CyPhy Part 2 – How big of a problem do we have? Why we need Security Convergence today.

CyPhy Part 2By David Strickland, Vice President of Kenton Brothers

The second of a three part series covering the Cybersecurity and Infrastructure Security Administrations (CISA) newest announcements around Security Convergence. Kenton Brothers Systems For Security hopes to help organizations understand this concept and adopt best practices for securing the Cyber-Physical Systems (CPS) currently deployed.  

In our last blog, we discussed what Security Convergence is and why it’s so important. In this blog, we will discuss how large the problem is and how many systems and verticals are affected by not having a converged security plan.

CISA Explains a Connected Environment

Convergence of Cyber and Physical SecurityCISA Explains that the adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices have led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security. 

Juniper research reports that there are at least 46 billion IOT and IIOT devices on the connected network across the world. This number is expected to reach 125 billion by 2030. 18,788 are added every minute across the globe. There are approximately 6 IOT and IIOT devices per every human being on the planet. This will grow to approximately 12 per person (every man woman and child) by 2030.

The average number of devices per American household in 2021 was 10.

IOT Devices

Convergence of Cyber and Physical SecurityBeecham research provides a very useful look at the nature of IoT devices. (See graphic.)

This trend makes up a large part of the world’s economy. However, for every device on a network there is a vulnerability introduced. This presents a unique problem for commercial, government and critical infrastructure entities. Each physical security device that is connected to the network is also an IoT device.

Every cell phone that connects to the network is also a vulnerability. Every surveillance camera, video doorbell, IP telephone, television and computer present there own unique threats and risks.

IoT and IIoT to be considered secure on a network will normally have updated firmware, current certificates, have default username and passwords changed, have an updated OS and have at least dual authentication. As you may deduce with 46 billion devices out there, this is quite the task. Especially when each of these devices may have different manufacturers and communication protocols to let organizations know that there is a new vulnerability or a patch that needs to be applied.

46 Billion Devices

Convergence of Cyber and Physical SecurityThis 46 billion device reality, coupled with the fact that most organizations have siloed Physical and Cyber Security offices, has led to the vulnerabilities you hear about on the news every night. When the vulnerabilities affect critical infrastructure, such as energy or supply chain, the ramifications are far reaching.

In our next blog, we will concentrate on breaking down the CISO and CSO silos and the specific steps an organization can take to reach security Convergence.  Organizations with converged cybersecurity and physical security functions are more resilient and better prepared to identify, prevent, mitigate, and respond to threats. Convergence also encourages information sharing and the development of unified security policies across security divisions.

Kenton Brothers Systems for Security can help your organization understand this initiative and begin to help you close the gap. Please reach out with any questions.

CyPhy Part 1 – Have you heard of Convergence Security?

CyPhy Part 1By David Strickland, Vice President of Kenton Brothers

The first of a three part series covering the Cybersecurity and Infrastructure Security Administrations (CISA) newest announcements around Security Convergence. Kenton Brothers Systems For Security hopes to help organizations understand this concept and adopt best practices for securing the Cyber-Physical Systems (CPS) currently deployed.  

CISA defines Security Convergence as the formal collaboration between previously disjointed security functions.

The Convergence goal is to bring together the physical security leadership with the IT leadership to identify risks in their physical and cyber infrastructure. These departments normally hold two very different roles in an organization.

Convergence of Cyber and Physical SecurityConvergence seeks to bring together these two leaders to better understand the ways Physical and Cyber security depend on each other and its importance for protecting critical infrastructure including Healthcare Systems, Transportations Systems, Energy Systems and Industrial Control Systems. Today’s cyber-attacks are more developed and strategic than in the past. They also include hybrid attacks that combine cyber attacks with physical breaches.

CyPhy: The Convergence of Cyber and Physical Security

Convergence of Cyber and Physical SecurityTogether, cyber and physical assets represent a significant amount of risk to physical security and cybersecurity— each can be targeted, separately or simultaneously, to result in compromised systems and/or infrastructure. Yet physical security and cybersecurity divisions are often still treated as separate entities. When security leaders operate in these silos, they lack a holistic view of security threats targeting their enterprise. As a result, attacks are more likely to occur and can lead to impacts such as exposure of sensitive or proprietary information, economic damage, loss of life, and disruption of National Critical Functions (NCF).

Today’s threats are a result of hybrid attacks targeting both physical and cyber assets. The adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices have led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security. Meanwhile, efforts to build cyber resilience and accelerate the adoption of advanced technologies can also introduce or exacerbate security risks in this evolving threat landscape.

Convergence Vocabulary Infographic

Convergence creates a framework for discussion and identifying ways these two departments can support each other. The goal is to have good communication, coordination and collaboration. To seek out any vulnerabilities and attack them together.

Over the next three blogs, we will discuss the following topics:

  1. How big of a problem do we have? Why we need Security Convergence today.
  2. Security Convergence – The first steps.
  3. Security Convergence – Tools and resources to continue the collaboration.

