Articles by Vicki Contavespi
A demonstration of the home automation capabilities of Z-Wave wireless transmission – controlling a coffee maker from the Mt. Everest base camp – came off without a hitch at ISC West. A few days later, however, the veteran climber involved in the stunt got a first-hand look at the deadly 7.8 earthquake in Katmandu and the resulting avalanche. The adventurer, Mariusz Malkowski, began his love of climbing in his native Poland while in early high school. “I would go on an 8-hour train ride alone,” he says, “sometimes not telling my parents that I was climbing a mountain.” Z-Wave wireless transmission technology That independent spirit took courage and persistence, qualities that Malkowski has carried into his day job, too, where he is an engineer at Sigma Designs, the creators of Z-Wave, a wireless transmission technology that is taking the world by storm. Z-Wave is a battery-friendly, easy-to-use and cost-effective wireless transmission technology. Z-Wave runs on a different frequency and needs less power than Wi-Fi. Z-Wave is Malkowski’s baby, and mountains are his passion. This year, FIBARO, a global company specialising in home automation, decided to send him to Mt. Everest, where he was going to climb—alone and without oxygen—to illustrate how, as the company puts it, “everything is connected, and [I] can control [my] smart home even from the top of the world.” It was a great promotional idea, one that had gone off flawlessly in 2013 when another company, Kwikset, had sponsored him to climb Mt. Cho Oyu, the sixth-tallest mountain in the world and about 30 miles away from Everest. While there, he remotely controlled home-automation devices, including a Kwikset lock. Controlling Z-Wave powered devices from the top of the world "Everything is connected, and [I] can control [my] smart home even from the top of the world" This year’s challenge was to summit Mount Everest—Earth’s highest mountain at more than 29,000 feet above sea-level—and control a number of Z-Wave powered devices located on the other side of the world. “FIBARO is one of my customers,” says Malkowski. “Once they saw the potential of the idea, they thought it was great.” And it was great! FIBARO spent about $40,000 for the expedition, with the goal (successfully achieved) of remotely making a fresh cup of coffee from Mt. Everest’s base camp using the FIBARO app. This was done as a live demonstration for ISC West in Las Vegas. To do this transmission, the world-class climber used a SatSleeve, which is a cradle about the size of an oversized case that transforms the iPhone into a satellite phone. “It’s about $800 and it lets me get a bit of a charge on the phone, too,” Malkowski says. This extra charge would prove most helpful in the days to come. Devastating 7.8 earthquake The demonstration came off without a hitch, but a few days later the climb ended tragically when a deadly 7.8 earthquake hit Katmandu and started an avalanche at Everest’s base camp. Malkowski, luckily, was on the north side of the camp and was relatively safe. He was able to help other survivors. Malkowski has climbed a number of mountains over the past 20 years, but no one is prepared for a disaster like the Nepal earthquake. “It was like a big jump,” he recalls, “and then 30 or 40 seconds later the snow came. I wish we had gotten to the top, but the situation made us do our best.” “I do extremely well in high mountains,” says Malkowski . “You need a persistent person. Every step, you think ‘maybe I should just be done with it.’ Your body is screaming for it and you’re gasping for breath. Lots of it is mental. Being persistent. Being cold. I don’t care about cold much, I deal with it.” FIBARO spent $40,000 for the expedition, with the goal (successfully achieved) of remotely making a fresh cup of coffee from Mt. Everest’s base camp using the FIBARO app Mental strength and persistence works in his profession, too. “You don’t want to settle for half-way solutions as an engineer,” he says. Malkowski's next attempt FIBARO spent another $10,000 to $15,000 to rescue Malkowski, but he says he’s ready to go again. “It was going really, really well and the ISC West demonstration worked flawlessly,” he says. Undoubtedly, another company will sponsor him. “I’d be ready next year, but I don’t know if my family would be ready for me to go,” he says. “If it’s not next year it will be the year after. I’m 42; for mountains, 40s are a pretty good age. I’ve got another 10 years in me.” He and his eight-year-old son are already planning to climb. Z-Wave and Malkowski will be on Mt. Everest again, next time at the top.
