importance of presence technologies.
#53 Anonymization, Encryption and Governance: The exponential advance of information technologies requires an exponential advance in the application of data protection.
#54 Computer Vision: Why a good understanding of the computer vision concept is important for evaluating today’s security video analytics products.
#55 Exponential Technology Advancement: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#56 IoT and IoT Native: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#57 Cloud Native IoT: A continuing look at what it means to have a 'True Cloud' solution and its impact on today’s physical security technologies.
#58 Bluetooth vs. Bluetooth LE: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#59 LPWAN - Low-Power Wide Area Networks: Emerging IoT smart sensor devices and systems are finding high-ROI uses for building security and safety.
#60 Edge Computing and the Evolving Internet: Almost 15 billion personal mobile devices and over 22 billion IoT devices operating daily worldwide have shifted the Internet’s “center of gravity” from its core to its edge – with many implications for enterprise physical security deployments
#61 Attack Surface: (Published as a Convergence Q&A Column article)An attack surface is defined as the total number of all possible entry points for unauthorized access into any system.
#62 Autonomous Compute Infrastructure: We’re on the brink of a radical new approach to technology, driven by autonomous operations.
#63 Physical Security Watershed Moment: We have reached a juncture in physical security technology that is making most of our past thinking irrelevant.
#64 Access Chaos: For 50 years we have had to live with physical access control systems that were not manageable at any large scale.
#65 AI and Automatiom: Will engineering talent, business savvy and capital investment from outside the physical security industry bring technology startups that transform reactive security to proactive and preventive security operations?
#66 Interoperability: Over the next five years, the single greatest determinant of the extent to which existing security industry companies will thrive or die is interoperability.
#67 AI Model : One key factor affects the accuracy, speed and computational requirements of AI
#68 Interoperability – Part 2: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#69 Interoperability – Part 3: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#70 Operationalizing AI: AI is not a product, but a broad category of software that enables products and systems to do more than ever before possible. How do we put it to good use?
#71 Shallow IT Adoption – Part 1: It’s not just about being IT compliant, it’s also about leveraging IT capabilities to properly serve the needs and wants of today’s technologically savvy customers.
#72 E-waste – an important security system design issue: Now e-waste is an important design issue not just because of growing e-waste regulations, but because educated designers can save enterprise security system customers a lot of money.
#73 LRPoE - Long Reach Power over Ethernet: A dozen factors have improved the business attractiveness of network cameras, making it more desirable to place cameras further from existing IT closets than the 328 foot limitation of standard Ethernet cable.
#74 NIST Declares Physical Access Control Systems are OT: Does it really mean anything that OT has joined the parade of labels (IT, IoT, and then IIoT) variously getting applied to security systems?
#75 Future Ready: Google sees the term "future-ready" trending up across many subject domains. But does that term apply to the physical security industry and its customers?
#76 Data KLiteracy: AI needs data. Thus, the ability of any department or division in an organization (including security) to use AI effectively depends on its ability to effectively obtain and utilize data – including security.
#77 Security Intelligence (upcoming): AI brings two kinds of intelligence to physical security systems – people bring the third.
More to come about every other week.
The World Wide Web was introduced to the general public in August of 1991, and a year later there were 130 websites. In 1994 there were 2,738; in 1995, 23,500 websites; and by 1996 over 100,000. By 2008 there were over 162 million, and now at the start of 2019 there are over 1.8 billion websites. However, many of those are just “parked” website domains, no longer updated but kept online for historical purposes or held as future investments, like empty real estate lots that speculators have bought, hoping someone will want to buy the website domain name from them.
Netcraft estimates that there are 172 million active sites (those that get regular changes). Less then one million of those sites account for 50% of web traffic. See the interactive Internet Map is an interactive 2011 snapshot of 350,000 websites that lets you zoom in and out to see the relative sizes of the largest websites. Figure 1 below is a screenshot of one view of it.
Figure 1. The interactive Internet map.
Now, however, the Internet has evolved substantially beyond the Cyberspace concept, and includes connected people and things. By connected people, I don’t just mean smartphone users. For example, there are several approved body-worn technologies for measuring blood glucose level – you may have seen one advertised on TV. These monitor blood sugar levels and send the data to a smartphone or other receiver. Such devices provide a continuous connection that is unrelated to social media or “going online” activity.
