BT Intruder Alarms: Communicators & Communication Systems

In 2017, IoT-based cyberattacks increased by 600%. As the industry moves towards the mass adoption of interconnected physical security devices, end users have found a plethora of advantages, broadening the scope of traditional video surveillance solutions beyond simple safety measures. Thanks in part to these recent advancements, our physical solutions are at a higher risk than ever before. With today’s ever evolving digital landscape and the increasing complexity of physical and cyber-attacks, it’s imperative to take specific precautions to combat these threats. Video surveillance systems Cybersecurity is not usually the first concern to come to mind When you think of a video surveillance system, cybersecurity is not usually the first concern to come to mind, since digital threats are usually thought of as separate from physical security. Unfortunately, these two are becoming increasingly intertwined as intruders continue to use inventive methods in order to access an organisation's assets. Hacks and data breaches are among the top cyber concerns, but many overlook the fact that weak cybersecurity practices can lead to physical danger as well. Organisations that deploy video surveillance devices paired with advanced analytics programs often leave themselves vulnerable to a breach without even realising it. While they may be intelligent, IoT devices are soft targets that cybercriminals and hackers can easily exploit, crippling a physical security system from the inside out. Physical security manufacturers Whether looking to simply gain access to internal data, or paralyse a system prior to a physical attack, allowing hackers easy access to surveillance systems can only end poorly. In order to stay competitive, manufacturers within the security industry are trading in their traditional analogue technology and moving towards interconnected devices. Due to this, security can no longer be solely focused on the physical elements and end users have taken note. The first step towards more secured solutions starts with physical security manufacturers choosing to make cybersecurity a priority for all products, from endpoint to edge and beyond. Gone are the days of end users underestimating the importance of reliability within their solutions. Manufacturers that choose to invest time and research into the development of cyber-hardening will be ahead of the curve and an asset to all. Wireless communication systems Integrators also become complicit in any issues that may arise in the future Aside from simply making the commitment to improve cyber hygiene, there are solid steps that manufacturers can take. One simple action is incorporating tools and features into devices that allow end users to more easily configure their cyber protection settings. Similarly, working with a third party to perform penetration testing on products can help to ensure the backend security of IoT devices. This gives customers peace of mind and manufacturers a competitive edge. While deficient cybersecurity standards can reflect poorly on manufacturers by installing vulnerable devices on a network, integrators also become complicit in any issues that may arise in the future. Just last year, ADT was forced to settle a $16 million class action lawsuit when the company installed an unencrypted wireless communication system that rendered an organisation open to hacks. Cybersecurity services In addition, we’ve all heard of the bans, taxes and tariffs the U.S. government has recently put on certain manufacturers, depending on their country of origin and cybersecurity practices. Lawsuits aside, employing proper cybersecurity standards can give integrators a competitive advantage. With the proliferation of hacks, malware, and ransomware, integrators that can ease their client's cyber-woes are already a step ahead. By choosing to work with cybersecurity-focused manufacturers who provide clients with vulnerability testing and educate end users on best practices, integrators can not only thrive but find new sources of RMR. Education, collaboration and participation are three pillars when tackling cybersecurity from all angles. For dealers and integrators who have yet to add cybersecurity services to their business portfolios, scouting out a strategic IT partner could be the answer. Unlocking countless opportunities Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step Physical security integrators who feel uncomfortable diving headfirst into the digital realm may find that strategically aligning themselves with an IT or cyber firm will unlock countless opportunities. By opening the door to a partnership with an IT-focused firm, integrators receive the benefit of cybersecurity insight on future projects and a new source of RMR through continued consulting with current customers. In exchange, the IT firm gains a new source of clients in an industry otherwise untapped. This is a win for all those involved. While manufacturers, dealers and integrators play a large part in the cybersecurity of physical systems, end users also play a crucial role. Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step. Commonplace cybersecurity standards Below is a list of commonplace cybersecurity standards that all organisations should work to implement for the protection of their own video surveillance solutions: Always keep camera firmware up to date for the latest cyber protections. Change default passwords, especially those of admins, to keep the system locked to outside users. Create different user groups with separate rights to ensure all users have only the permissions they need. Set an encryption key for surveillance recordings to safeguard footage against intruders and prevent hackers from accessing a system through a backdoor. Enable notifications, whether for error codes or storage failures, to keep up to date with all systems happenings. Create/configure an OpenVPN connection for secured remote access. Check the web server log on a regular basis to see who is accessing the system. Ensure that web crawling is forbidden to prevent images or data found on your device from being made searchable. Avoid exposing devices to the internet unless strictly necessary to reduce the risk of attacks.

