In the IT world, vulnerabilities are hunted and found as a matter of normal daily business by network research firms whose role it is to find vulnerabilities so that they can be fixed. They also perform penetration testing for their customers, who require verification that their own systems are being maintained at an acceptable level of security.
From now on, it will be the rule rather than the exception that hacker conferences will include sessions on how to hack physical security systems-just like they contain sessions about hacking telephones, Web servers, information systems and so on.
Whether you are a manufacturer, a consultant, a systems integrator or an end-user customer - it is now critical that you begin paying attention to the vulnerabilities of the products and systems you provide or depend on.
Right now, you can't go wrong assuming that all physical security systems are vulnerable as shipped from the factory. I was about to write that I know of no commercial off-the-shelf system that ships with specific instructions for secure network deployment or system hardening. Then I learned from my network research colleague Rodney Thayer that Firetide (www.firetide.com) did include hardening information in one of its installation documents - but buried in the midst of other things as opposed to highlighted front-and-center, as the industry needs.
The good news is that this picture is starting to change and Security Technology Executive is dedicated to reporting those changes and improvements to you.
Editor's Note: An expanded version of this article is available at SecurityInfoWatch.com.
If you have convergence experience you want to share, e-mail your comments to me at ConvergenceQA@go-rbcs.com or call me at 949-831-6788. If you have a question you would like answered, I'd like to see it. We don't need to reveal your name or company name in the column. I look forward to hearing from you!
Ray Bernard, PSP, CHS-III is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities. Mr. Bernard has also provided pivotal strategic and technical advice in the security and building automation industries for more than 22 years. He is founder and publisher of The Security Minute 60-second newsletter (www.TheSecurityMinute.com). For more information about Ray Bernard and RBCS go to www.go-rbcs.com or call 949-831-6788. Mr. Bernard is also a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).