Cyber security

Ping Identity, global provider of Identity Defined Security solutions, announced its participation at Identiverse 2019, slated to take place from June 25-28 in Washington, D.C. Company experts will share best practices in working toward digital transformation, address the current state of the industry and provide ways enterprises can elevate their identity security programs. Attendees also will have an opportunity to hear from Ping Identity customers eBay and Royal Dutch Shell, as they talk through their successful deployments. Andre Durand, Ping Identity’s CEO, will kick off the conference in the opening keynote on June 26 at 8:30am ET. With a focus on highlighting the importance of forecasting the timing and impact of industry disruptions, the presentation will help security professionals prioritise investments in digital identity. Attendees will walk away with knowledge to help prepare their organisations for success in volatile conditions. Identity and access management Ping experts, spanning the company’s product marketing, product management and engineering groups, will also speak on a variety of themes and topics, including the following: API Security Multi-Factor Authentication Identity and Access Management Open Banking Identity Authentication Ping Intelligent Identity platform Make a memorable stop at Ping’s booth #601 to participate in several fun activities, including: Take a virtual hot air balloon ride, showcasing updates to the Ping Intelligent Identity platform experience and cloud offerings. Learn about the company’s new Pingtopia community, which brings together customer advocates. Download free trials of Ping’s Cloud MFA & SSO, PingOne for Customers and PingIntelligence for APIs solutions.

IDIS has launched its totally cost-free IDIS Dynamic Privacy Masking (IDPM) solution at IFSEC International (stand IF1110 at London’s ExCel) 2019.  IDIS now offers a simple answer to the previously labour-intensive – or prohibitively expensive – problem of de-identification in video footage which is being submitted in response to requests for access under The General Data Protection Regulation (GDPR) or for evidential purposes. Protecting privacy with masking GDPR came into play during a challenging time and some users have stopped reporting smaller losses" Last year, GDPR gave the right to any person captured by a video surveillance camera to access a copy of their personal recorded data. But at the same time, companies are required to protect the identity of other individuals who feature in the recorded video, with anonymisation and masking.  The same de-identification also needs to be applied when providing video clips to the police and courts for use as evidence. GDPR-compliance for incident investigations Jamie Barnfield, Sales Director at IDIS Europe, says that many small to medium companies – for example, retailers and eating-out chains - are struggling to manage their recorded video footage. They are under pressure to provide police with GDPR-compliant video for incident investigations, to respond to freedom of information requests from the public, and to supply footage to insurers assessing claims including as slips, trips and falls. In all of these cases the video needs to be redacted, Barnfield points out. “GDPR came into play during a challenging time and some users have stopped reporting smaller losses and petty crimes because of the increased work involved. For others the alternative has been to resort to expensive video cloaking services that charge by the minute, or to use third-party redaction software not budgeted into the running costs of their surveillance operations,” he said. IDIS Dynamic Privacy Masking (IDPM) Solving this problem, IDPM is now available from the IDIS Partners Portal as a direct download. It allows authorised system users to blur sensitives areas and dynamically de-identify faces, vehicles etc. Crucially, IDPM does this automatically for the duration of the clip, even as the object or person moves around the scene. Users can then quickly save video as clips or project files via the IDIS Clip Player which, crucially, does not rely on transcoding to prevent forgery. The integrity of recorded video is already assured with IDIS Chained Fingerprint technology As a result, masking can easily be removed later by the authorised user without affecting the integrity of the footage, if that becomes necessary for a subsequent investigation. Users also have options to set passwords and expiration dates, and to control who can access and play video files.  IDIS Chained Fingerprint technology The integrity of recorded video is already assured with IDIS Chained Fingerprint technology, which extracts distinctive features of recorded video data to create fingerprints for each frame and then embeds each fingerprint into the data of the next frame, connecting each frame together with the next like a blockchain. “IDPM now gives users a simple, fast and intuitive tool to provide evidence to the police and courts so that theft, abuse and violence against staff can be investigated and criminals brought to justice. At the same time companies can respond, within the stipulated timeframe, to information requests in line with GDPR without additional costs,” added Barnfield.

At the beginning of 2017, MOBOTIX and RealNetworks established their strategic partnership. Almost everyone has known RealNetworks since the 1990s, when the Seattle-based company introduced the first online audio streaming solution, RealAudio®. Years of continuous innovation and multiple generations of RealVideo® then gave birth to the company’s most well-known product, RealPlayer®, which is still used millions of times every day for streaming and downloading videos. More recently, RealNetworks has been steadily expanded its expertise in the area of artificial intelligence (AI) and machine learning. “Our innovative strength, quality standards and commitment to high-quality, customer-oriented solutions form the basis of our strategic partnership with RealNetworks,” explains Thomas Lausten, CEO of MOBOTIX AG. Facial and mood recognition MOBOTIX and RealNetworks see enormous market potential for further joint projects and customised solutions SAFR™, the latest solution from RealNetworks, is an exceptionally accurate, artificial intelligence-based system for facial and mood recognition that has been optimised for the challenges of live video. MOBOTIX and RealNetworks see enormous market potential for further joint projects and customised solutions. “MOBOTIX cameras have an excellent market reputation for high quality, cyber security, reliability and direct applicability for facial recognition.” “Our partnership has grown rapidly as we also share the same values, such as a commitment to quality, innovation, data security and building strategic partnerships to generate synergies for both our companies and our customers,” says Mathias Grünwald, Senior Lead Account & Service Management at RealNetworks. “The new MOBOTIX is increasingly developing into a base platform for a multitude of industry specific tasks – Beyond Human Vision,” says Lausten. Identify cyber security Since joining the company, Lausten has transformed MOBOTIX from a highly secure but self-contained product provider into an open and flexible solution and system platform that continues to identify cyber security as its top priority. This means that all MOBOTIX products are now ONVIF-compliant, there is a dedicated NAS solution and, with the MOBOTIX MOVE series, a PTZ camera has been launched on the market as a complementary independent product line. “Artificial Intelligence will play an increasingly important role in all areas of IT, meaning video surveillance as well – and with Konica Minolta, we have a leading technology partner by our side in this area,” explains Christian Heller, MOBOTIX Sales Director for Germany, Austria and Switzerland. “In conjunction with our new openness and our drive to produce cyber-safe products and solutions, we can work with our strategic partners like RealNetworks to strengthen the market and develop new solutions for a variety of vertical markets,” he adds. Video surveillance cameras SAFR facial recognition solutions based on MOBOTIX cameras are already being used in numerous vertical markets MOBOTIX's partnership with RealNetworks and SAFR demonstrates this in unique ways: “We are currently working together on an exciting project for a high-profile European museum,” says Lausten. The museum uses SAFR live analytics at the entrance and other locations within the museum to automatically count the number of people by time of day, using demographic breakdowns, such as gender and age. The same system can also analyse people’s moods. This solution is made possible by the combination of versatile, high-precision MOBOTIX cameras and the equally high-precision SAFR facial recognition platform. SAFR facial recognition solutions based on MOBOTIX cameras are already being used in numerous vertical markets. “Since MOBOTIX cameras were designed as the best video surveillance cameras and SAFR is regarded as the leading facial recognition platform for live video, together, we are able to deliver solutions that go far beyond recognition,” says Grünwald. “Beyond Human Vision means more than just monitoring video from a camera feed. Together with our selected strategic partners, MOBOTIX is creating solutions based on artificial intelligence that make events predictable and that can initiate countermeasures to protect the environment, valuables and people,” emphasises Lausten.

