ISC West in Las Vegas kicked off with a bang on Wednesday, reflecting a healthy physical security industry with an overall upbeat outlook on the future. Driving the optimism is a pending new wave of product innovation, propelled largely by developments in artificial intelligence (AI) and deep learning. Some of that new wave is evident at ISC West, but much of the talk still centres on what’s to come. Attendees flocked to the first day of the show to check out the newest technologies, and they were rewarded with a wide range of innovations. Tempering the optimism are ongoing concerns about ensuring the cybersecurity of IP-based physical security systems. Cybersecurity standards for physical security At least one news announcement is related to cybersecurity at the show: Johnson Controls is the first company to achieve UL (Underwriters Laboratories) certification 2900-2-3 for cybersecurity of life safety and security products and systems for their VideoEdge network video recording platform from American Dynamics. The UL brand ensures that the certification involves a standards-based and scientific approach to evaluating cybersecurity, and that JCI’s certified products meet the requirements. “We were able to be first because we understand issues of cybersecurity, and the UL standard matches very closely to what we have been doing in cybersecurity,” says Will Brown, Senior Engineering Manager, Cyber Protection at Johnson Controls. Tempering the optimism are ongoing concerns about ensuring the cybersecurity of IP-based physical security systems Neil Lakomiak, Director of Business Development and Innovation at Underwriters Laboratories, says relatively few companies have invested sufficiently in cybersecurity, and much of UL’s work in the physical security market is to help manufacturers develop a roadmap to meet cybersecurity goals. “A lot of companies have not invested, but Johnson Controls has,” said Lakomiak. He speculated that it could be some time before another security company achieves the certification; there certainly won’t be a rush of additional companies to do so in the near term, based on the progress he has seen to date, says Lakomiak. “Cybersecurity is a topic that has hit the Board of Directors level,” says Lakomiak. “They are definitely inquiring about it and trying to understand what their posture should be. The leadership teams of companies will be asking a lot of questions.” In terms of cyber-consciousness among the integrator community, Brown estimates about 10 percent are “on board” with the issue. Among the manufacturing community, more than half of the companies are pursuing cybersecurity goals, although the levels of those efforts run a full gamut, says Lakomiak. Vertical markets that are especially cyber-aware are enterprise, government, and critical infrastructure. Financial and retail companies are also coming on board, as well as companies — even small companies — in regulated industries such as utilities Cybersecurity is a topic that has hit the Board of Directors level Cybersecurity in the cloud Another company emphasising cybersecurity at ISC West is access control company Isonas. “What’s really new at the show for us is that we are being very transparent about the levels of cybersecurity we are applying to our cloud software platform and our IP network hardware,” says Rob Lydic, Isonas Global Vice President of Sales. “The levels of complexity we are putting into our cybersecurity, including the fact that we host our software on Amazon web services, ensures a really high level of security. We are taking painstaking efforts to subject ourselves to third-party penetration testing to give us the visibility of what is going on with our cybersecurity — are we actually as cybersecure as we believe?” The answer: “They have come back to us to say we have an amazing strategy for cybersecurity; the surface that is attackable is minuscule, and the complex layers underneath really prevent anybody from hacking the product.”We are being very transparent about the levels of cybersecurity we are applying to our cloud software platform" Lydic says he sees higher levels of awareness about cybersecurity at the show, especially among end users. Several other exhibitors agree. Because edge devices have often been targeted in cybersecurity attacks, they are especially an area of concern. “We’re raising that conversation, saying we are a cloud service provider that uses edge devices, and it is core to us to make sure we have a great cybersecurity profile, so the customer can be assured we are doing what we say we are doing and delivering on those promises,” says Lydic. Awareness is filtering through channel: Isonas is seeing many customers who want to have that cybersecurity conversation at the show. “We have had probably 20 or 30 conversations with end users at the show who want to understand what it means to be in the cloud, to understand how the level of communication is encrypted between