The FERC standard CIP-014-1 became effective, according to the Federal Register, on January 26, 2015 The electric power industry works with several federal agencies, including the Federal Energy Regulatory Commission (FERC), the Department of Homeland Security (DHS), and the Department of Energy (DOE) to improve sector-wide resilience for cyber threats. The industry also collaborates with the National Institute of Standards and Technology (NIST), the North American Electric Reliability Corporation (NERC), and federal intelligence and law enforcement agencies to strengthen its cyber security capabilities. Are the standards anywhere close enough to actually be of service? We shall soon see because last November CIP-014-1 was approved. It is the Physical Security Reliability Standard, developed by the North American Electric Reliability Corporation and approved by the U.S. Federal Energy Regulatory Commission. In December, the House of Representatives approved unanimously H.R. 3410, the Critical Infrastructure Protection Act (CIPA). This is the first time in four years that Congress has acted to begin to protect the nation’s electrical grid, and comes on the heels of CIP-014-1’s approval. Aim of the new bill The bill enjoys strong bipartisan support, but it remains to be seen whether it will become law. It has been read in the Senate and referred to the Committee on Homeland Security and Governmental Affairs. Its purpose is to see that DHS: Include in national planning scenarios the threat of electromagnetic pulse (EMP) which would entail the education of the owners and operators of critical infrastructure, as well as emergency planners and emergency responders at all levels of government of the threat of EMP events; Engage in research and development aimed at mitigating the consequences of naturally occurring or man-caused EMP events; Produce a comprehensive plan to protect and prepare the critical infrastructure of the American homeland against EMP events. FERC’s standard CIP-014-1, has six requirements, including Utilities must devise physical security plans for each of their respective transmission stations, transmission substations, and their primary control centre (one of the CIP-014-1 requirements) Performing risk assessments periodically to identify weak transmission stations and substations; The transmission owner must modify trouble spots accordingly and implement procedures for protecting sensitive or confidential information; Transmission owners must let operators know there are issues so they can address them. Owners and transmission operators must conduct an evaluation of the potential threats and vulnerabilities of a physical attack on each of its respective transmission stations, transmission substations, and primary control centers identified as critical under the first requirement; Utilities must devise physical security plans for each of their respective transmission stations, transmission substations, and their primary control center; Finally, they must have an unaffiliated third party with appropriate experience review its evaluation and security plan and then respond to the recommendations. However, Todd Borandi, an industry veteran and information security architect, sees these regulations as a day late and a dollar short. He credits hackers for today’s push for regulations “because several groups made it a public point to demonstrate how easy it is to access sensitive systems and steal data, so the outcry from the private, public and even the government demanded regulations causing this whole cycle to start all over again.” The FERC standard became effective, according to the Federal Register, on January 26, 2015. It remains to be seen whether or not the boxes get checked in lieu of an improvement in physical security. Wind - The savior? Ironically, what might be of more help is a very simple solution: wind. LogRhythm’s Greg Foss says “Wind could be the saviour” because the Department of Energy is working on outputting windmill energy into batteries. Foss is senior security research engineer for Boulder, Colo.-based LogRhythm, a security intelligence firm. One thing is to upgrade equipment, but as we’ve discovered that demands a huge money outlay, and as Foss says, “Right now, utilities have no real need to do this even though there have been 97 attacks against the grid so far this year.” Foss’ company creates honeypots, which are traps for hackers. “Once they get in,” he says, “we can track them and learn.” He says that a so-called con pot is under development. It would simulate SCADA by running, for example, a gas main, a utility box or a water-heating system, which is a prime target for hackers who wish to fudge temperature readings and make things look cooler than they really are. His best advice is “Hire the right people, train them well and give them the tools to build solutions. Security isn’t that easy to learn and they have to have the tools to succeed.” His company’s mantra is “not if, when,” and those words should resound loudly at all utility firms.
