The Internet Of “Security” Things

As clichéd a phrase as it has become, it is actually a phrase that is going to possibly effect our future as a technologically evolved mankind. We seem to be in a hurry to connect every device to the network / internet. Imagine a day when possibly the only things that will be standalone would be your toothbrush, razor and the flush…..no, strike that last bit…. maybe the flush will work through a mobile app as well.

 Now that I have painted a picture of the background of this article, let’s get down to the brass tacks… In the domestic front, maybe it is a bit convenient to open an app and start the air conditioner in your car when it has been parked in the open on a sunny afternoon in the Middle East, or open the door remotely for your kid who came home from art class earlier than expected. But is it worth it if a kid all of 15 years is able to hack into your car computer and stall it when you are about to take off into a busy highway and stalls it or if a ‘smart’ burglar hacks into your ‘smart’ home and opens the lock when you are out enjoying an evening our with your family.. because that is definitely possible if you can control the air conditioner in your car or your door lock remotely..

“If everything can be managed and controlled remotely, it also can be mis-managed and destroyed remotely”

Today there is a rush from all security systems manufacturers to interconnect things and so networking has become a necessity for any security system to survive in today’s fast paced technological world. ‘Integration’ is the buzz word and capability to integrate and control multiple sub-systems has become a badge of honour for integration solution developers. It is also indeed great to be able to manage a facility and make various sub-systems interact and react when required without much human intervention thereby reducing pressure on resources and possibilities of human error. This also works as an antidote for the never ending fight for budgets or the lack thereof.

However inadvertently we are reaching (or possibly have already reached) a hugely dangerous point on the critical path of existence. If everything can be managed and controlled remotely, it also can be mis-managed and destroyed remotely. And connecting everything on a single path is the technological equivalent of ‘putting all your eggs in a single basket’. It is ironical that an industry that makes a lot of mullah by supplying equipment for DR sites, there is no thought spared for the DR site of the very concept of networking. What I mean by that is that there are no manual fail-safes built in for these systems to function even in a reduced capacity in the event of a network breach or failure. So the systems that we so rely on to provide us with advance alerts, even assistance during a security incident can be brought down with a few keystrokes from a very distant location.

 Any chain is as strong as the weakest link and in today’s security systems world, the security systems are only as resilient as your network. So spending hours on specifying and choosing the best security systems is in a cynical sense a waste of time and resources. No matter how good a system you choose and pay for, it is only going to perform as good as the network will allow it to and will only be as secure as the security capability of the firewall that separates it from the “Wild West Web” called the Internet. Of course there are excellent and secure firewall and networking solutions, but in the same breath it needs to be pointed out that these are also the most expensive solutions. It is also a reality that most security system end users do not have the resources to afford these expensive secure solutions. So if you have a mix of mostly secure and slightly secure systems from multiple end-users having to co-exist on a single bigger picture networked infra-structure like that of a city or a state or even a multi-national company which has some poorly performing branches, then all are at risk, no matter what is your network’s security capability.

 In light of the above, I am seriously concerned with the general and growing trend in the Middle East to force a nation full of entities to go the IP way especially for the CCTV systems. As I have explained above, not all entities in any country can afford the best network security. So when all the CCTV systems in a city are linked to a central command center in a Law Enforcement facility, then the facility is at a high risk of a breach from perpetrators who can breach the city network through the least secure firewall of a small entity who is required by law to connect to the city’s central command center.

 “Ironically in an industry that has a DR site for every mission critical system, there is no ‘DR’ (technological) concept alternative for the ‘Networking / Digitization’ practice”

 And it is not only the risk of intentional breach and wrong doing that is the danger, but also other ‘natural’ and unintentional events can also bring a city or a state to its knees. One has only to read about the state of affairs in Louisiana after the unfortunate hurricane Katrina natural disaster. The city was shut down for days as the communication network was down. People had to resort to HAM radios to communicate and help those who were affected by the hurricane. The HAM radios acted as the ‘DR concept’ for the communication network.

 Maybe I am old fashioned but I guess it is still true that to breach an analogue security system, one would have to actually break into the facility or atleast be in the very near vicinity of it and that creates a very high risk of getting caught, which can be a huge deterrent as compared to the safety of a small room with a high speed internet connection half a globe across from the facility being breached.