Sure, this column could be entirely about all the new connections I have made and developed over the past two years here at Locksmith Ledger, traveling to all the different industry conferences and speaking with locksmiths, manufacturers and distributors who work with locksmiths to provide the products and services they want and need.
But my focus here this month is on the product and technology level, those new access control connections locksmiths are making as they venture into this brave new world of smart locks (see article on page 20), the cloud, mobile access (see article on page 32), AI, etc., where the protection of one’s credential and data becomes equally as important as securing that lock on the door.
While electronic access control becomes much more prominent, it also adds another layer of vulnerability, as the focus moves to what's controlling that mechanical lock.
“Something has to move in the lock is one of my rules, as electronics don't open doors, mechanical locks do, so we always attacked the interface between electronic and mechanical because that's always where the vulnerability is,” says Marc Tobias, author of On Locks and Insecurity Engineering and a physical security expert with more than 30 patents who works with lock manufacturers to help them fortify their products. “Electronics are taking over, and they offer some incredible options and convenience, but it's access control and the problem is, there's always ways to hack things.”
As Tobias astutely points out, bad actors are always looking for vulnerabilities within the overall system, and once they are in, it literally gives them the physical and logical keys to the kingdom.
Min Kyriannis, CEO & co-founder at AMYNA Systems Inc., who spoke on a cybersecurity panel at the GSX conference in September, agrees.
“It's not just looking at cybersecurity, but you also have to think about privacy and how you are protecting the data,” she says, noting that researchers expect there to be 40 billion IoT devices on the network by 2025. “When you're setting the system, designing a system, installing a system, how do you mitigate that risk and take away the liability that you yourself have by touching that system? What do I need to do to ensure the protection of those I'm working with while also protecting myself at the same time?”
In my discussions with locksmiths in last month’s state-of-the-industry roundtable, this topic is on their radar now as they work much more with electronic access control products that are connecting to other devices and systems.
“We must look at digital security of how that data is being accessed and how that data is being stored,” says John Nolan, owner of Reliant Security. “The last thing you want to do is buy some cheap product that is made overseas somewhere, only to find out there are major security flaws, and the data is being accessed or compromised somehow. So, when we're looking at online and remote access with this stuff, we're looking for devices and software that have a lot of security built into them.”
As we see, it's a brave new world for locksmiths.