Compliance with regulatory requirements are not enough to protect the US electric grid Many companies use compliance and best practices to assist in their fight to protect the U.S. electric grid. They rely primarily on what three groups say – FERC (Federal Energy and Regulatory Committee), CERT (U.S. Computer Emergency Readiness Team) and NERC (North American Electric Reliability Corporation). These groups issue advisories, standards and guidelines for the industry, while independent vendors provide electronic devices meant to harden security. Todd Borandi, CISSP, an industry veteran and information security architect, points out that “Companies have mapped controls from one set of compliance rules to sets of security best practices, but that effort does not create a cyber-security solution; it creates a compliance solution with a checklist of boxes to be ticked off once a control can be verified by documentation as being in place.” As a byproduct, Borandi says, “There are teams of so-called security professionals who are nothing more than compliance auditors and who focus on the “what” not the “how.” Treating compliance rather than cyber security problemsHe considers this reinforced behaviour because the “audit drones,” as he calls them, are “the auditors who have been seasoned by four years of outdated book knowledge in college and get their first job as a Junior Auditor with a large firm. The firm gives these young people access to a single seasoned auditor (usually managing half a dozen projects) and then a quick review of what checklist to use and questions to ask before being sent into the field to evaluate complex networked environments that are running processes, protocols, and tools they never learned about in college and that are not on their list of questions.” As a result, Borandi continues, “Some organisations are treating compliance requirements rather than focusing on cyber security problems and solutions. These businesses feel they have no power to force the vendor’s hand to produce reliable and secure hardware or software, so they fall back to something they can attempt to protect—the organisation’s bottom line.” Result: Money and man hours are spent to ensure that compliance and audit requirements are met rather than to increase the security posture or address the real cyber security risks to the business. “Pressure should be focused on regulations for those vendors providing the products protecting our critical infrastructure”, says Todd Borandi, CISSP, an industry veteran and information security architect. Borandi says “Pressure should be focused on regulations for those vendors providing the products protecting our critical infrastructure,” because many of them are produced in the same foreign countries that are attacking us. Finally, and he emphasises this: “Compliance with regulatory requirements is NOT security.” To be fair, some utilities are being proactive and taking the reins. One is Central Maine Power, which is spending $1.4 billion to secure some of its vulnerabilities. Maine, according to an independent report, has a “significant vulnerability” to severe geomagnetic storms, and the state knows it may have to spend more to harden its substations and transformers. CMP maintains 2,300 miles of transmission lines and 300 substations that connect utilities in New Brunswick, eastern Maine and southern New England, much of it in remote territory, so cameras of all stripes were critical. Card readers limit access, and warning signs are prominently placed, as are the cameras. Will they help against a natural event? No. But it’s better than a wall.
Forty-one percent of cyber incidents involved the energy sector The Bipartisan Policy Center, the Industrial Control Systems Cyber Emergency Response Team, which is part of the U.S. Department of Homeland Security, reports responding to 198 cyber incidents in fiscal year 2012 across all critical infrastructure sectors. Forty-one percent of these incidents involved the energy sector, particularly electricity, according to a February 2014 report. Considering the enormity of the system, it soon becomes clear that 198 events is the very tip of an enormous iceberg. Greg Foss, senior security research engineer for Boulder, Colo.-based LogRhythm, a security intelligence firm, says “an average breach lasts 480 days before a company knows they’ve been attacked.” He also says that most utilities are slow to address the problem because of upgrade costs, and that “some of them are still running Windows 98.” There is much talk about creating a “smart grid,” which, according to the Department of Energy is “computerising” the electric utility grid and includes adding two-way digital communication technology to devices associated with it. As DoE says: “Each device on the network can be given sensors to gather data (power meters, voltage sensors, fault detectors, etc.), plus two-way digital communication between the device in the field and the utility’s network operations center.” A key feature of the smart grid is automation technology that lets the utility adjust and control each individual device or millions of devices from a central location. Therein is the problem. The whole concept of a SCADA system is that it provides a way to monitor a number of items within one facility, and it has worked so well that many companies run everything into a computer to control all facets of operation. Much of the equipment in the “smart grid,” including transformers and generators, are operated by SCADA (supervisory control and data acquisition), which is a system that operates with coded signals running over communication channels. The whole concept of a SCADA system is that it provides a way to monitor a number of items within one facility, and it has worked so well that many companies run everything into a computer to control all facets of operation. “SCADA monitors devices on the grid many times per second and was never intended or designed to have virus protection or security protocols,” says Dave Hunt, an independent homeland security consultant and a founding member of the National InfraGard Electromagnetic Pulse special interest group. In fact, continuous monitoring makes it virtually impossible for a SCADA system to validate a security protocol. Adding to the misery is that an evildoer can purchase a SCADA attack for about $500, not to mention that the systems were designed by engineers, not computer people, so they don’t necessarily communicate well. These systems are called embedded systems and the bad guys are fighting them hard. According to Daniel Geer, Sc.D, chief technical officer of @Stake, in Cambridge, Mass., “Cyber smart bombs are what nations are working on.” These bombs are designed to attack embedded systems like SCADA. He strongly feels that “Embedded systems either need to have a remote management interface or they need to have a finite lifetime. They cannot be immortal and unfixable because to do so is to guarantee that something bad will happen.” But to change them would cost the utilities more money. Todd Borandi, CISSP, an industry veteran and information security architect says, “The root to all security issues is the vendor supplying the hardware and software. This equipment is provided by a small group of companies that experience little to no pressure to provide specialized secure software or hardware, which is expected to last more than a decade with little chance of an update. Many of these devices can now be rebooted and even overwritten from anywhere and by anyone.” He adds that “Another important issue is the idea that regulatory compliance is a sustainable solution to cyber security challenges. Regulatory laws are often slow to implementation and provide little meaningful guidance or enforcement in a dynamic field like technology.”