devices,” says Lydic. Many end users at ISC West want to understand what it means to be in the cloud Ambitions for growth Successful companies often increase their ISC West booth size as a reflection of their ambition to grow as a company and their success in sales so far. One such company is Paxton Access Inc., which has increased its booth size from a 20x40-foot booth last year to a 30x50-foot space this year. Beyond the show, another reflection of Paxton’s growth is addition of personnel to cover 11 U.S. sales territories that have been newly restructured. New regional sales managers will work with dealers locally. At the show, Paxton is introducing its Net2 Entry Premium monitor, the latest addition to the company’s Net2 Entry line of door entry products. “The show is definitely a great way to promote who we are and what we offer,” says Linda Soriano, Paxton Marketing Communications Coordinator. “It’s great to meet new customers and interact with existing customers, to build new relationships. It’s an opportunity to promote the new things we have going on.” Paxton measures success at ISC West in terms of how many people they interact with at the show. In addition to welcoming booth visitors, the company is signing up attendance at free training through a show promotion. Anyone who signs up for training at the show is entered into a drawing for a $500 Visa gift card and a $1,000 discount off MSRP of Paxton products. Tim Shen, Director of Marketing at Dahua Technology USA, one of the larger exhibitors, says the company is emphasising solutions at ISC West, just one element of the successful international business model they are bringing to the United States.With AI and business analytics in transportation and retail markets, we are letting the market know that we can build solutions" Another topic for Dahua is artificial intelligence. “With AI and business analytics in transportation and retail markets, we are letting the market know that we can build solutions,” he says. Dahua sponsored a keynote address Wednesday on AI, including a presentation from Intel about AI trends. “AI is the future, but what can we use it for now?” asks Shen. “We need to give a very clear strategy of what we think about AI.” Dahua will bring AI cameras and an AI network video recorder to the U.S. market in the second quarter; in effect, they will be testing the water to see how well the AI concept is embraced here. Other new products from Dahua include multi-image and thermal cameras. In the thermal category, Dahua has developed their own chipset to help bring the price down and provide affordable thermal cameras to the U.S. market. Another focus will be e-POE (extended Power over Ethernet), which Dahua sees as a big differentiator. [Main photo credit: Abbey Masciarotte | Larry Anderson]
Cybersecurity is a growing concern for manufacturers of life safety and security products, and Underwriters Laboratories (UL) wants to help solve the problem. Specifically, UL seeks to work with manufacturers to up their game on cybersecurity and to certify compliance to a minimum level of cybersecurity “hygiene.” UL cybersecurity certification UL is a familiar brand in consumer goods and in the security and life safety markets. UL certification is sought by manufacturers in a range of product lines, from electrical goods and smoke alarms to access control and central monitoring stations. Approximately 22 billion UL marks appeared on products in 2016. In the physical security industry alone, products are certified to around 20 different standards covering access control, intrusion detection, locks, safes and vaults, software and other categories. Now UL is working to increase the prominence of their brand in cybersecurity with the UL Cybersecurity Assurance Program (CAP). The UL 2900-1 standard, the standard that offers General Requirements for Software Cybersecurity for Network-Connectable Products, was published in 2016 and in July 2017 was published as an ANSI (American National Standards Institute) standard. The standard was developed with cooperation from end users such as the Department of Homeland Security (DHS), U.S. National Laboratories, and other industry stakeholders. UL 2900-2-3 – the standard that focuses on electronic physical security/Life Safety & Security industry, was published in September 2017. Testing for cybersecurity weaknesses The UL 2900 standard encompasses three main areas related to cybersecurity – software weaknesses, known vulnerabilities and risk control such as encryption, access control, passwords, remote communications, and software patches and updates. UL conducts structured penetration, fuzz testing and other tests to establish a reasonable level of confidence that a product or system has addressed cybersecurity concerns. “Certification to the standard means that a product or system has been evaluated to a minimum level of cyber hygiene,” says Neil Lakomiak, Director of Business Development and Innovation, Building