Dahua Technology, manufacturer of video surveillance products, has announced a strategic partnership with Pepper, an IoT platform-as-a-service, to allow the integration of its intelligent solutions into Dahua hardware. Highly secure cloud hosting Pepper’s U.S.-based platform powers connected devices around the world, delivering highly secure and private connected services via enterprise partnerships. Pepper’s platform-as-a-service approach caters to global consumer electronics manufacturers, consumer brands, and service providers that aim to harness the benefits of IoT by delivering high-value and on-brand IoT services to end users. Pepper’s turnkey service includes device firmware, highly secure cloud hosting and intuitive user interface designs. Dahua is committed to ongoing innovation, investing nearly 10 percent of revenue annually into R&D Products manufactured by Dahua Technology, including video surveillance equipment, network cameras, recorders and other critical security video hardware components, are widely used in more than 180 countries and regions all over the world, which has promoted the company’s revenue to hit a record high of $3.45 billion in 2018. Physical security manufacturing expert Dahua Technology is committed to ongoing innovation, investing nearly 10 percent of revenue annually into research and development. The company’s ongoing investment in manufacturing facilities and equipment ensures that its capabilities stay ahead of the market. “Dahua Technology is pleased to bring its globally renowned physical security manufacturing expertise to our partnership with Pepper,” said Tim Wang, General Manager of Dahua USA. “By integrating with Pepper’s platform-as-a-service, Dahua Technology’s hardware becomes part of a comprehensive, secure, and feature-based service framework.” Pepper IoT platform Dahua devices will be preconfigured to operate seamlessly on the Pepper IoT platform. For Dahua products distributed in the U.S., all data and video communications will be contained in the United States and held to Pepper’s stringent cybersecurity and data privacy standards. For Dahua Technology’s corporate customers, the Pepper partnership provides access to a set of high-tech security platform and software capabilities designed to deliver video as well as non-video IoT services to end-users. Because video is a critical application in IoT surveillance, home automation, and home security services, Pepper brings quality, security, and privacy advantages otherwise lacking in today’s market. Data security Pepper partnership provides access to a set of high-tech security platformsPepper’s full-stack approach not only ensures optimal system quality and end-user experience, but also functions to prevent sensitive data and user video from being accessed or redirected by the device manufacturer or third parties. “It is concerning to see millions of vulnerable connected video and non-video devices being distributed to U.S. consumers who are unaware how their personal data is being compromised – and how easy it is for hackers to access their home wi-fi networks through these devices,” said Scott Ford, CEO of Pepper. “We are pleased that Dahua is deploying the Pepper full-stack approach to protect against unauthorised access and redirection of data.”
The manufacturer of intelligent IP video systems ‘Made in Germany’ is significantly expanding its existing successful partner program with the MOBOTIX Partner Society. Its goal is to develop secure complete solutions based on joint innovations with MOBOTIX partners that expand the MOBOTIX portfolio and open up new markets. With the combined expertise of two or more companies that know what the market needs through working with their customers, MOBOTIX is also able to solve special challenges and close market gaps. As a new platform, the MOBOTIX Partner Society bundles the entire spectrum of individual application solutions and makes them accessible to a wide market. Offering numerous advantages The new platform creates new connections, generates synergies, and opens up new markets" “Thanks to the Partner Society, we are able to offer a unique platform that makes the search for intelligent components that have individual requirements much easier. The new platform creates new connections, generates synergies, and opens up new markets,” explains Thomas Lausten, CEO of MOBOTIX AG. Successful partnerships have long been a core element of MOBOTIX’s DNA. MOBOTIX’s already very successful global partner program is being expanded with the Partner Society, which offers numerous advantages for MOBOTIX, all partner companies and, above all, MOBOTIX customers worldwide: “Our products and solutions very often result in individual solutions for customers that can also be of great interest to other companies, thanks to the expertise and competence of our partners. By means of the Partner Society, we offer a platform through which our partners can distribute these innovations worldwide,” says Hartmut Sprave, CTO of MOBOTIX AG. Premium camera technology Two Partner Society programs – Technology Partners and Solution Partners – have been created thus far. Technology Partners are innovative manufacturers of complementary products who have integrated MOBOTIX in their own products. MOBOTIX supports the market and cooperates exclusively with organisations that are in their field By cooperating with technology partners, MOBOTIX supports the market and cooperates exclusively with organisations that are in their field. Quality standards that offer the best solutions together with MOBOTIX premium camera technology are therefore put in place. Solution Partners are existing MOBOTIX Channel Partners who have already developed their own intelligent application solutions based on MOBOTIX technology. Cyber secure solutions Demand for individual solutions is incredibly high. To this end, each Solution Partner has developed special solutions with enormous added value. MOBOTIX offers these companies marketing across the world via the new platform. “The Partner Society is another important step for MOBOTIX in its transformation process from a premium product manufacturer to a full-service provider of cyber secure solutions based on our strong German DNA,” explains CEO Lausten. After the initial successes of the MOBOTIX Partner Society on various markets, he is very confident that this new form of cooperation will be a groundbreaking success story.
Qualitest, the independent software testing and quality assurance company, opens its new headquarters in Central London following a period of worldwide growth. Serving as a central location with easy access to Qualitest’s US, Israel, India and Romanian offices, London is also a base for prominent existing clients as well as a wide array of companies seen as prospective clients. The new office, based close to Liverpool Street station, brings together employees located across greater London. Cyber security sectors Qualitest is expected to more than double the number of quality engineers in the UK over the next three years Following an injection of capital resulting from Bridgepoint’s taking of a majority stake in Qualitest, the company is expected to accelerate its acquisition strategy and global expansion. Having recently signed new contracts with companies across the telecommunications, insurance, banking, government and cyber security sectors in the last few months – Qualitest is expected to more than double the number of quality engineers in the UK over the next three years. The London headquarters is expected to be a hub for Qualitest’s EMEA expansion with the expectation of significant growth in terms of clients, headcount and revenue. The new office has been designed to facilitate collaborative conversation between teams, with breakout spaces, an auditorium, spacious meeting rooms and an open plan kitchen. Software testing market Norm Merritt, CEO at Qualitest said: “Having a state-of-the-art global headquarters is a significant step for Qualitest as we continue to expand our global base. London remains a global hotspot for technology and innovation, and we look forward to the new possibilities it will bring.” Brian Shea, Managing Director for UK and Europe at Qualitest said, “Qualitest’s capabilities are London’s best kept QA secret. Moving the headquarters to London begins an exciting phase of development for our corporate and EMEA teams. Capitalising on the traction of our recent client wins, we expect to create hundreds of new jobs in the software testing market, and advance London as a central hub for Quality Engineering on the world’s stage.”
