Subscribe to RSS - Cybersecurity

Cybersecurity

Hikvision hires former IBM security pro to lead cyber efforts

Chuck Davis named director of cybersecurity in North America
 - 
10/19/2017

CITY OF INDUSTRY, Calif.—Hikvision USA Inc., a video surveillance products and solutions company based here, announced that Chuck Davis has been named director of cybersecurity for Hikvision North America.

Security experts launch new cyber company

Edgewise Networks to provide network security ‘where firewalls fail,’ company says
 - 
07/12/2017

BURLINGTON, Mass.—Edgewise Networks, a new start-up company backed by $7 million in initial capital, announced its official launch today. The company’s founders, CEO Peter Smith, a cybersecurity entrepreneur, and CTO Harry Sverdlove, former CTO of Carbon Black (formerly Bit9), are looking to provide a fresh take on network security, one that transcends the limitations of available address-centric controls.

Launch Security looks for cybersecurity to take off

SSN ‘20 under 40’ winner Rob Simopoulos starts new company in Maine
 - 
05/31/2017

PORTLAND, Maine—Security Systems News’ “20 under 40” winner from the integrator class of 2015, Rob Simopoulos, along with company partner Andrew Rinaldi, formed Launch Security here last month with the idea of helping organizations improve their overall cybersecurity posture.

Cyber talk on tap at ISC West

 - 
Wednesday, March 29, 2017

It is only March, but I think it is safe to call 2017 the “year of cybesecurity” as the industry has doubled down on its focus to secure everything IP.

This cyber mania, so to speak, is not unfounded, as the security industry is learning firsthand—from recent highly publicized DDoS attacks and increased ransom-ware attacks to more and more stories of compromised cameras and security systems—that the convergence of physical security and IT is creating a new set of challenges and security risks.

As I prepare for ISC West, I am not surprised to see that this year’s keynotes will be focusing on cybersecurtiy. I am very interested to hear what Philip Celestini, section chief, FBI Cyber Division, has to say in his keynote, “The FBI View of Cybersecurity: Threats, Trends and Protective Strategies,” on April 5 at 8:45 a.m.

I am particularly interested to hear how far the FBI has come in the past year in its war on cybercrime, as Celestini spoke on this topic at ESX 2016, providing some eye-opening statistics on the high cost of cyber attacks.

For example, at ESX last year Celesini pointed out that ransom-ware attacks went from causing $25 million in losses to $200 million in just one year in the U.S., as well as an astonishing $2 trillion in cyber crime losses worldwide. I wonder where those numbers are this year?

The next morning at 8:45, a panel discussion, “DDoS Threat Landscape & Defensive Countermeasures,” will look at how October 2016’s attack on Dyn’s DNS infrastructure was a gloomy wake-up call to the online community at-large. The panel will look at the role that IoT devices played in the attack against Dyn, as well as the attack against Krebs prior to it, as well as defensive countermeasures with a strong emphasis on preparedness ahead of these attacks.

And later in the day at 1:45 p.m., Matthew Rosenquist, cyber security strategist for the Intel Corporation, will present his keynote, “How Cyber-Attacks are Changing the Expectations of Security, Privacy, and Safety,” looking at the growing types of incidents and challenges in the industry that are driving shifts in expectations for security, privacy and safety, presenting a glimpse of the future where both risks and opportunities abound.

See you in Vegas!

Customers cyberaware, but not fully cyber-prepared

Protection 1 execs discuss today’s cybersecurity concerns and the company approach
 - 
03/20/2017

ROMEOVILLE, Ill.—Protection 1, which operates its own Network Operations Center, is seeing a rise in customers separating their security network in order to stay more cybersecure. Security Systems News talked with several professionals at Protection 1 about how cyberaware end users are today and the similarities and differences in cyber- and physical security solutions

Johnson Controls publishes cybersecurity 'call to action'

 - 
Wednesday, February 22, 2017

CORK, Ireland—Johnson Controls released a “call to action” whitepaper on cybersecurity this week in an effort to help the industry to better protect all of the data that is being produced throughout smart buildings today.

