As an industry, security must be mindful of taking an untried path, to avoid opening up security risks as we make the transition to Security 4.0. If done correctly, our transition will bring similar benefits in efficiency, effectiveness, and overall empowerment for the human side of the human-technology team.
In 2012, the manufacturing industry first heard the term “Industry 4.0.” It was the harbinger of a change also known as the “4th industrial revolution”. In the smart factories of the modern age, processes are increasingly automated, systems and facilities analyze themselves, and connected AI monitoring programs communicate with each other and their human co-workers. This enables faster, smoother processing that frees the human participants for tasks that require a human touch. Audi, the auto manufacturer, is making its production fit for the future with a smart factory driven by connected systems and big data. Humans and robots work together to build cars in a modular environment, leveraging several high-tech features such as virtual reality.
The security industry is on a similar evolutionary path - let’s call it Security 4.0. But the security industry is not as far along as the manufacturing world. While the most efficiently run security programs in the world today deploy connected systems and processes communicating autonomously and providing relevant data to the security professionals tasked with protecting personnel and property from harm, many security programs are still highly manual and almost entirely human-based. They do not take advantage of the benefits of efficiency that automation, artificial intelligence, analytics, and machine learning can bring to augment the human capacity to monitor and react more quickly, more intelligently, and with more preparation to security incidents as they happen.
As with any revolution, the modern industrial revolution has not been without its issues and problems along its 200-year journey, but the benefits have been substantial. As we evolve to Security 4.0 we must have an understanding that the path will be long and will require careful planning. As an industry, security must be mindful of taking an untried path, to avoid opening up security risks as we make the transition. If done correctly, our transition will bring similar benefits in efficiency, effectiveness, and overall empowerment for the human side of the human-technology team. We can see the embodiment of the journey on the horizon as the “Connected Security Program,” but there are roadblocks along the way.
WHAT IS THE “CONNECTED SECURITY PROGRAM?”
If the future vision of Security 4.0 is a “Connected Security Program,” the first step on the road to getting there is a clear definition of what that end-state is.
In the manufacturing industry using the Internet of Things (IoT), security systems are now communicating and cooperating, with central command systems, with humans, and with other technology systems in the organization in real-time. Complex security infrastructures with multiple sensors collect data and feed massive amounts of useful information into the pipelines that inform our security decisions and responses.
The interconnectivity of these systems may allow us to collect that data from all points in the process, aggregate massive amounts of data, and through the use of tools such as artificial intelligence, set rules to help us make sense of that data. But even with rule sets and parameters defined, Security Incident Response is still fundamentally a human-centered activity. Proper response decisions and the responses themselves, whether that is an investigation, an escort, an emergency response, even sometimes escalating to an armed response - these all require human action. But the Connected program provides the security professional tasked with carrying out the response with the best preparation and information possible to make the best response possible, as fast as possible.
For example, by using intelligent cameras with facial recognition it is possible to automate a visitor registry and process access authorizations from both people and vehicles. Ultimately the physical security systems deployed are sophisticated enough to make some decisions on their own and to perform access tasks autonomously. It is only when there are exceptions or issues that incidents escalate through the chain of command and a human may need to be dispatched to deal with an incident of unauthorized access or intrusion. In a connected program, that dispatch alert can be automatically generated, complete with all background information, the alarm information, and camera capture of the intruder, making the response more efficient and the security responder more prepared. This is our ideal state as security professionals. It is the most efficient model for security program management. Costs are reduced, risks are mitigated and compliance to regulations are met.
Like in today’s modern factories, in the ideal, or fully connected security program, security professionals manage wholly connected systems leveraging artificial intelligence to help manage massive amounts of data. If we envision the journey to the fully connected security program as a winding road, and we want to get there without running into any ditches, what are the roadblocks that we can expect to encounter along the way and how can we avoid them?
On the road to the fully connected security program, consider how your physical security assets, such as guards, gates, and secured buildings, can connect to each other, and to the systems you have in your overall security program.
Technology can assist humans by providing good data that allows security professionals to make informed decisions and solve urgent problems on short notice. At the same time, the key to security-in-depth is combining data with human insights and finding the right balance between technology and humanity. A connected program extends the capacities of both humans and technology by equipping security officers with mobile technology and wearable devices. Human beings become additional “sensors” in the program that collect data, but also bring that human insight that is instrumental to overall security program effectiveness.