The number-one cause of most power outages in the U.S. is bad weather What does the industry consider to be its most severe threats the U.S. electric grid? There is no shortage of nightmare scenarios. According to the Department of Energy, the number-one cause of most power outages in the U.S. is bad weather, which costs the economy between $18 billion and $33 billion every year in lost output and wages, spoiled inventory, delayed production and damage to grid infrastructure. When considering what’s at stake, it’s important to keep in mind that a large power transformer (LPT) is an enormous, custom-built piece of equipment tailored to customers’ specifications. They usually aren’t interchangeable with each other, and they aren’t produced for spare-part inventories, so if one blows a lot of companies and homes could be without power for more than six months. They’re not cheap, either. According to EEP (Electrical Engineering Portal), $10 million is a fairly average cost, but that doesn’t include transporting the gargantuan piece of equipment or installing it, which usually adds an additional 35 percent to the bill. As Dave Hunt, an independent homeland security consultant and a founding member of the National InfraGard Electromagnetic Pulse special interest group, puts it, “Hurricanes, flooding, tornadoes—you know you’ll get these, so do we prepare for a rare event or do we put it [money] into more sandbags?” It’s a troubling question considering all the possible threats facing the grid. Ironically, if a utility wants to spend money to protect itself, they put themselves at a cost disadvantage, which often keeps them from making changes. NASA estimates that a solar storm event today would make the earth go dark in about three minutes Solar storms. In 1859, British solar astronomer Richard Carrington witnessed a white-light solar flare—a magnetic explosion on the sun—which was so strong it was visible from earth. If we were to experience something like that now, it would have dire consequences. Not only would it disrupt the magnetic field, but it would charge the ground with electricity and that voltage could get in to a transformer and destroy it. Moreover, in today’s electronic and GPS-guided world nothing would work. NASA estimates that a comparable event today would make the earth go dark in about three minutes. An extraordinarily large solar flare could also cause an Electromagnetic pulse event (EMP), which would plunge the world into chaos almost immediately. Cell phones and computers would stop working; electricity would be gone over a very large area, and it could take up to a year to fix; people on life-saving medical equipment would die. Whatever food is in the stores would be gone or rotten in a matter of days. Recent testimony by Peter Vincent Pry, a member of the Congressional EMP Commission and executive director of the Task Force on National and Homeland Security, indicates that an EMP event such as occurred in 1859 could wipe out half of America's population in a year. This kind of event, says Hunt, could also occur if a nation state exploded a nuclear device above the U.S. “If Iran were to ignite a nuclear bomb about 200 miles over the middle of the country, a super high pulse lasting a billionth of a second would fry any unprotected electronics. Planes would be dropping out of the sky.” Moreover, our backup generators wouldn’t work once the gas ran out. An extraordinarily large solar flare could cause an Electromagnetic pulse event (EMP), which would plunge the world into chaos almost immediately. Cell phones and computers would stop working; electricity would be gone over a very large area, and it could take up to a year to fix; people on life-saving medical equipment would die Physical attack. Last April, someone or some people (no one has been caught) slipped into an underground vault and cut a couple of communications cables. Within a half hour, snipers were surgically shooting at a PG&E electrical substation in Metcalf, Calif., and taking out 17 giant transformers that power Silicon Valley. Surveillance tapes reveal that a minute before the police showed up, the perpetrators disappeared. It took utility workers nearly a month to make repairs and bring the substation back to life. This event says Hunt, “was a very sophisticated attack,” and it is viewed by many as a trial run and a possible terrorist act that, if it were widely replicated across the country, could take down the U.S. electric grid and black out much of the country. PG&E’s response was to build a wall around the substation. Stupidity. Last July 3, DHS replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.” Unfortunately, DHS made an enormous mistake and released more than 800 pages of documents related not to Operation Aurora but to the Aurora Project, which is a 2007 research project run by Idaho National Laboratory that demonstrates how easy it is to hack elements in power and water systems. The Aurora Project exposed a vulnerability common to many electrical generators, water pumps and other pieces of infrastructure, wherein an attacker remotely opens and closes key circuit breakers, throwing the machine’s rotating parts out of synchronization causing parts of the system to break down. Hunts says, “If the nation loses power we won’t have the ability to pull ourselves up by the bootstraps. You can’t respond your way out of it. You can’t stockpile enough food to feed tens of millions of people a month. Any place that is running will be overwhelmed. Even if 40 percent of the country is hit, can the other 60 percent manufacture enough to save us? Sure, generators could power the stuff, but the problem with them long-term is that the fuel supply would run out.” Generators aren’t the half of it.