Transforming the way security teams monitor, manage and control multiple systems, Maxxess is launching its new, open-architecture InSite solution at IFSEC International, (London ExCel 18-20 June, stand IF2120). Maxxess InSite is a cyber-secure, cloud-based service that has been developed to give organisations impressive new levels of situational awareness and allow the most rapid, coordinated response to wide range of incidents, both emergency and non-emergency. InSite can pull data from a wide array of security and safety systems and infrastructure thanks to its open-architecture design. Applications range from device fault monitoring, maintenance tracking and reporting, to incident handling and emergency response coordination.  Effective coordination during emergency InSite doesn’t simply integrate disparate systems, it unifies their capabilities and makes them more powerful in use"For large organisations, or those with complex sites or multiple premises to manage, InSite reduces complexity and allows seamless central control. It lets day-to-day operations to be managed more efficiently, identifying problems early and reducing risks, and it enables more effective coordination during emergency incidents. “InSite doesn’t simply integrate disparate systems, it unifies their capabilities and makes them more powerful in use,” said Lee Copland, Managing Director, Maxxess EMEA. “InSite pulls together critical security infrastructure and systems – everything from cameras to door controls - bringing everything under a single operating umbrella, and unifying their functions to allow rapid communications, analysis and action.” eFusion security management platform Ambit allows system controllers to link with remote personnel via their personal devicesInSite joins Maxxess’s full suite of advanced control solutions, including the Ambit family of mobile apps and the eFusion security management platform. Ambit allows system controllers to link with remote personnel via their personal devices, enabling alerts, notifications, status assessment and functions including video surveillance support. And eFusion integrates seamlessly with more than 60 off-the-shelf systems from leading vendors, including surveillance, access control, fire and intruder systems with back-office processes. For managers and teams that need to be mobile, the Maxxess MX+ client gives secure web access to eFusion controls and functions via smartphones and tablets. The full suite of Maxxess technologies will be on show at IFSEC, providing complete solutions for organisations looking to streamline their operations and improve control of multi-system infrastructure.

In 2017, IoT-based cyberattacks increased by 600%. As the industry moves towards the mass adoption of interconnected physical security devices, end users have found a plethora of advantages, broadening the scope of traditional video surveillance solutions beyond simple safety measures. Thanks in part to these recent advancements, our physical solutions are at a higher risk than ever before. With today’s ever evolving digital landscape and the increasing complexity of physical and cyber-attacks, it’s imperative to take specific precautions to combat these threats. Video surveillance systems Cybersecurity is not usually the first concern to come to mind When you think of a video surveillance system, cybersecurity is not usually the first concern to come to mind, since digital threats are usually thought of as separate from physical security. Unfortunately, these two are becoming increasingly intertwined as intruders continue to use inventive methods in order to access an organisation's assets. Hacks and data breaches are among the top cyber concerns, but many overlook the fact that weak cybersecurity practices can lead to physical danger as well. Organisations that deploy video surveillance devices paired with advanced analytics programs often leave themselves vulnerable to a breach without even realising it. While they may be intelligent, IoT devices are soft targets that cybercriminals and hackers can easily exploit, crippling a physical security system from the inside out. Physical security manufacturers Whether looking to simply gain access to internal data, or paralyse a system prior to a physical attack, allowing hackers easy access to surveillance systems can only end poorly. In order to stay competitive, manufacturers within the security industry are trading in their traditional analogue technology and moving towards interconnected devices. Due to this, security can no longer be solely focused on the physical elements and end users have taken note. The first step towards more secured solutions starts with physical security manufacturers choosing to make cybersecurity a priority for all products, from endpoint to edge and beyond. Gone are the days of end users underestimating the importance of reliability within their solutions. Manufacturers that choose to invest time and research into the development of cyber-hardening will be ahead of the curve and an asset to all. Wireless communication systems Integrators also become complicit in any issues that may arise in the future Aside from simply making the commitment to improve cyber hygiene, there are solid steps that manufacturers can take. One simple action is incorporating tools and features into devices that allow end users to more easily configure their cyber protection settings. Similarly, working with a third party to perform penetration testing on products can help to ensure the backend security of IoT devices. This gives customers peace of mind and manufacturers a competitive edge. While deficient cybersecurity standards can reflect poorly on manufacturers by installing vulnerable devices on a network, integrators also become complicit in any issues that may arise in the future. Just last year, ADT was forced to settle a $16 million class action lawsuit when the company installed an unencrypted wireless communication system that rendered an organisation open to hacks. Cybersecurity services In addition, we’ve all heard of the bans, taxes and tariffs the U.S. government has recently put on certain manufacturers, depending on their country of origin and cybersecurity practices. Lawsuits aside, employing proper cybersecurity standards can give integrators a competitive advantage. With the proliferation of hacks, malware, and ransomware, integrators that can ease their client's cyber-woes are already a step ahead. By choosing to work with cybersecurity-focused manufacturers who provide clients with vulnerability testing and educate end users on best practices, integrators can not only thrive but find new sources of RMR. Education, collaboration and participation are three pillars when tackling cybersecurity from all angles. For dealers and integrators who have yet to add cybersecurity services to their business portfolios, scouting out a strategic IT partner could be the answer. Unlocking countless opportunities Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step Physical security integrators who feel uncomfortable diving headfirst into the digital realm may find that strategically aligning themselves with an IT or cyber firm will unlock countless opportunities. By opening the door to a partnership with an IT-focused firm, integrators receive the benefit of cybersecurity insight on future projects and a new source of RMR through continued consulting with current customers. In exchange, the IT firm gains a new source of clients in an industry otherwise untapped. This is a win for all those involved. While manufacturers, dealers and integrators play a large part in the cybersecurity of physical systems, end users also play a crucial role. Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step. Commonplace cybersecurity standards Below is a list of commonplace cybersecurity standards that all organisations should work to implement for the protection of their own video surveillance solutions: Always keep camera firmware up to date for the latest cyber protections. Change default passwords, especially those of admins, to keep the system locked to outside users. Create different user groups with separate rights to ensure all users have only the permissions they need. Set an encryption key for surveillance recordings to safeguard footage against intruders and prevent hackers from accessing a system through a backdoor. Enable notifications, whether for error codes or storage failures, to keep up to date with all systems happenings. Create/configure an OpenVPN connection for secured remote access. Check the web server log on a regular basis to see who is accessing the system. Ensure that web crawling is forbidden to prevent images or data found on your device from being made searchable. Avoid exposing devices to the internet unless strictly necessary to reduce the risk of attacks.