barox Kommunikation AG, the manufacturer of IT switches designed specifically for the demands of video networks, has introduced ‘Smart Sticky’ MAC & IP address Enterprise-class network security. Supporting built-in Cyber security on all barox RY-switches, barox powerful Smart Sticky MAC & IP address learning adds an additional layer of high security. An easy automatic process via the barox DMS GUI, once configured, barox Smart Sticky learns the dynamic MAC addresses of all connected ports/devices and VLANS, turning them into secure MAC addresses, adding each secure MAC address to the running configuration, and freezing them and their associated IP addresses – making them, ‘Sticky’. Advanced port and network security Smart Sticky with its combined MAC and IP address protection provides advanced port and network securityWhilst traditional device protection via MAC filtering alone offers simple protection against unwanted network access, it does not, for example, protect against a widespread attack of ‘MAC spoofing’. Smart Sticky with its combined MAC and IP address protection provides advanced port and network security with Limit Control settings. With this functionality, Enterprise-class Cyber and physical security is provided with the port being shut down in the advent of the unplugging of a camera/device. By learning the Mac and IP address of each and every port, it is not possible for a port to be hijacked. This prevents an ‘unknown’ device being able to access the network to attack the system for spoofing/phishing, preventing it from being used for malicious attacks. Only devices with a known MAC and IP address will operate on the network. If non-managed switches are connected to terminal devices at the barox switch, Limit Control can be used to block free IP/Ethernet terminals, and prevent access to the network ports of those non-managed switches. Port protection against unauthorised usage The barox Smart Sticky function is able to learn the entire MAC and IP address configuration of all ports on a network“barox Smart Sticky provides a very high level of Cyber and physical network protection for use within a wide variety of applications,” says Rudolf Rohr, barox Co-founder & Managing partner. “This is particularly the case where outdoor networks like car parks would leave devices such as cameras open to threat, where they could be unplugged, and a rogue device plugged in. “On activation, the barox Smart Sticky function is able to learn the entire MAC and IP address configuration of all ports on a network. In addition, limits can be set to make sure that any unused ports are blocked, to prevent their use and access to the system, whilst active ports are fully protected against unauthorised usage. Switch rules can also be set to govern specific port IN/OUT TCP streaming, and a White/Blacklist set-up. And furthermore, any changes to network/device configurations need to be authorised to take effect.”
The cyber security threat is constant and real. Entire businesses, large enterprises and even whole cities have been vulnerable to these attacks. Growing threat of cyber attacks The threat is not trivial. Recently, two cities in Florida hit by ransom ware attacks – Rivera Beach and Lake City – opted to capitulate and pay ransom totaling more than $1.1 million to hackers. The attacks had disrupted communications for first responders and crippled online payment and traffic-ticketing systems. It was reminiscent of the $4 billion global WannaCry attacks on financial and healthcare companies. A full two years after the WannaCry attack, many of the hundreds of thousands of computers affected remain infected. And hackers are continuously devising new techniques, adapting the latest technology innovations including machine learning and artificial intelligence to devise more destructive forms of attack. Indeed, AI promises to become the next major weapon in the cyber arms race. For enterprises, there is no choice but to recognise the threat and adopt effective countermeasures Enterprise security For enterprises, there is no choice but to recognise the threat and adopt effective countermeasures. Not surprisingly, as the number, scale and sophistication of cyber-attacks has grown, so has the significance of the Chief Information Security Officer, or CISO, who owns the responsibility of sounding the alarm to the C-suite and the board – and recommending the best defense strategies. Consider it a grim irony of the digital economy. As companies have migrated to the cloud to gain scale and efficiency and integrated new channels and touch points to make it easier for their customers and suppliers to do business with them, they have also created more potential points of entry for cyber-attacks. IoT increases threat of cyber-attacks Amplifying that vulnerability is the trend of allowing employees to bring their own laptops, smartphones and other digital devices to the office or use to work remotely. And thanks to the Internet of Things, as more devices connect to enterprise systems – from thermostats to cars – the threat surface or targets of intrusion are multiplying exponentially. According to the McAfee Labs 2019 Threats Predictions Report, hackers will increasingly turn to AI to help them evade detection and automate their target selection. Companies will have no choice but to begin adopting AI defenses to counter these cybercriminals. Importance of cyber security This escalation in the cyber arms race reflects the sheer volume of data and transactions in modern life. In businesses like financial services and healthcare it is not humanly possible to examine every transaction for anomalies that might signal cyber snooping. Even when oddities are glimpsed, simply flagging potential problems can create so-called threat fatigue from endless false alarms. What’s more, attacks like those from Trickbots are specifically designed to go undetected by end users. The fact is, even if throwing more people at the problem were a solution, there aren’t enough skilled cyber security workers in the world. By some estimates, as many as 10 million cyber security jobs now go unfilled. AI is being used to conduct predictive analysis at a scale beyond human means Deploying AI As a result, AI is being deployed on multiple cyber-defense fronts. So far, it is mainly being used to conduct predictive analysis at a scale beyond human means. AI programs can sift through petabytes of data, identifying anomalies and even helping an organisation recognise and diagnose intrusions before they turn into catastrophic attacks. AI can also be used to continually monitor and allocate levels of access to a network’s multitude of legitimate users – whether employees, customers, partners or suppliers – to ensure that all parties have the access they need, but only the access they need. Countering cyber security threats To harden defenses, some AI programs can be configured to perform simulated war games To harden defenses, some AI programs can be configured to perform simulated war games. Because cyber attackers have stealth on their side, organisations might need dozens of experts to counter only a handful of attackers. AI can help even the odds, scoping out the potential permutations of vulnerabilities. As CISOs – and the CIOs they typically report to – advise C-suites and boards on their growing cybersecurity risk, they can also help those leaders recognize an enduring truth: AI programs cannot replace experienced cybersecurity professionals. But the technology can make staff smarter, more vigilant and more nimbly responsive. AI-based cyber security tools Financial and healthcare companies are leading this charge because of the sheer volume and variety of transactions they handle and because of the value and sensitivity of the data. Organisations like the U.S. Department of Defense and the space agency NASA, as well as governments around the world are also implementing AI-based tools to address the cyber threat. For businesses of all types, the threat stretches from the back office to the supply chain to the store front. That is why recognising and countering that threat must involve everyone from the CISO to the CEO to the Chairman of the Board. The AI arms race is underway in security. To delay joining it is to risk letting your enterprise become one of the grim statistics.