Drone is a toy with a bright future—until it causes a catastrophe Drones, or unmanned aerial vehicles, are today’s gizmo du jour. A recent Bloomberg article reported that Amazon alone is selling more than 10,000 a month, and with prices as low as $50, it’s a toy with a bright future—until it causes a catastrophe. Consider the January incident at the White House when a drunken National Geospatial-Intelligence Agency employee lost control of a quadcopter device and crashed it onto the southeast corner of the grounds. This kind of mishap could happen to anyone, drunk or sober, because as Tom Fuentes, CNN’s law enforcement analyst said, “They have flimsy comms systems, and it’s easy for people to lose control of them. It’s like losing the wifi signal, and the controller can’t do anything.” In this case, it is theorised that the user hadn’t set the drone’s “home point” properly so the drone got confused about its location and flew away. There have been dozens of incidents involving close encounters with aircraft, but the FAA hasn’t yet created rules for the small crafts. The National Transportation Safety Board (NTSB), in November, formally declared that a UAV operated commercially is considered to be an aircraft under 14 C.F.R. § 91.13(a), so its operator may be subject to civil penalties for violating federal aviation regulations. However, most offenders aren’t like the partying government employee who self-reported the incident, and it’s difficult to track down users. Drones have flimsy comms systems, and it’s easy for people to lose control of them Fred Roggero, former Air Force chief of safety, recently said on CNN that drones can carry “…50 lbs of stuff on some that look like an aircraft.” Obviously, 50 pounds of any sort of explosive or chemical, biological, nuclear or biological weaponry would do some serious damage. Thus, a new industry is born—drone detection. Jamming signals is against the law in the U.S., even though it may ultimately be the best way to drop a drone in its tracks once it’s detected. Firing on one wouldn’t help because the bullets or the rocket would rain down somewhere and could harm innocents. Boston-based HGH Infrared Systems is one drone-detection firm. It has several different models of what it calls Spynel, a camera system which goes up to a resolution of 120 megapixels. The cameras record in real time and, as the continuously spinning camera head takes an HD panoramic image of an entire area, the proprietary software automatically detects and tracks an unlimited number of targets (land, air, maritime). “Our detection range for a person on the Spynel X is up to 8 km, 15 km for a car, and up to 30 km for a tank/boat,” reports the company in an email. Drones can carry “…50 lbs of stuff on some that look like an aircraftPhoto credited: U.S. Secret Service/Reuters According to Katie Shea, HGH Infrared’s marketing manager, “Radars are not ideal for tracking the small, low-heat UAVs because of their low profile and low speed. Infrared sensors and Spynel work well because they are completely passive and our high-resolution infrared thermal cameras can pick up low heat deltas between ambient temperatures and the electric engine UAVs, as well as the low-speed, smaller UAVs.” John Franklin, a Washington, D.C.-based engineer started an Indiegogo campaign and ultimately created the DroneShield™. Concerned that drones with attached cameras could easily spy on regular folks, the Indiegogo site proclaims that “DroneShield is a device that detects the presence of nearby drones (including RC helicopters, quadrotors, etc) and issues alerts via email, sms, and/or a flashing light. The goal is to help preserve your privacy from low-cost remote-control air vehicles with video cameras.” He managed to raise more than $8,000, and now sells the devices online. Franklin’s site envisions various uses, from protecting private property to military installations and critical infrastructure. So does competitor Drone Labs, with its Drone Detector. CEO Zain Naboulsi claims it is unlike other systems because it “…can see air, ground, and water-based threats. Auditory detection alone, for example, can typically only detect aerial drones and be easily defeated. Our technology uses multi-factor authentication to determine the confidence level of a threat. While no drone detection technology is foolproof, Drone Detector is the only detection product on the market today that is built to detect most threats regardless of where they originate.” Now, we have to figure out a way to find out who’s doing the flying.
