Cybersecurity, Facility Security, Policies and Training

Improving the Cybersecurity of Physical Security

Editor’s note: This checklist is a broader companion piece to a previous article, “How Government Organizations Can Protect Their Physical Security Systems from Cyber Risk.

In many organizations, there has been a long-held perspective that IT and physical security are separate realms and their work and concerns do not intersect. However, in light of the growing cyber risk that physical security technologies can present, there is an increasing need for the two to become more connected.

To address these challenges, IT and physical security teams are now collaborating to develop comprehensive security programs based on a common understanding of risk, responsibilities, strategies, and practices.

A holistic view of security threats across the organization leads to improved information sharing and preparation for threat response. Unified policies and shared practices give the organization greater flexibility and resilience for security management.

By understanding how physical and cyber domains are closely tied, organizations can implement new technologies and practices that will strengthen their overall security.

Security Improvement Checklist

Current posture assessment

  • Create an up-to-date inventory of all network-connected cameras, door controllers, and associated management systems.
  • Perform a thorough vulnerability assessment of all connected physical security devices to identify models and manufacturers of concern.
  • Consolidate and maintain detailed information about each physical security device, including connectivity, firmware version, and configuration.
  • Assess the network design as needed to segment older devices and reduce the potential for crossover attacks.
  • Identify all users who have knowledge of physical security devices and systems and document that knowledge for broader use and retention.

Physical security and cybersecurity unification

  • Begin discussions about combining the physical security and cybersecurity teams; formalize roles and responsibilities.
  • Monitor and share intelligence about current cyber threats and trends across the teams, and encourage collaboration on preventative actions and response capabilities.
  • Develop common policies and practices for security operations and incident management.

Improvements to make now

  • Determine if installed physical security devices have the latest version of firmware and other software recommended by the manufacturer.
  • Confirm that software for the video management systems (VMS) and access control systems (ACS) is up to date on the physical security devices as well as servers used for data storage and to host monitoring consoles.
  • Change any default passwords in use and establish a policy and process to require frequent password changes.

Planning for device and system replacement

  • Identify any devices that need replacement because of age or potential security risk.
  • Develop a plan that will modernize security features and management on a unified platform.
  • Evaluate the standards compliance of all vendors in the proposed solution’s supply chain.

Justin Himelberger joined Genetec in 2009 and is currently the Enterprise Systems Business Development Manager, working specifically with the U.S. Department of Defense and other federal agencies. As a trusted security advisor for the federal government, he provides support with his expertise and knowledge of the company’s security software and hardware solutions.