Cyber security
![](https://www.sourcesecurity.com/img/links/1240/cybersecurity-network-based-systems.jpg)
![](https://www.sourcesecurity.com/img/links/1240/cybersecurity-big-data.jpg)
![](https://www.sourcesecurity.com/img/links/1240/cybersecurity-security-network-breach.jpg)
![](https://www.sourcesecurity.com/img/links/1240/cybersecurity-costly-breaches.jpg)
![](https://www.sourcesecurity.com/img/links/1240/cybersecurity-vulnerable-device.jpg)
![](https://www.sourcesecurity.com/img/carousel-nav.png)
![](https://www.sourcesecurity.com/img/carousel-nav.png)
News
Genetec Inc., a pioneering technology provider of unified security, public safety, operations, and business intelligence solutions, announced that the lawsuit filed by Sensormatic against Genetec had ended definitively in the company's favour with Genetec exonerated of any patent infringement and with the court awarding Genetec attorney fees. Sensormatic Electronics, LLC, a subsidiary of Tyco International, which is now merged with Johnson Controls, filed suit against Genetec in Delaware in June 2020, alleging infringement of two patents, U.S. Patent No. 7,307,652 entitled “Method and Apparatus for Object Tracking and Detection" ("the '652 patent"), and U.S. Patent No. 9,463,954 entitled “Access Control System for Override Elevator Control, and Method Therefor" ("the '954 patent"). Litigation between Sensormatic and Genetec On January 3, 2023, the Court invalidated the '652 patent following the Genetec motion for summary judgement. On February 15, 2023, Sensormatic unilaterally dismissed the remaining infringement claims regarding the '954 patent with prejudice, pioneering to the judge issuing a final judgement exculpating Genetec. The court found the case choice and found Genetec entitled to a substantial portion of its attorney fees Following the final judgement in its favour, Genetec moved to have its attorney fees awarded, which required the judge to find the case “exceptional” under US patent laws. On March 27, 2024, the Court found the case exceptional and found Genetec entitled to a substantial portion of its attorney fees. The Court also ordered that the parties meet to reach an agreement on the amount of attorney's fees to be awarded, following which Genetec and Sensormatic entered into an agreement regarding the amount to be paid to Genetec, ending the litigation and terminating appeals. This concludes all outstanding litigation between Sensormatic and Genetec. Nullification of invalid patents “We have stated in the past that Genetec considers this a simple case of friendly fire, and this remains true. That said, we take patent infringement accusations very seriously, even when they come from a subsidiary of a partner,” said Pierre Racz, President of Genetec Inc. “Genetec has a forward-facing approach to development. We do not copy our peers but look to the future to create technology that doesn’t exist yet. The successful conclusion of this litigation is a vindication of our innovative approach to product development.” Genetec announced the favourable conclusion of a lawsuit brought by a non-practicing entity Genetec has always taken a firm stand against unjustified patent lawsuits and seeks the nullification of invalid patents and restitutions in unfounded patent infringement claims. In 2020, Genetec announced the favourable conclusion of a lawsuit brought by a non-practicing entity (NPE) which ended with the NPE paying Genetec in a settlement. Accusations of infringement “Lawsuits like these can be seen as an accusation of plagiarism so it is important that we set the record straight. Genetec has a policy of vigorously defending itself against any patent case we consider unjustified and to seek attorney fees awards in all such cases. This outcome demonstrates to potential patent aggressors how seriously we take these accusations of infringement,” said Jean-Yves Pikulik, Director of Intellectual Property at Genetec Inc. Genetec was represented by Fish & Richardson P.C. in this matter. Sensormatic was represented by Foley & Lardner LLP.
Regula, a developer of forensic devices and identity verification solutions, prepared a dedicated package of expert articles focused on document verification, tailored to meet the needs of carriers, border verification authorities, the hospitality industry, and businesses during the 2024 Olympics. These resources aim to address the unique challenges posed by the influx of international visitors, ensuring seamless and secure experiences for all. Security and access management France anticipates a significant boost in tourism and economic activity during the 2024 Olympics France anticipates a significant boost in tourism and economic activity during the 2024 Olympics, with over 10 million visitors projected to generate an estimated €3 billion in revenue. This massive surge in visitors will not only increase the risk of fraud targeting consumers and businesses but also pose substantial challenges for security and access management. The influx of international guests underscores the critical need for advanced and comprehensive Identity Verification (IDV) systems. Properly verifying and authorising everyone at every stage of their Olympic journey is essential for maintaining security and ensuring smooth access to event venues and services. Addressing Carrier Requirements for Advance Passenger Information With recent EU regulations mandating the collection of advanced passenger information, carriers face unprecedented challenges. The topic, "How Carriers Can Tackle New Requirements for Gathering Advance Passenger Information," provides comprehensive insights and practical solutions to help carriers comply with these regulations efficiently. As the Olympics are hosted in France, this information is crucial for ensuring smooth travel experiences for millions of visitors. Professional Border Verification Techniques Border control is a critical component of international events. The resources include: "How to Verify a Passport Like a Pro": A detailed guide on the best practices for passport verification. "How Regula Creates the Most Full and Detailed Document Reference System": An in-depth look at how Regula's advanced technology supports border control authorities with the most comprehensive document reference systems available. It contains templates of passports, ID cards, visas, banknotes, coins, driver’s licences, and vehicle documents from all over the world. To gain a better understanding of the verification tools needed, from border controls to customer authorisation by businesses, check the article “Regula ID Document Templates Database vs. Information Reference System”. These topics are designed to empower border officials with the knowledge and tools needed to maintain security while facilitating the flow of visitors. Transforming Travel & Hospitality with Data Entry Automation In the hospitality sector, efficient check-ins are vital for a positive guest experience. At the same time, manual entry of ID details in hotels can often cause long lines, messes, and delays. The topic, "How Data Entry Automation Transforms Travel & Hospitality," highlights the latest innovations in reader technology and software. It provides examples of automated check-in processes and calls to action for hospitality businesses to leverage these advancements for a competitive edge. Solving Business Challenges of Foreign Documents Verification Businesses are facing an increase in the number of international customers, and the smart ones have started adapting to the challenges of verifying foreign documents. The article, "Foreign ID Document Verification for Businesses,” offers practical advice and solutions for businesses to navigate these complexities, ensuring they can confidently verify the identities of international customers.
Bugcrowd, the pioneer in crowdsourced security, has signed Dubai-based Axon Technologies as a value-added partner in the EMEA market. Axon Technologies AXON specialises in managed security services, SOC consulting, security engineering, advanced testing, and incident response services. It has more than 60 customers in 12 countries across financial services, healthcare, government, and other verticals, with a particularly strong presence in its UAE base and Saudi Arabia. Bugcrowd Platform The platform enables organisations to better uncover and mitigate risks across applications, systems The Bugcrowd Platform connects organisations with trusted hackers, or security researchers, to proactively defend against sophisticated threat actors by leveraging the collective ingenuity of the hacking community. This enables organisations to better uncover and mitigate risks across applications, systems, and infrastructure through crowdsourced solutions such as penetration-testing-as-a-service, managed bug bounties, and vulnerability disclosure programs (VDPs). Access to Bugcrowd’s community This alliance gives Axon access to Bugcrowd’s community of hackers and its advanced, AI-driven Security Knowledge Platform and solutions. "We are thrilled to announce Axon Technologies as a Bugcrowd partner," said Paul Ciesielski, Chief Revenue Officer of Bugcrowd. Crowdsourced cybersecurity platform Paul Ciesielski adds, "This collaboration brings together Bugcrowd’s pioneering crowdsourced cybersecurity platform with Axon Technologies' expertise in innovative security solutions." He continues, "Together, we will provide unparalleled protection for our clients, leveraging the collective ingenuity of our global community of hackers and Axon's advanced technology." Leveraging global expertise and innovation Hadi Hosn, CEO of Axon, said, "Axon’s alliance with Bugcrowd significantly enhances the cybersecurity services we offer our customers." He adds, "It aligns with our commitment to providing our customers with the highest level of security by leveraging global expertise, advanced technology, and innovation." Data security Hadi Hosn continues, "This collaboration directly addresses the critical security needs of our customers, ensuring their systems and data are protected against evolving threats." "AXON’s focus on tradecraft, technology, talent, and teamwork is well aligned with Bugcrowd’s focus on modern crowdsourced security," said Jacques Lopez, Global VP of Channel and Alliances at Bugcrowd. Cybersecurity Jacques Lopez adds, "Our business is built on the belief that cybersecurity is a team endeavour demanding a range of expertise, which is why we are looking for partners who complement and add value to our core services. This is a great step in our continued expansion with the channel." Bugcrowd recently secured $102 million for international expansion and acquired UK-based attack surface management provider Informer.