The Security Convergence Initiative

The Security Convergence Initiative by CISA is important and has a long reach. Kenton Brothers Systems for Security can help your organization understand this initiative and begin to help you close the gap. Please reach out with any questions.

Introducing the LenelS2 Elements Security System

By Courtney Emra, Lead Customer Service/Sales Assistant at Kenton Brothers

At Kenton Brothers Systems for Security, it’s important that we partner with the best solution providers in the industry. LenelS2™ is one of those providers.

LenelS2 ElementsLenelS2 is a leader in advanced physical security solutions, including access control, video surveillance and mobile credentialing. Their products, systems and services tackle the evolving needs of some of the world’s most demanding organizations. They provide a security backbone with deployment options that incorporate multiple technologies including mobile, cloud, artificial intelligence and cybersecurity. Their open architecture supports hundreds of third-party system interfaces that extend the capabilities of many security management systems.

The LenelS2™ Elements™ system is a comprehensive, yet simple, unified access control and video management solution built for the cloud. From single-site access control and video surveillance to more complex systems, the Elements system contains all the key ingredients for an effective and scalable, cloud-based solution; providing businesses with a brand-new security option that’s as simple as it is essential.

Perfect for Small and Medium-Sized Businesses

LenelS2 Elements ArchitectureThe Elements security solution is perfect for small to medium-sized businesses or satellite locations that need secure workplaces, but may not have permanent IT staff or security professionals. Easy to operate and maintain, the Elements system provides hassle-free, effective security that allows businesses to focus on more important things — like running their business.

Updates and enhancements are pushed in real time, reducing costly site visits. This makes budgeting more predictable and helps keep capital expenses down. Mobile first, the system can be accessed at any time, from anywhere. As the only unified access control and video management system that integrates with the OnGuard security management platform, the Elements solution can expand to meet a growing business’ needs.

LenelS2 Elements Checks All the Boxes

  • Cloud Based
  • Ideal for small and medium businesses
  • Easy to budget, get predictive monthly billing
  • Browser based user experience
  • No need for IT or security personnel

 

Active Shooter: Real world stories about lockdowns in schools saving lives.

By David Strickland, Vice President of Kenton Brothers

On November 14th, 2017 at 7:30 am, shots ring out near Rancho Tehama Elementary in Northern California. It’s an all too familiar but tragic scenario these days. One moment children are playing on a full playground, the next, panic, confusion and the succession of two more shots. This time however, the outcome is different than some of the other school shootings you may have heard about.

The staff members of the elementary school went into lockdown mode and followed the procedures they’d practiced and drilled multiple times. The staff knew what to do, and they did it in the face of true and present danger.

The secretary immediately sent out the signal for LOCKDOWN. 

Lockdown ProtocolsStudents were rushed into the building by staff members. Family members still present in the school yard were corralled by school support personnel. Teachers and staff members locked their internal doors and barricaded external doors. They huddled in their rooms away from the windows and out of the line of sight of the shooter. Hugging each other and the most solid wall in their classroom for safety.

Within seconds, two-thirds of the school was in lockdown. An then the shooter drove his pickup truck through the school fence and barreled toward the front entrance. The school custodian was busy getting parents into the school. He paused to look and see how far away the shooter was and, “looked the shooter in the eye as the shooter shot at him.” After the shot rang out, “The shooter was struggling with his weapon at this time. The gun appeared to be jammed, and he was having trouble loading ammunition.”

The gun jamming bought the staff, kids and parents precious seconds to finish their lockdown procedure. Everyone made it inside and all access to the school rooms and offices was now secure. The shooter, now fully loaded, entered the middle quad of the school 8 seconds later.

“The school secretary recognizing the threat made all the difference between 100 kids being around today and dozens being shot or killed. Those eight seconds were critical!”

The shooter was angry and frustrated and began to shoot into the classrooms and offices. In between shooting, the gunman tried to get into classrooms and the main office, but was unable to gain entry. He checked the bathroom, which was open but empty.

One 6 year old child was injured but survived and no one was killed. Six minutes after the shooting started, the gunman drove away. Hundreds of lives were changed forever, but everyone survived.

The Rancho Tehama Elementary School staff had practiced drills and executed lockdowns before, so even though they’ve never had an active shooter on campus, they knew what to do. It had become second nature.

The superintendent said, “The lockdown procedure was implemented flawlessly. The reason that we have a situation where I have one student injured on campus and nothing worse happening on campus is because of the heroic actions of all members of my school staff.”

Oxford High School in 2021

Lockdown ProtocolsThe same techniques and lockdown training were used in Michigan at Oxford High School on November 30, 2021.   Just after lunch, shots rang out inside the school in the main hallway. A 15 year-old student opened fire on his classmates. School staff, students and parents in the school that day followed the LOCKDOWN call and began to follow their training. “They had drilled this exact scenario so much that everyone knew exactly what to do next.”

In the hours after the shooting outside Detroit on Tuesday, Oakland County Sheriff Michael Bouchard said that without the measures taken by students, the tragedy would have been worse. “It is also evident from the scene that the lockdown protocols, training and equipment Oxford schools had in place saved lives.”

