Security system interoperability to become standard in 2018

Download PDF version

At ONVIF, we believe our perspective for 2017 turned out to be reasonably accurate. We did see an increasing interest for interoperability all the way to system-to-system level; not only within the security industry, but also in neighbouring industries where the prospects for IoT have drastically improved.

I believe the industry as such has matured in its relation to IoT and today we can imagine how IoT will play a part of smarter and safer system deployments.

Increased cybersecurity threat

The industry responded well to the sudden increase of cybersecurity issues and many companies already have well-defined processes in place. I think the user community is learning quickly that cyber security is not an isolated technical challenge or threat and it is crucial to have security processes and policies in place and up to date.

For ONVIF, as a technical alliance working for effective interoperability, 2017 was a good year. Interoperability is now really becoming the base line for systems in the security industry.

International standardisation for the security industry is progressing with implementation for both Video Security Systems and Electronic Access Control, both based on ONVIF’s specifications Profile A and Profile T.

2018 security predictions

It is always exiting to predict what next year will bring. ONVIF is of course inspired to notice the increasing demand for interoperability and we are confident that the need for effective interoperability in multi-vendor deployments will also continue to grow during 2018. Businesses will have to adapt to the increasing interoperability demands and market conditions or they risk losing out. That’s true within the physical security industry and in most technology-based markets.

Nothing fundamental has changed since 2017. ONVIF still maintain its position as the de-facto standard for interoperability between IP-based physical security devices. The acceptance for ONVIF is very well established in the market and accepted by the global standards community and we will continue our efforts to meet the expectations of the security industry.

Download PDF version

Author profile

Per Björkdahl Chairman, ONVIF

Per Björkdahl is Chairman of the ONVIF Steering Committee and leads standardization activities. He also serves as Director of Business Development at Axis Communications AB. Mr. Björkdahl is responsible for the development of new areas of business based on the Axis product portfolio, including identifying new vertical markets and developing strategic plans for the sales organization. Mr. Björkdahl joined Axis in 1999 as Global Sales Director with responsibility for sales development of the Axis new product group, Network Video.