Hanwha Vision, the global vision solution provider, has launched the TNO-C8083E, its first explosion-proof camera with artificial intelligence. The compact 5MP explosion-proof AI model features AI object detection and classification alongside intelligent video analytics. It has a wide range of explosion-proof certifications, including IECEx, ATEX, KCs, and JPEx, making the camera ideal for environments at a higher risk of an explosive atmosphere due to gas or dust - such as oil refineries, gas storage, and grain mills. AI for situational awareness Accurate AI object detection and classification of people and vehicles vastly improves operator situational awareness. AI algorithms can discern people as distinct objects separate from irrelevant motion, for example, shadows or animals, thus reducing false alarms and improving operator efficiency. Meanwhile, object-type metadata created by the camera enables rapid and efficient forensic search for investigations when necessary. Intelligent video analytics, such as loitering and line-crossing detection, alert operators to abnormal activities in real time to keep areas safe and secure. Explosion-proof yet compact A 1/2” explosion-proof cable gland means the camera can be installed without any sealing compound The TNO-C8083E is compact and at just 4.78kg it is 57% smaller and 32% lighter than its closest comparative model. This makes it easier to install in more challenging environments than other more bulky explosion-proof cameras on the market. In addition, a 1/2” explosion-proof cable gland means the camera can be installed without any sealing compound. Enhanced video quality The TNO-C8083E supports enhanced video quality through wide dynamic range (WDR) technology, WiseNRII, and low-light noise suppression. WDR enables operators to monitor objects easily in backlit scenes, while WiseNRII leverages AI object detection to reduce motion blur and improve image noise. In low-light environments, AI works to refine image clarity by suppressing noise. The camera also comes with WiseStreamIII, a cutting-edge video compression technology that reduces bandwidth by up to 80% without compromising video quality. Next-level cybersecurity The TNO-C8083E is equipped with next-level cybersecurity with user and network authentication, and unauthorised access blocking. It validates the boot process, has signed firmware and firmware encryption, and authentication information encryption, to securely store information.
Expert commentary
For K12 education pioneers, embarking on a journey to upgrade security controls can present a myriad of questions about finding the best-fit solutions and overcoming funding hurdles. A majority of public-school districts today are faced with outdated infrastructure and security controls, requiring necessary upgrades. By addressing these concerns head on, schools will ensure a safer environment for both students and staff, mitigating risks posed by unforeseen physical and digital threats. Common K12 security pain points There’s no one-size-fits-all solution in school district security. School districts may have big plans to implement upgraded security systems but to set out on the right foot, pioneers must have a clear vision of their long-term strategy. When embarking on their security journey, education pioneers often wonder where to start and what exact steps are they need to be taking to identify and address weaknesses. Local K12 and government pioneers are promoting and mandating security assessments to uncover safety gaps on campuses and mitigate these risks with advanced technology solutions. Not only do assessments provide detailed, customisable roadmaps for district pioneers, but they also recommend technologies and funding opportunities to help close threat gaps. K12 school districts are mainly vulnerable to cyber-attacks due to the sensitive nature of student records In today’s climate, schools face a growing number of physical and digital security threats. From a cybersecurity standpoint, K12 school districts are particularly vulnerable to cyber-attacks due to the sensitive nature of student records. However, only one-third of these districts have adequate staffing to address threats effectively. In addition, according to a recent survey from Johnson Controls and Forrester Consulting, security decision-makers are having trouble receiving actionable insights. Nearly two-thirds of respondents said that they struggle to receive information from all necessary systems regarding their security threats. To gain more clarity into what school districts need in terms of security tools and threat mitigation, implementing system-wide monitoring and optimisation can be invaluable. This approach enhances equipment and operational efficiency, while providing necessary resources and expertise for critical patch updates across all systems, strengthening their overall security posture. Achieving a well-rounded security program In the past few years, AI technology has emerged as a trending solution and is generating considerable attention. While the allure of implementing cutting-edge technologies is undeniable, it’s important to recognise that a robust security program hinges on solid access control. Access control technology provides administrators with the means to oversee and regulate entry into facilities, serving as the foundation for basic physical security. The technology helps administrators and staff control access to multiple areas from web-enabled devices, even during lockdowns which is crucial in emergency situations. School district pioneers should utilise available digital risk assessment tools to uncover threat areas Once basic security controls are in place, school districts must address their next set of security pain points and identify which solutions meet their specific needs. This involves identifying and prioritising the highest need and most cost-effective investments that will have the greatest impact on enhancing security measures. To accurately determine which security solutions are needed for a specific environment, school district pioneers should utilise available digital risk assessment tools to uncover threat areas and determine levels of priority. By focusing on these priority areas, districts can allocate their resources and efforts where they are needed most, ensuring maximum effectiveness in mitigating risks and vulnerabilities. Securing funding before approaching deadlines A major challenge for school districts surrounding campus security is identifying and securing the necessary funding to implement solutions aligned with their goals. Leveraging available funding sources is critical, especially considering certain programs are approaching their deadline, like the Elementary and Secondary School Emergency Relief (ESSER) fund. Announced during the pandemic, ESSER is a funding program that has allocated nearly $190 billion in aid to U.S. public school districts to fund projects benefitting the well-being of occupants. Notable ESSER funding deadlines to keep in mind as the clock winds down include September 30, 2024 Notable ESSER funding deadlines to keep in mind as the clock winds down include September 30, 2024, when schools must attribute all of their funds to assigned contracts. Following this date, pioneers will need to complete all ESSER spending by January 2025 unless approved for an extension into March 2025. As ESSER wanes, school districts are acutely aware of the fiscal cliff in budgets through 2025. However, many states are ramping up grant funding to close the deficit gap. Administrators should become familiar with these grant opportunities at a local and state level. Get started on security plans The time for school district pioneers to act is now. While the safety and well-being of students and staff are always top priorities, it’s crucial to acknowledge that a lack of insight into necessary security upgrades and available funding options will leave districts behind the curve. Seizing the final months of ESSER funding presents an ideal window to address security pain points and build a safer future for K12 facilities. Looking beyond ESSER, pioneers must proactively seek out and leverage other funding avenues to help ensure the continuity of their security efforts and maintain a proactive stance in safeguarding healthy and safe educational environments.
