Subscribe to Monitoring Matters RSS Feed

Monitoring Matters

by: Ginger Schlueter - Wednesday, March 13, 2019

Based on analyst firm Gartner’s research, 20.4 billion Internet of Things (IoT) devices will be deployed by 2020; that’s more than double the world’s population! Hackers tend to gravitate toward the weakest link in the security chain, and because more and more IoT devices have questionable defenses, they make easy targets. This has caused the U.S. government to take notice.

To date, there is no national standard for IoT security, leaving it up to each company to decide how they want to security their connected devices. So, on Monday, March 11th, the U.S. Senate and House of Representatives members introduced the Internet of Things Cybersecurity Improvement Act. If passed, this legislation would set minimum security standards for connected devices used by the government in an effort to prevent the federal government from purchasing hacker friendly devices. 

While the legislation won’t set security standards for all IoT companies—just the ones wanting to win federal contracts— it could provide a baseline of best practices for all connected device manufacturers to consider. 

Should the bill pass, here’s what would happen: 

  • Security standards from the National Institute of Standards and Technology (NIST), such as secure development, identity management, patching and configuration management, would be required; 
  • NIST would review every five years; 
  • All IoT venders selling to the U.S. government would have a vulnerability disclosure policy, allowing government officials to learn when the devices are open to cyberattacks.

 

Do you think this legislation would compel all connected device makers to adopt these security requirements or just the ones wanting to do business with the government? 

 
by: Ginger Schlueter - Wednesday, March 6, 2019

Venturing off to Coronado Island, right outside of San Diego for MercTech 5 was an exciting adventure into the open architecture world of physical security. Various trends were identified, company announcements made, valuable networking with security companies was experienced as well as education and fun. 

To kick off the conference, Matt Barnette, president, Mercury Security, announced that this year, the company will be formally converting to HID Global and they are always looking for new partners. (HID Global purchased Mercury Security, an OEM supplier of controllers for physical access control, in 2017.) Thus far, Mercury Security has kept their original logo, with the added phrase: “part of HID Global.” 

Serra Luck, VP end user and consultant business, HID Global followed with three major trends in the physical access control market: the evolution of identity; service oriented and convergence of video, biometrics, access control, lighting and more to be controlled by a single device. Luck identified what she termed “BIMruption,” building information modeling in which a wholistic view of a building, including its vulnerabilities, can be seen before the structure is actually built. This enables the simulation of possible terror attacks, physical breaches, structural integrity and more so that security consultants, integrators and end-users can become even more proactive in preventing security-related issues.

Donna Chapman, consultant relations business development manager, ASSA ABLOY compared how she “talks up” security consultants to their partners. She likens it to doing taxes. 

“Can I do taxes,” she asked the audience, hypothetically. To which she answered, “yes, but am I up-to-date on all the tax regulations…no, and that’s ‘ok’ unless I get audited. So, it’s easier and safer to have my taxes done by a professional…same with security consultants.”

The two full days of the conference continued on with valuable education as well as meetings with various Mercury Security partners, followed by amazing dinners and networking events. Partners were available in various suites in a “speed dating” type of format, 45 minutes in length, where security consultants learned about their solutions as well as got their questions answered. 

A consultant roundtable took place, in which hot topics were discussed, one of which was the adoption of Open Supervised Device Protocol (OSDP), a communication standard developed by the Security Industry Association (SIA) to improve interoperability among access control and security devices. Security consultants were also concerned with specifying manufacturer’s certifications, asking if companies could possibly add certification numbers or some sort of identification so each certification is easier to “spec.” 

As the event concluded and I began to reflect, one of the most valuable takeaways from the whole conference emerged. Steve Wagner, president of Open Options, said the following during a speed dating session: “Everyone employed with Open Options is empowered to make decisions on behalf of customers; if a mistake is made with any such decisions, it will be to the benefit of the client.” This customer/client-first mentality, in my opinion, is a big piece of the pie that security companies must incorporate into their culture for maximum success. 

 
by: Ginger Schlueter - Wednesday, February 27, 2019

This week, I’m spending time in the Country Music Capital of the World, Nashville, hanging out with everyone at MIPS 2019, a conference organized by Milestone. After quite an eventful experience at the DFW airport — maintenance issues, delays and arriving a bit late to the conference — I’m happy to report it was all worth it!

