Modern physical security devices are more powerful and effective than ever – but also much more vulnerable to a wide variety of potential cyber attacks. As a result, physical security teams today are expected to ensure their devices are cyber protected, in-line with IT standards.

Given the enormous potential costs of vulnerabilities in your physical security devices, what practical steps can physical security teams take to ensure maximum protection against hackers and other cyber threats?

The following are seven key pillars to achieving cyber protection for your physical security devices. 

#1 Asset Mapping

Before you can secure your physical security devices, you need to know what devices are on your network in the first place. To put it simply: you can’t protect what you can’t see. 

Asset mapping is the process of discovering, identifying, and documenting all physical security devices within your infrastructure. This includes gathering critical information such as device type, model, firmware version, IP address, and physical location. By having a comprehensive understanding of your device fleet, you can better monitor and manage the security of each device. Making this information accessible will have a lot of benefits beyond cybersecurity as well, helping to reduce downtime and other issues.

This information is usually available somewhere – the challenge is consolidating all of it from different vendors in one, easily-accessible location, as excessive silos impede device visibility even when the information is technically available.

Steps for Effective Asset Mapping:

1. Create an inventory: Ensure you have a record of all physical security devices connected to your network.
2. Consolidated view: Work to consolidate your view of all devices in a single place, to avoid silos which make monitoring far more difficult.
3. Regular updates: Maintain and regularly update the asset map to reflect any changes in the device landscape.

#2 Vulnerability Management

Identifying and managing vulnerabilities in your physical security devices is crucial for preventing cyber attacks. This involves regularly scanning for known vulnerabilities and suspicious activities, assessing potential threats, and ensuring this information reaches the right people as soon as possible. By proactively identifying vulnerabilities, you can take steps to mitigate them before they are exploited by cybercriminals.

Steps for Vulnerability Management:

1. Real-time scanning: Use vulnerability scanning tools to detect weaknesses in device firmware and configurations, or suspicious device behavior.
2. Threat intelligence: Stay informed about the latest threats and vulnerabilities reported by manufacturers and security organizations.
3. Alerts and reporting: Ensure all relevant stakeholders – including the IT/cybersecurity team – are updated in real-time of any potential threats.

#3 Firmware Upgrades

Firmware upgrades are essential for maintaining the security (and functionality) of your physical security devices. Keeping firmware up to date is a critical aspect of device security, helping to protect against known vulnerabilities.

Manufacturers regularly release updates to patch vulnerabilities and improve performance, yet all too often physical security devices are left operating on old or obsolete firmware due to the difficulties in regularly upgrading firmware at scale. Some studies have shown that up to 70% of physical security devices are running outdated firmware.

Steps for Firmware Upgrades:

1. Regularly check for updates: Keep tabs on manufacturers’ websites to know about firmware upgrades as soon as they’re available.
2. Compatibility checks: Ensure new firmware versions are compatible with your management systems and other network components.
3. Bulk upgrades: Implement tools and processes for remotely updating firmware on multiple devices simultaneously to streamline the process.

#4 Device Hardening

Device hardening involves configuring your physical security devices to reduce their attack surface and enhance their security posture. Hardening your devices helps to close potential entry points and makes it more difficult for attackers to compromise your systems.

The physical security technology ecosystem is significantly more complex than the IT ecosystem in this regard. Nevertheless, while the specific hardening policies may differ across manufacturers, the process will usually follow a similar pattern.

Steps for Device Hardening:

1. Disable unnecessary services: Turn off services and features that are not required, such as FTP and discovery protocols like Bonjour and UPNP.
2. Change default settings: Replace default passwords and settings with secure alternatives (e.g. enable HTTPS).
3. Network segmentation: Isolate physical security devices on a separate network segment to limit the potential impact of a breach.

#5 Password Rotations

Regularly rotating passwords on your physical security devices is a critical measure to prevent unauthorized access. Default or outdated passwords can be easily exploited by cybercriminals, for example through brute force dictionary-search attacks. By regularly updating passwords, you can significantly reduce the risk of unauthorized access to your devices.

Steps for Password Rotations:

1. Enforce strong password policies: Ensure all passwords meet complexity requirements.
2. Regular password rotations: Ensure passwords are rotated across all devices at  regular intervals, such as quarterly or biannually.
3. Synchronize with the management system: Ensure all password changes are also reflected in the devices’ management system (e.g. VMS), to avoid outages.

#6 Certificate Management

SSL and 802.1x certificates are essential for securing communications between your physical security devices and other network components. Proper certificate management ensures that data transmitted is encrypted and secure, and helps to maintain the integrity and confidentiality of your physical security device communications.

Steps for Certificate Management:

1. Install SSL certificates: Ensure all devices use SSL certificates to encrypt data transmission.
2. 802.1x authentication: Implement 802.1x authentication to control network access and enhance security.
3. Regular renewal: Keep track of certificate expiration dates and renew certificates before they expire.

#7 End Of Service Planning

Replacing outdated physical security devices before they reach their End Of Service is also critical to ensuring they are protected against cyber threats. A device that has reached its end of service (EOS) will no longer receive any support from its manufacturer. This means that no more bug fixes and vulnerability patches will be made available – leaving such devices exposed to cybersecurity risks (as well as more likely to malfunction and directly compromise your organization’s physical security).

Steps for End Of Service Planning:

1. Check manufacturer websites: Ensure you know the end of life and end of service of all device makes and models in your fleet.
2. Set clear organizational policies: Stay ahead of the curve with clear policies to replace devices before they reach end of life/service.
3. Future planning: Avoid last-minute budgeting issues by spreading device replacements over the years, based on the aforementioned policies.

Prevent Your Physical Security Assets from Compromising Your Organization’s Cybersecurity

By following these practical steps, physical security teams can significantly enhance the cybersecurity posture of their devices, protecting them from potential cyber attacks. 

While cyber security is a constant battle, prioritizing these cybersecurity measures ensures that physical security devices do not become vulnerabilities within the broader network, thereby safeguarding the entire organization’s operations and data.

For an in-depth analysis of the cyber risks facing your physical security devices, and how to overcome them, download The 7 Essentials for Cyber-Protecting Physical Security.