Security systems

In the wake of recent allegations that ATM locks worldwide are vulnerable to new side-channel attacks, Sargent and Greenleaf (S&G), a manufacturer of high-quality electronic ATM locks, recently conducted vulnerability testing to provide insight and identify ways ATM owners and operators can protect their machines against side-channel attacks. Side-channel attacks, which can exploit internal components of electronic locks, first emerged in 2015 and continue to plague electronic lock users today. In a nutshell, attacks are most effective when access, information and speed are present. Exposed external connection points If the hacker can quickly and easily gain access and make a connection, a breach is more likely to happen" “If the hacker can quickly and easily gain access and make a connection, a breach is more likely to happen,” states Travis Ferry, an engineer with Sargent and Greenleaf and part of the core team that conducted the company’s vulnerability testing. Ferry immediately noted that ATM locks with exposed external connection points render the attacks more likely, with some locks vulnerable to being hacked in as little as five minutes. “Theoretically, a hacker could still get access to an ATM lock with a solid ring around it,” Ferry continues, “but, it would take time, and these attackers rely on speed to accomplish a breach.” High-level findings to the industry The company’s vulnerability testing also examined the type of electronic information stored within ATM locks and found that some locks retain complete static access codes in certain modes of operation without requiring touch keys for access. S&G’s report states that once hackers obtain an access code, it’s easy to open the lock and gain entry to where the ATM’s cash is stored. S&G released high-level findings to the industry in September that could better protect ATMs S&G released high-level findings to the industry in September that could better protect ATMs around the United States and the world. “Millions of ATMs are deployed globally,” said Devon Ratliff, Director of Engineering for Sargent and Greenleaf. “People want to feel secure about their money and cash-in-transit companies need to know their machines are safe from compromise.” Minimising access and encryption information Among the many suggestions from the S&G report, the top recommendations include adding tamper-resistant solid ring housings to ATM locks, minimising access and encryption information stored in the locks, and implementing multiple layers of authentication through one-time codes, touch keys and time windows. “Today’s ATM owners and operators have a lot to contend with,” Ratliff says. “Threats like side-channel attacks and jackpotting aren’t just theoretical; they result in real losses and significant downtime for these businesses.” Ratliff recommends that ATM owners and operators secure their machines with locks designed to deter side-channel attacks and consider adding accessories like ATM hood protection as well. “We can’t predict the future,” Ratliff concludes, “but, we can be pro-active and stay responsive to the threats we face today.”

Allegion UK, a pioneer in safety and security, has added the 286DL locking handle to its established range of Brio dual point locks for exterior folding applications. It is ideal for both residential and commercial facilities, joining other Brio accessories for the 286 dual point lock used on Weatherfold 4s and 5c. Designed to ‘suite’ with Brio 288 lever furniture, the 286DL locking handle has been specifically design engineered to secure timber and aluminium folding panels. The single action handle is a stylish alternative to two flush bolts. The product also enables the doors to fold flat. The intelligent security-conscious design of the 286DL is discreetly hidden inside the aluminium stile or edge of a timber panel with minimal machining and quick fixing points thanks to the patented hinge blocks. A variety of keepers allow for neat dressing and accurate alignment of the throw and panel, which improves the performance of perimeter weather seals. This new addition allows joinery manufacturers to offer a lock and handle for access doors that can be used with a cylinder of choice. The new locking handle is stylish and secure – the perfect accompaniment for our folding door systems” Sliding door hardware systems David Newton, Brio UK general manager, explains: “We routinely research and review the marketplace for folding and sliding door hardware systems, to see where Brio can add value for customers. The 286 dual point lock was developed as an alternative to using flush bolts on panels. "The lock is less intrusive than flush bolts, and also has the very considerable advantage of eliminating any bending-down or reaching-up to lock or unlock the door which is the downside of flush bolts. This makes it very friendly with regards to disabled access, as wheelchair users will not have to rely on help to open doors. The new locking handle is stylish, secure and simple – the perfect accompaniment for our folding door systems.”, he adds. Added to the design and manufacturing excellence is the company’s rigorous product testing and quality assurance. The 286DL locking handle is cycle tested in excess of 100,000 operations and comes with a 10-year warranty. It’s available in a variety of finishes for matching flexibility, including stainless steel for coastal areas.

