Access Controllers

Surveillance systems can track the locations of cellphone users and spy on their calls, texts and data streams. The Washington Post has reported on such systems that are being turned against travelers around the world, according to security experts and U.S. officials. The summer season highlights the need to take extra precautions when traveling. When traveling anywhere in the world, for business or pleasure, citizens need to be aware of and alert to looming physical and cybersecurity threats. To elaborate on expert security tips, strategies and advice for traveling this summer, we presented several questions to The Chertoff Group, a global security advisory firm that enables clients to navigate changes in security risk, technology and policy. Chris Duvall, Senior Director at The Chertoff Group, offers insights into cybersecurity concerns, physical security precautions, and recommends digital resources/apps for consumers while traveling. Q: How are security risks – physical and digital – changing? Why are threats greater today than five years ago? The exponential number of headlines over the past few years is a strong indication that both physical and digital risks are evolving and increasing Duvall: The exponential number of headlines over the past few years is a strong indication that both physical and digital risks are evolving and increasing. The scope, severity and complexity of physical and cyber risks are increasing and becoming more dangerous and destructive. This is especially true for those traveling outside the U.S. On the physical side, threat actors are actively seeking “soft targets” – public events, social settings, mass audience venues, etc. – to communicate their message, sow chaos and inflict catastrophic harm. On the digital or cyber side, we have seen a shift from “thrill hacking,” to an increase of “hacking as a business” (through credential compromise and ransomware), to an increase in “hacking for harm” - with the rise of “nuke ware” and ransomware without a clear financial motivation. Q. What specific precautions should a traveler take to protect their calls, texts and data streams from being spied on? Duvall: When traveling abroad, we recommend to our clients that their personnel and executives should practice good internet and social media hygiene. Some best practices include: Avoid using public Wi-Fi services—unless you use private VPN service for encryption Increase the privacy setting on your technical devices Disable location identifiers on apps Create a new (unlinked) email for internet correspondence Consider purchasing international MyFi devices to decrease the risk of getting your personal identification information (PII) or protected healthcare information (PHI) stolen  Use temporary (i.e. burner) phones to protect your data and your contacts Q. What cybersecurity concerns are likely to impact travelers? Are the threats greater outside the United States or in any specific parts of the world? Significant precautions should be taken to protect personal electronic devices (PEDs) and the data connected to PEDs Duvall: The international cybersecurity landscape has grown increasingly dynamic, with threats posed by government authorities (in some countries), terrorists, insurgents, and criminals, requiring travelers to be proactive and vigilant. U.S. citizens, particularly executives of U.S.-based technology companies, must be aware that they are considered high-value targets for nation-state intelligence services and criminally-motivated bad actors. Many countries will go to great lengths and expense to acquire and exploit proprietary information from U.S.-based companies, and views U.S. executives visiting the country as “soft” targets of opportunity. As such, significant precautions should be taken to protect personal electronic devices (PEDs) and the data connected to PEDs. The tactics, techniques and procedures (TTPs) utilized by bad actors are often covert and nearly undetectable by the affected person. Threat actors routinely access, monitor and utilize Wi-Fi networks at hotels and in public spaces to compromise target devices. Other targeting methods include luggage searches, extensive questioning, and unnecessary inspection and downloading of information from personal electronic devices. There are numerous, high-risk countries for which the U.S. Government warns travelers to be wary of mobile malware, mobile device privacy attacks and hot spots for mobile botnets. The U.S. Department of State has the most recent and up-to-date list. For example, the U.S. Government has investigated numerous incidents in which U.S. travelers’ PEDs (personal and company devices) have been compromised by Russian authorities while transiting Russian airports, left unattended in public spaces and in travelers’ hotel rooms. When traveling to an unfamiliar place, research your destination to understand the local roads and transportation, geography, local roads, culture, etiquette and laws Q: What physical security precautions should a traveler take? Duvall: Here are some useful precautions: When traveling to an unfamiliar place, research your destination to understand the local roads and transportation, geography, local roads, culture, etiquette and laws. Protect your personal information and travel itinerary as much as possible. Limit the amount of jewelry worn, cash, credit cards and electronic devices