Johnson Controls recently unveiled the findings of its 2018 Energy Efficiency Indicator (EEI) survey that examined the current and planned investments and key drivers to improve energy efficiency and building systems integration in facilities. Systems integration was identified as one of the top technologies expected to have the biggest impact on the implementation in smart buildings over the next five years, with respondents planning to invest in security, fire and life-safety integrations more so than any other systems integration in the next year. As advanced, connected technologies drive the evolution of smart buildings, security and safety technologies are at the center of more intelligent strategies as they attribute to overall building operations and efficiencies. SourceSecurity.com spoke with Johnson Controls, Building Solutions, North America, VP of Marketing, Hank Monaco, and Senior National Director of Municipal Infrastructure and Smart Cities, Lisa Brown, about the results of the study, smart technology investments and the benefits of a holistic building strategy that integrates security and fire and life-safety systems with core building systems. Q: What is the most striking result from the survey, and what does it mean in the context of a building’s safety and security systems? The results show an increased understanding about the value of integrating safety and security systems with other building systems Hank Monaco: Investment in building system integration increased 23 percent in 2019 compared to 2018, the largest increase of any measure in the survey. When respondents were asked more specifically what systems they we planning to invest in over the next year, fire and life safety integration (61%) and security system integration (58%) were the top two priorities for organisations. The results show an increased understanding about the value of integrating safety and security systems with other building systems to improve overall operations and bolster capabilities beyond the intended function of an individual system. Q: The survey covers integration of fire, life safety and security systems as part of "smart building" systems. How do smarter buildings increase the effectiveness of security and life safety systems? Hank Monaco: A true “smart building” integrates all building systems – security, fire and life-safety, HVAC, lighting etc. – to create a connected, digital infrastructure that enables individual technologies to be more intelligent and perform more advanced functions beyond what they can do on their own. For example, when sensors and video surveillance are integrated with lighting systems, if abnormal activity is detected on the building premise, key stakeholders can be automatically alerted to increase emergency response time. With integrated video surveillance, they also gain the ability to access surveillance footage remotely to assess the situation. When sensors and video surveillance are integrated with lighting systems abnormal activity on the premise can automatically be detected Q: How can integrated security and life safety systems contribute to greater energy efficiency in a smart building environment? Hank Monaco: Security, fire and life-safety systems can help to inform other building systems about how a facility is used, high-trafficked areas and the flow of occupants within a building. Integrated building solutions produce a myriad of data that can be leveraged to increase operational efficiencies. From an energy efficiency standpoint, actionable insights are particularly useful for areas that are not frequently occupied or off-peak hours as you wouldn’t want to heat or cool an entire building for just one person coming in on the weekend. When video surveillance is integrated with HVAC and lighting systems, it can monitor occupancy in a room or hallway. The video analytics can then control the dimming of lights and the temperature depending on occupant levels in a specific vicinity. Similarly, when access control systems are integrated with these same systems, once a card is presented to the reader, it can signal the lights or HVAC system to turn on. In this example, systems integration can ultimately help enable energy savings in the long run. Security and life safety systems contribute to help enable greater energy efficiency and energy savings in the long run Q: What other benefits of integration are there (beyond the core security and life safety functions)? Hank Monaco: Beyond increased security, fire and life-safety functions, the benefits of systems integration include: Increased data and analytics to garner a holistic, streamlined understanding of how systems function and how to improve productivity Ability to track usage to increase efficiency and reduce operational costs Enhanced occupant experience and comfort Increased productivity and workflow to support business objectives Smart-ready, connected environment that can support future technology advancements Q: What lesson or action point should a building owner/operator take from the survey? How can the owner of an existing building leverage the benefits of the smart building environment incrementally and absent a complete