Automakers have been considering how and to what extent to enable autonomous “conversations” between vehicles on behalf of their owners, as well as for the sake of traffic safety and optimizing roadway usage. Safety of people and things is a big issue, and this is part of what drives device and people connectivity in many industries.
Where once there was a clear distinction between Cyberspace and our physical world, today much of our physical world and the people in it are controlled and influenced by what happens in and via Cyberspace. Cyberspace isn’t just a cyber thing anymore. We need a new name for it.
The Internet+
Internationally renowned security technologist Bruce Schneier has coined the term “Internet+” in his recently released book, Click Here to Kill Everybody. This is not to be confused with the Chinese government’s initiative launched in 2015 called Internet Plus (Chinese: 互联网+). That’s a separate subject and outside the scope of this article.
In a September 2018 interview with MIT Review, Schneier said, “I hated having to create another buzzword, because there are already too many of them. But the internet of things is too narrow. It refers to the connected appliances, thermostats, and other gadgets. That’s just a part of what we’re talking about here. It’s really the internet of things plus the computers plus the services plus the large databases being built plus the internet companies plus us. I just shortened all this to ‘Internet+’.”
Schneier further explained, “We’re already intimately tied to devices like our phones, which we look at many times a day, and search engines, which are kind of like our online brains. Our power system, our transportation network, our communications systems, are all on the internet. If it goes down, to a very real extent society grinds to a halt, because we’re so dependent on it at every level. Computers aren’t yet widely embedded in our bodies, but they’re deeply embedded in our lives.”
The key word in Schneier’s last sentence is “yet”.
Cybersecurity for Built Environments
Even more relevant to the physical security industry are the smart cities and smart buildings initiatives, which dramatically improve these built environments but also introduce levels of risk on a scale that we’ve never seen before. Think of what could happen in any smart city, where outdoor video cameras are used as sensors in the roadway traffic management system. What if a hacker halted traffic for just 15 minutes, buy turning all traffic lights red? Are the traffic management systems designed to recover from such a scenario? That’s doubtful. What would be the impact on police and emergency medical services? And although this scenario’s impact would itself be catastrophic, there are much worse scenarios to consider.
IoT devices and systems are not designed or deployed to the level of security that’s really required. There are no security standards or reference designs established. Vivotek, for example, has cameras and NVRs that ship with TrendMicro’s IoT security software installed. This is an excellent step for device security but is by no means the only thing needed. The physical security industry overall still has a long way to go. Twenty years after putting physical access and video systems onto networks, only a couple dozen companies provide product hardening guides or cybersecurity guidance.
Understanding Our Roles and Responsibilities in the Security Industry
Two books are required reading for manufacturers and service providers in physical security. The first I have already mentioned, Click Here to Kill Everybody. The second is another Schneier book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World. Chapter 16 is titled, “Negotiating for Security.” That chapter alone is worth the price of the book. Chapter 3 is titled, “Security Trade-offs Depend on Power and Agenda.” I give Schneier a lot of credit for being brave enough and astute enough to write in a helpful way about a dimension of security—organizational politics—that all security practitioners experience, but few talk about.
Here is the first paragraph in Chapter 3: “Most security decisions are complicated, involving multiple players with their own subjective assessments of security. Moreover, each of these players also has his own agenda, often having nothing to do with security, and some amount of power in relation to the other players. In analyzing any security situation, we need to assess these agendas and power relationships. The question isn’t which system provides the optimal security trade-offs—rather, it’s which system provides the optimal security trade-offs for which players.” Wait until you see what the rest of the chapter says.
I periodically re-read both books, as a period reading always brings new insights and actionable ideas. Amazon provides Kindle Book versions for both.
These days there is a lot of discussion within the physical security industry about cybersecurity for devices and systems, but much less discussion about our roles and responsibilities relating to cybersecurity. This is a topic of discussion within the ASIS Information Technology Security Council, and I expect you’ll see council educational materials along that line both in upcoming documents and in educational sessions at ASIS GSX 2019. In the meantime, read these two books and put your self in a better position to do something about our industry’s situation.
The Cyber-Physical World
The physical world we live in is now a cyber-physical world. And there is no going back. This is a subject that I’ll be writing much more about soon. As that material is published, I’ll come back to this article to provide links to insightful perspectives on the risks related to cyber-physical systems and Industrial IoT – the technologies that are cyber-activating the physical world we live in.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.
© 2019 RBCS. All Rights Reserved.