These days, business is more collaborative, adaptable and connected than ever before. In addition to offering new identities and access privileges, new applications and data also increase the attack surface available to cyber criminals, hacktivists, state actors and disgruntled insiders. These new identities need to be handled carefully. CISOs must develop an identity management strategy that is consistent across on-premises, hybrid and cloud systems. Good security is built on solid identity governance and administration (IGA) principles. From ransomware to supply chain intrusions, high-profile cybersecurity events frequently take advantage of weak identity and access management procedures. The Identity Defined Security Alliance found that 84% of organisations experienced an identity-related breach during its one-year study period. Robust IGA system Consequently, organisations need to find best-of-breed solutions for each section of the fabric Some of the most well-known cyber-attacks have not been made possible by a nation-state exploiting a remote zero-day vulnerability; rather, they have been made possible by something as basic as a hacked orphaned account. This resulted in lateral movement from an insecure platform to a high-value system, illegitimate privilege escalation or unsanctioned access to a computer system. To safeguard against such attacks, organisations must be aware of who has access to their systems and apps, and guarantee that access is revoked when it is no longer required. Here, a robust IGA system is helpful. It is not the whole picture, though; IGA is part of a larger identity fabric. A report by KuppingerCole noted that “Identity Fabrics are not necessarily based on a technology, tool or cloud service, but a paradigm for architecting IAM within enterprises.” The report pointed out that the paradigm is created using several tools and services. That’s because, contrary to marketing claims, no one vendor has a platform that provides all the needed elements. Consequently, organisations need to find best-of-breed solutions for each section of the fabric. Threats to the new corporate landscape Due to their exclusion from the corporate firewall and the security culture that comes with working on-site, remote employees and third parties are desirable targets for hackers. The transition to online office suites is another vulnerability that hackers are taking advantage of–for instance, through bogus authentication login dialogues. Additionally, hackers are using technologies like machine learning and artificial intelligence to circumvent current security tactics. A cyberattack powered by AI will imitate human behaviour and develop over time. Even publicly available information might be used by this "weaponised AI" to learn how to get past a target’s defences. CISO and the business users Attackers will finally find an entryway, but firms can protect the new perimeter–their identities It's no longer possible to secure the traditional perimeter. Attackers will eventually find an entryway, but businesses can protect the new perimeter–their identities. To defeat these threats, organisations must look again at identity and access management tools and how they are weighed against the impact on the organisation. Should you mandate multi-factor authentication (MFA) more often and earlier? Should only company-owned devices have access to networks, or should access be restricted to specific business hours or regions? Should access to sensitive information and critical systems be given just temporarily or should it be offered on a task-by-task basis? Both the CISO and the business users they assist should be asking these questions. Staying ahead of threats with identity Access control limits decrease dangers but can come with a cost. If you give your users too much access, your organisation becomes susceptible; if you give them too little, productivity suffers. But there are ways to strike a balance with security, compliance and productivity. More CISOs are turning to Zero Trust–which is based on the principle of maintaining strict access controls and not trusting anyone by default–to protect their systems from new attack types. However, Zero Trust is reliant upon having a thorough and baked-in strategy that underpins it. Other actions that companies can take include implementing automation for identity management, such as automating workflows for approval. This would significantly lessen the administrative burden and friction that security solutions like multifactor authentication (MFA) or time-restricted access to critical systems have on business users. This might include restricting access to particular devices, capping access hours during the day or enforcing MFA based on user behaviour. Identity fabric: Putting it all together Make sure your identity architecture is scalable, secure, and provides a seamless user experience These are just two elements of the identity fabric approach. Most organisations today have implemented pieces of an identity fabric, which is basically an organisation’s identity and access management (IAM) infrastructure and typically includes a mix of modular IAM solutions for multi-cloud and/or hybrid environments. Now, organisations need to define, enhance and develop this infrastructure. They must also institute guiding principles for how it should operate, meet current and future business requirements as well as identity-related cybersecurity challenges. In doing so, businesses can move past identity platforms and adopt an identity fabric perspective. The key is to make identity governance the starting point of your identity fabric strategy, ensuring seamless interoperability within your identity ecosystem. Make sure your identity architecture is scalable, secure, and provides a seamless user experience. Aligning security with business Due to the increase in knowledge workers using the cloud and working remotely, attackers are focusing on this group. These employees are easier to compromise, give access to valuable data and offer more attack targets. Knowledge workers also lack an administrator’s level of security expertise. Therefore, as part of their security fabric strategy, enterprises require a scalable IGA system. It is easier to comply with security and access regulations and takes less time for IT teams to do normal administrative activities when they invest in IGA, a crucial tenet of identity security. CISOs and boards, though, are currently looking at more than identity management. IGA is at the centre of the debate about security and governance. Taking an identity fabric-based approach, with a foundation built on modern, cloud-based IGA, will safeguard identities, increase productivity, and make staff adherence to organisational procedures easier.
The average business owner or investor has some kind of security precaution in place, especially in the after-hours when there are fewer deterrents to inhibit criminal activity. Security guards, video surveillance systems, motion sensor lights, or even just fake cameras placed around the property are some of the common options people choose. Future of overnight security Smart business owners are starting to realise, however, that some of these traditional security measures are becoming antiquated and no longer cutting. The now and future of overnight security is in remote guarding. Pioneered by companies like Los Angeles-based Elite Interactive Solutions, which was founded back in 2007, remote guarding is revolutionising the overnight security business. Minimising criminal activity Remote guarding is fast becoming the most popular choice among commercial end-user property owners Remote guarding utilises a combination of cutting-edge technology, “digital guards,” highly trained security agents, and local law enforcement if and when necessary to minimise the potential of criminal activity. For those adequately enlightened to its overwhelmingly impressive crime prevention capabilities, remote guarding is fast becoming the most popular choice among commercial end-user property owners to secure and protect their investments. What Is remote guarding? Remote guarding is a revolutionary concept and increasing trend in security systems that utilises a combination of methods to effectively analyse potential threats to property. Cameras and/or other monitoring devices running highly advanced algorithmic software are installed in strategic areas or vulnerable places onsite and remotely located security agents are immediately notified of any activity within a designated perimeter of the property. A blend of AI, cybersecurity, and video analytics When properly deployed by an expert provider, the technology stack includes a proprietary blend of video analytics, artificial intelligence, cybersecurity, and more. Done right, “noise” is effectively filtered out, allowing agents to act on legitimate alerts and achieve zero false alarms communicated to first responders. Today, there are a lot of terms and descriptions tossed around about remote guarding, remote video, virtual guarding, etc., but those attributes must be present to represent the true definition of the offering and its many virtues. Realtime situational awareness Many systems have a two-way speaker that allows the security agent to give a verbal warning When specially trained security agents are alerted to trespassers, possible intruders, or other suspicious activity, they analyse the situation in real-time and determine the necessary level of action. Many systems have a two-way speaker that allows the security agent to give a verbal warning, known as a voice-down, to the individual(s) that they are being watched. Most perpetrators, often believing the response is emanating directly from security personnel on the property itself rather than from a remote command centre, flee immediately. However, if the threat persists, the security agent enlists local law enforcement to get on the scene. Customised remote guarding When properly deployed, remote guarding systems are also customised to specific properties. A team of consultants visits the client’s property to evaluate its vulnerabilities and where to best place cameras and/or other monitoring devices for system efficacy. Traditional security shortfalls According to Keith Bushey, a retired commander for the Los Angeles Police Department, there is much frustration between law enforcement officers and potential victims of crime due to the historically unreliable performance of traditional burglar alarm systems and central monitoring stations. He states about 90% of security-related calls are false alarms, a problem that has been well-documented through the years. Onsite challenges When a legitimate emergency does occur, the perpetrators have often already done their damage When a legitimate emergency does occur, the perpetrators have often already done their damage and/or escaped by the time law enforcement arrives. Onsite security guards are not the remedy either as they bring their own set of issues and challenges. Unexpected costs Traditional security systems can also have unexpected costs. The cost is not only in the security guards’ paycheck or the cost of the equipment itself. The cost comes when an actual incident occurs. In worst-case scenarios, the security guard(s) are injured, the business suffers inventory loss, and/or damage is sustained to the property. The medical and other costs for the security guard(s), the loss of inventory, property damage, deployment of law enforcement resources, and possible fallout of legal expenses all add up. Even in the best-case scenario, false alarm expenses incur if law enforcement is dispatched. These, among many others, are some of the primary issues that remote guarding resoundingly answers as a superior alternative. A bounty of benefits Remote guarding systems have been proven to cut costs and be more effective than traditional security systems. Even though the monthly monitoring costs of remote guarding are significantly higher than traditional intrusion detection system monitoring, the much higher effectiveness in crime reduction, elimination of false alarms, and augmenting or replacement of manned guards result in a substantially higher return on investment (ROI) to the end user. Easy tracking of threats The security cameras already have their image captured on record, making them easier to track down For example, case studies have demonstrated reduced security costs for clients by 60%, on average. These reductions have come from the costs of security staff, inventory, or property loss, plus saving money on insurance premiums and deductibles. The nature of remote guarding reduces the risk and costs of false alarms, with professional security agents able to determine an actual threat before law enforcement is called. In a rare instance when a perpetrator escapes before law enforcement arrives or can detain the individual(s), the security cameras already have their image captured on record, making them easier to track down and identify. Reduction of false alarms The significant reduction in false alarms is greatly appreciated by law enforcement, as it allows them to focus on real emergencies or crises. Better relationships are also developed between clients and law enforcement, as remote guarding systems are highly reliable in providing accurate and real-time information to officers as they approach the scene. In short, it assists law enforcement in doing their job more effectively, as well as more safely thanks to having eyewitness information before engaging in an active crime scene. Partnership When you combine the decreased cost with the increased efficiency and success rate, it is easy to see why many commercial end-user property owners across the country are making the shift to remote guarding. It’s also an outstanding opportunity for professional security dealers and integrators to partner with a remote guarding services provider to bring a superior solution to their end customers and pick up a recurring monthly revenue stream in the process.
