We are confronted with the issues of Industry 4.0 and cyber crime almost everywhere we look.
Industry 4.0 includes the networking of different systems. Figuratively speaking, these interconnected systems form a chain.
Why should we be concerned about access control systems?
Each link in this chain represents a potential target for cyber attacks and inevitably results in higher security requirements.
After all, one thing is for sure: cyber crime is steadily increasing!
IT security consulting firms have determined the average time that passes before an attack is detected to be about 180 days.
In other words, attackers are able to go unnoticed in company systems for six months on average.
Many IT systems have therefore already upgraded their security measures to protect against these threats.
But what about cyber threats and access control systems?
Virtually every modern access control system is integrated into the company network.
Controllers communicate with the server and with each other via IP.
This poses the following questions:
- Do the controllers and servers know they are actually communicating with devices in your system?
- How can an attack be detected?
- What is the strength of the encrypted communication between the devices?
- Or: Is the communication encrypted at all?
- How well does encrypted communication protect me?
- What level of security is placed on communication between the identification media, scanners, controllers and servers?
- How are any encryption keys protected?
Imagine what an attacker can do in six months if they change permissions, times, etc. without being noticed.
The good news is that these threats can be and have to be addressed in the requirements specifications for access control systems. After all, this is the only way to ensure use of access systems that provide excellent answers to these questions.
Finally, I would like to point out that one-off consideration of this issue does not suffice.
Cyber threats are on the rise and, therefore, protection is also an ongoing process.
If you would like more information on this subject, please feel free to contact me.