Yesterday was jam-packed full of amazing speakers, new announcements from Milestone and their partners, and of course, hand claps and “yee-haws” to celebrate. Today promises even more highly beneficial content and a one-on-one interview to discuss the new Milestone Marketplace, an online experience to explore proven applications, hardware, and services that work with XProtect; connect with technology partners; and find the solution to deploy.

Be on the lookout for my MIPS 2019 roundup piece and follow me on Twitter @SSN_Ginger for live updates. To get caught up on yesterday’s Tweets, search with SSN’s new hashtag #SSNTalks.
 

Topic:
by: Ginger Schlueter - Wednesday, February 20, 2019

The love of smart speakers is permeating the world, as more and more people are introducing these devices into their homes for various reasons—to listen to their favorite tunes, search for real-time and factual information, listen to news, chat with the voice assistant for fun (I mean, it’s pretty cool to play trivia with Alexa!), and use alarms and timers, and more. So, to do all these activities, what are people looking for in a smart speaker?

After surveying more than 13 percent of Internet users with smart speakers in their households in November 2018, from Australia, Brazil, Canada, Germany, India, Japan, the United Kingdom and the United States, IHS Markit found:

•    27 percent said the most important feature is “integration with services and devices;
•    25 percent said a “questions and answers” feature; and
•    24 percent indicated “sound quality.”

Of the respondents with access to smart speakers powered by Google Assistant or Amazon Alexa, they were more likely to rate integration as the most important feature because they positioned their digital assistants as smart home hubs, primarily because both platforms leverage their own entertainment offerings, such as audiobooks and streaming music.

Fateha Begum, associate director, IHS Markit, revealed the following information from the survey in an announcement:

•    Sound quality and integration is usually equally important among consumers, especially for those with Bose, JBL, Link, Panasonic, Sony and other traditional audio brands.
•    Smart speaker households in India and Brazil selected sound quality as the most important factor.
•    Amazon Echo and Google Home owners said answering questions was top of their list.

Across all markets surveyed, it seems Amazon Echo is making a bigger splash among households. Those owning Amazon Echo devices were more likely to have multiple devices and on average, 21 percent accessed two Echo speakers with 15 percent accessing three or more speakers. Only 15 percent of Google Home owners had access to two Google speakers with an additional 15 percent accessing three or more speakers.

In my opinion, the key takeaway from this survey was stated by Maria Rua Aguete, executive director, IHS Markit, “Operators now understand the importance of having their own digital assistants, to maintain and control the customer experience and network usage.”

As the semi-proud new owner of an Echo Show, 2nd Generation, I enjoy Alexa for the little things—playing games and listening to music, and I appreciate the concept and lure of smart speakers and AI, but for me, and maybe it’s my undeniably strong Texas accent, Alexa just doesn’t understand me! 

For more research on the smart speaker craze, click here.
 

Topic:
by: Ginger Schlueter - Tuesday, February 12, 2019

The countdown to SIA’s new conference acceleRISE has begun with plans for security leaders to share ideas and inspire tomorrow’s up and coming young security professionals via coaching, business skill development and networking. This event is to take place August 14-16 at the Radisson Blu in downtown, Minneapolis.

Having never been to Minnesota and being the extreme foodie that I am, I did a little research and discovered a meat-centric American grill that I would totally check out — Butcher & The Boar. Glancing at their menu, offerings include:

      • Delectables to share: artisan cheeses, red wine jelly, house-made crackers and breads.
      • Tantalizing main meals: Wagyu ribeye, Filet Mignon, coffee-brined duck breast and smoked salmon salad.
      • Mind-boggling desserts: sweet potato cream brulee with orange coriander, dark chocolate ganache baked tart accented with mascarpone … the list goes on and on. I mean, you’ve got to stay properly nourished to soak up all the knowledge of this event’s keynotes, panel sessions, team-building    exercises, peer networking and workshops!

