California electric utilities narrowly avoided a recent crisis where an unknown suspect attempted to disable electric service by fraudulently entering a substation and turning off the breakers. According to the FBI, if the attack had succeeded, it could have led to catastrophic consequences for those relying on electricity for medical reasons.
A POLITICO analysis of Department of Energy (DoE) data has also revealed a sharp uptick in physical threats against the U.S. electric grid infrastructure — a total of 2,800 reported physical security threats in 2023, more than 1,000 more than in 2022. Security experts say this rise will only increase in 2024, with the U.S. election season heating up and tensions growing both at home and abroad.
The electric grid may seem like an extreme example of a physical infrastructure that needs hardening. Still, it serves as a case in point for what’s happening in the physical security space more broadly, as physical security threats are on an upswing across various industries and in the business world. According to one leading report, one-quarter of businesses saw increased physical security incidents in 2023, driven heavily by economic and social unrest. Another report found the business impact of such an incident for a publicly traded company is an average 29 percent drop in stock price. Not surprisingly, 46 percent of companies are set to significantly increase their physical security budgets in the next 12 months.
In recent years, many security dealers and systems integrators have put the majority of their customers’ IT security focus on cyber elements like routers and firewalls. This is of course, beneficial, but today’s executive boards are increasingly grappling to balance cyber and physical security. As a security dealer or integrator, there’s a fair chance your enterprise customers will be asking if their physical security protections are adequate. How can you best advise them? What options are available, and what makes the most sense?
Multifactor Authentication
Multifactor authentication (MFA) works by requiring multiple protections, usually something a person knows (like a password) and something a person has (like a mobile device or email account). In this example, at a specific access point (say a door), a person would enter a password and then be sent a special code (via phone text or email), which would be required to open the door and access the space.
MFA is a more rigorous process than passwords alone. However, certain combinations (like the common one described above) are not bulletproof as passwords can still be stolen and special codes intercepted by resourceful bad actors. Another drawback of using this type of combination for MFA is that it introduces an element of friction, making the authentication process more complicated, time-consuming, and frustrating. Imagine a scenario where a healthcare professional needs split-second access to a critical supplies room but then realizes they need a special code and their phone is not on their person. For the majority of scenarios, such delays are unpleasant; but in some, they are unacceptable.
Fobs and Keycards
Many physical access control systems rely on fobs and keycards incorporated into electronic systems, which then control doors and locks, allowing designated people to enter protected areas at these specific access points. However, like MFA, fobs and keycards aren’t perfect, dupe-proof systems. It can be all too easy for someone to give or loan their fob or keycard to someone else or for a fob or keycard to be lost or stolen, allowing access to unauthorized individuals.
As a security system dealer or integrator, maybe you find that MFA or fobs and keycards are sufficient for your customers. But maybe you don’t, as the risks they present are still too great, given the sensitivity of their physical areas. Fortunately, biometric authentication is evolving as an alternative that delivers the elusive yet vital combination of airtight security and maximum convenience.
Enter Biometrics
Biometrics — or unique individual traits such as fingerprints, facial scans or speaker recognition that can be used to verify an individual's identity — can ensure organizational security because they are intrinsic to each individual and cannot be lost or stolen. Furthermore, they take fractions of a second to process, versus leaving a potentially stressed individual fumbling for their phone. They’re also nearly impossible to subvert due to liveness capabilities, which can detect that a person presenting for authentication is a real, living human and not an attempt at a spoof (someone presenting a photo of an authorized user’s face or a recording of their voice, for instance).
It used to be that only large, established companies could afford biometrics due to the heavy upfront investment of time and resources involved. There’s further good news on this front: today’s biometric capabilities or workflows are now available in a cloud-based SaaS model. This means any size customer can now use biometrics as part of their physical access control offering — whether it’s a small organization securing a single door, office, or closet or a global enterprise with multiple buildings or data centers. Moreover, customers can get up and running quickly with minimal groundwork. So if you suggest biometrics to a customer, you’re not recommending an expensive, time-consuming overhaul of their security infrastructure. In most cases, customers can leverage the equipment they already have and the bring your own device (BYOD) trend.
For today’s security system dealers and integrators, being the best possible strategic advisor and purveyor of your customer’s physical security means understanding the growing threat landscape, the drawbacks of certain approaches, and new developments that democratize access to more sophisticated, secure, and convenient safeguards like biometrics. There’s no reason any organization — be it a large, established global enterprise, a public utility, or an SMB — must tolerate anything less.