BT Intruder Alarms: Communicators & Communication Systems

The safeguarding of premises through the monitoring of entrance and exit points has traditionally been a very manual aspect of security. Human operators have been relied on to make decisions about who to admit and deny based on levels of authorisation and the appropriate credentials. But the access control business, like many industries before it, is undergoing its own digital transformation; one where the protection of premises, assets and people is increasingly delivered by interconnected systems utilising IoT devices and cloud infrastructure to offer greater levels of security and protection. Modern access control solutions range from simple card readers to two factor authentication systems using video surveillance as a secondary means of identification, right through to complex networks of thermal cameras, audio speakers and sensors. These systems, connected through the cloud, can be customised and scaled to meet the precise requirements of today’s customer. And it’s the ease of cloud integration, combined with open technologies and platforms that is encouraging increasing collaboration and exciting developments while rendering legacy systems largely unfit for purpose. Remote management and advanced diagnostics Cloud technology and IoT connectivity means remote management and advanced diagnostics form an integral part of every security solution.Cloud technology and IoT connectivity means remote management and advanced diagnostics form an integral part of every security solution. For example, as the world faces an unprecedented challenge and the COVID-19 pandemic continues to cause disruption, the ability to monitor and manage access to sites remotely is a welcome advantage for security teams who might otherwise have to check premises in person and risk breaking social distancing regulations. The benefits of not physically having to be on site extend to the locations within which these technologies can be utilised. As an example, within a critical infrastructure energy project, access can be granted remotely for maintenance on hard to reach locations. Advanced diagnostics can also play a part in such a scenario. When access control is integrated with video surveillance and IP audio, real-time monitoring of access points can identify possible trespassers with automated audio messages used to deter illegal access and making any dangers clear. And with video surveillance in the mix, high quality footage can be provided to authorities with real-time evidence of a crime in progress. Comprehensive protection in retail Within the retail industry, autonomous, cashier-less stores are already growing in popularity The use of connected technologies for advanced protection extends to many forward-looking applications. Within the retail industry, autonomous, cashier-less stores are already growing in popularity. Customers are able to use mobile technology to self-scan their chosen products and make payments, all from using a dedicated app. From an access control and security perspective, connected doors can be controlled to protect staff and monitor shopper movement. Remote management includes tasks such as rolling out firmware updates or restarting door controllers, with push notifications sent immediately to security personnel in the event of a breach or a door left open. Remote monitoring access control in storage In the storage facility space, this too can now be entirely run through the cloud with remote monitoring of access control and surveillance providing a secure and streamlined service. There is much to gain from automating the customer journey, where storage lockers are selected online and, following payment, customers are granted access. Through an app the customer can share their access with others, check event logs, and activate notifications. With traditional padlocks the sharing of access is not as practical, and it’s not easy for managers to keep a record of storage locker access. Online doors and locks enable monitoring capabilities and heightened security for both operators and customers. The elimination of manual tasks, in both scenarios, represents cost savings. When doors are connected to the cloud, their geographical location is rendered largely irrelevant. Online doors and locks enable monitoring capabilities and heightened security for both operators and customers They become IoT devices which are fully integrated and remotely programmable from anywhere, at any time. This creates a powerful advantage for the managers of these environments, making it possible to report on the status of a whole chain of stores, or to monitor access to numerous storage facilities, using the intelligence that the technology provides from the data it collects. Open platforms power continuous innovation All of these examples rely on open technology to make it possible, allowing developers and technology providers to avoid the pitfalls that come with the use of proprietary systems. The limitations of such systems have meant that the ideas, designs and concepts of the few have stifled the creativity and potential of the many, holding back innovation and letting the solutions become tired and their application predictable. Proprietary systems have meant that solution providers have been unable to meet their customers’ requirements until the latest upgrade becomes available or a new solution is rolled out. This use of open technology enables a system that allows for collaboration, the sharing of ideas and for the creation of partnerships to produce ground-breaking new applications of technology. Open systems demonstrate a confidence in a vendor’s own solutions and a willingness to share and encourage others to innovate and to facilitate joint learning. An example of the dynamic use of open technology is Axis’ physical access control hardware, which enables partners to develop their own cloud-based software for control and analysis of access points, all the while building and expanding on Axis’ technology platform. Modern access control solutions range from simple card readers to two factor authentication systems using video surveillance as a secondary means of identification Opportunities for growth Open hardware, systems and platforms create opportunities for smaller and younger companies to participate and compete, giving them a good starting point, and some leverage within the industry when building and improving upon existing, proven technologies. This is important for the evolution and continual relevance of the physical security industry in a digitally enabled world. Through increased collaboration across technology platforms, and utilising the full range of possibilities afforded by the cloud environment, the manufacturers, vendors and installers of today’s IP enabled access control systems can continue to create smart solutions to meet the ever-changing demands and requirements of their customers across industry.