“As data becomes more and more prevalent throughout the buildings where we live and work, so does the need to protect that data; it is no longer enough for a building to be smart—it must now be cybersmart,” according to the new whitepaper, “Cybersmart Buildings - Securing Your Investment in Connectivity and Automation” published jointly by Johnson Controls and Booz Allen Hamilton, a management and technology consulting and engineering firm. This whitepaper provides a roadmap for building managers, building owners, contractors and others to act to protect their information.

“Research clearly demonstrates that cybersecurity is a critical need at a critical hour for buildings around the world,” Bill Jackson, president, Johnson Controls Global Products, said in the announcement. “As building technology and data converge, we must be increasingly vigilant.”

This collaboration between two companies, with more than 200 years of combined expertise in their industries, illustrates the progress being made in raising awareness of the need for cybersecure smart buildings, coined “cybersmart buildings” in the white paper.

“Securing smart buildings and building systems more generally, is a shared responsibility requiring focus and commitment from the manufacturer, integrator, and customer,” Jason Rosselot, director of Johnson Controls’ global product security, said in the release. “Just as two industry leading companies were able to collaborate to create this whitepaper, so too can smart building stakeholders partner to follow these recommendations and create cybersmart buildings.”

Jackson added, “Defending against cyber threats today and tomorrow requires the secure design, development and deployment of building automation systems and controls.”

According to the 2016 State of Industrial Control System (ICS) Security Survey by SANS, 67 percent of participants perceived severe or high levels of threat to control systems, up from 43 percent in 2015.

“Smart buildings are now at the forefront of this battle—with tremendous complexity and integration of systems, they represent an increasingly valuable target,” according to the whitepaper. “Connectivity and automation create entry points for cyber attacks with potential safety, continuity, quality and privacy impact. But we can’t let this risk cripple innovation.”

According to the whitepaper authors, cybersecurity can be “a business enabler for smart buildings. When done well, cybersecurity is about insuring your investment and assuring your ability to reap the transformative benefits that connectivity offers,” including working “with the right partners to secure your investments when assessing and deploying smart building systems or retrofits.”

The whitepaper, which can be found here, summarizes key insights to help set an agenda for cybersmart buildings.

Study: IT professionals not confident in their companies’ cybersecurity staffing

 - 
11/07/2016

PORTLAND, Ore.—Tripwire, a global provider of security and compliance solutions for enterprises and industrial organizations, recently announced the results of its study, conducted by Dimensional Research. Tripwire said that only twenty-five percent of respondents were confident their organizations have the number of skilled cybersecurity experts needed to effectively detect and respond to a serious cybersecurity breach.

Securing IoT

 - 
Wednesday, October 26, 2016

Last week’s malware attack sent a sobering chill through the security industry, as it illuminated the cybersecurity vulnerabilities of IoT products, showing how easy it is to hack into unsecured IP devices.

The hackers, who were able to affect sites including Twitter, Spotify and CNN, launched a distributed denial-of-service (DDoS) attack using tens of millions of malware-infected devices connected to the Internet to overwhelm Dyn, a provider of Domain Name System services.

Although the attack amounted to a temporary inconvenience for millions, it underscored the need for cybersecurity standards for the IoT world.

Toward that end, the Cloud Security Alliance (CSA) released this month a new guidance report titled “Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products,” which was created to help designers and developers of IoT-related products and services understand the basic security measures that must be incorporated throughout the development process.

With the release of this report, the CSA looks to provide much needed education and direction to product developers who know their products are at risk of compromise, but may lack the understanding as to where to start the process for mitigating that risk.

“It is often heard in our industry that securing IoT products and systems is an insurmountable effort,” Brian Russell, chair IoT Working Group and chief engineer, cyber security solutions with Leidos, said in the announcement. “However, with the help of our extremely knowledgeable and dedicated volunteers, we are providing a strong starting point for organizations that have begun transforming their existing products into IoT-enabled devices, as well as newly emerging IoT startups. We hope to empower developers and organizations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products.”

Specifically, the report lays out 13 considerations and guidance for designing and developing reasonably secure IoT devices, to mitigate some of the more common issues that can be found with IoT device development. Additionally, realizing that often times there is a need to quickly identify the critical security items in a product development lifecycle, researchers also outline the top five security considerations that when applied will begin to increase an IoT product’s security posture substantially.

