Security system interoperability to become standard in 2018

Download PDF version

At ONVIF, we believe our perspective for 2017 turned out to be reasonably accurate. We did see an increasing interest for interoperability all the way to system-to-system level; not only within the security industry, but also in neighbouring industries where the prospects for IoT have drastically improved.

I believe the industry as such has matured in its relation to IoT and today we can imagine how IoT will play a part of smarter and safer system deployments.

Increased cybersecurity threat

The industry responded well to the sudden increase of cybersecurity issues and many companies already have well-defined processes in place. I think the user community is learning quickly that cyber security is not an isolated technical challenge or threat and it is crucial to have security processes and policies in place and up to date.

For ONVIF, as a technical alliance working for effective interoperability, 2017 was a good year. Interoperability is now really becoming the base line for systems in the security industry.

International standardisation for the security industry is progressing with implementation for both Video Security Systems and Electronic Access Control, both based on ONVIF’s specifications Profile A and Profile T.

2018 security predictions

It is always exiting to predict what next year will bring. ONVIF is of course inspired to notice the increasing demand for interoperability and we are confident that the need for effective interoperability in multi-vendor deployments will also continue to grow during 2018. Businesses will have to adapt to the increasing interoperability demands and market conditions or they risk losing out. That’s true within the physical security industry and in most technology-based markets.

Nothing fundamental has changed since 2017. ONVIF still maintain its position as the de-facto standard for interoperability between IP-based physical security devices. The acceptance for ONVIF is very well established in the market and accepted by the global standards community and we will continue our efforts to meet the expectations of the security industry.

Download PDF version

Author profile

Per Björkdahl Chairman, ONVIF

Per Björkdahl is Chairman of the ONVIF Steering Committee and leads standardization activities. He also serves as Director of Business Development at Axis Communications AB. Mr. Björkdahl is responsible for the development of new areas of business based on the Axis product portfolio, including identifying new vertical markets and developing strategic plans for the sales organization. Mr. Björkdahl joined Axis in 1999 as Global Sales Director with responsibility for sales development of the Axis new product group, Network Video.

Related companies
ONVIF

Related links
Articles by Per Björkdahl

View all news from
ONVIF

In case you missed it

Artificial Intelligence: A new weapon in the cyber security arms race

The cyber security threat is constant and real. Entire businesses, large enterprises and even whole cities have been vulnerable to these attacks. Growing threat of cyber attacks The threat is not trivial. Recently, two cities in Florida hit by ransom ware attacks – Rivera Beach and Lake City – opted to capitulate and pay ransom totaling more than $1.1 million to hackers. The attacks had disrupted communications for first responders and crippled online payment and traffic-ticketing systems. It was reminiscent of the $4 billion global WannaCry attacks on financial and healthcare companies. A full two years after the WannaCry attack, many of the hundreds of thousands of computers affected remain infected. And hackers are continuously devising new techniques, adapting the latest technology innovations including machine learning and artificial intelligence to devise more destructive forms of attack. Indeed, AI promises to become the next major weapon in the cyber arms race. For enterprises, there is no choice but to recognise the threat and adopt effective countermeasures Enterprise security For enterprises, there is no choice but to recognise the threat and adopt effective countermeasures. Not surprisingly, as the number, scale and sophistication of cyber-attacks has grown, so has the significance of the Chief Information Security Officer, or CISO, who owns the responsibility of sounding the alarm to the C-suite and the board – and recommending the best defense strategies. Consider it a grim irony of the digital economy. As companies have migrated to the cloud to gain scale and efficiency and integrated new channels and touch points to make it easier for their customers and suppliers to do business with them, they have also created more potential points of entry for cyber-attacks. IoT increases threat of cyber-attacks Amplifying that vulnerability is the trend of allowing employees to bring their own laptops, smartphones and other digital devices to the office or use to work remotely. And thanks to the Internet of Things, as more devices connect to enterprise systems – from thermostats to cars – the threat surface or targets of intrusion are multiplying exponentially. According to the McAfee Labs 2019 Threats Predictions Report, hackers will increasingly turn to AI to help them evade detection and automate their target selection. Companies will have no choice but to begin adopting AI defenses to counter these cybercriminals. Importance of cyber security This escalation in the cyber arms race reflects the sheer volume of data and transactions in modern life. In businesses like financial services and healthcare it is not humanly possible to examine every transaction for anomalies that might signal cyber snooping. Even when oddities are glimpsed, simply flagging potential problems can create so-called threat fatigue from endless false alarms. What’s more, attacks like those from Trickbots are specifically designed to go undetected by end users. The fact is, even if throwing more people at the problem were a solution, there aren’t enough skilled cyber security workers in the world. By some estimates, as many as 10 million cyber security jobs now go unfilled. AI is being used to conduct predictive analysis at a scale beyond human means Deploying AI As a result, AI is being deployed on multiple cyber-defense fronts. So far, it is mainly being used to conduct predictive analysis at a scale beyond human means. AI programs can sift through petabytes of data, identifying anomalies and even helping an organisation recognise and diagnose intrusions before they turn into catastrophic attacks. AI can also be used to continually monitor and allocate levels of access to a network’s multitude of legitimate users – whether employees, customers, partners or suppliers – to ensure that all parties have the access they need, but only the access they need. Countering cyber security threats To harden defenses, some AI programs can be configured to perform simulated war games To harden defenses, some AI programs can be configured to perform simulated war games. Because cyber attackers have stealth on their side, organisations might need dozens of experts to counter only a handful of attackers. AI can help even the odds, scoping out the potential permutations of vulnerabilities. As CISOs – and the CIOs they typically report to – advise C-suites and boards on their growing cybersecurity risk, they can also help those leaders recognize an enduring truth: AI programs cannot replace experienced cybersecurity professionals. But the technology can make staff smarter, more vigilant and more nimbly responsive. AI-based cyber security tools Financial and healthcare companies are leading this charge because of the sheer volume and variety of transactions they handle and because of the value and sensitivity of the data. Organisations like the U.S. Department of Defense and the space agency NASA, as well as governments around the world are also implementing AI-based tools to address the cyber threat. For businesses of all types, the threat stretches from the back office to the supply chain to the store front. That is why recognising and countering that threat must involve everyone from the CISO to the CEO to the Chairman of the Board. The AI arms race is underway in security. To delay joining it is to risk letting your enterprise become one of the grim statistics.

