Subscribe to RSS - Cybersecurity

Cybersecurity

From Microsoft to Google at Cloud+

 - 
Wednesday, December 9, 2015

At the very last session of the Cloud+ conference, Brivo's Jonathan Healey noted that the Cloud+ conference began with a speaker from Microsoft and ended with a speaker from Google. "Five years ago [the idea that you'd have that line-up at a physical security conference] would be preposterous, he said.

He's right, our industry has come a long way in five years. That was a recurring theme at the Cloud+ conference, but we've also got a long way to go.

Speaker after speaker talked about the opportunities—for integrator and end user alike—in cloud-based systems. There are two stories in our newswire today about the conference: one about the keynote speaker, Monica Hopelian of MIcrosoft and one about investment and "the new security dealer," a session presented by John Mack and moderated by yours truly.  Amy's blog this week gives an overview of the sessions.

Look for more stories over the next week.

One of the topics John Mack talked about was M&A activity and investor interest in cloud-based technology. I can tell you there was investor interest at the conference this week. Many attendees were asking me if I could get them audio from the sessions and Powerpoint slides. Two attendees pulled me aside halfway through day two and  said it would be really great if I could get them the slides "within the hour." I told them they would need to wait until I was done emceeing the event.

Clearly some valuable information at Cloud+

One of the most popular sessions at Cloud+ was about cybersecurity in the cloud, presented by Rodney Thayer. Before you get too excited about your "Cloud Bling," you (both the folks who are making the stuff and the folks who are integrating the stuff) better ensure you're following cyber-safe practices, he advised. Is the Internet of Things, really just  the "Internet of Trouble?" he asked. Well, it could be. He reiterated what keynote speaker Monica Hopelian and another speaker Diebold's Jeremy Brecher said: that the physical security group should not be the weakest link in the chain. Thayer talked through some scary potential scenarios, before offering a series of practical guidelines and resources for integrators and manufacturers.

Interested in this topic? (yes you should be) Thayer will be at TechSec 2016. Here's a link to the educational program.  talking about cybersecurity on an educational session led by Kratos' Chris Peckham. Also speaking on that educational session will be Joe Coe of Hikvision. Hikvision, one of the fastest growing security companies in the world, has also suffered a couple of major cyber breaches. Don't miss it!

The cyber elephant in the room

 - 
Wednesday, November 11, 2015

SAN ANTONIO—I've spent several days recently with two major camera companies, Hikvision and Axis Communications. The last week in October I was on a Hikvision trip to China where I met with executives from the company, toured the headquarters and one of their factories, and also went to China's version of ISC West. This week I'm in San Antonio at the Axis partner event.

There are more than 400 integrators and technology partners here this year. Yesterday's agenda included information on the company's technology road map, a panel discussion on school security, an IT director for Westgate Resorts, and a forensics expert talking about camera evidence and how integrators' careful design and installation of video surveillance can help in law enforcement, rescue efforts, and criminal prosecution. There were also break-out sessions and there's a full agenda for today as well.

I'll have more stories on both the Hikvision trip and the Axis event, but I took note that both companies made a point to talk about cybersecurity, both internal efforts to ensure that their products are safe and external efforts to educate their integrator partners on best practices.

This is good news. It's about time the physical security industry starts talking about the cyber elephant in the room.

When I was at Hikvision, the president of the company, Yangzhong Hu and Hikvision international marketing director, Keen Yao fielded questions about cyber breaches the company has suffered. They also talked about their efforts to correct problems and instill cybersecurity best practices internally.  Hu said the company has partnered with international cybersecurity companies and professional hackers to proactivley test products, protocols and processes associated with cybersecurity.

Hikvision has a Security Center section on its website, which includes information about any current problems with its products, a location to report security issues, advice and best practices for end users and integrators on cybersecurity. Hikvision has also spoken about cybersecurity at ISC West, PSA-TEC and it will speak at ISC East next week as well. The goal, according to Hikvision North Amercian marketing director Alex Asnovich, is to share cybersecurity knowledge and best practices with the entire industry.

Yesterday at the Axis event, Sal D'Agostino, CEO of IDmachines, who has been working with Axis on cybersecurity, and John Bartolac, who heads up cyber strategy for Axis in North America,  led a break-out session about cybersecurity and the threat landscape. They introduced Axis's new "hardening guide", a 25-page document of cybersecurity best practices and protocols. Bartolac said Axis has been working on the cybersecurity issue for six years (most notably with its government customers). It is now expanding its efforts to educate its integrators and other partners about cybersecurity.

I've heard lots of cybersecurity statistics, and they're always chilling, but D'Agostino showed a live map of cyberattacks yesterday. Check it out here.

D'Agostino said the guide includes many "easily actionable items" for systems integrators.

“We’re supposed to be installing a security solution, not introducing a vulnerability,” D’Agostino said. “We want to help our [end users] meet their corporate goals. … It’s not acceptable anymore to say, ‘I didn’t know [about potential cyberthreats],’” he added.

The threat continues to evolve, he said. Not only do integrators have to worry about safeguarding the video that comes out of the camera, they need to be concerned about cameras being “taken over and used as a weapon.”

D'Agostino pointed out that using cybersecurity best practices and helping end users understand protocol is a great way for systems integrators to  "have a conversation with the IT side of the shop."

“As cameras are used not just as a security device, but as a business-enablement tool, you’re going to find yourself in a situation where you’ll be talking to the chief marketing officer or the IT department itself,” D’Agostino said.