We live in an information and data-led world, and cybersecurity must remain top-of-mind for any organisation looking to both protect business operation critical assets. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - from cybercriminals conducting targeted spear-phishing campaigns - like the 2018 Moscow World Cup vacation rental scam, to nation-state actors looking to collect intelligence for decision makers - no organisation is safe from innovative cyber threats. Security solutions enterprises Organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe The evolving threat space means organisations need to ensure they have the most innovative prevention and detection frameworks in order to withstand adversaries using complex and persistent threats. When implementing new security solutions enterprises must start by assuming that there is already a bad actor within their IT environment. With this mindset, organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe. As there is no one silver bullet that truly stops all cyberattacks, organisations must adopt a multipronged approach to be widely adopted to stop adversaries. This must include tracking, analysing and pinpointing the motivation of cyber actors to stay one step ahead through global intelligence gathering and proactive threat hunting. In addition, deploying new technologies leveraging the power of the cloud give a holistic view of the continuously evolving threat landscape and thereby secure data more efficiently. Traditional security approach In today’s landscape, the propagation of advanced exploits and easily accessible tools has led to the blurring of tactics between statecraft and tradecraft. Traditional security approaches are no longer viable when it comes to dealing with the latest trends in complex threats. To make defending against these threats even more complicated, adversaries are constantly adapting their tactics, techniques and procedures (TTPs), making use of the best intelligence and tools. CrowdStrike’s latest Global Threat Report tracked the speed of the most notable adversaries including Russian, Chinese, North Korean and Iranian groups. As the adversaries’ TTPs evolve into sophisticated attack vectors defenders need to recognise we are amidst an extreme cyber arms race, where any of the above can become the next creator of a devastating attack. Russian efficiency is particularly high; they can spread through an enterprise network in 18 minutes 48 seconds on average, following the initial cyber-intrusion. Sophisticated cyber weapons Actors tend to use a simple trial and error technique where they test the organisation's network So, reacting to threats in real-time is a priority. Bad actors are extremely vigilant and committed to breaking down an organisation’s defences, and speed is essential to finding the threats before they spread. Actors tend to use a simple trial and error technique where they test the organisation's network, arm themselves with more sophisticated cyber weapons, and attack again until they find a vulnerability. This has highlighted the need for tools that provide teams with full visibility over the entire technology stack in real-time in order to meet these threats head-on. Traditional solutions are scan-based, which means they don’t scale well and can’t give the security teams context around suspicious activity happening on the network. They lack full visibility when a comprehensive approach is needed. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - like the 2018 Moscow World Cup vacation rental scam Malicious behaviour Through leveraging the power of the cloud and crowdsourcing data from multiple use cases, security teams can tap into a wealth of intelligence collated from across a vast community. This also includes incorporating threat graph data. Threat graphs log and map out each activity and how they relate to one another, helping organisations to stay ahead of threats and gain visibility into unknowns. Threat graph data in conjunction with incorporating proactive threat hunting into your security stack creates a formidable 360-degree security package. Managed threat hunting teams are security specialists working behind the scenes facing some of the most sophisticated cyber adversaries through hands on keyboard activity. Threat hunters perform quickly to pinpoint anomalies or malicious behaviour on your network and can prioritise threats for SOC teams for faster remediation. In-depth knowledge Security teams need to beat the clock and condense their responseIt is key for security teams to have an in-depth knowledge of the threat climate and key trends being deployed by adversaries. The TTPs used by adversaries leave are vital clues on how organisations can best defend themselves from real-life threats. Intrusion ‘breakout time’ is a key metric tracked at CrowdStrike. This is the time it takes for an intruder to begin moving laterally outside of the initial breach and head to other parts of the network to do damage. Last year, the global average was four hours and 37 minutes. Security teams need to beat the clock and condense their response and ejection of attackers before real damage is done. Next-generation solutions When managing an incident clients need to be put at ease by investigations moving quickly and efficiently to source the root of the issue. Teams need to offer insight and suggest a strategy. This can be achieved by following the simple rule of 1-10-60, where organisations should detect malicious intrusions in under a minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation activities in less than an hour. The most efficient security teams working for modern organisations try to adhere to this rule. As the threat landscape continues to evolve in both complexity and scale, adequate budget and resources behind security teams and solutions will be determining factors as how quickly a business can respond to a cyberattack. To avoid becoming headline news, businesses need to arm themselves with next-generation solutions. Behavioural analytics The solution can then know when to remove an adversary before a breakout occurs Behavioural analytics and machine learning capabilities identify known and unknown threats by analysing unusual behaviour within the network. These have the ability to provide an essential first line of defence, giving security teams a clear overview of their environment. With this at hand, the solution can then know when to remove an adversary before a breakout occurs. Attackers hide in the shadows of a network’s environment, making the vast volume and variety of threats organisations face difficult to track manually. The automation of responses and detection in real-time is a lifeline that organisation cannot live without as adversaries enhance and alter their strategies. Adversaries continue to develop new ways to disrupt organisations, with cybersecurity industry attempting to keep pace, developing new and innovative products to help organisations protect themselves. These technologies empower security teams, automating processes and equipping security teams with the knowledge to respond quickly. Organisations can set themselves up for success by integrating the 1-10-60 rule into their security measures, giving them an effective strategy against the most malicious adversaries.