In the next three years, software as a service ‘SaaS’ is likely to grow by around 23%. That’s according to reports by Cognizance. It’s growth rests on the adoption of cloud public, private and hybrid. Without the cloud applications can’t truly pervade an organisation, nor can operational or customer benefits be derived. But there’s no point in adopting the cloud if it’s not secure - the proliferation of SaaS demands security, none more so in a GDPR world. Large cloud environment But modern applications are difficult to secure. SaaS based, web, mobile, or custom made all work on different platforms and frameworks. It’s a headache managing all the APIs needed to automate and sync tools. This introduces risk. The greater the number of apps the broader the attack surface and therefore the greater the chance there will be blind posts. Keeping up to date with updates and new security policies is never easy There are also added hazards. Applications are always changing. Keeping up to date with updates and new security policies is never easy, but especially hard in a large cloud environment. Failure to adopt changes puts the organisation and customers at further risk. But the biggest obstacle is keeping applications and APIs out of harm’s way. It’s a near on impossible task when attack methods and sources are constantly changing. More advanced threats To be specific there are four emerging challenges when it comes to protecting apps. Firstly, managing the good and the bad bots and spotting which is which, secondly securing APIs as IoT adoption intensifies, thirdly the relationship between securing apps and DevOps and ensuring ownership of security, and finally denial of service attacks that use newer tactics such as brute force. Basic security hygiene dictates that security teams refer to the OWASP Top 10. It’s considered the ‘ten commandments’ in security circles, providing a starting point for ensuring the most common threats and vulnerabilities are managed, detected and mitigated. Web Application Firewalls also come into the fray with guidance on testing for the ways hackers exploit vulnerabilities. However, though the basics are good to have in place, there are always more advanced threats to take care of. Bots being a big one. Bot management The more sophisticated bots will go as far as to mimic human behaviourAstonishingly about half of internet traffic is bot generated. Half of it is from bad bots. Discerning the good from the bad isn’t easy though and explains why around 80% of organisations can’t make a clear distinction between the two. Bad bots can do a lot of damage like take over user accounts and payment information, scrape confidential data, or hold up inventory and skew marketing metrics. The more sophisticated bots will go as far as to mimic human behaviour and bypass tools like CAPTCHA and even device fingerprinting based protection ineffective. Securing APIs Then there’s the complications derived from machine-to-machine and internet of things (IoT) communications. The more integrated ‘things’, the more data there is, the more events there are report on, and the more activity there is reliant on APIs to make the ‘things’ useful and agile. That’s what makes them a target and the threats to API vulnerabilities include injections, protocol attacks, parameter manipulations, invalidated redirects and bot attacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks.   There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks Denial of service (DoS) You might think there’s little to add to the swathes of denial of service warnings. Yet when businesses are still being targeted and feeling the ill effects it’s worth mentioning again that different forms of application-layer DoS attacks are still very effective at bringing application services down. Even the greatest application protection is worthless if the service itself can be knocked down This includes HTTP/S floods, low and slow attacks (famous examples being Slowloris, LOIC, Torshammer), dynamic IP attacks, buffer overflow, Brute Force attacks and more. The IoT botnets are the culprits and have made application-layer attacks so popular that they have become the preferred DDoS attack vector. Even the greatest application protection is worthless if the service itself can be knocked down. Continuous security It may seem easy to say but for modern DevOps, agility is valued at the expense of security. We see time and again examples of where development and roll-out methodologies, such as continuous delivery, mean applications are exposed to threats each time they are modified. There’s no doubt it is extremely difficult to maintain a valid security policy and protect sensitive data in dynamic conditions without creating a high number of false positives. But we now find that this task has gone way beyond the capability of humans. Organisations now need machine-learning based solutions that map application resources, analyse possible threats, and create and optimise security policies in real time. Reaching this level in security planning should be a big wake-up call that security automation is an essential not a nice to have. Running security plans The board needs to know that investment is critical to protect their profits It’s critical that the security solution your company adopts protects applications on all platforms, against all attacks, through all the channels and at all times. The board needs to know that investment is critical to protect their profits. As such there are six things they need to know: Application security solutions must encompass web and mobile apps, as well as APIs. Bot management solutions need to overcome the most sophisticated bot attacks. DDoS mitigation must be an essential and integrated part of application security solutions. A future-proof solution must protect containerised applications, severless functions, and integrate with automation, provisioning and orchestration tools. To keep up with continuous application delivery, security protections must adapt in real time. A fully managed service should be considered to remove complexity and minimise resources. No amount of human power will beat the bots. That last point is the most critical. Skill is essential in designing and running security plans and policies that work. But the plans can’t be executed without automated tools. There are just too many decisions to make in a split second. Combining both is the path to an effective app protection strategy and a stronger brand to boot.