In 2017, IoT-based cyberattacks increased by 600%. As the industry moves towards the mass adoption of interconnected physical security devices, end users have found a plethora of advantages, broadening the scope of traditional video surveillance solutions beyond simple safety measures. Thanks in part to these recent advancements, our physical solutions are at a higher risk than ever before. With today’s ever evolving digital landscape and the increasing complexity of physical and cyber-attacks, it’s imperative to take specific precautions to combat these threats. Video surveillance systems Cybersecurity is not usually the first concern to come to mind When you think of a video surveillance system, cybersecurity is not usually the first concern to come to mind, since digital threats are usually thought of as separate from physical security. Unfortunately, these two are becoming increasingly intertwined as intruders continue to use inventive methods in order to access an organisation's assets. Hacks and data breaches are among the top cyber concerns, but many overlook the fact that weak cybersecurity practices can lead to physical danger as well. Organisations that deploy video surveillance devices paired with advanced analytics programs often leave themselves vulnerable to a breach without even realising it. While they may be intelligent, IoT devices are soft targets that cybercriminals and hackers can easily exploit, crippling a physical security system from the inside out. Physical security manufacturers Whether looking to simply gain access to internal data, or paralyse a system prior to a physical attack, allowing hackers easy access to surveillance systems can only end poorly. In order to stay competitive, manufacturers within the security industry are trading in their traditional analogue technology and moving towards interconnected devices. Due to this, security can no longer be solely focused on the physical elements and end users have taken note. The first step towards more secured solutions starts with physical security manufacturers choosing to make cybersecurity a priority for all products, from endpoint to edge and beyond. Gone are the days of end users underestimating the importance of reliability within their solutions. Manufacturers that choose to invest time and research into the development of cyber-hardening will be ahead of the curve and an asset to all. Wireless communication systems Integrators also become complicit in any issues that may arise in the future Aside from simply making the commitment to improve cyber hygiene, there are solid steps that manufacturers can take. One simple action is incorporating tools and features into devices that allow end users to more easily configure their cyber protection settings. Similarly, working with a third party to perform penetration testing on products can help to ensure the backend security of IoT devices. This gives customers peace of mind and manufacturers a competitive edge. While deficient cybersecurity standards can reflect poorly on manufacturers by installing vulnerable devices on a network, integrators also become complicit in any issues that may arise in the future. Just last year, ADT was forced to settle a $16 million class action lawsuit when the company installed an unencrypted wireless communication system that rendered an organisation open to hacks. Cybersecurity services In addition, we’ve all heard of the bans, taxes and tariffs the U.S. government has recently put on certain manufacturers, depending on their country of origin and cybersecurity practices. Lawsuits aside, employing proper cybersecurity standards can give integrators a competitive advantage. With the proliferation of hacks, malware, and ransomware, integrators that can ease their client's cyber-woes are already a step ahead. By choosing to work with cybersecurity-focused manufacturers who provide clients with vulnerability testing and educate end users on best practices, integrators can not only thrive but find new sources of RMR. Education, collaboration and participation are three pillars when tackling cybersecurity from all angles. For dealers and integrators who have yet to add cybersecurity services to their business portfolios, scouting out a strategic IT partner could be the answer. Unlocking countless opportunities Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step Physical security integrators who feel uncomfortable diving headfirst into the digital realm may find that strategically aligning themselves with an IT or cyber firm will unlock countless opportunities. By opening the door to a partnership with an IT-focused firm, integrators receive the benefit of cybersecurity insight on future projects and a new source of RMR through continued consulting with current customers. In exchange, the IT firm gains a new source of clients in an industry otherwise untapped. This is a win for all those involved. While manufacturers, dealers and integrators play a large part in the cybersecurity of physical systems, end users also play a crucial role. Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step. Commonplace cybersecurity standards Below is a list of commonplace cybersecurity standards that all organisations should work to implement for the protection of their own video surveillance solutions: Always keep camera firmware up to date for the latest cyber protections. Change default passwords, especially those of admins, to keep the system locked to outside users. Create different user groups with separate rights to ensure all users have only the permissions they need. Set an encryption key for surveillance recordings to safeguard footage against intruders and prevent hackers from accessing a system through a backdoor. Enable notifications, whether for error codes or storage failures, to keep up to date with all systems happenings. Create/configure an OpenVPN connection for secured remote access. Check the web server log on a regular basis to see who is accessing the system. Ensure that web crawling is forbidden to prevent images or data found on your device from being made searchable. Avoid exposing devices to the internet unless strictly necessary to reduce the risk of attacks.

Johnson Controls recently unveiled the findings of its 2018 Energy Efficiency Indicator (EEI) survey that examined the current and planned investments and key drivers to improve energy efficiency and building systems integration in facilities. Systems integration was identified as one of the top technologies expected to have the biggest impact on the implementation in smart buildings over the next five years, with respondents planning to invest in security, fire and life-safety integrations more so than any other systems integration in the next year. As advanced, connected technologies drive the evolution of smart buildings, security and safety technologies are at the center of more intelligent strategies as they attribute to overall building operations and efficiencies. SourceSecurity.com spoke with Johnson Controls, Building Solutions, North America, VP of Marketing, Hank Monaco, and Senior National Director of Municipal Infrastructure and Smart Cities, Lisa Brown, about the results of the study, smart technology investments and the benefits of a holistic building strategy that integrates security and fire and life-safety systems with core building systems. Q: What is the most striking result from the survey, and what does it mean in the context of a building’s safety and security systems? The results show an increased understanding about the value of integrating safety and security systems with other building systems Hank Monaco: Investment in building system integration increased 23 percent in 2019 compared to 2018, the largest increase of any measure in the survey. When respondents were asked more specifically what systems they we planning to invest in over the next year, fire and life safety integration (61%) and security system integration (58%) were the top two priorities for organisations. The results show an increased understanding about the value of integrating safety and security systems with other building systems to improve overall operations and bolster capabilities beyond the intended function of an individual system. Q: The survey covers integration of fire, life safety and security systems as part of "smart building" systems. How do smarter buildings increase the effectiveness of security and life safety systems? Hank Monaco: A true “smart building” integrates all building systems – security, fire and life-safety, HVAC, lighting etc. – to create a connected, digital infrastructure that enables individual technologies to be more intelligent and perform more advanced functions beyond what they can do on their own. For example, when sensors and video surveillance are integrated with lighting systems, if abnormal activity is detected on the building premise, key stakeholders can be automatically alerted to increase emergency response time. With integrated video surveillance, they also gain the ability to access surveillance footage remotely to assess the situation. When sensors and video surveillance are integrated with lighting systems abnormal activity on the premise can automatically be detected Q: How can integrated security and life safety systems contribute to greater energy efficiency in a smart building environment? Hank Monaco: Security, fire and life-safety systems can help to inform other building systems about how a facility is used, high-trafficked areas and the flow of occupants within a building. Integrated building solutions produce a myriad of data that can be leveraged to increase operational efficiencies. From an energy efficiency