A new cybersecurity service brings professional 24-hour monitoring within reach of SMEs for the very first time. bluedog Security Monitoring, which has been launched by Freeparking.com founder Paul Lomax and cybersecurity expert Tim Thurlings, offers smaller firms the type of managed detection and response service previously only available to large corporates. Highly trained cybersecurity team The launch of bluedog comes as SMEs face increased pressure from customers, regulators and investors The London-based company has developed a low-cost device called Sentinel which plugs into a customer's network and uses machine learning to spot unusual activity. It then alerts bluedog's security operations centre, where a highly trained cybersecurity team can analyse and respond to potential threats. The bluedog service can detect both external and internal threats, such as phishing emails or the download of video or audio files packed with malicious malware, which often bypass traditional endpoint security and firewalls. It not only offers enhanced security and rapid response to incidents, but also helps companies comply with standards such as GDPR, Cyber Essentials or ISO/IEC 27001:2005 and keeps a full audit trail for reporting purposes. The launch of bluedog comes as SMEs face increased pressure from customers, regulators and investors as well as cyber criminals seeking ‘soft' targets. Firewalls and endpoint protection The UK government's Cyber Security Breaches Survey 2019 shows that while the number of businesses being attacked has been falling - down from 46 per cent in 2017 to 32 per cent this year - the number of attacks each victim suffers has risen from two to six over the same period. It suggests businesses with weaker defences are being targeted repeatedly. bluedog's CTO Tim Thurlings, a former ‘ethical hacker' who helped develop the EU's TIBER threat intelligence framework, says: "Firewalls and endpoint protection which SMEs have traditionally relied on are no longer adequate as experienced hackers can easily find ways round them. SMEs need to take their cybersecurity to the next level, yet at present few have a dedicated professional.” Bluedog's innovative model combines machine learning and human expertise to offer exceptional service" "bluedog gives them 24/7 access to a whole team of cyber experts for less than the cost of employing one part-time staff member. Bluedog's innovative model combines machine learning and human expertise to offer exceptional service and peace of mind." Analyst firm Gartner believes that by 2020, 15 per cent of organisations will be using services such as managed detection and response, compared to less than 1 per cent today. Combining machine learning and human expertise bluedog CEO Paul Lomax, whose Freeparking.com business was the UK's first self-service domain registrar, and who has also founded two hosting companies, says bluedog is targeting a gap in the market for SME monitoring services. "While technology is becoming more sophisticated, it still requires people to analyse the data and act on it," he explains. "Ideally all businesses should have 24/7 monitoring but with salaries for skilled professionals running into six figures, it is an expensive resource that up until now has been limited to blue-chip firms.” "With bluedog, we have developed a smarter model which enables us to revolutionise pricing and bring services within reach of SMEs for the first time. This is a $10bn untapped market and no-one else is offering a solution. bluedog's model gives us a competitive advantage and makes us well placed to become a global leader."

The retail industry is constantly evolving, with a fast-paced environment that requires retailers to quickly respond to changes in the market, while delivering a consistent service that inspires customer loyalty – all in a bid to maintain healthy margins and revenue in what is an increasingly competitive landscape. Helping retailers to drive efficiency and capitalise on new labelling innovations, Checkpoint Systems’ source tagging programme, which celebrates more than 25 years since its inception in 1994 for the American drug store chains, Eckerd Drug Stores and Rite Aid, puts a framework for collaboration at its heart. Most popular products in-store Working with more than 45 per cent of the top-50 global retailers, Checkpoint’s programme has successfully enabled more than 75,000 items to arrive in store, shelf-ready. The mutual benefits for both the retailer and manufacturer are widely known – from open merchandising and reduced out-of-stocks to the improved appearance of products on shop shelves. Both manufacturers and retailers need to anticipate the most popular products in-store and high-risk SKUs However, by introducing an on-going partnership both retailers and manufacturers can weld even more advantages across the supply chain. Moreover, as product introductions become more frequent, treating source tagging as an on-going programme and not a one-off service is critical. For example, in the dynamic consumer goods market, both manufacturers and retailers need to anticipate the most popular products in-store and high-risk SKUs. Latest technological innovations A source tagging programme that focuses on collaboration delivers a continuous, consistent process that helps to identify high-loss SKUs, evaluate tagging placement options in response to packaging and branding changes, and aids frequent compliance audits while delivering the most valuable brand protection possible. By partnering with a respected source tagging partner, like Checkpoint Systems, retailers can also leverage the latest technological innovations and create a clear path to RFID giving both retailers and manufacturers the competitive advantage. For example: Protecting merchandise against counterfeit items Implementing category-specific labels to protect and extend the life of merchandise, e.g. fresh foods Tracking products to reduce the impact of supply chain fraud Protecting the retailer and wider supply chain against theft Effectively assess supply chain and retail challenges Flavio Musci, EMEA Source Tagging Director, Checkpoint Systems, said: “As the market leader in Source Tagging, we understand the importance of working closely with our customers and their vendors to effectively assess supply chain and retail challenges and create a programme that responds to their needs. This not only takes into consideration the design implications of label placement, but the technological innovations required to capture and relay important information to enhance traceability and critically, stock availability.” “With the biggest source-tagging team in the world, we are uniquely placed to help retailers maximise the benefits of their source tagging programmes. And, speaking about the importance of collaboration, a leading European grocery retailer once said: retailers, vendors and solutions providers have to work collaboratively to achieve a successful source tagging programme.”