In 2017, IoT-based cyberattacks increased by 600%. As the industry moves towards the mass adoption of interconnected physical security devices, end users have found a plethora of advantages, broadening the scope of traditional video surveillance solutions beyond simple safety measures. Thanks in part to these recent advancements, our physical solutions are at a higher risk than ever before. With today’s ever evolving digital landscape and the increasing complexity of physical and cyber-attacks, it’s imperative to take specific precautions to combat these threats. Video surveillance systems Cybersecurity is not usually the first concern to come to mind When you think of a video surveillance system, cybersecurity is not usually the first concern to come to mind, since digital threats are usually thought of as separate from physical security. Unfortunately, these two are becoming increasingly intertwined as intruders continue to use inventive methods in order to access an organisation's assets. Hacks and data breaches are among the top cyber concerns, but many overlook the fact that weak cybersecurity practices can lead to physical danger as well. Organisations that deploy video surveillance devices paired with advanced analytics programs often leave themselves vulnerable to a breach without even realising it. While they may be intelligent, IoT devices are soft targets that cybercriminals and hackers can easily exploit, crippling a physical security system from the inside out. Physical security manufacturers Whether looking to simply gain access to internal data, or paralyse a system prior to a physical attack, allowing hackers easy access to surveillance systems can only end poorly. In order to stay competitive, manufacturers within the security industry are trading in their traditional analogue technology and moving towards interconnected devices. Due to this, security can no longer be solely focused on the physical elements and end users have taken note. The first step towards more secured solutions starts with physical security manufacturers choosing to make cybersecurity a priority for all products, from endpoint to edge and beyond. Gone are the days of end users underestimating the importance of reliability within their solutions. Manufacturers that choose to invest time and research into the development of cyber-hardening will be ahead of the curve and an asset to all. Wireless communication systems Integrators also become complicit in any issues that may arise in the future Aside from simply making the commitment to improve cyber hygiene, there are solid steps that manufacturers can take. One simple action is incorporating tools and features into devices that allow end users to more easily configure their cyber protection settings. Similarly, working with a third party to perform penetration testing on products can help to ensure the backend security of IoT devices. This gives customers peace of mind and manufacturers a competitive edge. While deficient cybersecurity standards can reflect poorly on manufacturers by installing vulnerable devices on a network, integrators also become complicit in any issues that may arise in the future. Just last year, ADT was forced to settle a $16 million class action lawsuit when the company installed an unencrypted wireless communication system that rendered an organisation open to hacks. Cybersecurity services In addition, we’ve all heard of the bans, taxes and tariffs the U.S. government has recently put on certain manufacturers, depending on their country of origin and cybersecurity practices. Lawsuits aside, employing proper cybersecurity standards can give integrators a competitive advantage. With the proliferation of hacks, malware, and ransomware, integrators that can ease their client's cyber-woes are already a step ahead. By choosing to work with cybersecurity-focused manufacturers who provide clients with vulnerability testing and educate end users on best practices, integrators can not only thrive but find new sources of RMR. Education, collaboration and participation are three pillars when tackling cybersecurity from all angles. For dealers and integrators who have yet to add cybersecurity services to their business portfolios, scouting out a strategic IT partner could be the answer. Unlocking countless opportunities Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step Physical security integrators who feel uncomfortable diving headfirst into the digital realm may find that strategically aligning themselves with an IT or cyber firm will unlock countless opportunities. By opening the door to a partnership with an IT-focused firm, integrators receive the benefit of cybersecurity insight on future projects and a new source of RMR through continued consulting with current customers. In exchange, the IT firm gains a new source of clients in an industry otherwise untapped. This is a win for all those involved. While manufacturers, dealers and integrators play a large part in the cybersecurity of physical systems, end users also play a crucial role. Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step. Commonplace cybersecurity standards Below is a list of commonplace cybersecurity standards that all organisations should work to implement for the protection of their own video surveillance solutions: Always keep camera firmware up to date for the latest cyber protections. Change default passwords, especially those of admins, to keep the system locked to outside users. Create different user groups with separate rights to ensure all users have only the permissions they need. Set an encryption key for surveillance recordings to safeguard footage against intruders and prevent hackers from accessing a system through a backdoor. Enable notifications, whether for error codes or storage failures, to keep up to date with all systems happenings. Create/configure an OpenVPN connection for secured remote access. Check the web server log on a regular basis to see who is accessing the system. Ensure that web crawling is forbidden to prevent images or data found on your device from being made searchable. Avoid exposing devices to the internet unless strictly necessary to reduce the risk of attacks.