Security beat
The shift from standalone systems to fully integrated solutions is one of the biggest shifts the security industry has experienced in recent years. There is a higher demand for integrated solutions that go beyond just security at the device and software level, and manufacturers have been continuously developing improved application programming interfaces (APIs), and hybrid and cloud-connected solutions. Artificial intelligence (AI) Also, artificial intelligence (AI) plays an important role in modern intrusion systems by helping enable automated threat detection, real-time response, and predictive analysis. AI algorithms can analyse vast amounts of data to identify patterns and anomalies that may indicate security breaches. Security solutions are being developed with a focus on AI and machine learning to provide more proactive and resilient defences against increasingly sophisticated cyber threats. Benefits of AI AI-driven security solutions can continuously learn and adapt to new threats, providing more robust protection “The practical benefits of AI in security systems include enhanced accuracy in detecting threats, reduced response times through automation, and the capability to anticipate and prevent potential vulnerabilities before they are exploited,” says Sergio Castillejos, President, of Commercial Security at Honeywell. Additionally, AI-driven security solutions can continuously learn and adapt to new threats, providing businesses with more robust and dynamic protection. Unified Intelligent Command user interface Honeywell meets the challenge of better-integrated systems with a unified Intelligent Command user interface (UI). Castillejos says Honeywell continually innovates with the latest analytics and encryption to keep up with evolving threats. Honeywell’s products integrate with many offerings for partners to construct a robust and modern system relevant to their security needs. Advanced cloud-based security Advanced cloud-based security technologies have been developed that offer real-time monitoring, automated threat detection Advanced cloud-based security technologies have been developed that offer real-time monitoring, automated threat detection, and remote management, essential for hybrid work environments, says Castillejos. “These solutions enhance scalability, improve data analytics capabilities, and provide seamless updates reducing significant maintenance costs that help companies to respond swiftly to emerging threats and enable robust, adaptive security measures.” Physical and digital security The best security systems are a combination of physical, digital, and national security, says Castillejos. While Honeywell focuses on providing the best in physical and digital security within their solutions, protecting sensitive and/or personal information must also be within the responsibility of the organisational policy. Cybersecurity for connected devices Some of the challenges in the next five years will likely include integrating advanced technologies Security systems can safeguard this information by being highly configurable while also notifying users of unwanted activity. Sometimes, just restricting access to sensitive areas can be enough. However, in the world of data analysis and machine learning, security systems can audit and report on users who have accessed data to ensure that the protections are in place. Some of the challenges in the next five years will likely include integrating advanced technologies such as AI and the Internet of Things (IoT) while securing cybersecurity for connected devices, notes Castillejos. Balancing act “Additionally, there will be a growing need for skilled professionals to manage and maintain these complex, connected systems,” he says. “Balancing cost-effectiveness with the demand for resilient security solutions will also pose a significant challenge, especially for smaller businesses.” Legacy systems that are susceptible to vulnerabilities like cloning or unauthorised access present the largest challenge to overcome. “However, as technology evolves, it becomes more challenging for a customer to manage a unified security system rather than a collection of unique solutions that all operate independently,” says Castillejos. Disruptive technology But investing in the newest analytics, AI and IoT will not improve a company’s physical security systems if they do nothing with the data. “They are not a replacement for the devices that keep people and property safe,” says Castillejos. “They can enhance a user’s experience and speed up the time to respond when they are planned correctly.” The best security systems will look at disruptive technology as another tool in the overall system. However, the focus should remain on the user experience. If the latest technology is not properly integrated or configured, it will turn into more noise that most operators will ignore. {##Poll1720586145 - Which is the most useful benefit of artificial intelligence (AI) in security systems?##}
ISC West 2024 mirrored a vibrant industry on the precipice of accelerated change. Factors such as the cloud, artificial intelligence (AI), edge computing, and biometrics are shaping the future of the security marketplace, and they were front-and-centre at the industry’s biggest U.S. show in Las Vegas. Foot traffic was steady and impressive, including more than 29,000 security industry professionals viewing 750 exhibitors. A torrent of eager attendees crowded the lobby on the first day and could not wait for the doors to open. When they were admitted, the wealth of technological innovation and business opportunity did not disappoint. Focus on cloud systems Cloud systems were high-profile at ISC West. Camera manufacturer Axis, for example, introduced their Axis Cloud Connect at a press conference. Meanwhile, Genetec officially launched their Security Centre SaaS platform, which aims at eliminating points of friction to enable integrators to easily embrace cloud systems from quoting and ordering to provisioning and installing. Camera manufacturer Axis, for example, introduced their Axis Cloud Connect at a press conference Cloud provider Eagle Eye Networks promoted their new “Eagle Eye 911 Camera Sharing” technology under which both non-Eagle Eye Cloud VMS customers (via Eagle Eye 911 Public Safety Camera Sharing) and Eagle Eye customers can opt to share their video feeds for use by 911 operators in case of emergency. If users opt-in, 911 operators can have access to live video as an emergency unfolds. Eagle Eye Networks provides the feature by integrating with RapidSOS call centre software. Camera locations are based on geolocation coordinates, and customers can choose if they want to participate and which cameras they want to share. Biometrics in the mainstream Biometrics were well represented at ISC West, including Alcatraz AI, which introduced an outdoor version of their biometric face recognition product. The Rock X works well despite harsh lighting. Alcatraz’s products do not have to be integrated, they communicate just like a card reader using OSDP or Wiegand protocol. “At the show, customers are excited about moving to a frictionless environment and getting rid of existing credentialing,” said Tina D’Agostin, CEO and co-founder of Alcatraz. “We are making access control frictionless, secure and private. The experience can be as passive as possible – people can just walk in.” Multiple types of authentication, and the ability to detect tailgating and stream video SAFR from Real Networks also featured biometric face recognition, emphasising feature sets, convenience, and price/performance. They offer multiple types of authentication, and the ability to detect tailgating and stream video. A new device is a small mullion mount that is “approaching the price of a card reader, factoring in the need to purchase cards,” said Brad Donaldson, Vice President and General Manager. SAFR focuses on convenience: You don’t have to