The smarter the grid becomes, the more risks it will encounter Hollywood collided with couch-dwelling gamers this Christmas because of the hack on Sony’s computer system, allegedly committed by North Korea. Immediately, security experts began to wonder if a nation state or a terrorist group might try and hit the U.S. electric grid. The answer is likely yes, but it wouldn’t be the first time or the last, and the grid, smart or not, is extremely complex and interwoven. The smarter the grid becomes, the more risks it will encounter. The U.S. power grid is divided into three sections: The Eastern Interconnection for states east of the Rocky Mountains, The Western Interconnection for states from the Pacific Ocean to the Rocky Mountains, and the smallest—the Texas Interconnected system—covering most of Texas. Electricity coming from coal, nuclear or hydroelectric plants goes to local utilities and they distribute power to homes and businesses, to millions of personal devices, lights, refrigeration, computers, and to other “loads,” that tap it. According to a 2011 report by the American Society of Civil Engineers (ASCE), the nation’s electric infrastructure is “nothing but a patchwork system” that has evolved wildly since the first substation was erected by Thomas Edison in 1882, on New York City’s Pearl Street. Contributing to the challenges of securing the grid are the crazily disparate ages and capacities of the grid’s equipment. The ASCE report says that “About 51 percent of the generating capacity of the U.S. is in plants that were at least 30 years old at the end of 2010. Most gas-fired capacity is less than 10 years old, but 73 percent of all coal-fired capacity is 30 years or older.” The report adds that “…70 percent of transmission lines and power transformers are 25 years or older nationally, while 60 percent of circuit breakers are more than 30 years old.” There are many possible targets, too. Approximately 300 control centres around the country monitor voltage and watch the data from SCADA (supervisory control and data acquisition) systems, which are placed at transformers, generators and other critical areas. Ideally, this allows engineers to monitor the data for signs of trouble and then communicate with each other to deal with whatever is happening to the grid, but SCADA has security issues. The complex ownership arrangements and operating systems are constantly evolving, as are the technologies used to create power Demand for power is soaring, greatly taxing the nation’s 5,800 major power plants and 450,000 miles of high-voltage transmission lines. There are also complicated differences between the electric grid and other infrastructure types, and some contribute to the security challenges. The ASCE report delineates the differences as: Ownership. Only a portion of the grid is owned by federal agencies, municipal governments and/or rural cooperatives. The bulk is owned by for-profit, investor-owned utilities but the rates are usually regulated by state agencies, and there is also federal and state regulatory oversight of generating facilities and transmission systems. A multitude of different technologies are being used, from fossil fuels such as coal, oil, diesel and natural gas, to renewable power, which includes hydro, wind, solar, geothermal or biomass. There are also many technology systems in use in the SCADA systems for transmission and distribution. Deregulation has resulted in the three elements (generation, transmission, and distribution) being operated by different parties. This severely impacts security, and it facilitates the growth of independent power production and distributed generation, which will take money out of the utilities’ pockets. In addition, according to a 2013 report by the Edison Institute, utilities worry that as more businesses and households use solar, wind and other sources to generate their own power, they will lose customers and revenues while still having to absorb the costs of running the grid. All of this adds up to uncertainty, and uncertainty complicates security. The complex ownership arrangements and operating systems are constantly evolving, as are the technologies used to create power. The diversification of fuels provide a bit of protection from unforeseen future issues with any one type of generation, but no one knows about the future prices of fossil fuels, regulations controlling greenhouse gas emissions and the feasibility of the “smart grid.” So, before even considering a cyber-attack or a downed tree, there are concerns about the grid. The same ASCE report says that at least $11 billion must be spent annually or “the electrical service interruptions between now and 2020 will cost $197 billion.” That’s only five years from now.