“Finding and keeping qualified talent is the number one issue facing SIA members and the industry,” CEO of SIA, Don Erickson, said in a press release. “AcceleRISE will provide young security professionals with a compelling learning experience, ignite new thinking, strengthen leadership skills, sharpen business acumen and ultimately propel attendees forward as stronger contributors to their employers’ success.”

With topics such as introducing the security industry ecosystem, project and time management, inspiring yourself to innovate and more, attendees will walk away with:

       • Insight into leadership, business and soft skills development;
       • Understanding of emerging security trends and principles of critical thinking; and
       • Insight from accomplished security professionals, offering real-life examples of security-related career paths.

“Today’s young professionals bring a unique perspective to the workplace,” Erickson told SSN. “They are creative and critical thinkers who will become stronger contributors to engineering, sales, marketing, customer service and project management teams by having access to the compelling experience offered through AcceleRISE. Designed by young professionals with input from managers, this event will complement the quality educating and training offered by employers today.”

Security Systems News is honored to be a participant in this event to continue to engage with the young security professionals of tomorrow.
 

Topic:
by: Ginger Schlueter - Tuesday, February 5, 2019

Being a part of the security industry day in and day out affords me some very unique conversations and learning opportunities about security projects. Take the city of Detroit, their Project Green Light and Guardian Alarm, as an example. 

For those of you who may not know or need a refresher, Project Green Light started in 2016 when the Detroit Police Department (DPD) partnered with eight gas stations installed with real-time cameras, connected directly to police headquarters. This was the beginning of a different type of partnership, one that would take the city, businesses and community on an unprecedented security journey. 

“Project Green Light is a really unique project; it is a very progressive approach to video verification of real time emergency events,” Jason Tague, director of business development, explained. “The way it operates, when a 911 call is received from a Project Green Light location the Detroit Police Department has the opportunity to verify emergency action in real time, and once verified, they are able to direct the nearest police officer or first responder to that location because of video verification.” 

Businesses invest in systems under the agreement that DPD will have access to video cameras to help better protect them, just in case. Businesses are literally “marked” as Project Green Light participants. 

“There’s a select signage package that DPD has trademarked – a logo, along with the name – and program participants have requirements to post a certain amount of signage on their place of business,” Tague said. “Also, there is a green strobe light outside of each business – a ‘beacon’ if you will – that flashes. This creates awareness in communities that it is a place that’s connected … a place that’s safe.” 

The vendor approval process is rigorous, as DPD is very selective about the vendors they partner with, putting great emphasis on standards, policies and procedures in terms of what is expected of and from a vendor. Tague believes Guardian was chosen based on their 85-year tenure in the security industry, being a well-known brand in Michigan, having a broad, established customer base and offering a full-service solution. Perhaps this is why Guardian was chosen for the community’s beloved Don Bosco Hall, a private, non-profit agency that provides services to enhance quality of life for the community’s youth and their families. 

“We were honored to be chosen to work with the community center [Don Bosco Hall],” said Tague, “because it was a complex environment and we had to be very mindful of the environment during installation.” 

During the installation, things didn’t stop moving at the hall. Children were changing activity/classrooms, even when cable was being pulled in an antiquated building. 

“It’s [pulling cable] is a very daunting task,” Tague said, “but we navigated that gauntlet quite well and were very mindful of the environment. The children took interest in what we were doing, so it was a little bit of an educational process along the way.” 

Ultimately, Tague said that it’s nice to know the playground and the outer corridor where the children go out to play offers a sense of security beyond the actual walls of the building itself. 

One of the questions I enjoy asking security professionals is “what else would you like my readers to know?” about any topic of discussion. In this case, Tague concluded with a solid piece of advice that I feel all security integrators should take to heart: keep it simple. 

“We make it easy for Project Green Light participants. Our team has been really great at explaining and helping people understand the process step-by-step, so there are no surprises and everything goes according to plan … everything.” 

