Critical infrastructure security teams are tasked with one of the most important jobs: protecting our country’s assets. In light of recent geopolitical and economic events, this has become even more important. Manual monitoring of access control and video systems is an important and time-consuming part of critical infrastructure protection. This oversight has been severely affected by staffing shortages as organizations struggle to hire security guards. Macroeconomic trends such as inflation have compounded the problem by increasing the costs needed to maintain a post-recruitment guard force. It has reached a point where technology and automation are needed to keep our critical infrastructure secure.
The field of artificial intelligence (AI) has advanced tremendously over the past decade. We now have AI algorithms that can analyze massive amounts of data in different formats (video, audio, text, logs, etc.) and find anomalies. This has many applications in critical infrastructure security, especially in solving recent surveillance challenges.
Much of the manual monitoring involved in infrastructure security is alarm monitoring of access control and video systems. These systems generate alerts that ideally should only be generated when a breach occurs. However, due to factors such as hardware failures, these systems generate a large number of false or nuisance alarms. Many Critical Infrastructure Security Operations Centers (SOCs) suffer from this and have multiple people dedicated solely to monitoring these false alarms. As you might expect, humans aren’t well equipped to find the one true alarm after weeding out thousands of false alarms. It is well known that operators become desensitized to real incidents because they have been conditioned by the thousands of false alarms that occur prior to that real event, resulting in “alarm fatigue” induced missed misses. AI and automation can help solve this problem. AI can analyze data from security sensors and automatically eliminate nuisance alarms where there is no violation. This greatly reduces the risk of missing a real event, saves time and allows human security operators to focus on more important tasks.
Another significant problem in infrastructure security, which has existed since the early days of using badges for access control, is tailgating or piggybacking. This occurs when a person follows another person (or a vehicle) into a secure area without presenting a valid ID. Tailgating undermines the very purpose of physical security, which is to ensure that anyone physically present in a secure facility is authorized to be there. Tailgating detection today requires manual monitoring of every person or vehicle entering a door or gate. AI can automate this process by automatically analyzing video footage corresponding to each badging event and checking if more people or vehicles are entering than the number of distinct badging swipes.
Eliminating false alarms and detecting tailgating only resolves the symptoms of the underlying issues. The root cause of both of these symptoms is usually faulty hardware and human behavior. AI and automation can also help address these root causes. By allowing AI to correlate and analyze alarms from a door or camera over time, security teams can proactively identify faulty hardware such as a camera, magnetic lock or a faulty request-to-exit sensor. To address tailgating issues, security teams can implement automated systems to send alerts to violators to let them know that a breach has been detected and should not happen again. This raises employee awareness and leads to behavioral change over time. AI also helps ensure critical infrastructure security teams stay compliant. The TSA, NERC, UL, and other organizations have strict policies on tailgating and responding to alarms that are difficult to meet with manual monitoring.
Artificial intelligence algorithms thrive on data, and we can use this “data hunger” to solve data-related problems in infrastructure security, especially to combat insider threats. For example, each critical infrastructure facility generates millions of data points every day, ranging from swiped badges to open doors. AI can find trends and patterns in this data and alert security operators when it detects anything out of the ordinary. For example, if an employee badges between 7 a.m. and noon on weekdays and that badge is suddenly used on a Saturday at 2 a.m., the AI can proactively alert the security team of an anomaly who can then make the subject of an investigation.
This anomaly detection can be further extended with convergent data from cybersecurity and physical security. Continuing the same example above, if cyber systems indicate that the employee who checked in at 2 a.m. Saturday also exfiltrated terabytes of data, then we have an even bigger problem. Today, cybersecurity and physical security data typically resides in separate silos, and this is just one example of the value that can be generated by bringing them together. Another simple example is a scenario where an employee’s badge is presented in one location while the same person’s email account is accessed from a different location. Due to the siled nature of cybersecurity and physical security systems, this anomaly can easily go unnoticed. By bringing systems together and enabling AI to detect these types of anomalies in addition to converged data, organizations can make our nation’s infrastructure more secure.
Here, we’ve only scratched the surface of the variety of ways AI can improve critical infrastructure security. A common concern with the adoption of AI is that it will lead to the replacement of humans and the loss of jobs. However, the purpose of AI is to help the human security operator. AI empowers security teams by removing mundane and repetitive tasks and allowing them to focus on tasks that require real human attention and judgment. And given the current economic conditions, we want humans to focus on these tasks while AI works quietly behind the scenes to reduce risk and build resilience.
#improve #critical #infrastructure #security #Today