HENSOLDT, the independent sensor solutions house acquires NEXEYA, a provider of services and electronics solutions for defence and commercial customers. With all legal requirements met, the share purchase agreement signed in April this year has now taken effect. The acquired activities represent a turnover of around €95 million and a workforce of approximately 620 employees. “NEXEYA strengthens our industrial base particularly in France, improving customer access and enhancing our product portfolio”, said Thomas Müller, CEO of HENSOLDT. Innovative product combinations “HENSOLDT is already successful in France, but this acquisition boosts our strategy of developing commercial markets and creates new opportunities in the area of services. Thus, the move is in line with the acquisitions made in Germany and the UK in the last two years in the areas of avionics, security and industrial engineering.” Our complementary product portfolios provide opportunities for innovative product combinations" “I am proud, that NEXEYA becomes a part of HENSOLDT” said Jérôme Giraud, CEO of NEXEYA France and HENSOLDT Holding France. “This is an exciting new chapter for our growth story. Our complementary product portfolios provide opportunities for innovative product combinations and new developments that will benefit our customers domestically and abroad”, Giraud said. “NEXEYA will benefit from increased global and segmental market access, investment capacities and human skills using the continuously growing HENSOLDT sales and marketing network.” Hydrogen-based energy storage and supply stations With three major industrial sites (Angoulême, Massy and Toulouse), NEXEYA designs, manufactures tests and maintains complex electronic systems for the Aerospace, Defence, Energy and Transports sectors. An industrial partner of the aeronautical industry for more than 30 years, NEXEYA supplies products and solutions to aircraft OEMs, both civil and military, as well as their equipment manufacturers. The company is involved in all stages of development and life cycle of an aircraft, from the design and validation of prototypes to their maintenance. Complementary with HENSOLDT France, which develops IFF identification systems and data links for the Defence market, NEXEYA designs mission management systems. NEXEYA is also a strong player in the renewable energy market, developing and manufacturing hydrogen-based energy storage and supply stations.

Door Group, a unit of ASSA ABLOY Opening Solutions UK & Ireland, launches two new high performance steel doorsets within its Powershield Security Doorset range. The new SR3 and SR4 steel door ranges, also known as Torr and Titan, have been developed from scratch to offer a product compatible with increased frame and ironmongery options, allowing greater freedom of design for architects and specifiers. Complete doorset solution The doors are suitable for an extensive range of sectors, including banks, power stations, hospitals, safe rooms, MOD buildings, personal security, arenas and stadiums. After listening to customers’ requirements, the Torr and Titan ranges have been redeveloped to replace the Glen and Strangford security doors and are certified under LPS1175 Issue 7 to withstand against sustained, professional burglar and vandal attacks. The Torr and Titan ranges are overall easier to install, handle and lighter to use The launch ensures specifiers, architects and contractors can source a complete doorset solution from one trusted single point of contact. Compatible with a wide range of Kaye Certified locking systems, in single and double configurations, the two new door ranges can also come with or without LPS rated and certified vision panels, in a range of frame styles. With a leaf and frame weight reduction of up to 40% from previous ranges, the Torr and Titan ranges are overall easier to install, handle and lighter to use – making them an ideal choice for a wide range of projects. Highest quality products and services The ranges prioritise both the performance and the aesthetic of the doorsets, completely removing industrial looking features from the outside of the door leaf, and reducing the leaf skin thickness to tighten the folds and create a softer aesthetic. The new high security doorsets now look almost identical to standard commercial doorsets, perfect for those looking for discreet or inconspicuous solutions. Brian Sofley, Managing Director at ASSA ABLOY Door Group, explains: “We are always looking for ways to develop ourselves and our trade, ensuring that we deliver the highest quality products and services on the market. I believe both the Torr and Titan ranges really embody this value. We are confident that the two new ranges will exceed the needs of our customers and specifiers, providing a durable solution which achieves the performance demands required.”

