What Information Should We Trust?
In business meetings recently, the issue of data encryption arose and it jolted me back to reality. Most physical security professionals seem to think Information Security (InfoSec) – IS ONLY – IP Security (IPSec). Everyone wants to discuss data security issues related to IP Infrastructure. That is the MORE secure data infrastructure associated with Physical Protection Systems today and needs only minor attention.
In Wiegand We Trust?
Too many professionals today think only in terms of secure data transmission from the controller to the server, but the greatest vulnerability is actually from the reader to the controller! Two copper conductors (+ground) carry bit format identity data (Wiegand) from the reader to the controller in what must be over 90% of the installed private sector systems currently installed. When I explain this to security engineers, they look at me like I am from another galaxy, far, far away (are the Star Wars references getting old?)… but then for some it dawns on them… and I get the question: what are my options?
Encrypted IP Data from the Card Reader?
Several companies already have products offering IP Data solutions, but the breadth of the available product is limited. As a result, all the major security software developers are moving toward an encrypted serial data protocol that I have mentioned on this blog before: Open Supervised Device Protocol (OSDP). It definitely has its advantages over Wiegand… but I must ask, what the heck is the industry doing?
Encrypted Serial Data Preferred Over Encrypted IP?
Do we in the security industry truly believe we are doing the end-user community a service by introducing a decades old technology that will need to be replaced in 5-10 years? Yes, I understand the idea of isolating data AWAY from the vulnerabilities of the LAN/WAN infrastructure, but do we really believe system specific serial networks will be the future of security systems?
Information & Data Security FINALLY Addressed in Physical Security
OK, I am very happy to see Physical Security equipment manufacturers finally understanding the horror seen in an I.T. Director’s eyes when they are first told your IP Controllers will be installed on THEIR network. None of us can afford to be disengaged from this discussion. Card Access and Intrusion design must express as much concern for data security, as physical deterrence features. OSDP is being introduced to address this concern.
SMART Technology Investment
Security Directors consider this topic carefully, especially those of you collaborating with I.T. Directors… If we all agree that data vulnerabilities should be addressed and funding has been allocated to mitigate the risk, shouldn’t you be investing in the latest technologies? IP Data via LAN/WAN Infrastructure CAN be secure, if it is designed properly. If your technology partners do not offer solutions that can provide this, apply pressure for them to develop it. IP-Based Technology AND Solutions have been available for years now.
This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be his personal professional blog. The content reflects personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect personal viewpoints/ideas and do not in any way represent the position of any other person, organization or company.