David Riedman, lead researcher on the K-12 School Shooting Database, said that the lockdown procedures that were deployed in Oxford, in which students sheltered and stayed out of sight, “absolutely saved lives.” The training that appeared to be on display in Michigan is similar to what students all over the country are taught, he said.

LOCKDOWNS took on new meaning during the heights of the COVID-19 Pandemic. 

Lockdown ProtocolsIn the physical security world, lockdowns mean locking down a building so that no one can enter or leave for a period of time. The location stays locked down until an all-clear signal is given. This seems like a pretty straight forward premise. It is – IF you plan correctly and have the right systems and procedures in place to make a LOCKDOWN effective.

Kenton Brothers uses several access control platforms to make it easy and quick to lock down a school. When a panic button is pressed, all the school doors lock. And alarms and mass communications go out audibly through speakers and electronically through mobile devices and computers throughout the school.

One of our manufacturers, Gallagher, allows you to not only lock down the school, but also send out emergency messaging to any staff members or parents who are not at the school. This would allow them to stay away or help support police in their efforts to bring the situation under control. Gallagher also has the ability to remotely muster or check off each person from a pre-determined list to be sure 100% of the people on-site are accounted for. This is a powerful benefit in the aftermath of these incidents.

Police can also remotely operate and IP Surveillance cameras in the building to gain situational intelligence on the location of the shooter and the direction they’re headed. This is just one example of how these security systems can help support the training, processes and procedures during a Lockdown situation.

Kenton Brothers Systems for Security helps guide schools and other entities through the process of identifying risks around active shooters and the techniques in protecting your people, property and possessions. Kenton Brothers’ qualified consultants will perform a no cost physical security assessment with recommendations for security system components, processes and procedures that will help prepare your staff. Just give us a call.

Additional Resources

CISA K-12 School Security Guide, 3rd Edition

Verkada – A New Standard for Enterprise Security?

By Kevin Whaley, CPP, Sr. Security Consultant at Kenton Brothers

Verkada is one of the newest and fastest growing security system platform providers on the market. Their mission; to modernize enterprise physical security. Verkada prides itself by being a complete solutions provider, offering a suite of connected security devices that provide the user with a complete picture of the safety, security and even health of their environments. From access control, video surveillance, intrusion detection and environmental sensors, Verkada offers complete situational awareness for its users through a single, very user-friendly platform.

But wait… ANOTHER company that claims to offer a “complete” enterprise solution?

Verkada ProductsWe’ve all heard that before. I typically don’t “rave” about a specific product but rather, I always try to find the solution that I believe will meet my client’s needs. By offering various options and products, I make sure that the customer has all the info they need to make an informed decision.

Then why, you may ask, am I talking about Verkada? What makes them so different? Well, let me learn ya a thing or two.

I have to admit, when I first heard about Verkada, I was VERY skeptical and thought there was no way they could live up to what they were promising and I put them out of my mind. Then I started at Kenton Brothers and really got the opportunity to see Verkada systems in action in the field. I’ve been able to play around in the system myself. I’m pretty tough to impress, but after some time and experience, I’m a big fan!

Now, are they a good fit for everyone? Absolutely not. Are they a good fit for many? Absolutely! It’s an investment, but that is offset by the quality of their products, operating platform and ease of use.

Verkada Command

Verkada Products and SolutionsVerkada Command combines video, access control and sensor insights across your organization into a cloud-based solution. Cloud-based… meaning no more expensive servers to maintain or replace! That’s a plus. It is infinitely scalable so you can add as many devices as you need. Maintenance? Forget about it! Automatic updates are continuously delivered to make sure you’re equipped with the latest and greatest features and enhancements.

Verkada can provide a range of cameras from domes, bullets, minis and fisheyes. The cameras also come equipped with built in storage that can store anywhere from 30-365 days of video history. That means, even if your network or internet goes down, cameras are still recording.

Access Control

The access control system is great too! Each door controller is built with its own onboard processing and storage so teams can quickly configure and manage all doors. It’s easy to set up, allows you to manage access remotely and connect your organizations active directory solution to seamlessly manage credentials being added and removed. (Another plus, their door controller multi-format card readers support low and high frequency card formats.) As of now, Verkada only offers 4-door controllers, which means that if you have 16 doors, you’ll need to get 4 controllers. However, larger controllers are in development.

Intrusion Detection

Verkada ProductsNeed intrusion detection? They’ve got that covered, plus a lot more. No more need to purchase and install multiple sensors that only do one thing. Get one sensor for motion, noise, and even environmental data like temperature, humidity, air quality, vape detection, PM2.5 and TVOCs. (If you don’t know these terms, we should probably talk…)

All of this is instantly integrated, allowing all the sensors, cameras and doors to communicate with each other, making your ability to maintain situational awareness much more efficient. I’ve personally experienced the frustration and time consuming effort it takes when you’re trying to find records or reviewing hours of video to find a specific 2-3 second clip. Verkada takes all that frustration away with all of its capabilities.

They even offer 30-day trials for some of their products. Want to give Verkada a try or see it in action? Give us a call!