Could hackable automobiles result in a large-scale disaster?

Some of the electronic features we all love in our new cars depend on a connection to the Internet. But what are the cybersecurity risks involved in that connection? Could a widespread cyberattack turn our cars into deathtraps and create a traffic catastrophe on the scale of 9/11? That’s the scenario described in a report from the nonprofit group Consumer Watchdog, which warns that a fleet-wide cyberattack at rush hour could result in a 9/11-style catastrophe with approximately 3,000 deaths. The organisation recommends that automobile manufacturers install a ‘kill switch’ that would disconnect a vehicle from the Internet in an emergency to mitigate the threat. Protecting transportation system Automakers are keeping the public in the dark as they market new features based on Internet connections"Consumer Watchdog contends that the vulnerability of automotive computer systems, and the possibility of a cyberattack, has been communicated privately to investors but not widely to consumers. “Automakers are keeping the public in the dark as they market new features based on Internet connections,” says Consumer Watchdog. “Connecting safety-critical systems to the Internet is an inherently dangerous design,” says Jamie Court, President of Consumer Watchdog. “American car makers need to end the practice or Congress must step in to protect our transportation system and national security.” Future designs should completely isolate safety-critical systems from infotainment systems connected to the Internet or other networks, according to Consumer Watchdog. By 2022, at least two-thirds of new cars on American roads will have online connections to the cars’ safety-critical systems, putting them at risk of deadly hacks. Updating vehicle software over-the-air One economic motive of connecting vehicles to the Internet is the ability of car manufacturers to update vehicle software over-the-air rather than having to recall a vehicle. Systems also enable collection of valuable data on how fast a car owner drives or where he/she shops. Security-critical components inside cars are driven by ‘black boxes’ that may contain software of questionable origin Security-critical components inside cars are driven by ‘black boxes’ that may contain software of questionable origin. Software may be written by third parties and/or include contributions from hundreds or thousands of different authors around the world, with little accountability for flaws. The ability to update software ‘over the air’ without touching the vehicles lets automakers cover up safety problems and sloppy testing practices, contends Consumer Watchdog. “Allowing consumers to physically disconnect their cars from the Internet and other wide-area networks should be a national security priority,” says Court. “If a 9/11-like cyber-attack on American cars were to occur, recovery would be difficult because there is currently no way to disconnect our cars quickly and safely. The nation’s transportation infrastructure could be gridlocked for weeks or months. Mandatory ‘kill switches’ would solve the problem.” Understanding the risks of connected cars In addition to more attention to cybersecurity, there also needs to be more transparency to enable consumers to understand what is at risk and the choices they make. For example, a group of more than 20 car industry engineers and insiders helped to prepare the Consumer Watchdog report, but many of them remained anonymous for fear of losing their jobs. Consumers have a right to understand the risks they are taking and how they can minimise them. In the Internet of things, cybersecurity dangers extend to almost every device in the connected world, from cars to smartphones to medical devices. Increasingly, we will be asked to weigh the convenience of cranking our car with a smartphone, for example, against the possible risk in the form of vulnerability to cyberattack.