Edge devices (and edge computing) are the future. Although, this does seem a little cliché, it is the truth. The edge computing industry is growing as quickly as technology can support it and it looks like we will need it to. IoT global market The IoT (Internet of Things) industry alone will have put 15 billion new IoT devices into operation by the year 2020 according to a recent Forbes article titled, “10 Charts That Will Challenge Your Perspective of IoT’s growth”. IoT devices are not the only edge devices we have to deal with as the total number of connected edge devices includes the likes of devices like security devices, phones, sensors, retail sales devices, and industrial and home automation devices. The IoT (Internet of Things) industry alone will have put 15 billion new IoT devices into operation by the year 2020 The sheer number of devices begins to bring thoughts of possible security and bandwidth implications into perspective. The amount of data that will need to be passed and processed with all of these devices will be massive. There needs to be consideration taken by all business owners and automation engineers into how this amount of data and processing will be conducted. Ever-expanding edge devices market As the number of edge devices in the marketplace and their use among consumers and businesses rises, the need to be able to handle the data from all of these devices is no longer going to be suitable for central server architectures. We are talking about hundreds of billions and even trillions of devices. According to IHS Markit researchers’ study, there were 245 million CCTV cameras worldwide. One has to imagine there are at least 25% of that many access control devices (61.25 million devices) based on a $344 million market cap also calculated by IHS Markit’s researchers. If all the other edge devices mentioned earlier are considered then one can see that trying to route them all through servers for processing is going to start to become difficult if it hasn’t already, -which arguably it already has, as is evidenced by the popularity of cloud-based solutions amongst those businesses that already use a lot of edge devices or are processing a lot of information on a constant basis. Cloud computing The question is whether cloud computing the most effective and efficient solution as the IoT industry grows The question is this; is cloud computing the most effective and efficient solution as the IoT industry grows and the amount of edge devices becomes so numerous? My belief is that it is not. Taking the example of a $399 USD device that is just larger than the size of a pack of cards and runs a CPU benchmarked at the same level as a mid-size desktop. This device has 8GB RAM and 64GB EMMC built-in and a GPU that can comfortably support a 4K signal at 60Hz with support for NVMe SSDs for add-on storage. This would have been unbelievable five years ago. As the price of edge computing goes down, which it has done in a dramatic way over the last 10 years (as can be seen with my recent purchase), the price to maintain a central server that can perform the processing required for all of the new devices being introduced to the world (due to the low cost of entry for edge device manufacturers) becomes more expensive. This introduces the guarantee that there will be a point where it will be less expensive for businesses, and consumers alike, to do the bulk of their processing at the edge as opposed to in central server architectures. Cloud computing is now being overtaken by edge computing, the method of processing data at the edge of the network in the devices themselves Edge computing There are a plethora of articles discussing and detailing the opposition between the two sides of the computing technology coin, cloud computing and edge computing. The gist of it is that “cloud computing” was the hot new buzzword three years ago and is now being overtaken by “edge computing.” The truth is that cloud computing is a central server architecture hosted at someone else’s location. Edge computing is going to be a necessary development in the technology industry Edge computing is the method of processing data at the edge of the network (in the devices themselves) and allowing for less resources required at a central location. There is certainly a use case for both, however the shift to edge computing amongst the general public and small to mid-sized businesses will not be a surprise to those players, who have been paying attention.  One article titled, “Next Big Thing In Cloud Computing Puts Amazon And Its Peers On The Edge” by Investor’s Business Daily takes the stance that edge computing is going to completely displace centralised cloud computing and even coins the phrase, “Cloud computing, decentralised” to explain edge computing. It speaks for the stance that most experts in technology seem to be taking, including Amazon Web Services’ VP of Technology, Marco Argenti according to the same article. We know that edge computing is going to be a necessary development in the technology industry, and it is happening as I write this, and quickly at that. Cost efficiency of edge processing As time goes on, the intersection between the prices of network bandwidth, edge processing and maintaining super powerful central servers will cause edge processing to be the most efficient and cost-effective way to maintain a scalable network in any environment, including datacenters. Owning a central server or utilising edge computing become the better options As it currently stands, most residential users can only achieve a 1Gbps WAN (internet) connection, and small to medium-sized business can’t get much more but seem to get much less, based on my personal experience. When more than 1Gbps needs to be processed, cloud computing becomes very expensive at which point, owning a central server or utilising edge computing become the better options. Then you look a total cost of ownership and when the cost of edge computing is less expensive than the cost of maintaining central server architectures, edge computing becomes the single best option. So, I’ll say it again, edge devices (and edge computing) are the future.

IFSEC Global, like any large trade show, can be daunting for attendees. At big shows, there can be hundreds of physical security manufacturers and dealers vying for your attention. As the scope of physical security expands from video surveillance and access control to include smart building integrations, cybersecurity and the Internet of Things (IoT), there is an increasing amount of information to take in from education sessions and panels. With IFSEC Global approaching next week, we present eight hints and tips for visitors to make the most out of trade shows: 1. Outline your objectives As the famous saying goes, “Failing to plan is planning to fail!” Once you know your objectives, you can start to research who is exhibiting Before you plan anything else, ensure you know what you need to achieve at the show. By clearly noting your objectives, you will be able to divide your time at the show appropriately, and carefully choose who you speak to. If there is a particular project your organisation is working on, search out the products and solutions that address your security challenges. If you are a security professional aiming to keep up with the latest trends and technologies, then networking sessions and seminars may be more appropriate. 2. Bring a standard list of questions Prepare a list of specific questions that will tell you if a product, solution or potential partner will help you meet your objectives. By asking the same questions to each exhibitor you speak to, you will be able to take notes and compare their offerings side by side at the end of the day. This also means you won’t get bogged down in details that are irrelevant to your goals. 3. Do your homework Once you know your objectives, you can start to research who is exhibiting and decide who you want to talk to. Lists of exhibitors can be daunting, and don’t always show you which manufacturers meet your needs. Luckily, most trade show websites provide the option to filter exhibitors by their product category. Once you know your objectives, you can start to research who is exhibiting and it may be easier to download the floor plan to your phone/tablet Many exhibitions also offer a downloadable floor plan, grouping exhibitors by product category or by relevant vertical market. It may be easier to download the floor plan to your phone/tablet or even print it out, if you don’t want to carry around a weighty map or show-guide. 4. Make a schedule Once you have shortlisted the companies you need to see, you can make a schedule that reflects your priorities. Even if you are not booking fixed meetings, a schedule will allow you to effectively manage your time, ensuring you make time for the exhibitors you can’t afford to miss. When scheduling fixed meetings, keep the floor plan at hand If the trade show spans several days, aim to have your most important conversations early on day one. By the time the last afternoon of the show comes around, many companies are already packing up their booth and preparing to head home. When scheduling fixed meetings, keep the floor plan at hand to avoid booking consecutive meetings at opposite ends of the venue. This will ensure you can walk calmly between stands and don’t arrive at an important meeting feeling flustered! 5. Make time for learning If you’re on a mission to expand your knowledge in a given area, check the event guide beforehand to note any education sessions you may want to attend. Look for panels and seminars which address the specific needs of your project, or which will contribute to your professional growth. This is one of the best opportunities you will have to learn from industry leaders in the field. Be sure to plan your attendance in advance so you can schedule the rest of your day accordingly. Check the event guide beforehand to note any education sessions you may want to attend and be sure to plan your attendance in advance 6. Keep a record Armed with your objectives and list of questions, you will want to make a note of exhibitors’ responses to help you come to an informed decision. If you’re relying on an electronic device such as a smartphone or tablet to take notes, you may like to consider bringing a back-up notepad and pen, so you can continue to take notes if your battery fails. Your record does not have to be confined to written bullet points. Photos and videos are great tools remind you what you saw at the show, and they may pick up details that you weren’t able to describe in your notes. Most mobile devices can take photos – and images don’t need to be high quality if they’re just to refresh your memory. 7. Network – but don’t let small talk rule the day It may seem obvious, but don’t forget to exchange business cards with everyone you speak to It may be tempting to take advantage of this time away from the office to talk about anything but business! While small talk can be helpful for building strong professional relationships, remember to keep your list of questions at hand so you can always bring conversations back to your key objectives. Keeping these goals in mind will also help you avoid being swayed by any unhelpful marketing-speak. It may seem obvious, but don’t forget to exchange business cards with everyone you speak to, or even take the opportunity to connect via LinkedIn. Even if something doesn’t seem relevant now, these contacts may be useful in future. Have a dedicated section in your bag or briefcase for business cards to avoid rummaging around. 8. Schedule time for wandering With your most important conversations planned carefully, there should be time left to explore the show more freely. Allowing dedicated time to wander will give you a welcome break from more pressing conversations, and may throw up a welcome surprise in the form of a smaller company or new technology you weren’t aware of. Allowing dedicated time may throw up a welcome surprise in the form of a smaller company or new technology you weren’t aware of Security trade show checklist Photo Identification: As well as your event pass, some events require photo identification for entry. Notebook and pen: By writing as you go, you will be able to compare notes at the end of the day. Mobile device: Photos and videos are great tools to remind you what you saw at the show, and may pick up details you missed in your notes. Paper schedule and floor plan: In case batteries or network service fail. Business cards: Have a dedicated pouch or pocket for these to avoid rummaging at the bottom of a bag. Comfortable shoes: If you’re spending a whole day at an event, and plan on visiting multiple booths, comfortable shoes are a must! Click here for an infographic on attending the event.