take out your phone to pass through a door. Enrolment is easy by incorporating existing databases, and costs are lower than competitors, said Donaldson. The system analyses multiple points on the face, turns it into data and then encrypts it, providing a “unique signature for each person.” Credentials in Apple Wallet and Google Wallet AMAG Technology announced the compatibility of credentials with the Apple Wallet and Google Wallet. The company is also embracing a new strategic direction under President David Sullivan. They launched a new website in January, are developing dynamic resources and a partner page, and they now integrate with 120 tech partners. AMAG Technology Financial Services now enables their channel partners to offer leasing and financing options to customers. The big new booth at ISC West reflected an effort to “market different and look different,” according to the company. The big new booth at ISC West reflected an effort to “market different and look different" The new Symmetry Control Room, a command-and-control system, is a relaunch of an earlier AMAG product with enhanced features. Suitable for large enterprise customers, the software enables a big video wall to display all the various systems and incorporates all the data into a single “pane of glass.” Operators can “draw a lasso” around cameras they want to display on the video wall and can follow action across multiple camera feeds. Navigating megatrends A breakfast meeting for integrators, sponsored by Assa Abloy Opening Solutions, was built around the theme “Navigating Megatrends for Sustainable Growth." The megatrends are artificial intelligence, sustainability and cybersecurity. Related to cybersecurity, there are 350 common vulnerabilities and exposures (CVE) published per week, reflecting the continuing threat to cybersecurity. Physical security has a “data lake” of information from various physical security systems that can be an attractive target for cybersecurity breaches. Data sets can be exploited and/or poisoned. The security industry needs to apply “defence in depth” to the challenges of protecting data. “The threat landscape is always changing, and security technology is an iterative process,” said Antoinette King, i-PRO’s head of cyber convergence, one of the panellists. Natural language systems Natural language systems are a newer approach making an early appearance at ISC West Natural language systems are a newer approach making an early appearance at ISC West. Brivo, for example, has an early prototype of its “natural language search capabilities” that can answer questions such as “Who is in the office?” or “Where is Bob and what has he done?” Brivo also promoted its all-in-one door station device that combines a card reader and a camera (for facial authentication) and serves as a video intercom, thus eliminating the need for multiple devices at the door. Brivo is also emphasising tailgate prevention, facial authentication, and people counting using AI at the edge. Also promoting natural language systems was Verkada, which unveiled a beta version of its AI Search feature that embraces national language capabilities. With AI Search, users will soon be able to use natural language to search for people or items. For example, a search could be “person climbing over a fence” or “person making phone call” or “person wearing football jersey.” Verkada wants to be thoughtful with the rollout and make sure effective guardrails are implemented to prevent abuse and bias. The release should happen in the coming months. Multi-family applications Allegion is promoting the XE360 hardware lock platform in various formats, including cylindrical lock, mortise lock, deadbolt and exit trim. At the show, Allegion noted an enthusiasm for multi-family applications. “We have been surprised by the people who want to add electronics and to retrofit existing multi-family facilities to compete with newer facilities,” said Henry “Butch” Holland, Allegion’s Regional Director, Channel Sales East Region. Allegion works with 60 different physical access control software providers, including familiar players such as LenelS2 and Genetec Allegion also offers an “indicator” display on its locks, showing at a glance whether a door is locked or unlocked. The “indicator” might also display “occupied” or “vacant.” Allegion works with 60 different physical access control software providers, including familiar players such as LenelS2 and Genetec. Integrator M&A trends Everon looks for acquisitions in areas where they do not currently have support for national accounts A conversation with Everon at ISC West provided insights into the accelerating trend of mergers and acquisitions among the integrator community. Everon, formerly ADT Commercial, has done six acquisitions of local integrators since they changed their name last year. In targeting companies to acquire, they look for a good company with a good reputation, and they consider how the new company’s competencies complement their own. Some M&A strategy is geographic, as Everon looks for acquisitions in areas where they do not currently have support for national accounts. They also consider density, seeking to add new acquisitions in larger markets where they don’t currently have a big market share. “A lot of investment is coming into security because it is seen by investors as recession-proof,” said Michael Kennedy, VP, Mergers and Acquisitions, for Everon. Kennedy met with 95 businesses last year for possible acquisition, and the company only finalised a handful – reflecting that Everon is selective and careful that corporate cultures are aligned. “With an acquisition, the goal is to keep every customer and every employee,” said Kennedy. Voice of the customer ISC West provides an opportunity for manufacturers to listen to the “voice of the customer;” in person, no less. “We have every kind of problem come to the booth,” commented Heather Torrey, Honeywell’s General Manager, Commercial Security, Americas. “People are passionate, interested and very specific with their questions and comments,” she said. “We are driving a complete system, but we are flexible, helping our customers to meet their needs and not try to fit every foot into the same shoe. Sometimes meeting customer needs involves working with competitors," Torrey commented. “It truly comes back to listening to the customer, not just ‘this is what we have to offer,’” she adds. ISC West provides an opportunity for manufacturers to listen to the “voice of the customer;” in person, no less. Edge applications are everywhere at ISC West, and one company is promoting a new approach to expand functionality at the edge. Camera company i-PRO advocates the use of the “Docker” platform for app development, an option they offer on their cameras. Docker “containers” package deep-learning algorithms to make it easier to embed software into edge devices. Anyone can run Docker apps on i-PRO cameras that use the powerful Ambarella chip. A Docker “swarm” can combine multiple edge devices to work together and share resources. For example, the approach can increase computing power at the edge to increase the capabilities of instant analytics. It’s faster and provides better redundancies. A “distributed computing platform” ensures less latency than communicating analytics to a central server. Unification of capabilities Johnson Controls (JCI) also promotes the trend of combining multiple systems into a single pane of glass. Their “Open Blue” platform, with a security version unveiled at the show, integrates various security systems into one, combining data and monitoring device health. Basically, the system manages all resources holistically. JCI also notes a trend toward “unification of capabilities,” e.g., combining access control and video. “The scope of security is evolving from a focus on protection to a broader focus on operations,” commented Julie M. Brandt, JCI’s President, Building Solutions North America.
