Subscribe to RSS - Cybersecurity


PSA, SIA and ISC launch cybersecurity conference

Wednesday, January 10, 2018

DENVER—Cyber:Secured Forum, a cybersecurity summit focusing on integrated systems, will launch with an inaugural gathering here, on June 4-6, 2018, under a partnership formed by PSA Security Network, the world's largest systems integrator cooperative, ISC Security Events (Reed Exhibitions, the global tradeshow company) and the Security Industry Association (SIA), a leading trade association for global security solution providers.

“Sophisticated cybervulnerabilities and threats are emerging every day, and it is critical for the physical security and systems integration industry to accelerate its delivery of compelling education to help all industry stakeholders mitigate the risk of cyberattacks to business continuity,” SIA CEO Don Erickson said in the announcement.

Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders.

“Cybersecurity is no longer just a threat—it’s a real issue knocking on the doors of security and IT professionals on a daily basis,” Bill Bozeman, president and CEO, PSA Security Network, said in the announcement. “The time for just being in reaction mode is behind us now. As security leaders, we have a responsibility to step forward and be part of the frontline defense when it comes to cybersecurity, just as we have been part of the frontline defense when it comes to physical security issues for decades. The goal of this conference is to empower attendees with real tools and knowledge to do just that.”

The two-day event will provide leaders in the IT and physical security industries with opportunities to connect and share information on risks and liabilities, responding to cybersecurity threats, and establishing security control standards across IT systems and particularly when integrating physical security solutions and devices on IT networks.

Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.

“At our recent ISC West and ISC East events, the educational sessions on cyber-physical integration and connected security have been in high-demand,” Will Wise, group vice president of the Security Portfolio, Reed Exhibitions. “In-depth education, training and industry collaboration is essential to ensure safe and secure systems for the market. We’re enthusiastic about this partnership with PSA Security Network and SIA to address this important market need.”

For more information about this new event and to be added to the event mailing list, visit

SSN News Poll: physical security’s place in cybersecurity

Half of respondents say contracting or partnering with a cyber firm is the best step

YARMOUTH, Maine—ADT recently finalized its acquisition of DATASHIELD, which will operate under the newly formed brand ADT Cybersecurity. In Security Systems News’ most recent poll, traditional security companies see a space in the cybersecurity world.

Hikvision hires former IBM security pro to lead cyber efforts

Chuck Davis named director of cybersecurity in North America

CITY OF INDUSTRY, Calif.—Hikvision USA Inc., a video surveillance products and solutions company based here, announced that Chuck Davis has been named director of cybersecurity for Hikvision North America.

Security experts launch new cyber company

Edgewise Networks to provide network security ‘where firewalls fail,’ company says

BURLINGTON, Mass.—Edgewise Networks, a new start-up company backed by $7 million in initial capital, announced its official launch today. The company’s founders, CEO Peter Smith, a cybersecurity entrepreneur, and CTO Harry Sverdlove, former CTO of Carbon Black (formerly Bit9), are looking to provide a fresh take on network security, one that transcends the limitations of available address-centric controls.

Launch Security looks for cybersecurity to take off

SSN ‘20 under 40’ winner Rob Simopoulos starts new company in Maine

PORTLAND, Maine—Security Systems News’ “20 under 40” winner from the integrator class of 2015, Rob Simopoulos, along with company partner Andrew Rinaldi, formed Launch Security here last month with the idea of helping organizations improve their overall cybersecurity posture.

Cyber talk on tap at ISC West

Wednesday, March 29, 2017

It is only March, but I think it is safe to call 2017 the “year of cybesecurity” as the industry has doubled down on its focus to secure everything IP.

This cyber mania, so to speak, is not unfounded, as the security industry is learning firsthand—from recent highly publicized DDoS attacks and increased ransom-ware attacks to more and more stories of compromised cameras and security systems—that the convergence of physical security and IT is creating a new set of challenges and security risks.

As I prepare for ISC West, I am not surprised to see that this year’s keynotes will be focusing on cybersecurtiy. I am very interested to hear what Philip Celestini, section chief, FBI Cyber Division, has to say in his keynote, “The FBI View of Cybersecurity: Threats, Trends and Protective Strategies,” on April 5 at 8:45 a.m.

I am particularly interested to hear how far the FBI has come in the past year in its war on cybercrime, as Celestini spoke on this topic at ESX 2016, providing some eye-opening statistics on the high cost of cyber attacks.

For example, at ESX last year Celesini pointed out that ransom-ware attacks went from causing $25 million in losses to $200 million in just one year in the U.S., as well as an astonishing $2 trillion in cyber crime losses worldwide. I wonder where those numbers are this year?

The next morning at 8:45, a panel discussion, “DDoS Threat Landscape & Defensive Countermeasures,” will look at how October 2016’s attack on Dyn’s DNS infrastructure was a gloomy wake-up call to the online community at-large. The panel will look at the role that IoT devices played in the attack against Dyn, as well as the attack against Krebs prior to it, as well as defensive countermeasures with a strong emphasis on preparedness ahead of these attacks.

And later in the day at 1:45 p.m., Matthew Rosenquist, cyber security strategist for the Intel Corporation, will present his keynote, “How Cyber-Attacks are Changing the Expectations of Security, Privacy, and Safety,” looking at the growing types of incidents and challenges in the industry that are driving shifts in expectations for security, privacy and safety, presenting a glimpse of the future where both risks and opportunities abound.