Attendees strolling the exhibit hall at IFSEC International, 18-20 June, 2019, at ExCel London, will be hearing a lot about artificial intelligence, convergence and GDPR. These industry hot topics are representative of major trends in the industry, from new technologies to new ways of designing systems to new privacy requirements. The education sessions at IFSEC International will also address these timely subjects – and provide a welcome chance to sit down and consider the ‘bigger picture.’ Here are some sessions to consider:    Artificial Intelligence The session will examine the ‘connectionism’ aspect of AI with reference to machine learning and neural networks A session on artificial intelligence asks: ‘Will AI change the face of the Electronic Security Industry?’ The session will examine the ‘connectionism’ aspect of AI with reference to machine learning and neural networks. Connectionism, or neuronlike computing, developed out of our understanding of how the human brain works at the neural level. Each neuron in the brain is akin to a simple digital processor, and the brain as a whole is like a computing machine. Has the time come for artificial intelligence and machine learning for security? That’s the focus of another session that will explore where AI is headed and if it can help move security practice from prevention to real-time threat detection. Is AI a technology looking for a problem to solve? Is it mature enough for mainstream usage in security scenarios? Does AI present a ‘double-edged risk’ (i.e., because enterprises and attackers have access to the same tools)? Convergence A combined security approach – unifying physical security and cybersecurity – is a real and immediate need in today’s high-risk and high-threat environment. By leveraging disparate sources of data, organisations can effectively manage a situation in real-time without having to go to multiple individual subsystems to get the job done. A panel session at IFSEC will discuss the concept, reality, and evolution of both physical and cybersecurity teams collaborating in the same Security Operations Centre. Here are some other sessions related to convergence of physical and cybersecurity: How converged security centres respond in real-time to physical and online threats How converged technologies ease prevention and response to unauthorised physical/logical access to corporate facilities and networks How chief security officers can benefit from data analytics and converged platforms to understand the complex physical and cyber risks posed to transport systems. GDPR Whilst the regulations provide a more comprehensive basis in law for the management of personal data The introduction in 2018 of the EU General Data Protection Regulations (GDPR) and Data Protection Act 2018 have elevated compliance requirements for video surveillance systems. That’s the subject of the session ‘GDPR – Video Surveillance: Balancing Privacy and Security.’ Whilst the regulations provide a more comprehensive basis in law for the management of personal data, they are part of a wider legal consideration for security technologies. Transparency, accountability and impacts on privacy must be actively integrated into security systems from the outset to retain the trust of those they affect. The work of the Information Commissioner (ICO) and the Surveillance Camera Commissioner (SCC) with their respective Codes of Practice provide a bedrock for effective governance. The 2018 Biometrics Strategy for the Home Office and their partners addresses the need for clear and transparent arrangements to ensure risks to privacy are weigh alongside the benefits. The session will examine these complexities and look at what owners and operators of security systems must consider when striving to balance privacy and security.

While most security teams are focused on preventing malicious outsider attacks, recent data suggests that close to 30 percent of confirmed breaches today involve insiders. Today’s increasingly complex networks across physical, information technology (IT) and operational technology (OT) systems make it difficult for security teams to detect and prevent insider threats. This is compounded by the proliferation of data, devices, applications, and users accessing networked resources. Rising insider malicious attacks threat As the threat landscape evolves rapidly, CISOs need to step up their game According to the 2017 U.S. State of Cybercrime Survey, 50 percent of organisations experience at least one malicious insider incident per year. And the Verizon 2018 Data Breach Report found that close to 30 percent of confirmed breaches today involve insiders. In August 2018, a tragic crash involving a Seattle airplane stolen by an employee raised awareness for the need for physical insider threat awareness (as well as more psychological screening before employment). As the threat landscape evolves rapidly, CISOs need to step up their game, says Aamir Ghaffar, Director of Solutions Engineering at AlertEnterprise. They should implement security controls that protect their company’s people, physical assets, data, intellectual property, and reputation both inside and out. And they need to do it while simultaneously satisfying industry compliance requirements. In response to our questions, Aamir Ghaffar offered some additional insights on the timely topic of insider threats. Q: We are hearing discussion about the emergence of cyber-physical security systems. What are they and how do they help organisations address insider threats? Threats now originate not only in the physical space but also in cyber environments Ghaffar: The concept of convergence has evolved in response to risk and the overall threat landscape. Threats now originate not only in the physical space but also in cyber environments – this is what is commonly referred to as blended risk. These blended risks require a converged approach and a converged view of security as a whole; connecting data, building new capabilities and gaining new insights to allow security teams to better defend against attacks. Q: How are organisations responding? Ghaffar: They are shifting towards centralisation – from the security operations center all the way to the executive level, where one C-Suite executive manages all security across physical, IT and OT domains. According to Gartner by 2023, 75% of organisations will restructure risk and security governance to address new cyber-physical systems (CPS) and converged IT, OT, Internet of Things (IoT) and physical security needs, which is an increase from fewer than 15% today. Q: How does the shift impact insider threats? Ghaffar: Unifying cyber and physical unlocks powerful new capabilities. For example, cyber-physical teams faced with a threat such as an intrusive device planted within their network environment, can quickly connect the cyber footprint to a physical location – understanding where the threats originate and identify those responsible for bringing it in. Converging physical and cyber identity through platforms that connect physical access control, IT and OT systems is an example of how organisations can better prepare for blended security threats An AI-enabled automated system is the most practical and human error-proof solution today Q: How is AI being used to protect against insider threats? Ghaffar: With increased security convergence we are now collecting such a large volume of data that relying on manual detection of insider or external threats is no longer a viable solution. An automated system, powered by artificial intelligence used with digital identities, is now the most practical and human error-proof solution today. AI and machine learning (ML) technology helps organisations map complex patterns of user behavior, process tens of millions of events within seconds to detect threats in near-real-time and respond swiftly. This benefits security operations personnel to go from distraction to action, allowing them to focus on what really matters, which are their most critical security events. Q: Sometimes the threat is about human error. Oftentimes we think the most harmful insider threats are intentionalGhaffar: Oftentimes we think the most harmful insider threats are intentional; however, unintentional user behavior and negligence could have serious ramifications for an organisation. Organisations should deploy technology that delivers automation and active policy enforcement to prevent employees from making inadvertent yet critical errors. Organisations should also do regular risk assessments – not one and done. Don’t implement a process and think you’re secure. Automated identity and access management technology can provide scheduled access reviews to help detect high-risk user profiles with accumulated or a toxic combination of access, as well as segregation of duties violations due to department change or job transfers. Q: What are the biggest misconceptions about insider threats? Ghaffar: First, that the biggest threats originate outside my company. Or that insider threats are a problem for government agencies and highly sensitive organisations, not “regular” companies like us. A company may also mistakenly think that they have limited assets that could be exposed, or that the assets are of little value; therefore, a large-scale breach is less likely to happen. And even if it does, it probably won’t have a big impact. Risk management leaders should start by developing a compelling visionQ: So, they think “it can’t happen here.”? Ghaffar: Yes, and they think their employees are inherently trustworthy, and that with basic security measures in place, the risk is small. They think that insider threats are always intentional. Or they think “it’s not my job.” Q: What next steps should security leaders take in addressing insider threats in their organisation? Ghaffar: Security and risk management leaders should start by developing a compelling vision and strategy that will resonate with key company stakeholders. They can expand the visibility they have into user activity beyond things that happen on the network. Go beyond a data-centric approach to a people-centric approach through identity behavior analysis. Improving visibility into user activity and taking a more preventive approach are the best ways to manage risk of an incident. Develop an inside-out approach to security. By converging physical, cyber and OT security you’ll gain a holistic view of your enterprise-wide security landscape.