Fueled by mounting concerns about the cybersecurity vulnerability of U.S. ports, President Joe Biden has signed an Executive Order aimed at shoring up defences against cyberattacks. Cybersecurity initiative The cybersecurity initiative marks a significant shift in policy, empowering key agencies and outlining concrete actions to bolster defences. By empowering agencies, establishing clear standards, and fostering collaboration, the initiative aims to strengthen U.S. ports against the evolving threat of cyberattacks, safeguarding the nation's maritime economy and national security. Expanded authority for DHS The proactive approach aims to prevent incidents before they occur The Executive Order grants expanded authority to the Department of Homeland Security (DHS) and the Coast Guard to address maritime cyber threats. DHS gains the power to directly tackle these challenges, while the Coast Guard receives specific tools. The Coast Guard can compel vessels and waterfront facilities to address cyber vulnerabilities that endanger safety. The proactive approach aims to prevent incidents before they occur. Real-time information sharing Reporting any cyber threats or incidents targeting ports and harbors becomes mandatory. This real-time information sharing allows for swifter response and mitigation efforts. The Coast Guard also gains the authority to restrict the movement of vessels suspected of posing cyber threats. Inspections can be conducted on vessels and facilities deemed risky. Mandatory cybersecurity standards The standardisation aims to eliminate weak links in the chain and prevent attackers from exploiting Beyond these broad powers, the Executive Order establishes foundational elements for improved cybersecurity. Mandatory cybersecurity standards will be implemented for U.S. ports' networks and systems, ensuring a baseline level of protection across the board. This standardisation aims to eliminate weak links in the chain and prevent attackers from exploiting individual vulnerabilities. Importance of collaboration and transparency Furthermore, the initiative emphasises the importance of collaboration and information sharing. Mandatory reporting of cyber incidents fosters transparency and allows government agencies and private sector partners to work together in mitigating threats. Additionally, the Executive Order encourages increased information sharing among all stakeholders, facilitating a unified response to potential attacks. Maritime Security Directive The Executive Order encourages investment in research and development for innovative cybersecurity solutions To address specific concerns, the Coast Guard will issue a Maritime Security Directive targeting operators of Chinese-manufactured ship-to-shore cranes. This directive outlines risk management strategies to address identified vulnerabilities in these critical pieces of port infrastructure. The long-term success of this initiative hinges on effective implementation. The Executive Order encourages investment in research and development for innovative cybersecurity solutions, recognising the need for continuous improvement and adaptation to evolving threats. Recognising the urgency of cyber threats The initiative has been met with widespread support from port authorities, industry stakeholders, and cybersecurity experts who recognise the urgency of addressing cyber threats. However, some concerns exist regarding the potential burden of complying with new regulations for smaller port operators. Effective communication, resource allocation, and collaboration among all stakeholders will be crucial to ensure the successful implementation of this comprehensive plan. Enhancing cybersecurity The more impactful and noteworthy piece is the associated NPRM from the U.S. Coast Guard (USCG) “This Executive Order is a positive move that will give the U.S. Coast Guard (USCG) additional authority to enhance cybersecurity within the marine transportation system and respond to cyber incidents,” comments Josh Kolleda, practice director, transport at NCC Group, a cybersecurity consulting firm. The more impactful and noteworthy piece is the associated Notice of Proposed Rulemaking (NPRM) from the U.S. Coast Guard (USCG) on “Cybersecurity in the Marine Transportation System,” adds Kolleda. Portions of the notice of proposed rulemaking (NPRM) look similar to the Transportation Security Administration (TSA) Security Directive for the rail industry and the Emergency Amendment for the aviation industry. Coordinating with TSA on lessons learned The USCG should be coordinating with TSA on lessons learned and incorporating them into additional guidance to stakeholders and processes to review plans and overall compliance, says Kolleda. “At first glance, the NPRM provides a great roadmap to increase cybersecurity posture across the various stakeholders, but it underestimates the cost to private companies in meeting the requirements, particularly in areas such as penetration testing,” says Kolleda. Cyber espionage and threats The focus is on PRC because nearly 80% of cranes operated at U.S. ports are manufactured there “It is unclear if or how the federal government will provide support for compliance efforts. As this seems to be an unfunded mandate, many private companies will opt for the bare minimum in compliance.” “Cyber espionage and threats have been reported by the Director of National Intelligence from multiple nation-states including China, Russia, and Iran,” adds Paul Kingsbury, principal security consultant & North America Maritime Lead at NCC Group. The focus here is on the People’s Republic of China (PRC) because nearly 80% of cranes operated at U.S. ports are manufactured there, he says. Destructive malware “The state-sponsored cyber actors’ goal is to disrupt critical functions by deploying destructive malware resulting in disruption to the U.S. supply chain,” says Kingsbury. “These threat actors do not only originate in China or other nation-states but also include advanced persistent threats (APTs) operated by criminal syndicates seeking financial gain from such disruptions." "The threat actors don’t care where the crane was manufactured but rather seek targets with limited protections and defences. The minimum cyber security requirements outlined within the NPRM should be adopted by all crane operators and all cranes, regardless of where they are manufactured.” PRC-manufactured cranes Kingsbury adds, “The pioneering risk outlined in the briefing is that these cranes (PRC manufactured) are controlled, serviced, and programmed from remote locations in China." "While this is a valid concern and should be assessed, there are certainly instances where PRC-manufactured cranes do not have control systems manufactured in PRC. For example, there are situations in maritime transportation system facilities where older cranes have been retrofitted with control systems of European Union or Japanese origin.” Monitoring wireless threats “The Biden Administration’s recent Executive Order is a critical step forward in protecting U.S. ports from cyberattacks and securing America’s supply chains,” says Dr. Brett Walkenhorst, CTO at Bastille, a wireless threat intelligence technology company. “To ensure proper defence against malicious actors accessing port-side networks, attention must also be paid to common wireless vulnerabilities." "Attacks leveraging Wi-Fi, Bluetooth, and IoT protocols may be used to access authorised infrastructure including IT and OT systems. Monitoring such wireless threats is an important element in a comprehensive approach to upgrading the defences of our nation’s critical infrastructure.”
Case studies
Sports hold profound significance in the lives of athletes, nations, and citizens alike, fostering a sense of unity and national pride. Sporting events captivate hearts and minds, showcasing the devotion towards athletic spirit. The journey of an athlete from local competitions to global stages embodies dedication and resilience, inspiring millions worldwide. Olympics event At the pinnacle of this athletic journey lies the Olympics, a cherished event that transcends borders and cultures, uniting nations in a shared pursuit of excellence and sportsmanship. For years, anticipation has been building as Paris, affectionately known as the City of Lights and renowned as the iconic capital of France, prepares to host the Olympics 2024, promising unforgettable moments of triumph and unity. Facial Recognition Technology FRT symbolises a commitment to safeguarding the spirit of The Olympics, preserving the joy and pride Amidst the excitement, there lies a solemn responsibility: to protect the interests of everyone involved. In response, the use of Facial Recognition Technology (FRT) offers an enhanced approach to improving security measures for identification, access control, and threat detection. It symbolises a commitment to safeguarding the spirit of The Olympics, preserving the joy and pride that this monumental event brings to millions worldwide. The quest for enhanced security at the Olympics Ensuring Olympic security involves addressing a spectrum of challenges, including the complexities of managing fan behaviour, cyber-attacks, and the unpredictability of civil unrest. According to the National Center for Sports Safety and Security, 73.2% of attendees consider safety and security measures when deciding whether to attend an event, and 77% prefer security measures to be visible at an event. Common cybersecurity threats Phishing attacks, credential stuffing, and password spraying are some of the common cybersecurity threats With growing technological advancement and globalisation of the world these days, the Olympic Games face increasing risks of cyber attacks. Phishing attacks, credential stuffing, and password spraying are some of the common cybersecurity threats. Reports from the National Cyber Security Centre, United Kingdom, have established that more than 70% of sports organisations fell victim to cyber incidents in 2020, and this was mostly caused by hackers seeking financial gain. Eradicating Security Concerns with FRT In particular, surveillance becomes an important component of security and incident detection during the Olympics, where millions of spectators gather from all over the world. For this reason, strict perimeter measures, secure screening procedures, and vigilant security are required. Indeed, integrating FRT as an additional feature in Video Management Systems (VMS) can improve the outcomes significantly. Physical Security Enhancement: Video Analytics Systems are one of the most effective means of evaluating threat levels at the event Video Analytics Systems are one of the most effective means of evaluating threat levels at the event, using face recognition to match the faces of the people attending the event with a universal offenders database. It allows security staff to quickly identify malicious actors and detain them. This reduces the likelihood of wrong-doers making attempts at large-scale events, thus, protecting participants and spectators, and ensuring their safety. Monitoring Crowd Behaviour: Effective management of crowd behaviour is crucial for maintaining a safe and harmonious environment. Video Analytics Systems make it easier to look for and monitor disruptive crowd behaviours in real-time, like vandalism, alcoholism, violence, etc. Instigators of such activities are immediately identified and flagged, allowing security officials to address the problem before it escalates. It also helps in tracking and preventing agitation since the system incites recognising people in the crowd from lists of unreliable persons, even if masks hide their faces. This capability enables security to respond quickly to emerging threats, ensuring that protests remain peaceful. Enhanced Cybersecurity Measures: If the FRT system is centralised, any attempted intrusion by an intruder will be immediately visible FRT minimises the capability of cyber intruders attempting to penetrate the competition control information systems, media streams, and security systems and meddle with their work. If the FRT system is centralised, any attempted intrusion by an intruder will be immediately visible to security personnel. This will prevent unauthorised access and reduce not only the number of cybercrimes but also financial and reputational risks. By integrating FRS with AI, biometric and conventional security systems have made security surveillance more effective and efficient in providing real-time data analytics. With the development of generative AI, a new type of attack using spoofing and deep fakes is gaining momentum. Recognition technologies with liveness features can stand out among other defence systems. Peace of mind for athletes and staff FRT has the potential to profoundly impact the Olympic experience, offering athletes and staff a transformative blend of efficiency, security, and operational ease. For athletes, it means seamless access to venues, minimising distractions and administrative hurdles, allowing them to dedicate more time and focus to their training and competition. They can move through the Olympic complex with confidence, knowing their safety is assured. Identifying and addressing potential threats The technology not only enhances a sense of safety and belongingness but also ensures that global athletic excellence Beyond efficiency, this technology empowers security personnel to manage large crowds with precision, swiftly identifying and addressing potential threats. The technology not only enhances a sense of safety and belongingness but also ensures that global athletic excellence is memorable and deeply meaningful for everyone involved. Harmonising security and privacy with integrity Data privacy is paramount, and the balance between safety and the subject’s right to privacy must be kept to the highest standard. Transparency about data collection, storage, and usage fosters trust and upholds individual dignity. By championing both security and privacy, advanced technology security solutions like FRT can play an important role in ensuring that every participant and spectator feels safe, respected, and inspired. The application of security measures trusted worldwide helps maintain the integrity of global events, and the Olympic games act as an anchor for setting a perfect example of unified growth and glory. 360-degree protection "The Olympic Games stand as a monumental event for millions worldwide, posing substantial challenges to security services," said Tamara Morozova, Global CEO, of RecFaces. "Integrating facial recognition software promises 360-degree protection, drastically reducing incident response times to mere seconds, and empowering security personnel with invaluable analytical insights."
