by Vaune M. Carr, ISSMP-ISSAP
Being observed by surveillance cameras is commonplace for most of us, from shopping malls to the workplace. And many workers have had to show ID cards on the job for decades. But when it comes to security advancements in the energy industry, integrating traditional aspects of security with sophisticated software is providing increasingly effective tools to help protect private and public assets—and often making the job simpler and cheaper.
For example, cameras have been used for security purposes for many years to document atypical activity. Technology advancements are now being integrated with these cameras to automatically detect unusual or suspicious behavior (loitering, abandoned objects, strange actions) from the millions of frames of normal activity.
For the security professional, this means that searching
for the needle in a haystack can often be done in a matter
of seconds. The software’s capability to sort out the
bad from the good is a major efficiency improvement and has
increased demand for this technology.
Video images are just one example where the blending of physical and cyber security has proven effective and is continuing to develop; biometric devices is another. Two examples of biometric technology are a fingerprint or a retina scan. These two biometrics can be used in access control and identity management, providing additional security measures to companies.
Access control is the ability to allow entry to a digital device or physical facility. Identity management encompasses the integrated system of business processes, policies and technologies that lets organizations control individual access to digital assets (computers, files and online applications), facilities and resources—while protecting confidential information. Access control and identity management are further tied together by authentication, which is a way to verify someone’s correct identity against their ability to access a particular system or facility. Authentication can come in many forms and serves as a company safeguard to information, physical structures and people.
At its simplest form of safeguard, known as single-factor authentication, computer users supply a “known” password to log on to a computer or internet site. To further protect assets, companies may choose to implement two-factor authentication, which requires something the person knows, like a password, and something they have, like a biometric imprint. Incorporating the second factor into a person’s ID badge can further authenticate an individual’s identity.
The government’s Transportation
Worker Identification Credential (TWIC) is the latest
example of biometric technology used as a security tool. TWIC
is an ID badge that will include a digital photo of the authorized
cardholder and a biometric identifier linked to that individual’s
fingerprint.
When technology such as that used in the TWIC is combined with computer network safeguards, one can compare these two separate but significant types of information and facility accesses. For example, one can track whether or not the individual who entered a particular location may have gained access to computers and networks within the facility. Should a problem arise in the future regarding an individual’s access to certain information or facilities, linking physical access technology to new cyber access technology may help those investigating the problem determine whether the individual under investigation was actually in a particular building/facility/location at a particular time or whether any unauthorized computer or network access may have been gained.
This example demonstrates that when investigating a potential cybercrime, a central benefit of new security technology is that it becomes easy to determine who had access to a facility, who was logged into a particular computer or computer system and whether a valid computer ID was used, but perhaps not used by the individual who was authorized to have access.
Such technology can reduce resolution time, error rates and often the number of resources needed to respond to a threat. The good news is that the increasing number of laws aimed at further tightening security surrounding corporate assets is spurring new technologies, further marrying cybersecurity with physical security.
Keeping pace with changing threats is critical to securing the nation’s energy supply. And though the continuation of rapidly changing information technology is inevitable, not all of the technical solutions are sufficient in and of themselves to respond to new and increasingly more sophisticated threats; physical security controls will continue to remain very important. The integration of the two approaches to security can only further protect the energy industry. |
