7.30.19 – SIW – Evolution of the Web has had a profound impact on physical security, both positive and negative
ditor’s note: This is the 44th article in the “Real Words or Buzzwords?” series from SecurityInfoWatch.com contributor Ray Bernard about how real words can become empty words and stifle technology progress.
Cyberspace as it was originally known and highly talked about, and the rapidly evolving Cyberspace that we have today but rarely talk about, are different in several critically important ways – all of which are very relevant to the various domains of security with which we are familiar: physical and corporate security, and information security including cybersecurity (computer and network security).
Cyberspace is the total collection of computerized systems and devices which we interact with through the World Wide Web and its Internet network. Cyberspace was once just a small reflection of the world around us – a few thousand web pages. The public Web was just three years old when my company launched its first website, the 2,319th website in the world at that time. No physical security industry companies had a website yet. Cyberspace then was a very small ideological and commercial influence. Today, its influences are in a practical sense immeasurable, mostly for good but not entirely so.
I’m using four articles to discuss Cyberspace as it relates to physical security threats and their countermeasures. This is the second article; its purpose is to set the Cyberspace perspectives for the next two articles in the series.
Web 1.0 to Web 3.0
The Cyberspace experience started with Web 1.0, the World Wide Web with static web pages for people to consume fixed content. It was mostly free or very affordable, and it was exciting to have so much information so instantly available at home and at work. The Britannica Encyclopedia Online was amazing at that time. Technology advanced to Web 2.0, called the Interactive Web, Social Web, and Collaborative Web and was intended for people to share content. This gave us Wikipedia, Facebook, LinkedIn, YouTube, Twitter and so on. We’re now currently experiencing the emerging Web 3.0 capabilities, also known as the Semantic Web(with information that can be consumed by intelligent machines, not just people), the Enhanced Web (with AI-enabled text and voice chat-bots), the 3D Web (with online games, augmented reality and other 3D graphics capabilities), the Intelligent Web (providing computer-based and computer-aided medical diagnosis, for example), the Ubiquitous Web (meaning that it’s available everywhere anytime thanks to wireless technologies), and the Multi-lingual Web (providing real-time language translation).
The negative security impacts of our currently evolving Web 3.0 technologies include:
- Threat actors use these technologies for attack planning, reconnaissance, execution and escape.
- Threat actors utilize these technologies to defeat or out-perform our less technically capable security measures and incident response actions.
The positive security impacts of the same Web 3.0 technologies include:
- Powered by data intelligence technologies that ferret out data relationships and contexts at super-human speeds and scales, providing real-time risk analysis and event response capabilities that exceed any of our previous security capabilities.
- Our physical security systems are cyber-physical systems, meaning that they can sense the physical environment we’re protecting as well as its surroundings, and instantaneously react with physical measures that threat actors can’t counter because the physicality involved isn’t portable. Our site security measures don’t have to be portable, and so the threat actors can’t bring effective countermeasures to the field of conflict.
For example, agricultural sites have been highly vulnerable to overrun and physical attacks by political and other terrorists transporting destructive chemical and bio-weapons. Such sites can now use modern technologies to predict, detect, and pre-emptively respond to attacks using automated sound canons, LED strobe lights, irrigation sprinklers and directional EMP weapons and stink bombs to overwhelm physical attackers and disable their communications, vehicles, and mobile electronics while at the same time physically incapacitating the attackers, who can then be safely arrested and transported away. While these are extreme security measures that are not appropriate for most facilities, this example serves to highlight the fact that modern technologies can defeat even highly cyber-enabled attackers.
Cyberspace Modeling and Control
As I mentioned earlier, initially Cyberspace was just a small reflection of the world around us. It started with just a few thousand text web pages. Now it consists of nearly two billion websites with several billion web databases and applications, and tens of billions of active Internet of Things (IoT) touchpoints into the world around us. Many parts of Cyberspace are now managing parts of our physical world.
Each one of us is listened to and visually observed daily by dozens to hundreds of interconnected AI-enabled devices. Cyberspace now contains virtual realities and social communities that have no physical world counterparts, yet which can have substantial real-world impacts at scales previously unimaginable.
Digital twin technology, which refers to a Cyberspace model of key aspects of a physical world device or system, is a very helpful technical support tool. It is, for example, a critical tool used to predict jet engine maintenance needs for jets in flight, so that service personnel and parts can be standing by to service the jet engines instantly upon landing. Cyberspace holds the jet engine models that run simultaneously to the real-world engines. Yet cyberspace models are not limited to just a single “twin” copy.
We’re looking at a very near future where our vehicles talk to each other, to local roadway sensors and to city traffic management devices, all of which can be acted on by an AI-driven traffic management system capable of running thousands of roadway traffic scenarios using parallel traffic models in real time. Whereas Cyberspace was once just a collection of small reflections of our world, it will soon contain many virtual worlds that in total are much larger than our physical world whose built environments will be under Cyberspace control.
The same modeling technologies described above are available through public cloud services to threat actors, who can model an organization’s physical security measures and run hundreds of attack scenarios simultaneously, and even update them in real time during attack execution. Drones with visible light and infrared camera capabilities can track security and emergency responses and update attack models in real time. Colleges and universities are training young people in the use of these technologies. What we think of as very advanced technology, young students are learning to use as part of their routine homework.
Upcoming Cyberspace Considerations
This article series looks closely at the evolution of Cyberspace and its implications for security practitioners and security technologists.
That’s where Parts 3 and 4 of our Cyberspace discussions go in detail, including emerging physical security technologies and the role of artificial intelligence. You will happily take these ideas with you to the ASIS GSX conference in Chicago in September.
Cyber-Physical Systems Special Note: I have put together an outstanding panel of experts whom I’m moderating for a special session at GSX. Here is a short description of that session.
About the Author:
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.