Some of the electronic features we all love in our new cars depend on a connection to the Internet. But what are the cybersecurity risks involved in that connection? Could a widespread cyberattack turn our cars into deathtraps and create a traffic catastrophe on the scale of 9/11? That’s the scenario described in a report from the nonprofit group Consumer Watchdog, which warns that a fleet-wide cyberattack at rush hour could result in a 9/11-style catastrophe with approximately 3,000 deaths. The organisation recommends that automobile manufacturers install a ‘kill switch’ that would disconnect a vehicle from the Internet in an emergency to mitigate the threat. Protecting transportation system Automakers are keeping the public in the dark as they market new features based on Internet connections"Consumer Watchdog contends that the vulnerability of automotive computer systems, and the possibility of a cyberattack, has been communicated privately to investors but not widely to consumers. “Automakers are keeping the public in the dark as they market new features based on Internet connections,” says Consumer Watchdog. “Connecting safety-critical systems to the Internet is an inherently dangerous design,” says Jamie Court, President of Consumer Watchdog. “American car makers need to end the practice or Congress must step in to protect our transportation system and national security.” Future designs should completely isolate safety-critical systems from infotainment systems connected to the Internet or other networks, according to Consumer Watchdog. By 2022, at least two-thirds of new cars on American roads will have online connections to the cars’ safety-critical systems, putting them at risk of deadly hacks. Updating vehicle software over-the-air One economic motive of connecting vehicles to the Internet is the ability of car manufacturers to update vehicle software over-the-air rather than having to recall a vehicle. Systems also enable collection of valuable data on how fast a car owner drives or where he/she shops. Security-critical components inside cars are driven by ‘black boxes’ that may contain software of questionable origin Security-critical components inside cars are driven by ‘black boxes’ that may contain software of questionable origin. Software may be written by third parties and/or include contributions from hundreds or thousands of different authors around the world, with little accountability for flaws. The ability to update software ‘over the air’ without touching the vehicles lets automakers cover up safety problems and sloppy testing practices, contends Consumer Watchdog. “Allowing consumers to physically disconnect their cars from the Internet and other wide-area networks should be a national security priority,” says Court. “If a 9/11-like cyber-attack on American cars were to occur, recovery would be difficult because there is currently no way to disconnect our cars quickly and safely. The nation’s transportation infrastructure could be gridlocked for weeks or months. Mandatory ‘kill switches’ would solve the problem.” Understanding the risks of connected cars In addition to more attention to cybersecurity, there also needs to be more transparency to enable consumers to understand what is at risk and the choices they make. For example, a group of more than 20 car industry engineers and insiders helped to prepare the Consumer Watchdog report, but many of them remained anonymous for fear of losing their jobs. Consumers have a right to understand the risks they are taking and how they can minimise them. In the Internet of things, cybersecurity dangers extend to almost every device in the connected world, from cars to smartphones to medical devices. Increasingly, we will be asked to weigh the convenience of cranking our car with a smartphone, for example, against the possible risk in the form of vulnerability to cyberattack.
Global Security Exchange (GSX) 2019 will blow into the Windy City this fall, combining a tradeshow, a full schedule of professional education sessions, plenty of industry networking opportunities, and an annual reunion of the top professionals from around the world tasked with protecting people, property and assets. GSX – the trade show and industry event 'formerly known as' the ASIS Annual Seminar and Exhibits – will be Sept. 8-12 at Chicago’s McCormick Place. The show promises to 'elevate the event experience with modern education learning experiences, revitalised networking opportunities, and a reimagined trade show floor.' More than 550 exhibitors will be featured in the expo hall (open Sept. 10-12), according to ASIS International. Chicago is a great location for GSX, as evidenced by the successful 2013 ASIS show. Cutting-edge solutions X1 Stage sessions are designed to highlight cutting-edge solutions and increase contextual understanding GSX seeks to attract more attendees to the exhibition hall with education events positioned alongside the industry’s latest-and-greatest equipment and technology exhibits. On the expo floor, the GSX: Disruption District will include new and enhanced programs such as the X Learning stages, the D3 (drones, droids, defence) Learning Theater, the Pitch Competition and the Innovative Product Awards. X Learning is a series of experiential sessions. X1 Stage sessions are designed to highlight cutting-edge solutions and increase contextual understanding of new technology. GSX: Startup Sector highlights new companies with emerging technologies; and GSX: Pitch Competition brings together entrepreneurs, investors and industry leaders to feature early-stage startup pitches. Career HQ will provide free resume reviews, career coaching, professional development and networking opportunities. A Sharpshooter Contest sponsored by Smart Simulators and SB Tactical will allow contestants donating $20 to compete for $500 in prizes each day. Pre-conference certification courses More than 300 security courses, plus pre-conference certification courses, will provide security professionals expertise to enhance their career development. Programming will be led by ASIS and InfraGard subject matter experts. (InfraGard is a non-profit organisation serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation.) Seventeen education tracks will serve the needs of security professionals interested in topics from business continuity to crime/loss prevention, law and ethics to national security, information security to physical and operational security. The show also provides opportunities for dealers, installers, integrators, consultants, specifiers, architects and engineers 'Game Changer' sessions will address hot and controversial topics, including 'The Ever-Changing Drone Landscape: What You Need to Know' and 'Accelerating Digital Transformation: Insights and Applications.' Ian Bremmer of Eurasia Group will speak on navigating the geopolitical landscape; Steve Demetriou and Joe Olivarez of Jacobs, a global professional services company, will speak about harnessing technology and big data to make strategic decisions. Providing new opportunities Wednesday morning, General John F. Kelly of the U.S. Marine Corps (Ret), will provide insight into the evolving geopolitical landscape around the world. His keynote presentation on Sept. 11 will kick off Military and Law Enforcement Appreciation Day. Tarah Wheeler, cyber security researcher, will speak on protecting assets in the age of cybersecurity leaks and scandals. More than 20,000 registered attendees are expected from 110-plus countries across the entire industry Although the attendee emphasis is on security end-users, the show also provides opportunities for dealers, installers, integrators, consultants, specifiers, architects and engineers. More than 20,000 registered attendees are expected from 110-plus countries across the entire industry, according to ASIS International. Networking events will include an ASIS Town Hall Meeting on the afternoon of Sept. 8, aimed at opening communication between ASIS staff and membership. There will be an Opening Night Celebration Sept. 8 centred on the theme 'Chicago on the Silver Screen' at Revel Motor Row, a popular Chicago landmark originally home to the Illinois Auto Club. Emphasis on education On Monday (Sept. 9) a networking luncheon will be followed by the Awards Reception later in the day. A reception in the evening will present the Karen Marquez Honors Award, recognising a female security professional. Tuesday (Sept. 10) will have a Happy Hour at the exhibit hall, followed later by a Women in Security and Young Professionals Happy Hour. Wednesday evening will be the President’s Reception at Wintrust Arena, with a 1980s theme. The annual trade show has declined in recent years, and ASIS International has implemented changes that seek to reinvigorate the show, culminating in the rebranding last year. One challenge is that the show’s emphasis on education keeps attendees engaged for hours of the day, making it harder to meet the expectations of exhibiting companies who want more booth traffic. More attractions on the show floor, including the Tuesday happy hour, are aimed at increasing overall foot traffic in the hall.