So, how do you and your team keep things simple for your customers? Excited for your replies!

by: Ginger Schlueter - Tuesday, January 29, 2019

Yesterday in the United States, Data Privacy Day 2019 was celebrated. On social media, tweets flew by offering tips on how to protect data against hackers. Security professionals and enthusiasts on LinkedIn discussed the topic at hand while top privacy leaders, such as the National Cyber Security Alliance Executive Director, Kelvin Coleman; Eva Velasquez, president and CEO, Identity Theft Resource Center; and CEO Larry Magid of Connect Safely, among others, convened in San Francisco for an afternoon of focused discussion about opportunities and challenges for data security moving forward. 

Yes, yesterday was quite the day for data security. However, we must recognize that securing data is a 24/7, 365 day a week operation. Google “data security breach” and incident after incident will pop up … for me, it was about 117 million in .75 seconds. Recently, Ring was outed by major news outlets for Ukraine engineers and executives at Ring having “highly privileged access” to live customer camera feeds — both doorbell cameras and in-home cameras — around the world, while a NEST camera was hijacked with a voice warning a California family that three missiles from North Korea were headed to the U.S., which, of course, was not true, but I can imagine sent the family into sheer panic. 

With breaches such as these, among the millions of other data breaches and exposed records in the United States alone, ADT in partnership with SIA, The Monitoring Association, Electronic Security Association, the Internet Society’s Online Trust Alliance and TrustArc are creating a new consumer privacy initiative.

“Alongside industry organizations and partners, we will be outlining privacy and ethics priorities for the industry, creating an external and internal advisory board, and updating our promise to customers: ‘At ADT we are dedicated to your safety, and helping take care of what you value and cherish most in your life: your loved ones, your property and your privacy,” ADT’s CEO, Jim DeVries, said in an internal company memo that went out to all 19,000 ADT employees and to SSN, exclusively. 

In the coming months, the initiative is focused on the following key objectives, the press release said. 

  • Adopting a set of industry-wide best practices that are customer-centric and drive transparency. 
  • Working with dealers, partners and other industry organizations on enhanced privacy and ethical standards for our industry. 
  • Programs focused on privacy, ethics and transparency. 

ADT is also soliciting participation from other organizations who are interested in helping to drive the objectives. 

So, how do you think this initiative will help with data security? 

Let’s discuss!

 

by: Ginger Schlueter - Wednesday, January 23, 2019

The end of early bird registration for TechSec Solutions 2019 is quickly approaching; this means only a few short days until the special rate to attend, network and learn will be increasing. Don’t let the dates sneak up. Register and mark your calendars now for February 25-26.

This year’s theme –“Securing a Connected World” – explores exciting new technologies currently being used in real-life situations to enhance security and safety, and how security professionals can leverage these same technologies to achieve their security goals. And, if sunny Florida in February in a beautiful hotel right across from the beach (yes, walking distance!) isn’t enough of an enticement, here are the top six reasons to attend:

  1. Learn about new, currently deployed technologies and gain ideas for future projects.
  2. Visit the exhibit hall – a dedicated space to see and interact with the latest technology and company representatives from the event’s sponsors. 
  3. Attend the Mega Panel - learn from leading industry professionals from top security associations and organizations as they give their perspective and vision for the future of security.
  4. Participate in the dynamic educational program and earn credit from: ALOA – Education credits (AEU); ASIS – Continuing professional education credits (CEP); and NICET – Continuing professional development points (CPD).
  5. Network - a small, relaxed setting offers uninterrupted time for attendees to meet, greet and have conversations with speakers, manufacturers and distributors, and other security professionals to further their learning and knowledge base.
  6. Eat, drink and be merry – delicious meals are provided along with refreshments during breaks from sessions, and make a splash at the poolside reception!

Plan on networking, learning and having some fun “like a boss” at TechSec 2019!