and Life Safety Technologies, for UL LLC. “It covers the ‘blocking and tackling’ that you would expect manufacturers to do. It doesn’t provide absolute assurance, but rather a level of confidence that a product has been vetted.” The certification is good for one year, and changes in products require recertification. UL has written more than 1,600 standards defining safety, security, quality and sustainability Lakomiak says applying the standard will: “create an environment where companies are starting to incorporate cybersecurity into their development processes; creating security by design. It will elevate the industry to consider cybersecurity earlier in the development process.” An overall goal of UL is to “give people peace of mind around the products and systems they use.” Underwriters Laboratories at ASIS 2017 Companies that achieve certification can promote it as a point of differentiation in the market, although not a guarantee that a product is cybersecure. UL’s independent evaluations carry weight in the market, as reflected by the ubiquity of the UL brand, and Lakomiak contends the industry can benefit from applying the same level of testing and certification to the area of cybersecurity. He sees UL’s cybersecurity initiative as complementary to other cybersecurity measures, such as “white hat” hacking. From a standards perspective, UL’s efforts seek to complement industry efforts such as SIA, ASIS International, PSA and ONVIF. Lakomiak was at the ASIS 2017 show in Dallas, where he met with existing manufacturer customers and potential future clients – including large and small companies in the industry – to discuss cybersecurity and the road to certification. He says many manufacturers are not yet ready for certification, in which case UL provides consultancy and advisory services to help them get there. “A lot of companies just need help understanding what their current processes and cybersecurity posture are,” says Lakomiak. “They want help to create a roadmap to get certification. A variety of manufacturers are on the path to certification.” Underwriters Laboratories security mission The cybersecurity element is an extension of UL’s mission to help companies demonstrate safety, confirm compliance, deliver quality and performance, and build excellence. Lakomiak says many people mistakenly perceive UL as a quasi-governmental organisation, perhaps because UL standards are sometimes incorporated into regulations. However, the organisation is a business and wants to operate like one by serving the needs of its manufacturer customers. “We want to have the service we provide be market-driven. We understand the pain points of manufacturers, integrators and others as they interface with technology. We want to devise programmes to help them be successful in the market. Our focus is to make our customers succeed by providing objective certification.” To the extent that cybersecurity is a growing pain point for the physical security industry, there is a large potential role to be played by UL and many others.
Jonathan Lewit will touch on the array of connected devices and open platforms in the market ONVIF, a standardisation initiative for IP-based physical security products, announced that it will be presenting at TechSec Solutions 2017, February 27-28, 2017, at the Delray Beach Marriott, Delray Beach, Florida, as part of a panel discussion on standards, best practices, cybersecurity, and the Internet of Things.Internet of ThingsJonathan Lewit, Chair of the ONVIF Communication Committee, will be speaking on behalf of ONVIF and will be one of four panellists discussing ‘The future of IoT: Taming security's wild west.’ Other panellists include Neil Lakomiak of Underwriters’ Laboratories, Mitchell Klein of Z-wave Alliance and Jim Coleman of Operational Security Systems, Inc. The panel will be moderated by Paul Ragusa, Editor of Security Systems News. “Standards are an essential part of the conversation when considering any scenario in which disparate elements must work together to provide actionable intelligence or automation, which the Internet of Things often seeks to do,” said Per Björkdahl, Chairman of the ONVIF Steering Committee. “Jonathan will bring an ONVIF perspective to the panel, shedding light on how standardisation and ONVIF specifications can build vital bridges between clients and devices and between IP-based systems.”Physical securityLewit, who also serves as Director of Technology Leadership for Pelco by Schneider-Electric, will touch on the array of connected devices and open platforms in the market that use common communication protocols to work together, including smart homes, buildings, and cities. The panellists will examine how standards, the establishment of best practices, interoperability, cybersecurity and other trends are helping to shape the future of the physical security industry.Lewit will be speaking on Monday, February 27, at 9:30 A.M. at TechSec Solutions 2017.