Integrators who have cybersecurity knowhow can help IT department understand the value of their video data to the corporation, he said.

Bartolac said that Axis has a roadmap of cybersecurity tools that it will be offering to integrators. The hardening guide is just the beginning, he said. Axis also has plans to share cybersecurity best practices with the industry at large.

At TechSec, we've been talking about cybersecurity for a few years. Here's a link to a story about a TechSec educational session led by Diebold's Jeremy Brecher that we did in 2014 about cyber attacks and the potential problems for physical security devices. We'll be talking about cybersecurity in the cloud at our Cloud+ conference Dec. 7-8. Rodney Thayer, who's an expert in designing network security systems and hacking, is doing a not-to-be-missed educational session at Cloud+. Check out the educational program here.

PSA Security is also taking the lead on educating the industry about cybersecurity. PSA has a wealth of information on its web site. Click here.

Where integrators can go for cybersecurity advice, expertise

 - 
Wednesday, September 9, 2015

Researching cybersecurity is eye-opening, PSA Security Network CEO Bill Bozeman told me during a recent call about PSA's cybersecurity program, which is moving into its second year.

Bozeman said that "when and if" a cybersecurity breach occurs in a physical security system, integrators will be "in the line of fire" in terms of liabillty.

With the objective of "educating our partners about cybersecurity so they can mitigate the risk," PSA has formed partnerships with cybersecurity service providers and manufacturers who have "proven expertise" in cyber security.

Among the partners is a law firm that specializes soley in cybersecurity law for physical security companies. In my opinion, that alone should make integrators think twice about ignoring cybersecurity education.

Bozeman emphasized that PSA is not in the business of certifying or testing any products or services. Rather, Bozeman has been working with a group of cybersecurity experts and some integrators to "vet" partners for integrators.

PSA is launching a webinar series to introduce cybersecurity partners to integrators and "set up potential parnterships." The series launches this month and will go through April.

PSA has also come up with a checklist of "Six things integrators can do now" to protect their businesses. Here's the list. More details are available here.

1. Conduct a cybersecurity assessment

2. Educate your team

3. Purchase cybersecurity insurance

4. Update your contracts

5. Choose cyber-hardened products

6. Educate your customers

 

ASIS: A show for integrators, too

End user networking, discussions on cybersecurity among offerings
 - 
08/12/2015

ANAHEIM, Calif.—Integrators need to attend ASIS to network with security practitioners and understand emerging issues such as cybersecurity, said Howard Belfor, president of Belfor & Associates and council VP of ASIS.

Condortech seeks hackers' perspective

Systems integrator creates testing lab, hires hackers to test cybersecurity of systems
 - 
06/03/2015

SPRINGFIELD, Va.—Watching hackers demonstrate how easy it is to take over security cameras, SCADA and access control systems at the Black Hat hackers conference last year prompted Jorge Lozano, president and CEO of Condortech Services, to take action.

Lanning illuminates simple cybersecurity step for integrators

Protocol 802.1x is easy way to protect customers, business
 - 
05/06/2015

WESTMINSTER, Colo.—Part of every integrator’s cybersecurity strategy right now should be a very basic step, configuring 802.1x on exterior cameras, according to Andrew Lanning, co-founder of systems integration firm IST, which is based in Hawaii.

UL talks about cybersecurity in UL827

 - 
Wednesday, May 6, 2015

When I asked UL’s engineering manager, Steve Schmit, how the ISC West show was going, he said he spent a fair bit of the show discussing the recent updates to UL827, now including requirements for cybersecurity.

“Now with [cybersecurity] in the standard, we’re going to have conversations about [central station’s] network security, how they keep their customers safe,” Schmit told Security Systems News. Cybersecurity is something previous standards hadn’t formally  required, he said.

These cybersecurity measures include firewalls, intrusion detection systems, “risk assessment, developing a mitigation plan, to deal with those risks, and putting that all into practical application,” Schmit said.

UL spent five years developing the latest standard, released in October, Schmit said. It currently has a future effective date of late 2016.

Cybersecurity is a topic that is coming up more in the physical security industry. SSN readers earlier this year pointed toward this trend. CSAA’s annual meeting will even start with a keynote on the subject

Is now the time cybersecurity will start concerning central stations? Has it always been a priority?

I’ve heard from some in the industry that this could really impact monitoring centers looking to get—or—keep UL certification. If you have any insight or opinion on the changes, reach out to me and let me know. My direct line is 207-846-0600 ext. 254, email: sives@securitysystemsnews.com.

CSAA names speakers for 2015 annual meeting

 - 
05/06/2015

SONOMA, Calif.—CSAA announced three of the speakers for its 2015 Annual Meeting, to be held here Oct. 10-14, with the keynote speaker, Stan Stahl, Ph.D, discussing cybersecurity.

ASIS announces speakers for this year

 - 
04/02/2015

ANAHEIM, Calif.—Experts on physical security, cybersecurity and terrorism will be keynote speakers at the ASIS show, which will take place here Sept. 28 to Oct. 1.

SIA Government Summit takes on convergence of cybersecurity, physical security, law enforcement tech trends and more

 - 
03/27/2015

WASHINGTON—The convergence of cybersecurity and physical security, funding for safe schools and law enforcement technology trends, including body-worn cameras, will be among the topics featured at the SIA Government Summit in June.

Pages