As security professionals seeking the connected security program of the future, we can learn from the mistakes that the manufacturing industry makes on its journey to Industry 4.0. Elon Musk once felt that the Tesla Model 3 electric vehicle would be manufactured entirely by robots in a fully automated assembly line. He was wrong. Later in a tweet, he wrote, “Excessive automation at Tesla was a mistake. To be precise, my mistake. Humans are underrated." Technology is vital and automated systems will always be required to support our security officers. But the future faces of security will be those maintaining the right balance between technology and humanity. It is human instinct that will always allow officers to greet visitors in one moment and deter criminals the next.
AVOIDING THE ROADBLOCKS
Technology is being implemented into a security officer’s daily tasks more and more often, requiring the technical knowledge to operate these devices and software. Security officer training is therefore critically important to ensure that data is properly collected, data is correctly interpreted, and appropriate actions are taken when warranted.
Security programs that provide automated alarm response and dispatch officers must also provide those officers with the ability to interpret the situation on the ground and respond appropriately. Choose officers who have the right background, awareness, security knowledge, people skills, and above all, training, to react appropriately in these fast-moving incident situations.
You likely have several electronic security systems monitoring multiple aspects of your security. For example, building entrances are managed with automated access control systems that determine who can go where and when. Credentials such as ID cards, proximity devices or biometrics prove the identity of the person requesting entrance. In addition, you likely have a video monitoring system that needs to provide visibility into all of the areas you are controlling.
Your security program is not acting efficiently when operators are required to jump between systems when responding to an alarm. They need to streamline their response time with automated workflows that enable quick decision-making. Interconnected systems with aggregated data provide real-time intelligence and achieve optimal command and control.
Choose security products that are built with an open architecture. In an open system, the manufacturer develops their software and hardware following industry standards and makes their APIs available to any company who wishes to integrate with their products.
AVOIDING THE ROADBLOCKS
Unfortunately, it is not uncommon for the bad guys to exploit our increasingly open environments to get our data. Open environments are potentially more prone to cyber-attacks than closed systems. Therefore, it is important to be ever vigilant with your cyber controls. Be proactive with an ongoing examination of possible threats and remedies.
Choose security manufacturers who adhere to PLAI standards. The Physical Security Interoperability Alliance introduced the Physical Logical Access Interoperability (PLAI) spec in 2013. PSIA supports license-free standards and specifications, which are vetted openly and collaboratively to the security industry as a whole.
Cyber Security is now commonly referenced as a barrier to success in articles about Industry 4.0 and for good reasons. As the manufacturing industry evolves, and systems become more connected, they become vulnerable to attack due to outdated systems, unsecure files and other technological vulnerabilities. But cyber threats are present in every industry. As security professionals we must be constantly aware of the threat that a cyber attack can have on business continuity. Systems can be hacked and confidential data can be downloaded, copied or stolen. With cyber-intrusions coming from systems ranging from meeting room schedulers to fish tank thermometers to retail terminals, it’s critical that any connected security systems be given the same level of cyber-hardening that we provide physically.
AVOIDING THE ROADBLOCKS
Hire a Cyber Consultant. A good consultant will look at your IT infrastructure holistically. They will itemize your resources, examine risks to those resources, and make recommendations for resolutions that protect you now and in the future.
Choose security systems that are “Cyber by Design”. In other words, choose reputable technical solutions that embed cyber controls during the manufacturing and installation process. A security integrator can help you make product decisions that are best suited for your business.
Work closely with your IT team to ensure that the controls on your security systems are compatible with your enterprise-wide IT infrastructure.
The Fully Connected Security Program, also known as Security 4.0, is the evolution of the security industry. When all elements in your security program communicate with one another and share critical data to make informed decisions, your security program will be more efficient. Reaching that ideal is a multi-stage, never-ending process that must be modified as needs change over time. Ultimately, we recommend partnering with a trusted advisor who will help you navigate those roadblocks, or risks, and who will help you develop resolutions that constantly adapt to your changing circumstances.