Products targeting critical infrastructure include video and intelligent solutions

Intelligent solutions, such as those derived from artificial intelligence, help critical infrastructure organisations make sense of vast amounts of data. These integrated applications, such as advanced video analytics and facial recognition, can automatically pinpoint potential breaches and significant events, and send alerts to the appropriate personnel, departments, and agencies. These solutions can be powerful in unifying disparate command centre technologies, fusing critical data input from emergency calls and responder activity to enhance situational awareness. Electrical substations are particularly vulnerable (and in need of extra security) due to their role in power distribution and the nature of their equipment. The challenge power utilities worldwide are facing is finding an affordable solution, which can help detect, deter and facilitate an informed response to a substation security event. Data capture form to appear here! U.S. regulations In the United States, this need is furthered by the physical security mandate CIP-014 issued by the North American Electric Reliability Corporation (NERC), calling for identification of security issues, vulnerability assessments and deployment of appropriate processes and systems to address. CIP-014 identification of security issues, vulnerability assessments and deployment of appropriate processes and systems to address CIP-104 specifically calls for implemented security plans that include measures to deter, detect, delay, assess, communicate, coordinate and respond to potential physical threats and vulnerabilities. Manufacturers of video and other systems are designing products to serve the critical infrastructure market. For example, Dahua Technology offers explosion-proof cameras with a combination of rugged reliability and superior optics that is a fit for surveillance of explosive and corrosive environments, including chemical plants, refineries, and other facilities in the oil and gas industry. This explosion-proof series of cameras are housed in enclosures that are certified to the ATEX and IECEx standards for equipment in explosive atmospheres. Each explosion-proof camera features Dahua’s Starlight technology for ultra low-light sensitivity and high-definition sensors that deliver clear images in real-time. They are IP68-rated to prevent water and dust ingress. Each explosion-proof camera features Dahua’s Starlight technology for ultra low-light sensitivity and high-definition sensors that deliver clear images in real-time Video footage in extreme temperatures Another manufacturer, Videotec, offers a range of cameras and housings that provide video footage regardless of aggressive external factors, such as ice cold, scorching heat, desert sand, the force of sea or wind, total darkness, pollution, corrosion and even explosive agents. SightSensor thermal systems enable a utility to detect and respond to substation security incidents across multiple sitesSightLogix smart thermal camera systems have been deployed to protect substations for electric utilities and other critical infrastructure facilities. SightSensor thermal systems enable a utility to detect and respond to substation security incidents across multiple sites, ranging from copper theft to vandalism while also meeting regulatory compliance. At each substation facility, Thermal SightSensors are positioned along the perimeter, and are paired with a high-resolution pan-tilt-zoom camera for alarm assessment. When a Thermal SightSensor detects an intruder, the target’s location information is sent over the network to a SightTracker PTZ controller, which automatically zooms and steers PTZ cameras to follow the intruder. The target’s location is also displayed on a topology site map to provide real-time situational awareness. Alarms are sent to the utility’s 24-hour security operations centre, which will contact law enforcement in real time when unauthorised intrusions are detected. Integrated intrusion detection and lighting systems The Senstar LM100 hybrid perimeter intrusion detection and intelligent lighting system is simplifying security at one U.S. electrical utility company. For years, the utility company had integrated its perimeter intrusion detection and lighting systems. The company has now installed the Senstar LM100 which provides detection and lighting in one product and saves them over $80,000 per site. The savings are a result of the reduction of electrical requirements, conduit, grounding, and associated labor, as well as the removal of certain equipment from project scope that are required for the two-system integration. The Senstar LM100’s perimeter LED-based lighting acts as an initial deterrent. If an intruder persists and an attempt to cut, climb or otherwise break through the fence is detected, the closest luminaire begins to strobe, and an alert is sent via a security management system. The intruder knows immediately they have been detected and that their exact location is known by security and others in the vicinity.