Related companies
ONVIF

Related links
Articles by Per Björkdahl

View all news from
ONVIF

In case you missed it

What’s old is new again: security industry trends that will continue into 2020

It’s hard to believe that we’re in the final quarter of 2019. It’s time to wrap up goals and make new ones that will guide us into another decade. As we look forward, we can’t help but look back at some of the key trends that emerged in the last couple of years, and their continued presence in the product road maps and plans that so many security industry leaders and manufacturers are creating. Some of these trends have enhanced the efficacy of security systems, whereas others have the potential of having adverse impacts. Cybersecurity Cyber-attacks of all kinds have become, and will continue to be, a major threat, making this one of the most important initiatives that today’s businesses embrace. From a manufacturer’s perspective, building cybersecurity into the product from its inception is critical, with integrators beginning to demand this level of consideration from the products they sell. As a result of a rise in the convergence of IT applications alongside security investments, end users are now seeking out solutions designed with data security top-of-mind. All network connected devices such as DVRs/NVRs, servers, IP cameras, access controllers, intrusion alarms, smart sensors, are vulnerable, which is why this added step in developing cybersecurity protocols and applying them across the organisation is critical. Building cybersecurity into the product from its inception is critical More connected devices The Internet of Things (IoT) has been a major trend for the past few years in many industries, and this will continue as we integrate sensors of all kinds into the network. The collection and analysis of the data collected by these sensors is giving rise to a plethora of applications such as industrial applications, intelligent building management, event management, and much more. The physical security industry benefits by having additional intelligence for situational awareness and emergency management, as well as opportunities to provide additional value-added services and business insights. Being deployed in an increasing number of scenarios and with continued improvements in computing capabilities, video has the opportunity to become the eye of IoT. AI-enabled devices Software manufacturers are looking toward artificial intelligence to help propel advanced analytics in an effort to deliver more situational awareness to operators, and an increased ability to proactively assess threats or anomalies. While video and data analytic capabilities have been around for quite some time, some would argue they were rudimentary in comparison to software that uses AI to make existing applications such as facial recognition much more accurate, and to create new ways to detect anomalies. In addition, AI continues to be used to make sense of the large amounts of data that are being generated by intelligent sensors and by analysing the growing amount of video. 5G connectivity It’s safe to say that 5G will revolutionize the way people stay connected to the internet. Extra speed, extra bandwidth are going to make our mobile devices faster, more powerful and hyperconnected, with the same thing happening to IoT connected devices such as cameras. This is going completely change the way we think about smart cities: more powerful IP devices connected to one another, powered by AI, will have a massive impact on the way we move, shop and live in urban areas. more powerful IP devices connected to one another, powered by AI, will have a massive impact on the way we move, shop and live in urban areas Privacy concerns In most advanced economies around the globe, citizens are increasingly concerned with privacy of their data, and many governments have put – or are in the process of doing so – stringent data protection laws in place. The EU has lead the way in using these concerns to develop privacy regulations that govern the development of data-driven applications. This trend is starting to impact the entire globe, as we shift toward more data autonomy and privacy. Since most physical security applications involve the collection of video and data about people and assets, privacy regulations will continue to have a significant impact on the industry well into the future. Cloud and mobile capabilities Mobility is critical for physical security and is emerging through the development and use of cloud-based services, as well as the ability to access security devices through a smart phone or Web-based browser. That’s why there’s been such an influx of mobile apps created to manage cameras, receive automatic alerts for the most diverse event, and giving users the ability to grant or restrict access to a facility. All of this demonstrates the world’s demand for mobility, connectivity and ease-of-use. More video — everywhere Video is the cornerstone of security, providing both real-time and forensic coverage for emerging threats and incidents, which is why it’s one of the fastest growing segments of the marketplace. The use of video for traditional applications in new markets, as well as for use in newer applications that are not necessary security related is poised to see the most movement. In some industries such as oil and gas, there is a trend towards extending video coverage into extremely harsh and hazardous environments, so manufacturers are challenged to develop appropriately certified equipment to meet a more stringent demand. Manufacturing facilities such as food processing plants are also increasing their use of video for training and compliance purposes to prevent incidents such as food recalls that can be extremely costly for the business. It’s an exciting time to be a part of the security market, as we’re really just beginning to see that, when it comes to technology advancements, the sky is the limit. I would argue at the core of these innovations is the video data being collected, and as we work to build technologies that can harness the power of these applications, we will continue to be at the forefront of this movement toward greater intelligence and business insights.

