Cybersecurity critical in the age of IP-based access control

Like video, access control has transitioned from a mostly proprietary technology to an increasingly open, networkable solution on the Internet. However, this has also brought new challenges for vendors and users. In particular, making sure that access control is secure enough to ward off cyber threats has become critical.
 
That was the point raised by Axis Communications in a recent blog post.
 
Axis, of course, introduced the world’s first network camera in 1996, after which a migration to IP-based video surveillance became the norm. In a similar vein, access control is also seeing this transition. “The rapid evolution of access control technology, specifically its shift from a closed, proprietary system to an open, IP-based architecture,” the post said. “Access control technology can connect to other devices on a network and interact to easily form useful solutions. Perhaps that is why it has become the fastest growing physical security technology in recent years.”
 
Benefits of IP-based access control are manifold, one of which is ensuring better security at the end user organization. “Closely integrating an access control solution with video surveillance technology can help verify that the person trying to access your facility is in fact the person on the ID card. Beyond physical security, inter-operation with other systems such as HR software can help organizations detect potential intruders by identifying that the credentials of an employee currently on annual leave are being used to attempt entry,” the post said.
 

Ensuring cybersecurity

 
However, moving access control to the network has its share of challenges, the biggest of which is cybersecurity. “The problem with adding any technology to an IT network is that it can offer hackers or other threats a backdoor access point to a company’s confidential data, if not deployed correctly. That is why, as IoT technologies have become more commonly used, cybersecurity has become a boardroom issue,” the post said. “So much so that a firm’s future could depend on its ability to protect personally identifiable information (PII) that is generated and stored within the database of an access control device and system. With the General Data Protection Regulation (GDPR) on the horizon, ensuring security policies are up to date has become a top priority.”
 
In a previous article submitted to asmag.com, Genetec offered some tips on how the integrator can help enhance the security of their clients’ access control. They are summarized as follows:
 

• OSDP Secure Protocol - By tapping the wiring between the reader and controller, information can be captured, recorded and used to initiate a fake authorized entry. Swapping out older devices for newer ones which support Open Supervised Device Protocol (OSDP) Secure Channel provide end-to-end encryption and the highest level of protection from reader to controllers.

 

• SmartCard Technologies – For the most secure applications, integrators should propose proven 13.56 MHz Smartcard technology based on iCLASS SEOS or MIFARE DESFire EV1 platform from HID Global. The data transmitted between card and reader is encrypted, and that encryption obscures any sensitive data, making it difficult to steal.

 

• Hardened Access Control Software – Choosing access control software with built-in cybersecurity mechanisms can offer additional lines of defense. These should include encryption, multi-layer authentication and authorization.

 
Meanwhile, the Axis post stressed that cybersecurity is not just a vendor-driven effort; it’s a process that all stakeholders should get involved in. “The cybersecurity element of a modern business is a process and extends far beyond a product-led approach. True security requires collaboration between user and manufacturer – no device, despite being secure by default, will remain so with default passwords unchanged, for example,” it said.