overhaul? Lisa Brown: Johnson Controls Energy Efficiency Indicator found that 77% of organisations plan to make investments in energy efficiency and smarter building technology this year. This percentage demonstrates an increased understanding of the benefits of smart buildings and highlights the proactive efforts building owners are taking to adopt advanced technologies. There is an increased understanding that buildings operate more effectively when different building systems are connected As smart buildings continue to evolve, more facilities are beginning to explore opportunities to advance their own spaces. A complete overhaul of legacy systems is not necessary as small investments today can help position a facility to more easily adopt technologies at scale in the future. As a first step, it’s important for building owners to conduct an assessment and establish a strategy that defines a comprehensive set of requirements and prioritises use-cases and implementations. From there, incremental investments and updates can be made over a realistic timeline. Q: What is the ROI of smart buildings? Lisa Brown: As demonstrated by our survey, there is an increased understanding that buildings operate more effectively when different building systems are connected. The advanced analytics and more streamlined data that is gathered through systems integration can provide the building-performance metrics to help better understand the return on investment (ROI) of the building systems. This data is used to better understand the environment and make assessments and improvements overtime to increase efficiencies. Moreover, analytics and data provide valuable insights into where action is needed and what type of return can be expected from key investments.

Across the country, law enforcement officers are finding it increasingly difficult to respond to the near overwhelming number of calls coming from security alarms. Police departments commonly define a false alarm as a call, which upon investigation, shows no evidence of criminal activity, such as broken windows, forced doors, items missing, or people injured. While false alarms bog down police, they can also negatively impact customers and integrators. End users can expect hefty fines for false alarm responses, and when these customers receive large bills from the city, many turn to installers, dealers, and even manufacturers expecting them to accept the responsibility and pay the bill. What first brought the issue of alarm verification to your attention? It is crucial to both see a situation and concurrently listen to any corresponding sounds to gain full insight I’ve been aware of the problem of false alarms for about 5 years. I believed audio capture, through microphone deployment, could be an active part of the solution when used as a second source for indicating ‘out of the norm’ activity and as an equal component with the video surveillance technology. In 2015, I found similarly minded security professionals when introduced to the Partnership for Priority Verified Alarm Response. After reading PPVAR’s paper on ‘Audio Verified Alarms Best Practices; [April 2015],’ I knew that the Partnership was on to something important. In our lives, two of the five senses we count on day-in and day-out are sight and sound. It is crucial to both see a situation and concurrently listen to any corresponding sounds to gain full insight. What is the false alarm rate? In 2016, the International Association of Chiefs of Police reported that over 98 percent of all alarm calls in the United States were false. This number is obviously staggering, and something we need to work towards correcting. Why did this issue resonate so strongly with you? When I first investigated this issue, I was sure that the security industry would have already recognised this and was acting to ensure improved alarm verification, preferably through a combination of audio and video technologies. However, I quickly saw that this was not the case, or even close to the norm. I have questioned the rationale behind the lack of adoption and found the deployment of audio is often hindered by the concern of privacy. I’ve spearheaded many initiatives to explain the monitoring policies surrounding audio As CEO of Louroe Electronics, I’ve spearheaded many initiatives to explain the monitoring policies surrounding audio. I’ve had to reassure many security personnel and customers how the law supports the use of audio in public places as long as there is no expectation of privacy. By dispelling fears with facts around deploying and implementing audio sensors, customers can confidently include audio in their surveillance systems and gain a more effective security solution. Who is affected by this? Truth be told, everyone from the end user to the manufacturer is affected by this issue. Not to mention the strain this puts on law enforcement who are tired of ‘wasting time’ and effort out in the field on these nuisance alerts. When an end user receives a bill for their false alarm, many of them will immediately blame the integrator and or the monitoring center for a faulty set up and management and expect the integrator to remedy the situation, including