New technologies driving the smart home and security markets

Industry experts predict that sensors in the home will reach a level of sophistication never considered in early versions of Smart Home. These devices will know when the house is empty and be able to shut off heating and cooling systems. Smart phone with geolocation will then tell it when the owner is on their way back so it can start adjusting the temperature to a comfortable level. And, it won’t just be lights that turn on and off. Sensors in washing machines will know that clothes have been put inside and will start the cycle at a time when costs are at a lower level. The Smart Home market is also driving innovation in the form of Bluetooth low energy (BLE)-enabled locks for external doors on homes and adding mobile credential use to their offering. This in turn is driving volume in the wireless lock sector and having a positive impact on volumes and pricing in the commercial locking market. Data capture form to appear here! Wireless home automation As the home automation industry has expanded with an ever-growing number of devices and services, companies are placing bets on which wireless protocols will dominate. The past few years the leaders have been Z-Wave and ZigBee. Companies are also using a variety of other standards including Crestron’s Infinet, Insteon, and proprietary technologies such as Lutron’s ClearConnect. The home automation industry has expanded with an ever-growing number of devices and services The popular ZigBee and Z-Wave short-range wireless technologies have proven ideal for the kinds of home-area networks that are becoming prevalent. Based on the IEEE’s 802.15.4 personal-area network radio standard, ZigBee is an open wireless standard. Z-Wave was developed by Zensys (later acquired by Sigma Designs) as a proprietary wireless standard. Z-Wave’s wireless mesh networking technology allows nodes to communicate with each other directly or indirectly through available relays if they’re within range. Out of range nodes can link with each other to access and exchange information. A Z-Wave network can have up to 232 nodes. Some companies have sought to hedge their bets out of a desire to be more “manufacturer agnostic.” Bluetooth and Wi-Fi are gaining popularity with new low-power variations of these standards. Smart doors and their benefits Despite a wealth of features offered by the latest smart door locks — remote and location-based locking/unlocking; voice activation; timed access; emailed entry alerts; and integration with smart camera and lighting systems — most people still have limited knowledge of their capabilities. Only 14% of survey respondents described themselves as “very familiar” with what a smart lock can do. Even though most of them probably use smart access control solutions at their workplace. While smart video surveillance solutions that can impact home automation are still in nascent stages, the potential is immense. Modern video analytics and surveillance technology have the capability to offer convenience to the connected homeowner and lower energy consumption. By determining the optimum lighting, heating and cooling needs of a connected home, smart video surveillance technology can drive down energy-related costs significantly. Smart cameras will also have an impact on the need for DVR/NVR products in an automated home, as analytics-driven video surveillance solutions that generate large amounts of data will reduce the need for these devices. Another emerging element in home security is the use of drones The resolution of an advanced radar sensor Smart video surveillance technology can drive down energy-related costs significantly Today, the resolution of an advanced radar sensor is high enough to enable not only presence detection, but also to provide advanced features for security, automation and well-being, all in one. Imagine for example, that the security sensor installed in an elderly parent’s home could also detect a fall having occurred, monitor the breathing of a baby or even leaks in the wall. Due to the unique field of view that radar provides as well as the multi-functional potential, this technology will be the key to the awaited convergence of smart home functionalities and minimisation of home devices. A radar sensor’s accuracy and its ability to support wide functionality and applications are determined initially by its resolution, which is based on two key factors: bandwidth and number of channels. The wider the bandwidth and the more channels the radar supports, the more accurate the data received. Imagine the difference between a 1990s television model and a 4K 2018 television model: as the resolution is ever improving, the sharper and more detailed is the image. Drones as a security mechanism Another emerging element in home security is the use of drones. An Amazon patent outlines how its unmanned aerial vehicles (UAVs) could perform a surveillance action at a property of an authorized party. It would be “hired” to look out for open garage doors, broken windows, graffiti, or even a fire. The drone would only view authorized locations and provide information back to the homeowner. The idea is to deploy Amazon’s previously proposed (but not yet realized) “delivery drone” to provide surveillance of customers’ homes between making deliveries. In a “surveillance as a service” scenario, Amazon’s customers would pay for visits on an hourly, daily or weekly basis. Drones would be equipped with night vision and microphones to expand their sensing capabilities. Catch up on part one and part two of our smart home mini series.

