This is the 37th article in the “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
The Internet has evolved into much more than the information superhighway it was originally conceived to be.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Bi-Weekly Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#30 Future-Proof: What does Future-Proof mean in an era of managed services, continuous delivery, and ever-accelerating technology advancement?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
More to come about every other week.
The World Wide Web was introduced to the general public in August of 1991, and a year later there were 130 websites. In 1994 there were 2,738; in 1995, 23,500 websites; and by 1996 over 100,000. By 2008 there were over 162 million, and now at the start of 2019 there are over 1.8 billion websites. However, many of those are just “parked” website domains, no longer updated but kept online for historical purposes or held as future investments, like empty real estate lots that speculators have bought, hoping someone will want to buy the website domain name from them.
Netcraft estimates that there are 172 million active sites (those that get regular changes). Less then one million of those sites account for 50% of web traffic. See the interactive Internet Map is an interactive 2011 snapshot of 350,000 websites that lets you zoom in and out to see the relative sizes of the largest websites. Figure 1 below is a screenshot of one view of it.
Now, however, the Internet has evolved substantially beyond the Cyberspace concept, and includes connected people and things. By connected people, I don’t just mean smartphone users. For example, there are several approved body-worn technologies for measuring blood glucose level – you may have seen one advertised on TV. These monitor blood sugar levels and send the data to a smartphone or other receiver. Such devices provide a continuous connection that is unrelated to social media or “going online” activity.
Automakers have been considering how and to what extent to enable autonomous “conversations” between vehicles on behalf of their owners, as well as for the sake of traffic safety and optimizing roadway usage. Safety of people and things is a big issue, and this is part of what drives device and people connectivity in many industries.
Where once there was a clear distinction between Cyberspace and our physical world, today much of our physical world and the people in it are controlled and influenced by what happens in and via Cyberspace. Cyberspace isn’t just a cyber thing anymore. We need a new name for it.
Internationally renowned security technologist Bruce Schneier has coined the term “Internet+” in his recently released book, Click Here to Kill Everybody. This is not to be confused with the Chinese government’s initiative launched in 2015 called Internet Plus (Chinese: 互联网+). That’s a separate subject and outside the scope of this article.
In a September 2018 interview with MIT Review, Schneier said, “I hated having to create another buzzword, because there are already too many of them. But the internet of things is too narrow. It refers to the connected appliances, thermostats, and other gadgets. That’s just a part of what we’re talking about here. It’s really the internet of things plus the computers plus the services plus the large databases being built plus the internet companies plus us. I just shortened all this to ‘Internet+’.”
Schneier further explained, “We’re already intimately tied to devices like our phones, which we look at many times a day, and search engines, which are kind of like our online brains. Our power system, our transportation network, our communications systems, are all on the internet. If it goes down, to a very real extent society grinds to a halt, because we’re so dependent on it at every level. Computers aren’t yet widely embedded in our bodies, but they’re deeply embedded in our lives.”
The key word in Schneier’s last sentence is “yet”.
Cybersecurity for Built Environments
Even more relevant to the physical security industry are the smart cities and smart buildings initiatives, which dramatically improve these built environments but also introduce levels of risk on a scale that we’ve never seen before. Think of what could happen in any smart city, where outdoor video cameras are used as sensors in the roadway traffic management system. What if a hacker halted traffic for just 15 minutes, buy turning all traffic lights red? Are the traffic management systems designed to recover from such a scenario? That’s doubtful. What would be the impact on police and emergency medical services? And although this scenario’s impact would itself be catastrophic, there are much worse scenarios to consider.
IoT devices and systems are not designed or deployed to the level of security that’s really required. There are no security standards or reference designs established. Vivotek, for example, has cameras and NVRs that ship with TrendMicro’s IoT security software installed. This is an excellent step for device security but is by no means the only thing needed. The physical security industry overall still has a long way to go. Twenty years after putting physical access and video systems onto networks, only a couple dozen companies provide product hardening guides or cybersecurity guidance.
Understanding Our Roles and Responsibilities in the Security Industry
Two books are required reading for manufacturers and service providers in physical security. The first I have already mentioned, Click Here to Kill Everybody. The second is another Schneier book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World. Chapter 16 is titled, “Negotiating for Security.” That chapter alone is worth the price of the book. Chapter 3 is titled, “Security Trade-offs Depend on Power and Agenda.” I give Schneier a lot of credit for being brave enough and astute enough to write in a helpful way about a dimension of security—organizational politics—that all security practitioners experience, but few talk about.
Here is the first paragraph in Chapter 3: “Most security decisions are complicated, involving multiple players with their own subjective assessments of security. Moreover, each of these players also has his own agenda, often having nothing to do with security, and some amount of power in relation to the other players. In analyzing any security situation, we need to assess these agendas and power relationships. The question isn’t which system provides the optimal security trade-offs—rather, it’s which system provides the optimal security trade-offs for which players.” Wait until you see what the rest of the chapter says.
I periodically re-read both books, as a period reading always brings new insights and actionable ideas. Amazon provides Kindle Book versions for both.
These days there is a lot of discussion within the physical security industry about cybersecurity for devices and systems, but much less discussion about our roles and responsibilities relating to cybersecurity. This is a topic of discussion within the ASIS Information Technology Security Council, and I expect you’ll see council educational materials along that line both in upcoming documents and in educational sessions at ASIS GSX 2019. In the meantime, read these two books and put your self in a better position to do something about our industry’s situation.
The Cyber-Physical World
The physical world we live in is now a cyber-physical world. And there is no going back. This is a subject that I’ll be writing much more about soon. As that material is published, I’ll come back to this article to provide links to insightful perspectives on the risks related to cyber-physical systems and Industrial IoT – the technologies that are cyber-activating the physical world we live in.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.
© 2019 RBCS. All Rights Reserved.