There’s a lot of hype around the term ‘digital transformation.’ For some, it’s the integration of digital technology into everyday tasks. For others, it’s the incorporation of innovative processes aimed at making business optimisation easier. In most cases, digital transformation will fundamentally change how an organisation operates and delivers value to its customers. And within the security realm, the age of digital transformation is most certainly upon us. Technology is already a part of our day-to-day lives, with smart devices in our homes and the ability to perform tasks at our fingertips now a reality. No longer are the cloud, Internet of Things (IoT) and smart cities foreign and distant concepts full of intrigue and promise. Enhancing business operations We’re increasingly seeing devices become smarter and better able to communicate with each other These elements are increasingly incorporated into security solutions with each passing day, allowing enterprises the chance to experience countless benefits when it comes to enhancing both safety and business operations. The term ‘connected world’ is a derivative of the digital transformation, signifying the increasing reliance that we have on connectivity, smart devices and data-driven decision-making. As we become more familiar with the advantages, flaws, expectations and best practices surrounding the connected world, we can predict what issues may arise and where the market is heading. We’re increasingly seeing devices become smarter and better able to communicate with each other through the IoT to achieve both simple goals and arduous tasks. Within our homes, we’re able to control a myriad of devices with commands (‘Hey Google...’ or ‘Alexa...’), as well as recall data directly from our mobile devices, such as receiving alerts when someone rings our doorbell, there’s movement in our front yard or when a door has been unlocked. Analytics-driven solutions The focus is now shifting to the business impacts of connectivity between physical devices and infrastructures, and digital computing and analytics-driven solutions. Within physical security, connected devices can encompass a variety of sensors gathering massive amounts of data in a given timeframe: video surveillance cameras, access control readers, fire and intrusion alarms, perimeter detection and more.As the data from each of these sensors is collected and analysed through a central platform, the idea of a connected world comes to fruition, bringing situational awareness to a new level and fostering a sense of proactivity to identifying emerging threats. The connected world, however, is not without its challenges, which means that certain considerations must be made in an effort to protect data, enhance structured networking and apply protective protocols to developing technology. Physical security systems We can expect to see the conversations regarding data privacy and security increase as well As the use of connected devices and big data continue to grow, we can expect to see the conversations regarding data privacy and security increase as well. Connectivity between devices can open up the risk of cyber vulnerabilities, but designing safeguards as technology advances will lessen these risks. The key goal is to ensure that the data organisations are using for enhancement and improvements is comprehensively protected from unauthorised access. Manufacturers and integrators must be mindful of their products' capabilities and make it easy for end users to adhere to data sharing and privacy regulations. These regulations, which greatly affect physical security systems and the way they're managed, are being implemented worldwide, such as the European Union's General Data Protection Regulation (GDPR). In the United States, California, Vermont and South Carolina have followed suit, and it can be expected that more countries and U.S. states develop similar guidelines in the future. Technology is already a part of our day-to-day lives, with smart devices in our homes and the ability to perform tasks at our fingertips now a reality Automatic security updates Mitigating the concerns of the ‘connected world’ extends beyond just data privacy. IoT technology is accelerating at such a pace that it can potentially create detrimental problems for which many organisations may be ill-prepared - or may not even be able to comprehend. The opportunities presented by an influx of data and the IoT, and applying these technologies to markets such as smart cities, can solve security and operational problems, but this requires staying proactive when it comes to threats and practicing the proper protection protocols. As manufacturers develop devices that will be connected on the network, integrating standard, built-in protections becomes paramount. This can take the form of continuous vulnerability testing and regular, automatic security updates. Protocols are now being developed that are designed to ensure everything is encrypted, all communications are monitored and multiple types of attacks are considered for defensive purposes to provide the best security possible. IoT-connected devices Hackers wishing to do harm will stop at nothing to break into IoT-connected devices Built-in protection mechanisms send these kinds of systems into protection mode once they are attacked by an outside source. Another way for manufacturers to deliver solutions that are protected from outside threats is through constant and consistent testing of the devices long after they are introduced to the market. Hackers wishing to do harm will stop at nothing to break into IoT-connected devices, taking every avenue to discover vulnerabilities. But a manufacturer that spends valuable resources to continue testing and retesting products will be able to identify any issues and correct them through regular software updates and fixes. ‘IoT’ has become a common term in our vocabularies and since it’s more widely understood at this point and time, it's exciting to think about the possibilities of this revolutionary