How to build an insider threat programme

Insider threat programmes started with counter-espionage cases in the government. Today, insider threat programmes have become a more common practice in all industries, as companies understand the risks associated with not having one. To build a programme, you must first understand what an insider threat is. An insider threat is an employee, contractor, visitor or other insider who have been granted physical or logical access to a company that can cause extensive damage. Damage ranges from emotional or physical injury, to personnel, financial and reputational loss to data loss/manipulation or destruction of assets. Financial and confidential information While malicious insiders only make up 22% of the threats, they have the most impact on an organisation Most threats are derived from the accidental insider. For example, it’s the person who is working on a competitive sales pitch on an airplane and is plugging in financial and confidential information. They are working hard, yet their company’s information is exposed to everyone around them. Another type of insider, the compromised insider, is the person who accidentally downloaded malware when clicking on a fake, urgent email, exposing their information. Malicious insiders cause the greatest concerns. These are the rogue employees who may feel threatened. They may turn violent or take action to damage the company. Or you have the criminal actor employees who are truly malicious and have been hired or bribed by another company to gather intel. Their goal is to gather data and assets to cause damage for a specific purpose. While malicious insiders only make up 22% of the threats, they have the most impact on an organisation. They can cause brand and financial damage, along with physical and mental damage. Insider threat programme Once you determine you need an insider threat programme, you need to build a business case and support it with requirements. Depending on your industry, you can start with regulatory requirements such as HIPAA, NERC CIP, PCI, etc. Talk to your regulator and get their input. Everyone needs to be onboard, understand the intricacies of enacting a programme Next, get a top to bottom risk assessment to learn your organisation’s risks. A risk assessment will help you prioritise your risks and provide recommendations about what you need to include in your programme. Begin by meeting with senior leadership, including your CEO to discuss expectations. Creating an insider threat programme will change the company culture, and the CEO must understand the gravity of his/her decision before moving forward. Everyone needs to be onboard, understand the intricacies of enacting a programme and support it before its implemented. Determining the level of monitoring The size and complexity of your company will determine the type of programme needed. One size does not fit all. It will determine what technologies are required and how much personnel is needed to execute the programme. The company must determine what level of monitoring is needed to meet their goals. After the leadership team decides, form a steering committee that includes someone from legal, HR and IT. Other departments can join as necessary. This team sets up the structure, lays out the plan, determines the budget and what type of technologies are needed. For small companies, the best value is education. Educate your employees about the programme, build the culture and promote awareness. Teach employees about the behaviours you are looking for and how to report them. Behavioural analysis software Every company is different and you need to determine what will gain employee support The steering committee will need to decide what is out of scope. Every company is different and you need to determine what will gain employee support. The tools put in place cannot monitor employee productivity (web surfing). That is out of scope and will disrupt the company culture. What technology does your organisation need to detect insider threats? Organisations need software solutions that monitor, aggregate and analyse data to identify potential threats. Behavioural analysis software looks at patterns of behaviour and identifies anomalies. Use business intelligence/data analytics solutions to solve this challenge. This solution learns the normal behaviour of people and notifies security staff when behaviour changes. This is done by setting a set risk score. Once the score crosses a determined threshold, an alert is triggered. Case and incident management tools Predictive analytics technology reviews behaviours and identifies sensitive areas of companies (pharmacies, server rooms) or files (HR, finance, development). If it sees anomalous behaviour, it can predict behaviours. It can determine if someone is going to take data. It helps companies take steps to get ahead of bad behaviour. If an employee sends hostile emails, they are picked up and an alert is triggered User sentiment detection software can work in real time. If an employee sends hostile emails, they are picked up and an alert is triggered. The SOC and HR are notified and security dispatched. Depending on how a company has this process set-up, it could potentially save lives. Now that your organisation has all this data, how do you pull it together? Case and incident management tools can pool data points and create threat dashboards. Cyber detection system with access control An integrated security system is recommended to be successful. It will eliminate bubbles and share data to see real-time patterns. If HR, security and compliance departments are doing investigations, they can consolidate systems into the same tool to have better data aggregation. Companies can link their IT/cyber detection system with access control. Deploying a true, integrated, open system provides a better insider threat programme. Big companies should invest in trained counterintelligence investigators to operate the programme. They can help identify the sensitive areas, identify who the people are that have the most access to them, or are in a position to do the greatest amount of harm to the company and who to put mitigation plans around to protect them. They also run the investigations. Potential risky behaviour Using the right technology along with thorough processes will result in a successful programme You need to detect which individuals are interacting with information systems that pose the greatest potential risk. You need to rapidly and thoroughly understand the user’s potential risky behaviour and the context around it. Context is important. You need to decide what to investigate and make it clear to employees. Otherwise you will create a negative culture at your company. Develop a security-aware culture. Involve the crowd. Get an app so if someone sees something they can say something. IT should not run the insider threat programme. IT is the most privileged department in an organisation. If something goes wrong with an IT person, they have the most ability to do harm and cover their tracks. They need to be an important partner, but don’t let them have ownership and don’t let their administrators have access. Educating your employees and creating a positive culture around an insider threat programme takes time and patience. Using the right technology along with thorough processes will result in a successful programme. It’s okay to start small and build.