8 Threats That Could Disrupt Building Security
OTHER PARTS OF THIS ARTICLEPt. 1: This PagePt. 2: Looking Ahead to Future Security Scenarios Pt. 3: The Facilities Manager's Guide to Disruption
Disruption is a major issue for businesses today, whether responding to events that are already unfolding or scanning the horizon for disruptions that may be coming. That’s true for security as well. Mass casualty attacks dating back to Khobar Towers and Columbine eventually led many facilities to change practices and adopt sophisticated technology platforms, surveillance tools, and emergency communications systems. And the threat of car and truck bombs led to the focus on standoff distance in design to make buildings more resilient.
While disruptive change can occur quickly, buildings are slow to change. That’s why it’s important for building owners to be aware of potential disruptions and to begin factoring those possibilities into resilience plans.
There is no way to be certain which factors will turn out to be disruptive. But to an experienced eye, the following eight developments have the potential to disrupt security practices. This is not intended as a prediction but rather as a list of things that building owners might want to pay attention to.
1. Darknet (ToR). Originally conceived in the mid-1990s by the United States Naval Research Laboratory, ToR was developed with the noble idea that people should have the opportunity for anonymous and secure communications.
Now ToR is more recognized as Darknet, a widely unknown internet underground accessible only with a specialized ToR browser. On the Darknet, you can purchase stolen information about identities, credit cards, weapons, templates for 3D printing, plans for homemade explosives, and other things not commercially available. You can even hire hackers.
The Darknet is on the list of disruptors because it offers an aggressor access to information on how to carry out an attack and minimize the chance of detection. What’s more, most building owners are not monitoring the Darknet for possible vulnerabilities.
2. Cloud computing. Cloud computing means that premise-based software and hardware (servers) are placed into the “cloud” — a fancy word for someone else’s off-premise data center. The user of the cloud-based system typically doesn’t have to purchase any hardware, and the appliance (access control panel or cameras) transmits back to the off-site data center. Manufacturers are developing cloud-based systems because they provide recurring revenue: Recent advances in data connectivity make it possible for companies to outsource the maintenance and monitoring of these systems for a recurring fee. The challenge is that the security of these devices is wholly dependent on the third party hosting the building owner’s systems.
3. Smart phones. From games to word processors to mobile keys, these devices exude convenience and have a litany of on-board sensors, which allow their applications to do more than ever conceived. Smartphones also can be equipped with off board sensors, such as forward-looking infrared or wireless antennas. Smart phones have been around since 2007; the question is, where will we be in 10 years? How far will this amalgam of technologies take us? More importantly, how will people with malicious intent exploit these devices?
4. Drones. Drones in general are formally known as unmanned aerial vehicles. These devices are commercially very affordable for the feature sets they provide. Enthusiasts have taken these technologies to extreme limits, equipping them to support flight times over greater distances, dropping of packages, dosing of wasp’s nests with pesticides, or racing through forests. Some of these uses could be potentially negative; drones can now carry firearms and blowtorches and are used for hacking. Some drones can carry 50 to 500 pounds for flight times as long as 20 minutes. The technology is continuing to evolve, getting smaller, and taking on other uses. One example is “swarm” technology, used at the 2018 PyeongChang Olympic Winter Games, where thousands of drones attempted to spell words in the sky.
5. Robotics. Wheeled robots are limited by their environment (e.g., stairs). The combination of machine learning, the development of alternative methods of momentum, and improvements in battery technology will revolutionize mundane tasks like security officer patrols in a building. Robots are here today, but they are far too expensive to purchase. Leasing them costs as much as paying a human guard at present. However, technology costs will drop and new contractual leasing methods could dramatically reshape the guard agency into a complete managed security outsourcing provider that offers such functions as business continuity and emergency planning for its clients. Robots will take over observe-and-report roles, while human staff assumes more task-intensive and costly security roles (such as recognizing intrusion, dictating emergency response, and supporting communication between officers and police). Complete security outsourcing would be more expensive than basic guard services but less costly than in-house security staff.
6. Machine learning and artificial intelligence. Artificial intelligence is the ability for a computer to learn without being programmed, whereas machine learning allows the program to learn from its experience and environment with human assistance. For instance, video analytics that use machine learning may learn over time the difference between a human and an animal; however, the user will need to provide feedback on whether the computer is making the right choice. With artificial intelligence, a machine would learn the difference without any user feedback. Hypothetically, machine learning could make it possible for a computer to crack passwords and to hack into other computers. Artificial intelligence makes it possible for computers to act autonomously; Facebook shut down an artificial intelligence project when the computers began communicating in their own language, which the programmers could not understand, but later determined that machine learning led the computers to more efficient communication; they were not planning the eradication of the human race. Machine learning is also the front line of deep fakes, which can simulate facial information and vocalization (voices) that are very difficult to differentiate. For an example, go to fakejoerogan.com and try to tell which is the real Joe Rogan.
7. Autonomous vehicles. Partially autonomous vehicles have hit the roads. While there is still someone at the helm from a safety perspective, it will be a limited amount of time before we will have fully autonomous trucks and cars, which will ferry us to and from our destinations. They will deliver pizzas and packages and support autonomous parking, where cars will park themselves. More maliciously, they could be used for remote attacks.
8. Quantum computing. Traditional computing language uses bits or switches that are either on or off and are expressed as 0 or 1. The bit limitation literally places a bar on the upper limit of what a computer can process. Quantum computing could exploit quantum mechanics with the creation of quantum bits, or Qubits, which would make it possible to solve problems that require too much computational power for today’s computers to tackle. A quantum computer could conceivably break our strongest passwords in minutes as opposed to the decades required through conventional computing. As such, quantum computing would create security vulnerabilities that would have to be addressed immediately, but could also be used to address the Earth’s biggest problems.