Many of the most well-trafficked articles posted at SourceSecurity.com in 2015 were those that addressed timely and important issues in the security marketplace. In the world of digital publishing, it’s easy to know what content resonates with the market: Our readers tell us with their actions; i.e., where they click. Let’s look back at the Top 10 articles we posted in 2015 that generated the most page views. They are listed in order here with the author’s name and a brief excerpt. 1. Video analytics applications in retail - beyond security [Larry Anderson] Analytics can help catch suspects by alerting in real-time. After the fact, analytics used for search purposes are far more effective to identify a theft. Secondly, analytics can be used in retail to track customers, understand their age and gender, manage queue lines, know how long people dwell at an end cap, provide heat maps, etc. 2. Cybersecurity - hackers target SCADA embedded systems [Vicki Contavespi] “SCADA monitors devices on the grid many times per second and was never intended or designed to have virus protection or security protocols,” says Dave Hunt, an independent homeland security consultant and a founding member of the National InfraGard Electromagnetic Pulse special interest group. In fact, continuous monitoring makes it virtually impossible for a SCADA system to validate a security protocol. 3. Home automation standards and protocols [Randy Southerland] As the home automation industry has expanded with an ever-growing number of devices and services, companies are placing bets on which wireless protocols will dominate. The past few years, the leaders have been Z-Wave and ZigBee. Companies are also using a variety of other standards including Crestron’s Infinet, Insteon, and proprietary technologies such as Lutron’s ClearConnect. Readers were interested in Prism Skylabs' retail applications, utilising IP cameras as sensors to gather data on customer behaviour 4. The numbers tell the video story at ISC West: 4K and H.265 [Larry Anderson] The latest in video surveillance equipment at ISC West [in 2015] is reflected by the numbers you hear repeatedly on the show floor, numbers like 4K and H.265. Big players like Panasonic have joined the 4K bandwagon in a big way. Sony introduced a 4K camera with a larger sensor size (1-inch) to increase light sensitivity, displaying the better view alongside a “Brand X” competitor in the Sony booth. 5. Video analytics: Prism Skylabs envision IP cameras as sensors to expand their role in retail [Larry Anderson] Prism Skylabs is helping to drive a re-evaluation of the role of video cameras in the market. Founded in 2011, the San Francisco cloud service company thinks of IP cameras as sensors that are capable of providing a range of data that can be managed and processed in the cloud to provide more useful information to end-user customers. Prism’s current implementations of the “software as a service” approach focuses on retail merchandising and marketing applications, but Prism Co-Founder and Senior Vice President Bob Cutting sees many other opportunities too. 6. Video analytics for forensics: Analytics-based forensic evidence collection [Larry Anderson] Another aspect of video analytics is how the technology can be used for forensics. Basically, intelligent searches of video archives provide investigators faster access to any needed video clip based on the content of the video. It’s a monumental improvement over the old days of searching for hours while rewinding and fast-forwarding videotape. 7. IP video surveillance market – revealing the ‘industry standards’ myth [Mark Collett] Considering the state of the IP surveillance industry, standardisation would likely drive vendor consolidation and force companies to evolve in order to succeed. Many industries have successfully implemented standards – including energy, telecommunications, consumer electronics and aerospace. These are all vibrant industries; standards have not driven any of them to extinction, as some in the security industry believe they would. Another topic of interest was the public and private protection of public figures, spurred by the Pope's visit to America earlier this year 8. Physical Security Information Management (PSIM) – the death of an acronym? [Larry Anderson] Lately, we have even begun hearing manufacturers starting to avoid the PSIM term and its historic baggage and preconceptions. When a buzzword takes on a negative stench, it loses its impact. If a PSIM is perceived as negative, the initials lose their usefulness even as a marketing term (which some say PSIM was all along). 9. Avigilon acquires fundamental patents covering video analytics [Larry Anderson] What are the ramifications when a major supplier in the video analytics space owns many of the patents that are fundamental to its competitors’ businesses? It’s one thing to pay licensing fees to a fading player like ObjectVideo (perhaps to avoid costly litigation?), but isn’t paying those fees to a direct competitor another matter? 10. How public and private security operations protect celebrities, big-name executives and dignitaries [Michael Fickes] According to the Secret Service, dozens of federal, state and local agencies combined forces to protect the Pope in his visits to Washington, D.C., Philadelphia and New York City. The Department of Homeland Security designated the Papal visit to New York City a National Special Security Event. For such an event, the Secret Service acts as the lead federal agency for the design, implementation and oversight of the operational security plan. See the full coverage of 2015/2016 Review and Forecast articles here