The devil is in the details. The broader implications of the U.S. Government ban on Chinese video surveillance manufacturers are being clarified in the federal rule-making process, and a public hearing in July gave the industry a chance to speak up about the impact of the law. Ban on equipment The hearing centered on Section 889 of Title VII of the National Defense Authorisation Act (NDAA) for FY 2019, specifically paragraph (a)(1)(B). The paragraph "prohibits agencies from entering into a contract (or extending or renewing a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system." “Covered equipment” refers to products and services from Huawei, ZTE Corp., Hytera, Hikvision and Dahua “Covered equipment” refers to products and services from Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co. Hikvision and Dahua are two of the largest manufacturers of video surveillance equipment, and Huawei manufactures HiSilicon chips widely used in video cameras. ‘Chinese ban’ provision The public hearing was part of the rule-making process for paragraph (a)(1)(B), which the industry has informally referred to as the “blacklist” provision of the NDAA. However, the “Chinese ban” provision [Paragraph (a)(1)(a)] is not at issue, was not covered by the public hearing, and is already scheduled to go into effect a year after the law was signed by President Trump (August 13, 2018). There were seven presentations at the public hearing. Presenters included the Security Industry Association (SIA), two Hikvision integrators, a representative of communications manufacturer Hytera, an economist and an attorney on behalf of telecommunications company Huawei, and Honeycomb Secure Systems, a federal contractor. There was no livestream or transcription of the meeting, although PowerPoint summaries of the 10-minute presentations were published. SIA emphasises on clarity In its presentation, the Security Industry Association (SIA) emphasised that contractors need clarity, i.e., that paragraph (a)(1)(B) applies to an entity's use of covered equipment or services in the performance of federal contracts, but NOT to non-federal sales or use of covered equipment by a contractor that is unrelated to federal work. SIA also focused on the distinction (and contrasting risk profiles) between video surveillance equipment, which are endpoint devices that may or may not be on the Internet, and telecommunications equipment. In contrast, telecommunications equipment is essential to Internet infrastructure and manages all data on a network, encrypted or not. Fully-compliant video surveillance products Security equipment suppliers and integrators doing federal work can offer fully compliant video surveillance products" SIA's presentation included the following "outcome" statement: "Security equipment suppliers and integrators doing federal work can offer fully compliant video surveillance products in the federal market, while offering other products tailored to technical requirements, price points and specific customer needs that vary widely for non-government commercial sectors – e.g. malls, banks, convenience stores, etc.” In other words, involvement in government contracts should not restrict an integrator’s flexibility to offer any and all products and services (included those from the listed Chinese companies) to non-government customers. The two integrators made similar points, specifically about their business with Hikvision. One presenter was Rick Williams, General Manager of Selcom, a systems integrator in Selma, Ala., with 10 employees. They have been a Hikvision partner since 2012 with a year-to-date revenue from Hikvision products of approximately $400,000. Hikvision integrators speak out A second integrator at the hearing was Mark Zuckerman of Clear Connection Inc., a security company in Beltsville, Md., with 32 local employees, that focuses on electronic security, telecommunications and IT. Clear Connection designs, installs and services systems throughout Metro DC and Baltimore, including commercial entities, schools and non-profit organisations. They do about $120,000 a year in business as a Hikvision partner and have over $500,000 in business awaiting federal NSGP [Nonprofit Security Grant Program] approval. In two almost identical presentations, the integrators sought clear guidance on how to comply with the language of the law as written, specifically confirmation that Section 889 of the NDAA does not apply to non-federal sales or use of covered equipment. "This is critical to my company as I provide integrated security solutions across multiple government and commercial markets, using a mix of products from different manufacturers tailored to the technical requirements, price points and customer needs that vary widely for each sector," said Williams. Hytera speaks at hearing It is not clear what Section 889 means, who it applies to, or how far its prohibitions extend" "It is not clear what Section 889 means, who it applies to, or how far its prohibitions extend," commented Zuckerman. "If interpreted broadly, some of my customers would be barred from entering into a federal contract because they have covered products installed in their facility to protect their property and staff.” Also presenting at the hearing was Hytera, a manufacturer of open standard digital mobile radio technology. The presentation emphasised that Hytera does not sell to U.S. telecommunications carriers, and does not supply 5G components or video surveillance equipment. Hytera equipment is used by federal customers such as the National Gallery of Art, National Archives, National Zoo and the Holocaust Museum. Impact on clients and commerce "These federal entities do not play a role in national security, and the Hytera systems do not connect to any critical systems," says the company. "However, the lack of clarity in the implementation of the NDAA has a significant impact on Federal, state and commercial clients, impacting competition and choice." Hytera's presentation continues: "Hytera has never been informed by any U.S. government entity that its equipment posed a national security risk and as such has not been given the opportunity to respond to any concerns. The result of Section 889 is the creation and circulation of misinformation in the marketplace." Hytera also said that the federal proposed rules and regulations should exempt federal agencies that do not include a national security component, and equipment not interconnected with the public network. Impact on cybersecurity Consolidating the number of equipment suppliers hinders rather than helps cybersecurity" James E. Gauch, an attorney with James Day speaking on behalf of Huawei, offered a global argument that could be applied to any of the banned companies: “Virtually all equipment manufacturers rely on a global supply chain and face security risks from a wide range of sources, excluding may be one or two vendors based on their national origin will not address these risks.” He adds, “However, consolidating the number of equipment suppliers hinders rather than helps cybersecurity. Creating a small number of dominant suppliers, regardless of national origin, reduces the incentives of those suppliers to embrace industry-leading standards and creates greater exposure to vulnerabilities of a single supplier.”