With a population of more than 40,000, the City of Linden, New Jersey is part of the New York Metropolitan Area. It is located 13 miles southwest of Manhattan and borders Staten Island. In an effort to improve public safety and reduce crime, the city decided to modernise its video surveillance system. The City of Linden (the City) had more than 150 outdated, analogue cameras deployed throughout its buildings and parks. These consisted of an assortment of off-brand devices that lacked sufficient resolution, speed, and frame rates. To provide the highest quality video, the City decided to invest in a new citywide IP camera system. Purpose of video surveillance system Moving to IP cameras would require the City to increase its bandwidth capacity and upgrade its network video recorders (NVRs) to a more efficient, reliable, and secure video storage solution. This video surveillance system would need to: Support megapixel camera quality Be deployed at the network’s edge in various City buildings Stream video back to City Hall yet not be a burden on costs or bandwidth Be secure, simple to deploy, and easily expandable Work with world-class IP cameras and video management systems The City’s Department of Public Safety, led by the Police Department, oversaw the project. They hired Eastern Datacomm, a highly recommended system integrator out of Hackensack, New Jersey, to manage the entire project, from the installation of fibre lines for Internet to deploying the IP cameras and video surveillance appliances. Extra layer of security for clients Razberi makes it simple to manage and secure video surveillance and network-connected device solutionsOne reason the City of Linden chose Eastern Datacomm is because it has standardised on Razberi Technologies video surveillance appliances and software for all installations, providing an extra layer of security for its clients. Razberi makes it simple to manage and secure video surveillance and network-connected device solutions. Razberi appliances are highly reliable and network-optimised for megapixel quality. With the ability to record at the network’s edge and centrally, the Razberi suite of appliances also provide the flexibility that the City requires. A one-click VLAN setup establishes a private, secure network for camera traffic. Razberi’s intelligent video solutions are rightsized for the application including data centre, edge/fog, and rugged applications along with the ability to add cybersecurity protections. The appliances are also open to work with world-class video management solutions (VMS) and IP cameras. Built-in Razberi Monitor health monitoring software ensures the video surveillance system – all the way to each camera – is operating 24x7 without video loss or disruption. Installation of 250 IP cameras A Razberi EndpointDefender appliance is integrated with each Core device to provide Power over Ethernet+ (PoE+)Today, the City of Linden has more than 250 Panasonic IP cameras deployed across 13 locations. The main site is City Hall, which includes the Police Department. Cameras are also installed in four fire houses, two youth centres, the library, and various points around the train station and parking lot. At City Hall, Eastern Datacomm installed four Razberi Core appliances. These robust, server-class appliances centrally record heavier video surveillance workloads. This enables the City to be in compliance with the State of New Jersey’s retention law, which mandates that municipal video recordings be kept for 90 days. In addition, a Razberi EndpointDefender appliance is integrated with each Core device to provide Power over Ethernet+ (PoE+). EndpointDefender includes the Razberi CameraDefense cybersecurity software solution, should the City need it in the future. This extends industry best practice cyber protections all the way to the camera or Internet of Things (IoT) endpoint. ServerSwitchIQ edge appliances The ServerSwitchIQ’s compact size and ease of deployment worked for the City’s remote outdoor security camera locationsIn the City’s other buildings, the integrator deployed 12 Razberi ServerSwitchIQ edge appliances. More than an NVR, these devices combine a PoE+ switch, server, storage, and intelligence. By recording video near the network’s edge closer to the cameras, the appliances enable City workers at each location to monitor and play back video when needed. There is no need to constantly stream video back to City Hall, which reduces the impact of megapixel cameras on the network. The ServerSwitchIQ’s compact size and ease of deployment also worked for the City’s remote outdoor security camera locations. Each is small enough to fit into telco rooms under lock and key while handling the amount of cameras required. The City did not have to deploy servers, cabinets, and other equipment traditionally used for video surveillance systems. Eastern Datacomm monitors the video surveillance system via the Razberi Monitor software, which provides automated, real-time collection of system component properties and status such as storage disks, CPU Temperature, RAID arrays, and network traffic. With 24x7 monitoring and alerts, especially if a camera fails or goes down, Eastern Datacomm can take corrective action immediately. Reducing crime and enhancing quality of life The system is enabling the Police department to fulfil our mission to reduce crime, improve the delivery of Police services"“Our upgraded video surveillance system with the IP cameras and Razberi appliances gives the City of Linden one of the most state-of-the-art video surveillance systems in the country,” said David Hart, Chief of Police, City of Linden Police Department. “The system is enabling the Police department to fulfil our mission to reduce crime, improve the delivery of Police services, and enhance the quality of life for Linden residents. We have already solved some criminal cases using the security system with its reliable, high-quality video footage.” The City of Linden anticipates adding more cameras over time. They are working on a five-year plan to put more cameras in their 39 parks and other buildings. Each Razberi appliance can accommodate up to 24 IP cameras, making the system easily expandable.