carried while traveling. Avoid staying on the ground floor of a hotel. Consider choosing a room on the 2nd through 7th floors as these rooms may be more difficult to break into than those on the ground level, but still able to be accessed by fire/emergency response equipment. Never answer your hotel room door for anyone until you’ve determined who they are, why they are at your door, and if it is necessary for you to open the door to interact with them. Carry a rubber door stop/wedge with you to install on the room side of the door before you go to bed. Vary your patterns and routines when venturing out in to a new location, do not become predictable. Politely decline offers of food or drink from strangers (If you do accept beverages, ensure that they are in sealed containers and that there is no evidence of tampering). Never discuss your itinerary, personal, business or other sensitive information where others can hear you. Q: How can companies be proactive in protecting their business travelers? Companies should educate their employees on the importance of maintaining good internet hygiene while traveling abroad Duvall: When traveling on business, companies should provide their employees with clean computers and cell phones before departure. Upon return, the company should immediately wipe the computer clean to prevent any malicious threats from penetrating the company’s internal, cyber-infrastructure. Additionally, companies should educate their employees on the importance of maintaining good internet hygiene and recommend their employees disconnect from social media platforms while traveling abroad. Some general tips to recommend to your employees when traveling abroad include: Register in the Smart Traveler Enrollment Program (https://step.state.gov/step/) Visit Travel.State.Gov to view travel related information specific to the country or countries you’re visiting, including local US Embassy or Consulate contact information, as well as current travel advisories and alerts. Always leave a copy of your transportation and hotel itinerary and driver’s license (or passport if traveling internationally) with a family member or trusted friend. Always use a baggage tag with a protective cover Avoid using public Wi-Fi services Q: What digital resources and/or apps might a traveler benefit from (and how)? Duvall: The Chertoff Group recommends researching the below travel-related Apps before departing on a trip: TravWell: This app provides destination-specific vaccine recommendations, a checklist of what you need to do to prepare for travel, and a customizable healthy travel packing list. The app can store travel documents, keep records of medications and immunizations, and set reminders to get vaccine booster doses or take medicines. My TSA: This app provides real-time updates on airport delays. It includes how long security lines are at various airports; information about what you can and cannot bring onto an airplane; and a frequently-asked question list, including new advanced imaging technology. Border Wait Time: The app provides estimated wait times and open-lane status at land ports of entry, which may be particularly helpful when in an area with multiple crossings. Mobile Pass: The Mobile Passport app speeds you through U.S. Customs and Border Protection at (1) cruise port and (24) airports Q: As a security expert, what’s your best advice for travelers? Duvall: At the end of the day, travel security is not rocket science. Simply put, travelers need to: Be aware and situationally alert at all times. Be aware and situationally alert to the location of your luggage and carry-ons at all times. Don’t access unknown, unsecured or public Wi-Fi if at all possible. Turn off “auto connect” features and institute stringent privacy controls as much as possible. Try to “blend in” – you don’t have to try to look like a local but travelers should avoid gaudy and expensive attire wherever possible. Use your common sense – if an offer, invitation or opportunity seems to good to be true... it probably is.

For the past several years, there has been a focus by integrators and customers to assure that their card-based access control systems are secure. To give businesses an extra incentive to meet their cybersecurity threats, the Federal Trade Commission (FTC) has decided to hold the business community responsible for failing to implement good cybersecurity practices and is now filing lawsuits against those that don't. For instance, the FTC filed a lawsuit against D-Link and its U.S. subsidiary, alleging that it used inadequate safeguards on its wireless routers and IP cameras that left them vulnerable to hackers.Many companies perceive that they are safer with a card but, if done correctly, the mobile can be a far more secure option  Now, as companies are learning how to protect card-based systems, such as their access control solutions, along comes mobile access credentials and their readers which use smart phones instead of cards as the vehicle for carrying identification information. Many companies perceive that they are safer with a card but, if done correctly, the mobile can be a far more secure option with many more features to be leveraged. Handsets deliver biometric capture and comparison as well as an array of communication capabilities from cellular and Wi-Fi to Bluetooth LE and NFC. As far as security goes, the soft credential, by definition, is