Genetec Inc., a pioneering technology provider of unified security, public safety, operations, and business intelligence solutions, announced that Heathrow Airport’s multi-year investment in Genetec solutions is enabling them to continuously innovate and transform operations. The joint effort provides Heathrow with a unified view across large-scale airport operations to secure people and assets, bringing efficiency and enhancing the passenger experience while ensuring data privacy and cybersecurity compliance. Deployed Genetec Security Centre Heathrow deployed Genetec Security Centre to bring all of its IP security systems onto one unified forum London Heathrow is Europe’s busiest airport, handling approximately 80 million passengers and 14 million tons of goods annually. Over 76,000 employees work around the clock to ensure the airport’s smooth operations across its 1,227-hectare site, including maintaining passenger flow, securing the premises, and managing over 1,300 daily take-offs and landings for 89 different airlines. Heathrow initially deployed Genetec Security Centre to bring all of its IP security systems onto one unified platform. What began as a 2,000-camera deployment in 2016 has since more than quadrupled in size, incorporating everything from video and access control to LIDAR, analytics, automatic licence plate recognition (ALPR), and more. Genetec solutions Genetec solutions are used to go far beyond security. For example, Genetec solutions are used to monitor over 150 km (93 miles) of baggage belts and facilitate the daily entry and exit of over 150,000 vehicles. “We’re essentially running a small city operation that happens to be called Heathrow,” explains Danny Long, IT Product Owner for physical security products at Heathrow. “Alongside the traditional airport security functions, we’re responsible for the monitoring of roads, retail space, three train stations, a bus terminal, offices, a church, fuel stores, a high voltage electrical network, and all the other associated infrastructure that maintains passenger flow.” Software and firmware updates Genetec Security Centre supports 90 other stakeholder groups working across 110 control rooms Genetec Security Centre now supports 90 different stakeholder groups working across 110 distinct control rooms, all of whom have different needs and access rights. Customised dashboards enable individual teams and third parties, such as police, government agencies, airlines, and retailers, to focus on their specific tasks. For example, some operational staff are given the tools to monitor passenger flow and are automatically notified when security lines grow too long. Meanwhile, colleagues in IT don’t see camera feeds. Instead, they have access to system health dashboards that notify them of devices that have fallen offline or require software/firmware updates. New requirements “The joy of working with London Heathrow is that the team is constantly striving to put our system through its paces and identify new areas where it can add value,” states Simon Barnes, Director of Business Development, Genetec, Inc. “While our software is configured to their requirements at the time, once in the field, new requirements emerge, and we have to adjust to their reality." “My job is to translate business requirements into workable solutions and Genetec provides me with the valuable tools to achieve that,” concludes Long. “Our experience with Genetec has been very positive. We’re only looking to expand in terms of the size and usage of the system.”
Cybersecurity threats targeting organisations' industrial control systems (ICS) are not always direct. Instead, the most vulnerable entries to an ICS can start with external partners, like suppliers and vendors. Honeywell's customer, a global pharmaceutical company, realised that potential vulnerabilities like these might be in its partner ecosystem. Therefore, the pharmaceutical company wanted to get ahead of a potential breach so they trusted Honeywell to do a thorough assessment of its suppliers’ operational technology (OT) cybersecurity gaps. Why did the customer choose Honeywell? First, Honeywell's OT cybersecurity experts took the time to understand the customer’s processes at more than 100 sites around the globe. Second, Honeywell experts used their knowledge and experience along with the customer process insight to conduct assessments that met their unique needs. Many of the competitors are simply IT vendors dabbling in the world of OT. Honeywell, however, has the knowledge and the experience to better meet the demands of OT. The pharmaceutical company chose Honeywell over the competitors based on the quality and wealth of OT knowledge the experts provided. Spreading security The Cybersecurity Vulnerability Assessment is part of a global two to three-phase project that covers over 100 sites This was not to be a small or limited undertaking. This Cybersecurity Vulnerability Assessment is part of a global two to three-phase project that covers more than 100 sites. The first assessment was completed for the company’s site in India with other sites being covered in later phases. Vulnerability assessment Honeywell’s OT cybersecurity experts conducted the vulnerability assessment to help capture the customer’s control system vulnerabilities and potential weak spots. The assessment performed was a holistic technical review of the ICS infrastructure. It focused on analysing their cybersecurity processes, procedures, and safeguards to better protect their industrial control systems(ICS) from internal and external threats. Because Honeywell focuses on OT as opposed to IT only, Honeywell experts are skilled in considering the entirety of an ecosystem. This means including people, processes, and any technical issues that can impact the ICS cybersecurity posture. Digging in to reduce risks The Honeywell team was able to holistically assess the customer’s ICS environment, documenting observations The Honeywell team has deep expertise across IEC 62443 standards and other industry-specific guidelines, as well as invaluable experience with control systems. Because of this expertise, the Honeywell team was able to holistically assess the customer’s ICS environment, documenting observations and recommendations to help reduce cybersecurity risks. Physical site review Honeywell team first conducted a physical site review to assess to uncover issues such as control room doors left unlocked, passwords in the line of sight, and other security compliance violations. The team also reviewed the customer’s network equipment from third parties such as switches, routers, and firewalls; reviewed the infrastructure configurations; and checked installation processes. Site-specific recommendations The report detailed best practices and site-specific recommendations to help the customer help mitigate and prioritise All the vulnerabilities, severity levels, and remediation details were included in the Cybersecurity Vulnerability Assessment report. The report also detailed best practices and site-specific recommendations to help the customer help mitigate and prioritise any identified threats or vulnerabilities and notes regarding how and where each step can serve as a foundation for the best practice architecture. Challenges and successes Honeywell experts remained diligent in exceeding the customer’s expectations despite the shutdown in India due to the pandemic and the unexpected need to assess and remediate assets. Honeywell also had one secret weapon: one of the OT cybersecurity experts had real-life experience in the pharmaceutical industry. This made it possible for the team to better tailor the assessment (and recommendations) to this particular customer.
