What's that supposed to mean? Physical security systems that do things like access control and video surveillance were built to perform very specific security functions: letting people in and out of buildings, keeping watch on people, etc. At first, those systems were self-contained, not connected to any other system. CCTV systems, for example, would have cameras that were directly linked via coaxial cable using a proprietary communication protocol to a video controller, which typically sat on its own in a closet somewhere. The equipment was serviced by facilities people or outside security contractors. The IT department had nothing to do with them.
As such, these systems didn't really need the kind of cyber security that we're accustomed to (talking about) for the Internet: strong user and device authentication, encryption of data in transit and data at rest, activity logging and monitoring, etc. So these kinds of controls simply weren't built into physical security systems. Nobody even gave it much thought.
That all changed, of course, when physical security systems started getting connected up, first to enterprise systems, and then to the Internet. At first, the risks of CCTV and access control systems being pwned and used for nefarious purposes were voiced by security professionals, and ignored by the vendors. Gradually, though, vendors have begun to step up to this issue, recognizing that in the IOT, systems like this will almost certainly become high value targets.
Two examples of new thinking about the security of physical security systems come from Cisco, with its recently announced open camera IP platform, which enable attachment to surveillance camera systems of edge-based storage, and offer an API for application development - and HID Global, with its Trusted Tag Services to secure NFC applications.
We can expect more of this, as incidents take place and the market starts to demand more secure security.
(Credit: SecurityInfoWatch: Internet of Things takes hold in physical security)