See you in Vegas!

Customers cyberaware, but not fully cyber-prepared

Protection 1 execs discuss today’s cybersecurity concerns and the company approach

ROMEOVILLE, Ill.—Protection 1, which operates its own Network Operations Center, is seeing a rise in customers separating their security network in order to stay more cybersecure. Security Systems News talked with several professionals at Protection 1 about how cyberaware end users are today and the similarities and differences in cyber- and physical security solutions

Johnson Controls publishes cybersecurity 'call to action'

Wednesday, February 22, 2017

CORK, Ireland—Johnson Controls released a “call to action” whitepaper on cybersecurity this week in an effort to help the industry to better protect all of the data that is being produced throughout smart buildings today.

“As data becomes more and more prevalent throughout the buildings where we live and work, so does the need to protect that data; it is no longer enough for a building to be smart—it must now be cybersmart,” according to the new whitepaper, “Cybersmart Buildings - Securing Your Investment in Connectivity and Automation” published jointly by Johnson Controls and Booz Allen Hamilton, a management and technology consulting and engineering firm. This whitepaper provides a roadmap for building managers, building owners, contractors and others to act to protect their information.

“Research clearly demonstrates that cybersecurity is a critical need at a critical hour for buildings around the world,” Bill Jackson, president, Johnson Controls Global Products, said in the announcement. “As building technology and data converge, we must be increasingly vigilant.”

This collaboration between two companies, with more than 200 years of combined expertise in their industries, illustrates the progress being made in raising awareness of the need for cybersecure smart buildings, coined “cybersmart buildings” in the white paper.

“Securing smart buildings and building systems more generally, is a shared responsibility requiring focus and commitment from the manufacturer, integrator, and customer,” Jason Rosselot, director of Johnson Controls’ global product security, said in the release. “Just as two industry leading companies were able to collaborate to create this whitepaper, so too can smart building stakeholders partner to follow these recommendations and create cybersmart buildings.”

Jackson added, “Defending against cyber threats today and tomorrow requires the secure design, development and deployment of building automation systems and controls.”

According to the 2016 State of Industrial Control System (ICS) Security Survey by SANS, 67 percent of participants perceived severe or high levels of threat to control systems, up from 43 percent in 2015.

“Smart buildings are now at the forefront of this battle—with tremendous complexity and integration of systems, they represent an increasingly valuable target,” according to the whitepaper. “Connectivity and automation create entry points for cyber attacks with potential safety, continuity, quality and privacy impact. But we can’t let this risk cripple innovation.”

According to the whitepaper authors, cybersecurity can be “a business enabler for smart buildings. When done well, cybersecurity is about insuring your investment and assuring your ability to reap the transformative benefits that connectivity offers,” including working “with the right partners to secure your investments when assessing and deploying smart building systems or retrofits.”

The whitepaper, which can be found here, summarizes key insights to help set an agenda for cybersmart buildings.

Study: IT professionals not confident in their companies’ cybersecurity staffing


PORTLAND, Ore.—Tripwire, a global provider of security and compliance solutions for enterprises and industrial organizations, recently announced the results of its study, conducted by Dimensional Research. Tripwire said that only twenty-five percent of respondents were confident their organizations have the number of skilled cybersecurity experts needed to effectively detect and respond to a serious cybersecurity breach.

Securing IoT

Wednesday, October 26, 2016

Last week’s malware attack sent a sobering chill through the security industry, as it illuminated the cybersecurity vulnerabilities of IoT products, showing how easy it is to hack into unsecured IP devices.

The hackers, who were able to affect sites including Twitter, Spotify and CNN, launched a distributed denial-of-service (DDoS) attack using tens of millions of malware-infected devices connected to the Internet to overwhelm Dyn, a provider of Domain Name System services.

Although the attack amounted to a temporary inconvenience for millions, it underscored the need for cybersecurity standards for the IoT world.

Toward that end, the Cloud Security Alliance (CSA) released this month a new guidance report titled “Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products,” which was created to help designers and developers of IoT-related products and services understand the basic security measures that must be incorporated throughout the development process.

With the release of this report, the CSA looks to provide much needed education and direction to product developers who know their products are at risk of compromise, but may lack the understanding as to where to start the process for mitigating that risk.

“It is often heard in our industry that securing IoT products and systems is an insurmountable effort,” Brian Russell, chair IoT Working Group and chief engineer, cyber security solutions with Leidos, said in the announcement. “However, with the help of our extremely knowledgeable and dedicated volunteers, we are providing a strong starting point for organizations that have begun transforming their existing products into IoT-enabled devices, as well as newly emerging IoT startups. We hope to empower developers and organizations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products.”

Specifically, the report lays out 13 considerations and guidance for designing and developing reasonably secure IoT devices, to mitigate some of the more common issues that can be found with IoT device development. Additionally, realizing that often times there is a need to quickly identify the critical security items in a product development lifecycle, researchers also outline the top five security considerations that when applied will begin to increase an IoT product’s security posture substantially.

The CSA IoT Working Group is focusing on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations. The group is led by Russell, with initiative leads Priya Kuber and Dr. Shyam Sundaram. Nearly 30 CSA IoT working group members contributed to development of the 80-plus page guidance report.

The full report is available at