already a multi-factor solution. Types Of Access Control Authentication Access control authenticates you by following three things:  Recognises something you have (RFID tag/card/key), Recognises something you know (PIN) or Recognises something you are (biometrics). Your smart phone has all three authentication parameters. This soft credential, by definition, is already a multi-factor solution. Your mobile credentials remain protected behind a smart phone's security parameters, such as biometrics and PINs. Organizations want to use smart phones in their upcoming access control implementations Once a biometric, PIN or password is entered to access the phone, the user automatically has set up 2-factor access control verification - what you know and what you have or what you have and a second form of what you have.                 To emphasize, one cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work. The credential operates just like any other app on the phone. The phone must be “on and unlocked.” These two factors – availability and built-in multi-factor verification – are why organizations want to use smart phones in their upcoming access control implementations. Smart Phone Access Control Is Secure Plus, once a mobile credential is installed on a smart phone, it cannot be re-installed on another smart phone. You can think of a soft credential as being securely linked to a specific smart phone. Similar to a card, if a smart phone is lost, damaged or stolen, the process should be the same as with a traditional physical access credential. It should be immediately deactivated in the access control management software - with a new credential issued as a replacement. Your mobile credentials remain protected behind a smart phone's security parameters, such as biometrics and PINs Leading readers additionally use AES encryption when transferring data. Since the Certified Common Criteria EAS5+ Computer Interface Standard provides increased hardware cybersecurity, these readers resist skimming, eavesdropping and replay attacks.            When the new mobile system leverages the Security Industry Association's (SIA) Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fostering interoperability among security devices. Likewise, new soft systems do not require the disclosure of any sensitive end-user personal data. All that should be needed to activate newer systems is simply the phone number of the smart phone.All that should be needed to activate newer systems is simply the phone number of the smart phone Bluetooth And NFC The Safer Options Bottom line - both Bluetooth and NFC credentials are safer than hard credentials. Read range difference yields a very practical result from a security aspect. First of all, when it comes to cybersecurity, there are advantages to a closer read range. NFC eliminates any chances of having the smart phone unknowingly getting read such as can happen with a longer read range. There are also those applications where multiple access readers are installed very near to one-another due to many doors being close. One reader could open multiple doors simultaneously. The shorter read range or tap of an NFC enabled device would stop such problems. However, with this said in defense of NFC, it must also be understood that Bluetooth-enabled readers can provide various read ranges, including those of no longer than a tap as well. One needs to understand that there are also advantages to a longer reader range capability. Since NFC readers have such a short and limited read range, they must be mounted on the unsecure side of the door and encounter all the problems such exposure can breed. Conversely, Bluetooth readers mount on the secure sides of doors and can be kept protected out of sight. Aging Systems Could Cause Problems Research shows that Bluetooth enabled smart phones are continuing to expand in use to the point where those not having them are already the exceptions With that said, be aware. Some older Bluetooth-enabled systems force the user to register themselves and their integrators for every application. Door access – register. Parking access – register again. Data access – register again, etc. Newer solutions provide an easier way to distribute credentials with features that allow the user to register only once and need no other portal accounts or activation features. By removing these additional information disclosures, vendors have eliminated privacy concerns that have been slowing down acceptance of mobile access systems. In addition, you don’t want hackers listening to your Bluetooth transmissions, replaying them and getting into your building, so make very sure that the system is immunised against such replays. That’s simple to do. Your manufacturer will show you which system will be best for each application. Research shows that Bluetooth enabled smart phones are continuing to expand in use to the point where those not having them are already the exceptions. They are unquestionably going to be a major component in physical and logical access control. Gartner suggests that, by 2020, 20 percent of organizations will use mobile credentials for physical access in place of traditional ID cards. Let’s rephrase that last sentence. In less than 18 months, one-fifth of all organizations will use the smart phone as the focal point of their electronic access control systems. Not proximity. Not smart cards. Phones!