carry the burden of paying the fines. The integrator, on the other hand, will turn to the manufacturer, assuming faulty equipment and installation instructions; therefore, looking for reimbursement for the cost. What is the average false alarm fee? It depends on many factors, and especially your first responder assigned location for responseIt depends on many factors, and especially your first responder assigned location for response. According to the Urban Institute, fees generally range from $25-$100 for the first offense, rising as high as a few thousand dollars per false alarm if a location has a large number in a single year. What’s worse, in extreme cases, alarm systems may even be blacklisted by the police dispatch center if they have raised too many false alarms in the past. Why do you believe audio is the ideal technology for secondary source verification? Video surveillance has been the main option for security monitoring and alarm validation for decades, however industry professionals are realising that video alone is not enough. Video only tells half of the story, by adding audio capture, the responsible party gains a turnkey solution with the ability to gather additional evidence to verify alerts and expand overall awareness. In reality, audio’s range is greater than the field of view for a camera. Sound pickup is 360 degrees, capturing voices, gunshots, breaking glass, sirens, or other important details that a fixed camera many not see. How would a secondary source verification system work with audio? Using a video monitoring solution equipped with audio, the microphone will pick up the sounds at the time a visual alert or alarm is triggered. If embedded with classification analytics, the microphone will send alerts for specific detected sounds. The captured audio, and any notifications are immediately sent to the monitoring station, where trained personnel can listen to the sound clip, along with live audio and video from their station. When law enforcement receives a validated alarm, they can better prioritise the response From here, an informed decision can then be made about the validity of the alarm, along with what the current threat is at the location. If the alarm is in fact valid, the information is then passed along to the law enforcement within minutes. When law enforcement receives a validated alarm, they can better prioritise the response. It also provides more information in a forensic evaluation. Are there any additional resources you would suggest looking into? Yes, we would suggest looking into the following to see a few different perspectives on the matter: NSA Support For 2018 Model Ordinance For Alarm Management and False Alarm Reduction Partnership for Priority Verified Alarm Response Support for the Term “Verified Alarm” and Prioritising Verified Alarm Responses Urban Institute Opportunities for Police Cost Savings without Sacrificing Service Quality: Reducing False Alarms

ETSI is pleased to announce the creation of a new Industry Specification Group on Securing Artificial Intelligence (ISG SAI). The group will develop technical specifications to mitigate threats arising from the deployment of AI throughout multiple ICT-related industries. This includes threats to artificial intelligence systems from both conventional sources and other AIs. The ETSI Securing Artificial Intelligence group was initiated to anticipate that autonomous mechanical and computing entities may make decisions that act against the relying parties either by design or as a result of malicious intent. Conventional cycle of networks risk analysis The conventional cycle of networks risk analysis and countermeasure deployment represented by the Identify-Protect-Detect-Respond cycle needs to be re-assessed when an autonomous machine is involved. The intent of the ISG SAI is therefore to address 3 aspects of artificial intelligence in the standards domain: Securing AI from attack e.g. where AI is a component in the system that needs defending Mitigating against AI e.g. where AI is the ‘problem’ or is used to improve and enhance other more conventional attack vectors Using AI to enhance security measures against attack from other things e.g. AI is part of the ‘solution’ or is used to improve and enhance more conventional countermeasures. Developing technical knowledge Three main activities will be undertaken and confirmed during the first meeting of the group The purpose of the ETSI ISG SAI is to develop the technical knowledge that acts as a baseline in ensuring that artificial intelligence is secure. Stakeholders impacted by the activity of ETSI’s group include end users, manufacturers, operators and governments. Three main activities will be undertaken and confirmed during the first meeting of the group. Currently, there is no common understanding of what constitutes an attack on AI and how it might be created, hosted and propagated. The work to be undertaken here will seek to define what would be considered an AI threat and how it might differ from threats to traditional systems. Hence, the AI Threat Ontology specification seeks to align terminology across the different stakeholders and multiple industries. Prioritising