The CSA IoT Working Group is focusing on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations. The group is led by Russell, with initiative leads Priya Kuber and Dr. Shyam Sundaram. Nearly 30 CSA IoT working group members contributed to development of the 80-plus page guidance report.

The full report is available at https://cloudsecurityalliance.org/download/future-....

Cyber-insanity

 - 
Wednesday, September 7, 2016

It has been about a month since I used this space to talk about the rising need for cybersecurity, a topic that is increasingly popping up in conversations within the physical security space.

Just this week, a report on the Cyber Security Market from global research firm MarketsandMarkets shows that the cybersecurity market is estimated to grow from  $122.45 billion in 2016 to $202.36 billion by 2021, at a CAGR of 10.6 percent. North America is expected to hold the largest share of the cybersecurity market in 2016 due to the technological advancements and early adoption of cybersecurity in the region, the report found.

The major forces driving the cybersecurity market, the study found, are the rise in security breaches targeting enterprises and need for stringent compliance and regulatory requirements, as well as the growing security needs of Internet of Things (IoT) and Bring Your Own Device (BYOD) trends and increased deployment of web & cloud-based business applications.

This rise in cybersecurity breaches is the reason why Surveillance Systems Incorporated, a Rocklin, Calif.-based security integration company, recently launched a new cybersecurity division, SSI Threat Protect.

In my conversation with SSI president Todd Flowers, he shared with me an ironic, yet poignant story about an inexpensive drone he had ordered that arrived on day one of the Threat Protect division launch. Flowers said drones are a part of the physical security space he is excited about, and thought it would be cool to use the drones for prizes—“a fun little thing to do for some customers,” he said.

“The first day I launched our new cyber division, this drone shows up, and I plug it in—the interface is super easy and it is on Wi-Fi—but it won’t work,” Flowers explained. “So I get my IT guy over and he pulls up the network and turns off our firewall to see what is going on. Now this thing is just supposed to work internally on Wi-Fi and does not require the Internet, but when he turns off the firewall, this thing starts transmitting packets of data to Japan and Korea. The drone was trying to transmit internal information from our servers, and basically opened up a pipeline of critical information to servers in Japan and China.”

Although this scary situation was remedied immediately, it exemplifies what Flowers said he sees happening within the next five years: “The physical side of what we do and the cyber side of security will converge,” he said.

Are you ready for it?

CSAA focuses on cybersecurity

 - 
Wednesday, September 7, 2016

At CSAA's upcoming annual meeting—to be held on Marco Island, Fla., Oct. 22 through 26—there will be a panel devoted to cybersecurity, which the association announced more about this week.

I spoke with Jay Hauhn, CSAA’s executive director, recently about the meeting as well as other focuses for the association.

Hauhn said that the annual meeting's cybersecurity panel was going to approach the subject in a new way, looking to focus on what companies should do about cybersecurity.

“We are not going to repeat what has been done ad-nauseum and have someone stand at the front of the room and scare everyone about cyber threats,” Hauhn told SSN. “We are going to focus on something actionable.  We are having experts talk about how to put a cyber protection program together.”

The panel, entitled “Cyber Security is a Business Risk (Not Just an IT Risk),” will include Justin Bailey, AvantGuard’s COO, Todd Neilson, president for Secuvant Security, Sascha Kylau, VP of central station solutions and service at Onetel, and Steve Butkovich, CPI Security Systems’ chief technology officer.

CSAA is going to be looking at cloud based central station automation platforms in a similar way at the meeting, Hauhn said. The panel will not only approach the features of the cloud, but what businesses’ cost savings could be and how they can get started with a cloud based platform. 

Currently, the association has an early bird rate for the meeting, which ends this Friday, Sept. 9.

CSAA is also keeping an eye on other emerging technological issues. Hauhn mentioned that the industry is changing, and standards are needed for newer technologies; CSAA recently put out the call for SMEs to assist with new technology standards.

“Monitoring life safety events in the traditional central station model remains our core business. That will not change. However, new innovative applications and services are being offered by our members. Best practices need to be created, that outline the actions monitoring centers take in this expanding environment,” said Hauhn.

“For example, when a service that monitors an asset in motion requires a dispatch of police or EMS, we have to be able to accommodate the asset traversing municipalities,” he said.   

Pages