A major European oil and gas company that acquires, explores, produces and supplies chemical and petroleum products had a cybersecurity challenge. Company leadership wanted a better way to quantify and respond to the industry’s increasing levels of cybersecurity risk. Pioneers were looking for a new way to better understand and improve their company’s OT cybersecurity. As part of this effort, pioneers wanted to compare the company’s current levels of protection against a series of hypothetical attacks to identify gaps. With operations in several locations and a supply chain network of over 1,000 gas stations, auditing and improving the company’s cybersecurity would be no small task. Set of analysis and recommendations The Honeywell csHAZOP solution is designed to deliver a comprehensive set of analysis To help overcome these challenges, the company called in Honeywell and, specifically, its csHAZOP services team to perform a detailed design evaluation based on OT cybersecurity risk. The Honeywell csHAZOP solution is designed to deliver a comprehensive set of analysis and recommendations–it goes beyond the standard cybersecurity vulnerability assessment or IEC 62443 compliance audit by adding deeper analysis that is designed to: Investigate a significant amount of what can go wrong, including approximately 500+ attack scenarios – evaluating these for multiple threat actors and different consequences, Address – via risk assessments – both the likely risk reduction through the regular IT type of countermeasures (AV, firewall, hardening, etc.) and the consequence severity reduction through the implementation of safeguards (e.g., hardwiring critical control signals), Estimate residual risk for each hazard, allowing identification and quantification, making mitigation actionable, Focus on process automation cybersecurity risk (csHAZOP stage 1) or production process cybersecurity risk (by adding csHAZOP stage 2 vs. cybersecurity production risk) to add a higher level of cybersecurity analysis from an OT perspective unique in the industry. Send in the csHAZOP experts Honeywell cyber experts also uncovered some high-risk design deficiencies The Honeywell OT cybersecurity experts worked with the Honeywell proprietary csHAZOP method to uncover several concrete recommendations for immediate remediation and technical design recommendations in the company’s ICS, to be considered in upcoming ICS migrations. Honeywell cyber experts also uncovered some high-risk design deficiencies. The Honeywell csHAZOP framework was used to identify levels of residual risk to determine which security hazard was more critical to address versus others. Honeywell provided targeted guidance on several aspects of the study, using experience from real-world cyber attacks in the industry. Honeywell’s csHAZOP service is one of the few cybersecurity assessments available on the market that is designed to apply counterfactual risk analysis. Honeywell’s csHAZOP report This evaluation now links OT cybersecurity to loss prevention and process safety Given a system’s protective measures, this method helps a company evaluate which cyber attacks (based on countermeasures, security protections and type of threat actor) may succeed. This evaluation directly links OT cybersecurity to loss prevention and process safety. Honeywell’s csHAZOP report for this oil and gas refinery was considered successful by the customer because of its well-defined procedure, the tools Honeywell has specifically designed for OT systems and the team’s experience and efforts in OT cybersecurity. Results of the csHAZOP assessment “The results of the csHAZOP assessment from Honeywell went beyond our expectations. We have received a detailed and analytical cybersecurity hazard and operability report concerning both identified risks and realistic recommendations for remediation." "Additionally, the report is a valuable tool for future upgrades of our systems as well as new projects and the development of an incident response plan. We intend to repeat this assessment periodically, as it is a valuable tool in our continuous efforts to improve security for our systems from the ever-evolving cybersecurity threats,” Major refinery in Europe.
Round table discussion
Transportation enables the movement of goods and people, facilitates trade and commerce, and is crucial for businesses to operate and expand. Security technology plays a major role both in protecting today's various transportation systems and increasingly to make them more efficient. We asked this week's Expert Panel Roundtable: What’s new in technology serving the transportation market?
Factors such as stable demand and large contracts make the government market particularly enticing for security companies and professionals. However, entering and thriving in the government market presents a number of challenges. We asked this week's Expert Panel Roundtable: What are the unique aspects of the government market, and how should the industry adapt?
Suddenly, artificial intelligence (AI) is everywhere. The smart technology brings a range of benefits to our lives, from streamlining everyday tasks to making scientific breakthroughs. The advantages of AI and machine learning (ML) also include automating repetitive tasks, analysing vast amounts of data, and minimising human error. But how do these benefits apply to the physical security industry, and is there a downside? We asked this week’s Expert Panel Roundtable: What are the benefits, and drawbacks, of using artificial intelligence (AI) in physical security?
Products
![](https://www.sourcesecurity.com/img/carousel-nav.png)
![](https://www.sourcesecurity.com/img/carousel-nav.png)
White papers
![Honeywell GARD USB threat report 2024](https://www.sourcesecurity.com/img/white-papers/612/920x533_1720696072.png)
Honeywell GARD USB threat report 2024
Download![Total cost of ownership for video surveillance](https://www.sourcesecurity.com/img/white-papers/612/tco-headersecurity-informed-sizes-920-x-533-px.png)
Total cost of ownership for video surveillance
Download![5 surprising findings from OT vulnerability assessments](https://www.sourcesecurity.com/img/white-papers/612/920x533_1715779296.png)
5 surprising findings from OT vulnerability assessments
Download![Guide for HAAS: New choice of SMB security system](https://www.sourcesecurity.com/img/white-papers/612/920x533_1714665429.jpg)
Guide for HAAS: New choice of SMB security system
Download![Integrating IT & physical security teams](https://www.sourcesecurity.com/img/white-papers/612/920x533_1710938663.png)
Integrating IT & physical security teams
Download![How to create a successful physical security roadmap](https://www.sourcesecurity.com/img/white-papers/612/920x533_1702485769.png)
How to create a successful physical security roadmap
Download![5 easy steps to an upgraded video surveillance system](https://www.sourcesecurity.com/img/white-papers/612/920x533_1698922562.jpg)
5 easy steps to an upgraded video surveillance system
Download![Understanding the IT needs of video surveillance](https://www.sourcesecurity.com/img/white-papers/612/920x533_1698840937.jpg)
Understanding the IT needs of video surveillance
Download![Essential data security strategies for healthcare](https://www.sourcesecurity.com/img/white-papers/612/920x533_1694190098.png)
Essential data security strategies for healthcare
Download![Why SAAS Security Platform is more popular in American SMEs](https://www.sourcesecurity.com/img/white-papers/612/920x533_1692699667.png)
Why SAAS Security Platform is more popular in American SMEs
Download![Camera cyber lockdown](https://www.sourcesecurity.com/img/white-papers/612/920x533_1689687645.jpg)
Camera cyber lockdown
Download![Video technology strategies for hospitals are moving beyond security](https://www.sourcesecurity.com/img/white-papers/612/healthcare-2.jpg)
Video technology strategies for hospitals are moving beyond security
Download![Beyond compliance: Cyber risk management after IMO](https://www.sourcesecurity.com/img/white-papers/612/920x533_1689332153.png)
Beyond compliance: Cyber risk management after IMO
Download![3 ways AI can improve safety and reduce compliance costs](https://www.sourcesecurity.com/img/white-papers/612/shutterstock-1694245051-920x533.jpeg)
3 ways AI can improve safety and reduce compliance costs
Download![The wireless access control report 2023](https://www.sourcesecurity.com/img/white-papers/612/3427649-aa-wac-report-pr-images-920x533.jpg)
The wireless access control report 2023
Download![](https://www.sourcesecurity.com/img/carousel-nav.png)
![](https://www.sourcesecurity.com/img/carousel-nav.png)