In the wake of the terrorist attacks on September 11, 2001, owners and managers of tall buildings scrambled to improve the security of their assets, their tenants, and the millions of visitors that frequented their sites annually. In a rush to enhance the security and safety of their buildings, along with the people who occupied them, facility managers invested millions of dollars on access controls, monitoring systems, and people to ensure they were better prepared for unexpected events.
In 2002, the Building Owners and Managers Association of Greater Los Angeles partnered with the RAND Corporation to review the state of building security in that city. The results of the study, noting a surge in additional cameras, perimeter controls, and security personnel, would look familiar to today’s infosec professionals. In an especially prescient passage, the 20- year-old study predicts: “Although a ‘security standard’ has not emerged, we expect stricter access controls of one type or another to be permanent additions to downtown high-rise buildings.”
Prior to 2001, it was not uncommon for visitors to be able to roam from floor to floor, hallway to hallway, and business to business, unfettered once they passed through the lobby doors. After 2001, this free access was significantly curtailed by security guards, turnstiles, and card-controlled doorways, which were in turn monitored by cameras and facial recognition systems. Today, visitors are often monitored by artificial intelligence engines designed to predict disruption.
While even the worst of today’s cyberattacks don’t compare to the immeasurable loss of human life in the 9/11 attacks, it’s high time that the owners and managers of corporate networks take the same approach and sense of urgency to protecting corporate digital assets that their physical security counterparts have taken with protecting building access.