standpoint, actionable insights are particularly useful for areas that are not frequently occupied or off-peak hours as you wouldn’t want to heat or cool an entire building for just one person coming in on the weekend. When video surveillance is integrated with HVAC and lighting systems, it can monitor occupancy in a room or hallway. The video analytics can then control the dimming of lights and the temperature depending on occupant levels in a specific vicinity. Similarly, when access control systems are integrated with these same systems, once a card is presented to the reader, it can signal the lights or HVAC system to turn on. In this example, systems integration can ultimately help enable energy savings in the long run. Security and life safety systems contribute to help enable greater energy efficiency and energy savings in the long run Q: What other benefits of integration are there (beyond the core security and life safety functions)? Hank Monaco: Beyond increased security, fire and life-safety functions, the benefits of systems integration include: Increased data and analytics to garner a holistic, streamlined understanding of how systems function and how to improve productivity Ability to track usage to increase efficiency and reduce operational costs Enhanced occupant experience and comfort Increased productivity and workflow to support business objectives Smart-ready, connected environment that can support future technology advancements Q: What lesson or action point should a building owner/operator take from the survey? How can the owner of an existing building leverage the benefits of the smart building environment incrementally and absent a complete overhaul? Lisa Brown: Johnson Controls Energy Efficiency Indicator found that 77% of organisations plan to make investments in energy efficiency and smarter building technology this year. This percentage demonstrates an increased understanding of the benefits of smart buildings and highlights the proactive efforts building owners are taking to adopt advanced technologies. There is an increased understanding that buildings operate more effectively when different building systems are connected As smart buildings continue to evolve, more facilities are beginning to explore opportunities to advance their own spaces. A complete overhaul of legacy systems is not necessary as small investments today can help position a facility to more easily adopt technologies at scale in the future. As a first step, it’s important for building owners to conduct an assessment and establish a strategy that defines a comprehensive set of requirements and prioritises use-cases and implementations. From there, incremental investments and updates can be made over a realistic timeline. Q: What is the ROI of smart buildings? Lisa Brown: As demonstrated by our survey, there is an increased understanding that buildings operate more effectively when different building systems are connected. The advanced analytics and more streamlined data that is gathered through systems integration can provide the building-performance metrics to help better understand the return on investment (ROI) of the building systems. This data is used to better understand the environment and make assessments and improvements overtime to increase efficiencies. Moreover, analytics and data provide valuable insights into where action is needed and what type of return can be expected from key investments.

Arc Monitoring will share their range of services at Security TWENTY 20 Birmingham. Set in the central location of the Hilton Metropole NEC in Birmingham on Thursday, 20th February 2020, the Conference will bring together top security industry speakers and is supported by a large exhibition of cutting-edge security products and services. Doors open at 8.30am allowing access to the exhibition with the conference running between 10.00am and 1.30pm. The exhibition will close at 3.30 pm.  Lone worker protection Arc Monitoring will be sharing its CCTV & Alarm Monitoring services Confirmed speakers so far are Arad Parsi of the Suzy Lamplugh Trust talking about lone worker protection, Julian Hurst of Secured by Design and there will be manufacturer updates from Hikvision, BT, HID Global, Seagate and 6S Global. The conference will be chaired by Security TWENTY regular, Michael White. Most importantly if one registers in advance and is an installer, an end user, a consultant, or someone to do with private security, in the police or the armed forces, or a buyer of security services they will be able to attend the Conference for free. Arc Monitoring will be sharing its CCTV & Alarm Monitoring services. This is a chance to discuss face to-face with Arc’s team about the benefits of its CCTV Monitoring, Alarm Monitoring and Keyholding services. Please come along and join Arc to keep yourself up-to-date with its latest innovations.