 

What are you most looking forward to at TechSec this year?

by: Ginger Schlueter - Wednesday, January 16, 2019

Day number 26 … it’s the longest shutdown in U.S. history, and with approximately 800,000 federal employees out of work or working without pay, and three or more hours of wait time to clear security in some of America’s busiest airports—Atlanta, Houston, Miami and Washington—security-related vulnerabilities linger. Just by saying the U.S. is “shutdown” seems to give hackers, terrorists, criminals and such the impression that the whole country is weak and now is the time to strike.

Here’s some specific areas the shutdown is hitting security the hardest, and please clcik here to comment on the topic in our News Poll:

Government payment portals and remote access services: Sites such as NASA, the U.S. Department of Justice and the Court of Appeals, among others, are insecure or inaccessible, due to more than 80 expired TLS certificates used on .gov domains. What’s more, only 1 in 20 HTTPS servers implement the security feature that prevents visitors from making unencrypted HTTP connections to a server.
As more security certificates expire during the shutdown and with furloughed IT employees not renewing them, opportunities for a security hack increase.

Click the following links to see examples of expired .gov certificates as of January 16, 2019:
https://ows2.usdoj.gov/
https://rockettest.nasa.gov/

National cybersecurity: It seems “everyone” is furloughed…approximately half of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the employees who protect critical infrastructure, such as banking, water, energy and nuclear; 85 percent of the National Institute of Standards and Technology (NIST) employees and other IT professionals knowledgeable about the latest cyberattacks and how to deal with them most appropriately, according to CNBC.

Security operations, software patching and penetration testing are among the activities not getting done for government sites including but not limited to:
•    Departments of State;
•    Homeland Security;
•    Agriculture, Commerce and Housing and Urban Development;
•    Environmental Protection Agency;
•    Internal Revenue Service (IRS);
•    National Institute of Standards and Technology; and
•    National Park Service.

Weakened airport security: Not only is wait time increasing for passengers to get through security, but personal safety is quickly becoming an issue. On January 2, 2019, a Delta passenger successfully deceived TSA, sneaking a gun past agents and onto a flight headed to Tokyo from Atlanta Hartsfield-Jackson International Airport.

According to USA Today, TSA said they would “hold those responsible appropriately accountable,” as they rejected the assumption that low staffing was to blame. Either way, carelessness or low staffing, security was breached and could have led to dire consequences.

As we see the deterioration of security right before our eyes, what are you most concerned about when it comes to the partial government shutdown and security?

Let’s discuss! Looking forward to your responses.

Topic:
by: Ginger Schlueter - Wednesday, January 9, 2019

It’s good to see registration is open for the second annual Cyber:Secured Forum, and that it’s in my “neck of the woods.” The Westin Dallas Park Central will welcome this conference that helps connect cybersecurity, physical security and systems integration, hosted by ISC Security Events, PSA Security Network and the Security Industry Association (SIA). It’s to be held July 29-31, one of the hottest times in Dallas might I add, so plan on drinking lots of water! Hydration is key during our hot, Texas summers.

(Tip: Walk or Uber over to the Circle K convenience store at 12950 Coit Rd., which is right beside the Westin, and buy water for your hotel room. Usually our convenience stores will have 2 bottles for $2, or some sort of sell.)

According to the SIA website, attendees can look forward to topics including global cybercrime trends, tools and technology for better cybersecurity of physical security systems, monetizing cybersecurity services, cyber-hardening of security systems and more, presented by IT and physical security professionals. The goals of the conference are to connect and share information on risks and liabilities, learn how to respond to cybersecurity threats and work toward establishing security control standards across IT systems.

Plan on attending the July 29th welcome reception, plugging into sessions and strolling around the exhibits displaying various solutions related to cybersecurity, and don’t forget to find me buzzing around. In fact, reach out now, gschlueter@securitysystemsnews.com, and let’s get something on the calendar – a booth visit, coffee, lunch – I’m open to pretty much anything. And of course, I can help you figure out the best places to eat and visit during your stay in Dallas.

I’m excited to attend the forum, meet with you, learn more about cybersecurity trends and what’s going on in that world, and how cyber and physical are successfully merging to keep people and infrastructure safe.

 

Pages