Physical security and data privacy used to co-exist in parallel. But now physical security has evolved away from analogue technologies, towards modern digital infrastructure. At the same time, governments and citizens have become increasingly concerned about privacy implications.
Governments at every level and private organisations in Australia have been deploying different tools to improve public safety and security. There are about a million security cameras operating in Australia. At large venues such as airports and stadiums, where the movement of people needs to be managed, camera footage can be quickly analysed with video analytics so security teams can help with ingress and egress from venues. During the pandemic, QR codes were used to assist with contact tracing to detect new outbreaks and warn people that were at risk of infection.
While there are overwhelming benefits from the use of digital technology for physical security and safety, there must also be a strong focus on cybersecurity and privacy. A jeopardised physical security system can lead to significant invasions of privacy. It is possible physical security system compromise can lead to unlawful network access and data breaches resulting in identity theft or privacy violations. Physical security systems must be built with cybersecurity in mind. That means consideration about the entire supply chain and how systems are developed, accessed, operated, and managed.
Physical Security In the Supply Chain
Any device connected to a physical security system is a potential point of entry with security cameras representing a significant attack surface of any physical security system. But many other types of devices ranging from motion sensors to door locks are also part of the physical security infrastructure, connected to the network, and posing a potential threat if not properly managed.
This means a compromised physical security device can expose a whole organisation’s network. It is therefore critical that all physical security devices are acquired and installed by reputable vendors that can deploy and manage devices in a cybersecure manner to limit introducing cybersecurity vulnerabilities that could be exploited by bad actors.
Physical Security Platforms Should Have Cybersecurity At The Foundation
Physical security systems were, at one time, isolated from other systems. Camera networks were analogue on their own physical infrastructure with footage directly ingested into recording equipment. When footage was viewed, it happened through a bespoke interface. Today, those same systems operate over IP (Internet Protocol) and run as part of an organisation’s main network.
It is now imperative that the physical security platform that collects and enables access to physical security data is secured at every level. This must include strong encryption for data that is in transit and at rest, strong authentication to ensure only authorised users have access to the physical system and the information stored within it. Appropriate system and network set up to ensure it cannot be compromised allowing a threat actor to gain wider access into the network.
When systems are secured appropriately, data privacy is maintained.
Physical Security Is Evolving
The confidentiality, integrity and availability of data is critically important for ensuring the highest levels of physical security. While those two domains may have been managed by two completely different teams, they should be seen as part of an integrated whole.
Physical security systems have shifted from analogue to digital. Organisations must employ tools and techniques to secure the systems that underpin the security of their physical environments. The physical security team can no longer work in isolation from the IT and cybersecurity team.
The increased focus on privacy has put data protection front and centre on the agendas of everyone from private citizens walking past security cameras to board room executives. Effective data privacy comes when every element in an organisation’s security infrastructure is sourced from trusted manufacturers and suppliers, secured with the best possible encryption and authentication tools, and managed by a well-resourced team that understands the risks.
With a security camera for every 25 Australians, citizen privacy must be at the core of physical security systems to ensure that identifiable data is not released to unauthorised security personnel. This means identifiable data, such as license plates, faces and other information must be obfuscated or redacted to ensure it is not compromised and only made available to authorised personnel.
It is no longer reasonable to deploy physical security systems that do not have a strong cybersecurity foundation. A holistic approach to physical security is essential for protecting confidential information.