The power grid is a modern engineering marvel, providing us widely available and affordable energy for not only our day to day lives, but also highly critical infrastructure elements for which we rely on personally, and as an economy. However, our reliance on the grid also makes it highly susceptible to adverse events, including physical attacks. All parts of the grid can become victims of malicious events, but substations are particularly vulnerable due to their role in power distribution and the nature of their equipment. Power utilities’ security The challenge power utilities worldwide are facing is finding an affordable solution The challenge power utilities worldwide are facing is finding an affordable solution, which can help detect, deter and facilitate an informed response to a substation security event. In the United States, this need is furthered by the physical security mandate CIP-014 issued by the North American Electric Reliability Corporation (NERC), calling for identification of security issues, vulnerability assessments and deployment of appropriate processes and systems to address. CIP-104 specifically calls for implemented security plans which include measures to deter, detect, delay, assess, communicate, coordinate and respond to potential physical threats and vulnerabilities. Fortunately, there are many solutions to help power utilities address these security concerns, one effective choice is the use of intelligent video. Intelligent video analytics solution Intelligent video, or video analytics, is a popular choice for the protection of critical facilities given its ability to detect, provide instant visual confirmation of the event and subsequent event forensics. The capability of this technology is increasing at a rapid rate, while decreases in hardware cost make such solutions affordable for owners or operators of critical bulk-power system sites. This case study looks at the issue of substation vulnerability and how to best use video to address, keeping in mind requirements of CIP-014. Such a system consists of fixed cameras, pan-tilt-zoom (PTZ) cameras, a deterrence device and data communication capability. Perimeter designs can vary based on the vulnerabilities identified, aspects of the site, budget, etc Perimeter designs can vary based on the vulnerabilities identified, aspects of the site, budget, etc. In most cases, substations can benefit from a simple “camera-following” design, which includes surveillance of a potential breach at the fence line, as well as, the ability for early detection for some distance beyond the physical perimeter. Camera-following design In a camera-following design, in addition to its own coverage, each camera is responsible for covering the blind spot of the adjacent camera. That camera is then responsible for covering the blind spot of the next camera, and this pairing continues around the perimeter until the final camera covers the blind spot of the first. This type of coverage design is very effective and affordable for locations with well-defined perimeters, such as substations. Using this layout, the video feed from the fixed cameras are then enabled with video analytics algorithms to alert when predefined conditions are met. This is done by inputting the video signal into a server, edge device or NVR, located at the site, or remote to the location. Intelligent video technology Today’s intelligent video technology provides for very specific alarm criteria Today’s intelligent video technology provides for very specific alarm criteria, which in addition to only alarming when a target enters in a specific region, can also discriminate, or classify, by the type of target: human, vehicle, etc. Furthermore, the alarm can be restricted by specific actions taken by the target, such as loitering in an area, dropping or throwing an object, more than one target entering with a valid badge swipe (tailgating) or even the speed at which a target is entering an area. This level of discrimination provides the ability to address very specific vulnerabilities, as well as, avoid nuisance targets, such as wildlife, debris or moving vegetation. Another key feature with significant value to substation protection is the geospatial aspects available with some video analytic solutions. This capability maps each pixel of video to its real-world latitude, longitude and elevation. This results in further assessment of the target, including the actual location, the real size of the target, the real speed and the current track. It also affords the opportunity to provide a real-time display of this information to the security operator through an easy to understand map-based user interface. Autonomous PTZ cameras Geospatial video analytics provide the benefit of knowing the exact map-based location of the target Another key assessment aspect of this substation protection scheme is the use of autonomous PTZ cameras. These are typically placed at the corners of the perimeter where they can service detections from multiple fixed cameras. As previously mentioned, geospatial video analytics, provide the benefit of knowing the exact map-based location of the target. Knowing the location of the target is extremely valuable to the security officer, but it is also the basis for a feature known as “slew to cue,” whereby PTZ cameras armed with video intelligence can be automatically steered to the same location for instant confirmation of the target. In most cases, “slew to cue” functionality also includes an “intelligent zoom” feature, which uses the target size information from the alarm, the PTZ camera location and the target location to adjust the zoom level of the PTZ for an instant view of the target that can provide identification details (clothing color, car type, etc) without the need for the operator to further adjust the zoom. Target detection and response Once a target is detected, a security approach leveraging intelligent video can continue with a coordinated response  Once a target is detected and confirmed, a security approach leveraging the use of intelligent video can continue with a coordinated response to the event. When video analytics is applied to pan-tilt-zoom cameras, it has the ability to automatically follow a defined target, freeing the operator to take other actions, such as coordinating with law enforcement officials. This feature, referred to as camera auto follow or PTZ following, can be automatically engaged as the result of a detection event, or subsequent to a slew to cue action. The system will continue to follow the target until it reaches a pre-defined system time-out, the operator takes manual control, or the camera can no longer view the target. The system can then provide the resulting PTZ video as a component of the detection alarm, for a more complete understanding of the intrusion for the operator to review. Effective deterrence At this point, the system has detected the target, classified its type and verified it has met alarm conditions. As part of the alarm it has also included dynamic indication of its location on a map, autonomously steered a PTZ to the target to allow for gathering of more detailed target information and a PTZ has locked on and is now following the target without any required user interaction. Total elapsed time to this point in the security response is typically less than 5 seconds. Deterrence is often realised as a fence, physical barriers or access controlled gates This level of automated response addresses many vulnerabilities typically identified as part of a CIP-014 security assessment, but with minimal extra cost, it can be extended to help with the aspect of deterrence. Deterrence is often realised as a fence, physical barriers or access controlled gates. These are physical items and should certainly be included in a substation security plan. Intrusion detection However, another form of deterrence, which can be enabled through the use of intelligent video is the idea of audio talk down. This is the use of live or pre-recorded audio, which is activated upon an intrusion to deter the intruder. Different from a general alarm warning audio, audio talk down uses information about the location of the intruder and their actions to select appropriate pre-recorded audio to deter the intruder. Worse case, the understanding that they are being actively monitored may hasten their plan. Video-based security and alarm system A common concern when deploying such a system is the amount of bandwidth required A common concern when deploying such a system is the amount of bandwidth required. Substations are almost always unmanned, which means the intrusion information must have a means to get communicated back to the main monitoring location. From a design aspect, this is typically the case, but it is important to know that it is not a requirement in order to gain security benefits from a video based system. The system described in this case study has the capability to detect, assess, respond and deter without any communication back to a main command and control. Alarms, events and system actions can be logged and stored remotely for review at a later time. In reality, utilities will want to be notified and react in real time. In these cases, video systems can adjust to the available bandwidth – from a low bandwidth situation where a textual alarm is provided with an image of the detection, to a high bandwidth installation where feeds from multiple cameras can be monitored and controlled in real time. Web-based, mobile access In each case, complete alarm information, including meta data, images and video can be readily available to the security operations center, which can then take action based on their security response plan, including contacting and coordinating this alarm data with local law enforcement through web-based access or mobile phones. This case study outlines the effectiveness of utilising video analytics to address the physical vulnerabilities of a typical substation. The study outlines how recent technological advances can autonomously address assessment, response and deterrence This case study outlines the effectiveness of utilising video analytics to address the physical vulnerabilities of a typical substation. Further, the study outlines how recent technological advances allow such a solution to extend beyond the mere detection of events, but can also autonomously address assessment, response and deterrence. Key capabilities of intelligent video include: Advanced Detection – Accurate alarming based on specific targets types and actions Situational Awareness – The ability to quickly convey the critical details of a security event in an easy to understand map-based format. Real-time Target Location – Real-time location information of events and real-time location tracking of potential intruders. Autonomous Sensor Control – Automated steering of cameras to an event location and subsequent hands free video tracking of a suspect. Although each utility and substation may encounter different vulnerabilities, this case study outlines how video can be considered to address NERC guidelines for protecting critical substation assets by providing situational awareness of a potential threat and initiating an appropriate and timely response.

