IEN: What are the major security concerns facing industry and how can they be addressed?
Cowens: I think the most significant concern that industry is facing today is one of integrating the well-understood physical concerns with the network and logical security concerns. The companies that are best positioned for this are those that combine those functions, both when it comes to managing the organization -- for example, they have the physical and logical network security report into, perhaps, a single location or person -- and others that have developed or implemented technologies that combine those functions. For example, say you have a device that provides you with both access to the facility as well as access to the systems and network. I think that''s one of the biggest challenges for most corporations trying to improve their technology -- integrating those two functions within the organization.
Also, this particular area is becoming more and more critical because there needs to be a single thought-process around effectively managing identities coming in and out of a facility, as well as managing identities/authorization/permission coming in and out of the network.
IEN: Where are strides being made? Risk management? Computer security?
Cowens: I think the most visible advances are probably being made in computer security, partly because the awareness level is so centered on computer security. But it''s the physical access to facilities, systems, and data that''s probably more at risk. It''s really simple to think about it -- if I can get physical access to a computer or piece of machinery, then I can compromise it. We like to use the term, "If I can touch it, I can break it." So, the physical security is really the bedrock on which all of the other sources of security are built.
But I think the best strides we''re seeing are in computer security. I think that management, and our ability to do risk management, is improving. And it helps if you look at some of the government initiatives to share information with industry and private citizens. It helps the corporations that have an integrated view of security, where you''re able to look at some threat information that might be available today -- I think we''re making strides in making that available to businesses, who hopefully take that information and map it onto their processes to improve their processes -- whether they be physical or logical-type security at the organizations. I think we''re also seeing some strides around recognizing the need for physical security around critical infrastructures like SCADA systems.
IEN: What innovations are in store for users in security equipment and systems, software, training, etc?
Cowens: I think innovations like our token-based authentication gives you the opportunity to provide a single device that allows you to control physical security at the same time as logical security. For example, we''re considering incorporating RFID technology (radio frequency ID) in our iKey (Rainbow''s USB authentication token) that would allow you to get into a building and then, once inside, manage your access and identification details on computer systems and the network.
IEN: Where are other R & D hot spots?
Cowens: I think the real hot spots for R & D today are around biometric technology, like recognition as it applies to faces and fingerprints. But for physical security, some of that actually slows down your process. Some of the most exciting research is around facial recognition, although that''s also the area where we see most of the controversy because of the profiling and such.
IEN: Is the web a significant factor?
Cowens: I think the web is probably intertwined with most of this, in that it makes the end point of the system available no matter where you are in the organization. If you''re the security officer, web technology connects you to the sensors that might be out there -- that might be facial recognition, palm readers, physical access devices -- and this technology allows you to distribute that information throughout the organization so that the agency can make security decisions.
IEN: Will wireless technology play an increasing role in security? If so, how?
Cowens: I think wireless technology is probably going to play an increasing role, not just in security, but in everything we do, because it really makes it easy to deploy systems anywhere without the expensive cabling, and it gives you freedom of movement and mobility -- enhancing other technologies significantly. You could say that it makes you "location independent."
IEN: How can companies integrate security technologies within the industrial enterprise?
Cowens: Like any enterprise today, companies in the industrial enterprise need to take a look at what they''re trying to protect and where the holes in their existing infrastructure are -- that is, where the weak spots are and where the vulnerabilities lie. Once they''ve done that, they''ll have a policy-level view of what constitutes security and then it''s a relatively straightforward endeavor to take some of the technologies available -- like authentication technologies -- and merge them to create a layer of protection that encompasses physical security.
For example, if you have tokens that are integrated with RFID technology, you''re able to physically identify someone using the token, and allow access and permission into the network system with the RFID technology -- which is probably the best bang for the buck. One of the other, more significant steps that enterprises can take is to make security somebody''s job at the executive level. For example, there''s usually a director of corporate security that''s focused primarily on physical security. If you combine that role with the information security role, you''ll come up with the chief security officer position, or a function in the organization, which is another outstanding way of helping integrate security technologies into the enterprise itself. If it''s nobody''s job, it won''t get done.