I recently visited a trade show dedicated to physical security.
Almost every vendor was advertising IP-enabled ‘smart’ technology, with accompanying apps, that would log and alert on access or motion, prevent tail-gating, recognise smartphones or RFID tags, or track faces or number plates automatically. The sheer number of CCTV vendors alone was stunning, although, truth be told, as a physical-security novice, I struggled to spot any discernable difference between them all!
There were firms who were crossing over into ‘smart home’ technology – selling a series of sensors to control temperature and light; detect issues such as movement, flooding or smoke; and remotely unlock the front door of homes, or secure areas. Although mainly sold on a ‘home security’ premise, these systems were also cleverly brought together into packages which could be used to monitor the activity of an elderly relative, sending alerts if regular patterns of behaviour, or safe limits, were transgressed (i.e. Has the shower been on too long suggesting a fall? Has the box containing essential pills been opened at around the right time? Has the front door been opened at 2am? Etc.)
I spoke to six or seven vendors of similar technology sets and asked how they managed the logical security around their product. Almost every response began with a pause.... then came, “well, you know that nothing can ever be totally secure”, and then they abruptly ended with “we have encryption!”. It became abundantly clear that few, if any, vendors, had thought through the logical security issues and none were including it in their sales training. Other responses, somewhat worryingly, included “our engineers look after that”, “they wouldn’t let us sell it unless it was secure”, and the classic “I’m sure it’s fine….”