e-shelter security has installed over 2,000 smart Sony network cameras to monitor high-security buildings and critical infrastructure at data center locations in Europe. Integrated security solutions expert The Frankfurt-based system integrator builds and operates integrated security solutions for mission-critical environments The Frankfurt-based system integrator builds and operates integrated security solutions for mission-critical environments, where customer applications must be available around the clock. As well as offering necessary hardware and infrastructure redundancy, the centers must also be protected against virtual and physical attackers. To prevent unauthorised access to servers and other infrastructure without creating unnecessary barriers, e-shelter security is making increasing use of intelligent, self-learning security systems. Physical security is supported by Sony SNC-EB632R infrared and SNC-WR632C dome cameras that are used for perimeter surveillance at the data center locations, together with SNC-EM600 minidome cameras that are used for indoor surveillance. Sony Video Security dome cameras Key criteria for the choice of cameras were very high image quality - even in challenging environmental conditions - and extreme reliability. “Another decisive factor for us was our long-standing cooperation with the Sony Video Security team” says Kai Friedrich, Head of Application Engineering and IT at e-shelter security. “Their expertise helps us to think in terms of not just products but about entire solutions. Equally, they have provided us with very sound technical advice and support throughout the entire project.” Cayuga video management system The Sony cameras are controlled and managed using SeeTec’s Cayuga video management system The Sony cameras are controlled and managed using SeeTec’s Cayuga video management system. All cameras are connected to e-shelter security’s certified emergency call and service centers, allowing appropriate intervention to be initiated in the event of an incident. As well as ensuring the physical security of the data centers, the cameras also provide protection against cyber-attacks on customers’ assets. High levels of integral security prevent hackers from using the Sony cameras as an entry point into the customer’s own network. Due to the positive experience gained during more than three years of cooperation on data center projects, e-shelter security is also using Sony cameras in logistics centers, consulting/finance industry office buildings and smart building projects where the company combines innovative security technology with new digital technologies.

Mobile-device and application-security technology company Trustonic announces that Hyundai Motor America will demonstrate its new Digital Key app, secured by Trustonic Application Protection, at the New York International Auto Show 2019. The Digital Key will launch with the all-new 2020 Hyundai Sonata in the fall. Hyundai’s Digital Key is a downloadable smartphone app that can replace a traditional car key by leveraging Near Field Communication (NFC) to detect an authorised smartphone. An NFC antenna is located in the driver’s door handle for locking and unlocking while a second antenna for starting the engine is located in the wireless charging pad in the centre console. Seamless vehicle sharing The Digital Key allows a smartphone to control select vehicle systems remotely using Bluetooth Low Energy (BLE) communication Once authorised, the Digital Key allows a smartphone to control select vehicle systems remotely using Bluetooth Low Energy (BLE) communication. A user can lock and unlock the vehicle, activate panic alert and start the engine within a range of about 30 feet of the car. The new Digital Key can be utilised by up to four authorised users, facilitating seamless vehicle sharing. Users’ preferred settings are also stored in the car, meaning that when a user is recognised, the vehicle automatically adjusts settings for side mirrors, radio presets, sound settings, and seat positioning. Hyundai is using Trustonic Application Protection (TAP) to secure the Digital Key. TAP ensures that Digital Key transfer requests are securely displayed to and approved by a real, authenticated user on a trusted device. Cybersecurity approach TAP utilises a multilayered industry-recognised security approach for communication to and from the customer’s phone. “Hyundai has been a leader in connected car technology for a long time now, with new features like Apple CarPlay, Android Auto, Smartwatch and Smart-speaker integration into our vehicles,” said Manish Mehrotra, director of digital business planning and connected operations, Hyundai Motor America. “Digital Key adds convenience for 2020 Sonata owners and allows us to be ready for future shifts in the mobility space, such as car sharing. We chose Trustonic because of their multilayered, industry recognised cybersecurity approach.” Vehicle-function permissions Hyundai’s Digital Key will enable easy car sharing and improved user experiences" Car owners have a deeper level of access than other authenticated users, enabling them to set vehicle-function permissions and the duration of access for each shared user. This enables uses beyond car sharing, such as enabling couriers to access the trunk within a pre-agreed window of time to deliver a package. Future uses that the app could enable include car rentals, triggering an alarm when a vehicle travels outside a designated area and remote control of features, such as autonomous parking. Ben Cade, CEO, Trustonic, adds, “Consumers expect to be able to manage their lives on their smartphones, and this includes their vehicles. Hyundai’s Digital Key will enable easy car sharing and improved user experiences for drivers—and as international leaders in app security, it’s up to us to ensure this can happen in a scalable and secure way.”

Cybersecurity has become the ultimate buzzword in the physical security market. And it also represents one of the industry’s most intractable challenges. Several years ago, the problem with cybersecurity was lack of awareness among physical security practitioners. It’s now safe to say that awareness has increased. Everyone today talks about cybersecurity, but has it helped the larger problem? We asked this week’s Expert Panel Roundtable: Is greater awareness helping to increase the cybersecurity of physical security systems?

Statistically speaking, incidents of terrorism are unlikely to impact most businesses and institutions. However, the mere possibility of worst-case-scenario attacks is enough to keep security professionals awake at night. Compounding the collective anxiety is the minute-by-minute media coverage when an attack does occur. The immediacy of the shared experience of global tragedy impacts us all – including security system decision-makers. We asked this week’s Expert Panel Roundtable: How is the rise in terrorism impacting the physical security market?

What is a business, or an industry, but a collection of people and the results of their work? People make all the difference in the destiny of a business or industry. And the people involved in a business reflect the impact of demographic changes – and the passage of time. The security industry has been largely built by Baby Boomers, who are getting older and increasingly stepping aside to make way for younger folks. We asked this week’s Expert Panel Roundtable: Is there a “new generation” of employees and managers entering the physical security marketplace, and what will be the impact?