ANSecurity, globally renowned specialist solutions firm in advanced network and data security, has announced the successful completion of a Secure Access platform upgrade for the South Hams District Council and West Devon Borough Council. South Hams District Council and West Devon Borough Council serves a large portion of the county of Devon in South West England. With just under 400 staff, the council provides a variety of services to over 100,000 properties and 140,000 residents. Due to a need to protect sensitive data and at the same time accommodate modern, flexible ways of working, South Hams District Council and West Devon Borough Council was undergoing the process of transforming the way it worked. Secure Access platform The council opted for an “always on” VPN - one which would use a device ID to authenticate to the council’s network The council wanted to ensure that in the future, its employees could work in a location agnostic way. Secure Access was central to that transformation, providing a secure connection between an employee’s device and the council’s network. The council approached ANSecurity for help in managing the upgrade to the latest platform. After a series of calls and on-site meetings, the full upgrade was purchased. It chose Pulse Secure appliances for their unparalleled ability to combine Secure Access with a user friendly experience. The council opted for an “always on” VPN - one which would use a device ID to authenticate to the council’s network - thereby circumventing the manual sign-in process and providing a streamlined authentication process for users. From there the processes of logging in at home, or the office became almost identical. By deploying fewer physical 2 factor tokens, the council made further savings. ANSecurity helped the council configure the VPN with a couple of days of on-site consultancy. Pulse Secure VPN Mike Ward, the council’s head of IT commented, “Security of this type is an enabler to the way we work - we couldn't do it without a VPN. ANSecurity have been a great partner for us and nothing was too much trouble, they provided good guidance and were there every step of the project. We look forward to working with them on an on-going basis.” The council’s new operating model has proved tremendously popular with staff, allowing them to work agilely in whatever location they choose. The council’s offices are now hot desking locations with around 100 to 150 people using Pulse Secure VPN to log into the office network every day. The ability to capture business processes into its workflow allowed the council to downsize its staff costs and save £1.4 million a year. The resultant savings in money, staff and space has also cut its carbon footprint and paper waste significantly.
Abu Dhabi is a major cultural and commercial centre in the United Arab Emirates (UAE), accounting for roughly two-thirds of the UAE’s economy. While oil and natural gas make up a large portion of its GDP, Abu Dhabi has positioned itself as a premiere tourist destination, with major investments in luxury resorts and business hotels. Consequently, public safety is a top priority — and FLIR Systems is playing a critical role in the city’s long-term safe city initiative. Recently, the Abu Dhabi Monitoring and Control Center (ADMCC) was tasked with integrating all public access cameras onto a single platform to provide fully uninterrupted coverage of the city. This is in compliance with the Safe City 2030 vision of His Highness Sheikh Mohammed bin Zayed Al Nahyan, Crown Prince of Abu Dhabi and President of the UAE. As part of this initiative, ADMCC launched the Falcon Eye project, where surveillance cameras and sensors would be installed across the city to enable real-time situational awareness, threat detection, data collection, data sharing among public safety organisations, and crime prevention. Updating video management system To manage such an extensive system under the Falcon Eye project, ADMCC needed to update its VMS softwareFalcon Eye expands Abu Dhabi’s existing surveillance system to thousands of license plate recognition cameras and surveillance cameras, with cameras equipped with video analytics and/or facial recognition capabilities. To manage such an extensive system under the Falcon Eye project, ADMCC needed to update its video management system (VMS) software. ADMCC sought a VMS that would provide enhanced image quality, as well as increased storage and integrity of streamed video. The VMS also needed to be able to incorporate current, emerging and future technologies, such as Big Data, cyber protection, smart cameras, analytics at the edge, and automated camera management. Additionally, ADMCC required a cost-effective VMS that would seamlessly integrate with the existing physical security management information (PSIM) without compromising any data or operations from subsystems. Reliable software solution for video surveillance Previously, ADMCC had a strong relationship with FLIR, having deployed an older FLIR United VMS version for several years. After careful research and evaluation, ADMCC chose to continue partnering with FLIR as the industry leader in advanced video solutions in the safe city sector. ADMCC selected the most recent FLIR United VMS release as its VMS for the Falcon Eye initiative. FLIR United VMS is a reliable, enterprise-level software solution for video surveillance supporting an unlimited number of cameras over IP networks. Complying with ONVIF Profile S, Latitude ensures greater compatibility between cameras and the VMS Part of FLIR’s award-winning United VMS platform, Latitude features enhanced cyber security protocols. Its distributed server architecture enables unlimited scalability, multi-site deployments and sophisticated network topologies. Latitude’s open platform functionality provides advanced edge device integration, bringing together hundreds of third-party technologies. Complying with ONVIF Profile S, Latitude ensures greater compatibility between cameras and the VMS. Integrating Latitude and PSIM solution ADMCC upgraded to the recent United VMS version in June 2017. With special support from the FLIR team, the integration of Latitude and ADMCC’s in-house PSIM solution was successfully completed without any data loss. Adding value to the integration was the presence of an in-house FLIR engineer, who provided insight and guidance throughout the process. “FLIR is considered one of ADMCC’s trusted vendors, delivering regular upgrades and specialist support to our operations when needed,” said His Excellency Saeed Al-Neyadi, Director General at ADMCC. “The on-site FLIR engineer provided an immeasurable value to ADMCC.” Ensures maximum integrity and reliability One of the defining characteristics of United VMS is its simplicity and easy user interface. United VMS offers simplified access in managing and controlling video operations for the support staff. For all safe city projects, the preservation and availability of data is paramount. United VMS ensures maximum integrity and reliability with exceptional failover, disaster recovery capabilities" “The use of actionable information through data collection is vital in running such a huge scale operation such as Safe City initiatives,” Mr. Khalfan Al Hassani (ICT Director) said. “United VMS ensures maximum integrity and reliability with exceptional failover, disaster recovery capabilities, and 24/7 redundant recording.” Day/night safety of city and residents ADMCC oversees one of the world’s leading safe city solutions that utilises license plate recognition, facial recognition, video analytics and video management from over 45,000 sensors spread across the Emirate. United VMS serves as the central operational platform for all data of this unified platform, providing an efficient combination of video software and server hardware. By utilising the state-of-the-art technologies and subsystems brought together by United VMS, ADMCC ensures the safety of the city and its residents at all hours of the day and night. “United VMS has given ADMCC a reliable, stable, robust and secure platform for the past six years,” said Al Hassani. “It underpins a custom PSIM solution that supports various government agencies in Abu Dhabi helping the city to be ranked the ‘Safest City in the World.’”