potential AI threats ETSI specifications will define what is meant by these terms in the context of cyber and physical security and with a narrative that should be readily accessible to all. This threat ontology will address AI as system, attacker and defence. Data is a critical component in the development of AI systems, both raw data, and information This specification will be modelled on the ETSI GS NFV-SEC 001 ‘Security Problem Statement’ which has been highly influential in guiding the scope of ETSI NFV and enabling ‘security by design’ for NFV infrastructures. It will define and prioritise potential AI threats along with recommended actions. The recommendations contained in this specification will be used to define the scope and timescales for the follow-up work. Data is a critical component in the development of AI systems, both raw data, and information and feedback from other AI systems and humans in the loop. Developing data sharing protocols However, access to suitable data is often limited, causing a need to resort to less suitable sources of data. Compromising the integrity of data has been demonstrated to be a viable attack vector against an AI system. This report will summarise the methods currently used to source data for training AI, along with a review of existing initiatives for developing data sharing protocols and analyse requirements for standards for ensuring integrity in the shared data, information and feedback, as well as the confidentiality of these. The founding members of the new ETSI group include BT, Cadzow Communications, Huawei Technologies, NCSC and Telefónica. The first meeting of ISG SAI will be held in Sophia Antipolis on 23 October. Come and join to shape the future path for secure artificial intelligence!

With only three weeks to go until The Security Event 2019, details of the fantastic speakers taking part in the professional seminar programme has been released. Security training sessions Sessions in the free-to-attend programme have been designed to give attendees practical training and best practice advice on new techniques and technologies on the market and are CPD certified by The Security Institute. By attending these innovative sessions and workshops, attendees can earn up to 35 CPD points across the three-day event. The speakers for the programme have been hand-selected by the content team as some of the UK Security industry’s most experienced voices The speakers for the programme have been hand-selected by the content team as some of the UK Security industry’s most experienced voices. They have been there, done that and are now ready to share their experience and know-how with interested parties. Visitors can hear from experienced industry speakers who will share their learnings and offer invaluable advice for on a range of topical issues at The Security Event 2019. Notable speakers list includes: Chris Aldous, Director, ASIS UK Phil Cain, Digital Voice Industry Engagement, BT David Gill MSc CSyP FSyI, Chartered Security Professional, Linx International Group Rick Mountfield, Chief Executive, The Security Institute Andrew Palmer, Gatwick Airport, Border Security Manager Dr Emma Philpott, CEO, IASME Consortium Mark Lindsay, Associate - Resilience, Security & Risk, Arup Professor Martin Gill, Director, Perpetuity Research Andrew Sieradzki, Director of Security and Technology, Buro Happold Andrew Palmer, Border Security Manager, Gatwick Airport Darren Stanton - The Human Lie Detector And many more

Barry Vincent is a seasoned sales professional, who prior to joining Wavestore was the European Account Director for WebWayOne. He previously worked for 14 years for Telefonica Digital where he was a Senior Business Development Manager and has also been a Corporate Account Manager for BT. Reporting to Wavestore’s Sales Director, Simon Shawley; Barry will provide local support for distribution partners and system integrator partners by helping them capitalise on the increased demand for the company’s open platform Linux based VMS. “We are delighted to welcome Barry to the Wavestore team,” said Simon Shawley. “He will certainly be able to put his professional strategic sales skills to very good use in support of our determination to make a difference in the market by offering ultra-user-friendly video management software (VMS), which provides a seamless integration experience. This and other unique features built into the Wavestore VMS will enable Barry to work closely with distribution and system integrator partners to help them win new projects whenever a futureproof and easy to implement VMS solution is required.” Video Management Software Solution Wavestore’s award winning VMS is capable of bringing together third-party devices and sub-systems such as cameras, intruder detection, access control and video analytics from global brands onto an easy to operate, highly secure and robust platform. Free technical support for system integrators and the provision of flexible Upgrade Bundles which eliminate reoccurring annual upgrade charges that are commonplace in the VMS market, are just some of the ways that Wavestore has developed a reputation for understanding the needs of the market.