The Internet of Things (IoT) is having a significant and ever-changing impact on the way we view video security. Today, cameras are expected to be so much more than devices with which to simply capture images; they need to be far smarter than that. These future-facing cameras are becoming an integral part of the vast digital connectivity infrastructure, delivering a parallel performance as intelligent sensors with the ability to extract the kind of invaluable data that helps businesses make improvements in the area of video security, and beyond. However, as the list of possibilities grows, so too does the risk of unauthorized access by cybercriminals. We should all be aware that a single weak link in a communications infrastructure can give hackers access to sensitive data. That’s the bad news. Safeguarding Data And Utilizing Deep Learning The good news is cybercrime can be avoided by employing a data security system that’s completely effective from end-to-end. One technological advancement that the trend-spotters are predicting will become part of the video security vocabulary is ‘deep learning’ Once this level of safeguarding is in place you can begin to confidently explore the technologies and trends happening now, and those on the horizon. So, what will be having an influence on surveillance in 2018? Well, according to IHS Markit, one technological advancement that the trend-spotters are predicting will become part of the video security vocabulary is ‘deep learning’, which uses algorithms to produce multiple layers of information from the same piece of data, therefore emulating the way the human brain absorbs innumerable details every second. In Europe, GDPR compliance will also be a big talking point as new principles for video surveillance data collection, use limitation, security safeguards, individual participation and accountability are introduced. And, as the popularity – and misuse – of drones continues to rise, the recent developments in drone detection technology will be particularly welcomed by those whose primary concern relates to large areas, such as airport perimeter security. The Future Of 'Smart' Video Analytics An important feature of today’s intelligent cameras is the ability to provide smart video analytics. The Bosch ‘i’ series, for example, offers a choice of formats – Essential Video Analytics and Intelligent Video Analytics. Essential Video Analytics is geared toward regular applications such as small and medium businesses looking to support business intelligence (e.g. inter-network data transfer), large retail stores and commercial buildings for advanced intrusion detection, enforcing health and safety regulations (no-parking zones or detecting blocked emergency exits) and analyzing consumer behavior. The camera-based, real-time processing can also be used to detect discarded objects, issue loitering alarms and detect people or objects entering a pre-defined field. Intelligent Video Analytics provides additional capabilities. It is designed for demanding environments and mission-critical applications, such as the perimeter protection of airports, critical infrastructures and government buildings, border patrol, ship-tracking and traffic-monitoring (e.g. wrong-way detection, traffic-counts and monitoring roadsides for parked cars: all vital video security solutions). An important feature of today’s intelligent cameras is the ability to provide smart video analytics Intelligent Video Analytics can also differentiate between genuine security events and known false triggers, such as challenging environments created by snow, wind (moving trees), rain, hail, and water reflections. For more expansive areas, like an airport perimeter fence, the system has the range and capability to provide analysis over large distances. And, if a moving camera is employed, it is also possible to capture data on objects in transit when used in conjunction with the Intelligent Tracking feature. For roadside use, Intelligent Video Analytics systems, such as the Bosch MIC IP range, are resistant to vibrations and can still operate in extreme weather conditions, continuing to detect objects in heavy rain or snow.  Evolving Cameras Past Surveillance It’s becoming ever clearer that the IoT is transforming the security camera from a device that simply captures images, into an intelligent sensor that plays an integral role in gathering the kind of vital business data that can be used to improve commercial operations in areas beyond security. For example, cities are transitioning into smart cities. The capabilities of an intelligent camera extend to the interaction and sharing of information with other devices (only those you have appointed) With intelligent video security cameras at the core of an urban infrastructure smart data can be collected to optimize energy consumption via smart city lighting that responds to crowd detection and movement. Cameras can also be used to improve public transport by monitoring punctuality and traffic flow based on queue lengths, with the ability to control traffic lights an option should a situation require it. As the urban sprawl continues and this infrastructure grows, the need for more knowledge of its use becomes more essential, necessitating the monitoring technology developed for use by human operators to evolve into smart sensing technology, that no longer just provides video feeds, but also uses intelligent analytics and sophisticated support systems. These systems filter out irrelevant sensor data and present only meaningful events, complete with all relevant contextual data to operators to aid their decision-making. Expanding The Video Security Camera Network Today, video analytics technology has tangible benefits for human operator surveillance, and delivers KPIs that are highly relevant to transport operators, planners and city authorities. As an existing infrastructure, a video security camera network can be improved and expanded by installing additional applications rather than replaced. From a business perspective, that means greater value from a limited investment. Thereafter, the capabilities of an intelligent camera extend to the interaction and sharing of information with other devices (only those you have appointed), image and data interpretation, and the ability to perform a variety of tasks independently to optimize both your safety and business requirements. The fact is, cameras see more than sensors. Sounds obvious, but a conventional sensor will only trigger an alarm when movement is detected, whereas a camera can also provide the associated image and information like object direction, size, color, speed or type, and use time stamps to provide historical information regarding a specific location or event. Based on this evidence, the video security camera of today is more than ready for the challenges of tomorrow.