Crossword Cybersecurity plc, has announced that Stevenage Borough Council, Peterborough City Council and East Hertfordshire District Council (‘the Councils’), will use Rizikon Assurance to manage compliance with the GDPR (General Data Protection Regulation) with their suppliers and for wider information governance. GDPR compliance GDPR makes many requirements of organisations, including taking adequate steps to ensure data is both encrypted and anonymised, so that in the event of a breach, the data cannot be exploited. Infringements under GDPR can lead to fines of €20 million, or 4% of annual global turnover for an organisation. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack With a combined residential population of over 430,000, the Councils have a duty to ensure that the personal information of all residents is adequately protected against the risk of data breach, either by the Councils themselves or the third-party suppliers and agencies with which they work. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack. GDPR risk exposure Using Rizikon Assurance, the Councils will improve the process and accuracy of securing third party assurance. This will support compliance with GDPR, and establish a way to manage on-going assurance checks when needed at regular intervals. Additionally, the Councils will be in a position to identify GDPR risk exposure across their supplier portfolio, so that remedial action can be taken to improve the protection of citizen data. Jake Holloway, Director responsible for Rizikon Assurance, commented, “The role of every public service organisation is to serve its citizens, often holding personal information about them on many sensitive topics such as health, benefits and education. With that comes the responsibility of ensuring that information is protected, especially when it needs to be shared with partner organisations.” Rizikon Assurance Jake adds, “Rizikon Assurance will help any organisation dramatically improve the speed and reliability of its third-party assurance processes, covering areas such as GDPR, health & safety, the Modern Slavery Act and any other requirements that they may have. It moves third party assurance from a siloed and reactive activity, to a connected, proactive continuous process that delivers a complete view of third-party risk.”
AlertEnterprise Inc., the physical-logical security convergence software company, announced that its Airport Guardian software has been selected by Los Angeles World Airports (LAWA) as the new Identity Management and Credentialing System (IMCS) at Los Angeles International Airport (LAX). Airport Guardian cyber-physical security software will be deployed to deliver a new level of converged security, identity and access intelligence, and enhanced customer experience across IT, physical and OT systems. “At LAWA, we work hard to provide a high level of safety, security, and service for our customers, communities, and stakeholders,” said Aura Moore, Deputy Executive Director - CIO of LAX. “We’ve selected AlertEnterprise software as our new Identity Management and Credentialing System for its integrated, configurable, and futureproof design. This new system will enable us to improve security, enhance customer experience, minimise risk, and proactively enforce compliance for many years to come.” Ensuring real-time compliance With Airport Guardian software, LAX will be able to streamline and automate their entire badge lifecycle processWith Airport Guardian software, LAX will be able to streamline and automate their entire badge lifecycle process, from application to badge printing, and access provisioning. By automating core processes with role-based workflow and active policy enforcement, the airport can ensure compliance in real-time, which helps to eliminate costly auditing efforts. The deployment of Airport Guardian software will include a secure, web-based portal that will enable LAX personnel to manage employees, vendors, and visitors across their enterprise landscape. Applicants and Authorised Signatories will be able to start, save, and submit applications, including requesting access to critical areas that require additional approval. Streamline application processes With built-in schedule management, Airport Guardian software will help the LAWA Badge Office streamline application processes and enhance customer experience, including reduced wait times, and application status visibility to applicants and authorised signatories. The aviation content pack features DACS, STA, CHRC, Rap Back, and LMS integrations as part of the Airport Guardian software Airport Guardian software includes an aviation specific content pack comprised of Tenant Management, Incident Management, Asset Governance, built-in airport compliance, industry reporting, badge auditing, and process automation best practices. The aviation content pack features DACS, STA, CHRC, Rap Back, and Learning Management Systems (LMS) integrations as part of the Airport Guardian software. Airport Security Awareness training The Airport Guardian software’s powerful LMS integration feature is designed to assist LAX administration teams in tracking and enforcing mandatory training for personnel including active shooter, Airside Vehicle Operating Permit, and Airport Security Awareness training. “LAX is one of world’s premier and busiest airports, and we are thrilled that they have selected AlertEnterprise as part of their security modernisation and digital transformation,” said Ruby Deol, AlertEnterprise Chief Operating Officer. “Our game-changing approach of converged cyber-physical security is helping to make airports and critical infrastructure around the world more secure while creating a positive workforce and customer experience.”
Round table discussion
The new school year is a good time to reflect on the role of security in protecting our schools. From video to access control to some newer technologies, our Expert Panel Roundtable found plenty to talk about when we asked this week’s question: How does security technology make our schools safer?
Passwords are one of the most familiar elements of information systems, but also one that can be overlooked or underutilised. New alternatives are emerging, and the role of passwords is evolving in the age of the Internet of Things. We asked this week’s Expert Panel Roundtable: How is the role of passwords changing in physical security systems?
One impact of Chinese companies entering the physical security market has been an erosion in product pricing, creating what has been called the "race to the bottom". However, political forces and cybersecurity concerns have presented new challenges for Chinese companies. Adding cybersecurity increases costs, and the addition of more functionality to edge devices is another trend that has impacted product pricing. We asked this week's Expert Panel Roundtable: Has price erosion ended (or slowed down) in the security market?