ETSI's new Industry Specification Group on Securing Artificial Intelligence (ISG SAI) announced that they met recently for their second meeting and appointed Alex Leadbeater (BT) as the Industry Specification Group’s new Chair. Dr. Kate Reed (NCSC) was appointed as First Vice Chair and Tieyan Li (Huawei) was appointed as Second Vice Chair. The second meeting of the ISG SAI, after the launch of the group in October 2019, was also the place to discuss work priorities and future scope of action. Industry Specification Group ISG SAI will work on securing AI from attack, mitigate against malicious AI and using AI to enhance security The Industry Specification Group on Securing AI (ISG SAI) was created to develop technical specifications to mitigate threats arising from the deployment of AI throughout multiple ICT-related industries. The group will work on securing AI from attack, mitigating against malicious AI and using AI to enhance security measures. The purpose of the ETSI ISG SAI is to develop the technical knowledge that acts as a baseline in ensuring that artificial intelligence is secure. “I am delighted to be appointed as the Chairman for this exciting new group. Ensuring the security of Artificial Intelligence is a vital topic that affects many stakeholders and I look forward to seeing what work the group produces as it begins its work programme in earnest,” says Alex Leadbeater, Chair of the Industry Specification Group on Securing Artificial Intelligence (ISG AI). AI Threat Ontology report The ISG AI group will create an AI Threat Ontology report to align terminology, a Problem Statement that will guide the work of the group, a Data Supply Chain Report summarising the methods used and risks associated with sourcing data for training AI, a mitigation strategy report with guidance to mitigate the impact of AI threats, and security testing of AI. The next meeting of the Industry Specification Group on Securing Artificial Intelligence (ISG SAI) will be held in Sophia Antipolis, near Nice in France on 2 – 3 April 2020.

ETSI is pleased to announce the creation of a new Industry Specification Group on Securing Artificial Intelligence (ISG SAI). The group will develop technical specifications to mitigate threats arising from the deployment of AI throughout multiple ICT-related industries. This includes threats to artificial intelligence systems from both conventional sources and other AIs. The ETSI Securing Artificial Intelligence group was initiated to anticipate that autonomous mechanical and computing entities may make decisions that act against the relying parties either by design or as a result of malicious intent. Conventional cycle of networks risk analysis The conventional cycle of networks risk analysis and countermeasure deployment represented by the Identify-Protect-Detect-Respond cycle needs to be re-assessed when an autonomous machine is involved. The intent of the ISG SAI is therefore to address 3 aspects of artificial intelligence in the standards domain: Securing AI from attack e.g. where AI is a component in the system that needs defending Mitigating against AI e.g. where AI is the ‘problem’ or is used to improve and enhance other more conventional attack vectors Using AI to enhance security measures against attack from other things e.g. AI is part of the ‘solution’ or is used to improve and enhance more conventional countermeasures. Developing technical knowledge Three main activities will be undertaken and confirmed during the first meeting of the group The purpose of the ETSI ISG SAI is to develop the technical knowledge that acts as a baseline in ensuring that artificial intelligence is secure. Stakeholders impacted by the activity of ETSI’s group include end users, manufacturers, operators and governments. Three main activities will be undertaken and confirmed during the first meeting of the group. Currently, there is no common understanding of what constitutes an attack on AI and how it might be created, hosted and propagated. The work to be undertaken here will seek to define what would be considered an AI threat and how it might differ from threats to traditional systems. Hence, the AI Threat Ontology specification seeks to align terminology across the different stakeholders and multiple industries. Prioritising potential AI threats ETSI specifications will define what is meant by these terms in the context of cyber and physical security and with a narrative that should be readily accessible to all. This threat ontology will address AI as system, attacker and defence. Data is a critical component in the development of AI systems, both raw data, and information This specification will be modelled on the ETSI GS NFV-SEC 001 ‘Security Problem Statement’ which has been highly influential in guiding the scope of ETSI NFV and enabling ‘security by design’ for NFV infrastructures. It will define and prioritise potential AI threats along with recommended actions. The recommendations contained in this specification will be used to define the scope and timescales for the follow-up work. Data is a critical component in the development of AI systems, both raw data, and information and feedback from other AI systems and humans in the loop. Developing data sharing protocols However, access to suitable data is often limited, causing a need to resort to less suitable sources of data. Compromising the integrity of data has been demonstrated to be a viable attack vector against an AI system. This report will summarise the methods currently used to source data for training AI, along with a review of existing initiatives for developing data sharing protocols and analyse requirements for standards for ensuring integrity in the shared data, information and feedback, as well as the confidentiality of these. The founding members of the new ETSI group include BT, Cadzow Communications, Huawei Technologies, NCSC and Telefónica. The first meeting of ISG SAI will be held in Sophia Antipolis on 23 October. Come and join to shape the future path for secure artificial intelligence!