concept. Providing critical insights The number of active IoT devices is expected to grow to 22 billion by 2025 — a number that is almost incomprehensible. The rise of 5G networks, artificial intelligence (AI) and self-driving cars can be seen on the horizon of the IoT. As more of these devices are developed and security protocols are developed at a similar pace, connected devices stand to benefit a variety of industries, such as smart cities. Smart cities rely on data communicated via the IoT to enhance processes and create streamlined approaches Smart cities rely on data communicated via the IoT to enhance processes and create streamlined approaches to ensuring a city is well-run and safe. For example, think of cameras situated at a busy intersection. Cameras at these locations have a variety of uses, such as investigative purposes in the event of an accident or for issuing red-light tickets to motorists. But there are so many other possible purposes for this connected device, including providing critical insights about intersection usage and traffic congestion. These insights can then be used to adjust stoplights during busy travel times or give cities valuable data that can drive infrastructure improvements. Physical security market The impact of connected devices on cities doesn’t stop at traffic improvement. The possibilities are endless; by leveraging rich, real-time information, cities can improve efficiencies across services such as transportation, water management and healthcare. However, stringent protections are needed to harden security around the networks transmitting this kind of information in an effort to mitigate the dangers of hacking and allow this technology to continuously be improved. Whether you believe we’re in the midst of a digital transformation or have already completed it, one thing is certain: businesses must begin thinking in these connectivity-driven terms sooner rather than later so they aren’t left behind. Leveraging smart, connected devices can catapult organisations into a new level of situational awareness, but adopting protections and remaining vigilant continues to be a stalwart of technological innovation within the physical security market and into the connected world.

We live in an information and data-led world, and cybersecurity must remain top-of-mind for any organisation looking to both protect business operation critical assets. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - from cybercriminals conducting targeted spear-phishing campaigns - like the 2018 Moscow World Cup vacation rental scam, to nation-state actors looking to collect intelligence for decision makers - no organisation is safe from innovative cyber threats. Security solutions enterprises Organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe The evolving threat space means organisations need to ensure they have the most innovative prevention and detection frameworks in order to withstand adversaries using complex and persistent threats. When implementing new security solutions enterprises must start by assuming that there is already a bad actor within their IT environment. With this mindset, organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe. As there is no one silver bullet that truly stops all cyberattacks, organisations must adopt a multipronged approach to be widely adopted to stop adversaries. This must include tracking, analysing and pinpointing the motivation of cyber actors to stay one step ahead through global intelligence gathering and proactive threat hunting. In addition, deploying new technologies leveraging the power of the cloud give a holistic view of the continuously evolving threat landscape and thereby secure data more efficiently. Traditional security approach In today’s landscape, the propagation of advanced exploits and easily accessible tools has led to the blurring of tactics between statecraft and tradecraft. Traditional security approaches are no longer viable when it comes to dealing with the latest trends in complex threats. To make defending against these threats even more complicated, adversaries are constantly adapting their tactics, techniques and procedures (TTPs), making use of the best intelligence and tools. CrowdStrike’s latest Global Threat Report tracked the speed of the most notable adversaries including Russian, Chinese, North Korean and Iranian groups. As the adversaries’ TTPs evolve into sophisticated attack vectors defenders need to recognise we are amidst an extreme cyber arms race, where any of the above can become the next creator of a devastating attack. Russian efficiency is particularly high; they can spread through an enterprise network in 18 minutes 48 seconds on average, following the initial cyber-intrusion. Sophisticated cyber weapons Actors tend to use a simple trial and error technique where they test the organisation's network So, reacting to threats in real-time is a priority. Bad actors are extremely vigilant and committed to breaking down an organisation’s defences, and speed is essential to finding the threats before they spread. Actors tend to use a simple trial and error technique where they test the organisation's network, arm themselves with more sophisticated cyber weapons, and attack again until they find a vulnerability. This has highlighted the need for tools that provide teams with full visibility over the entire technology stack in real-time in order to meet these threats head-on. Traditional solutions are scan-based, which means they don’t scale well and can’t give the security teams context around suspicious activity happening on the network. They lack full visibility when a comprehensive approach is needed. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - like the 2018 Moscow World Cup vacation rental scam Malicious behaviour Through leveraging the power of the cloud and crowdsourcing data from multiple use cases, security teams can tap into a wealth of intelligence collated from across a vast community. This also includes incorporating threat graph data. Threat graphs log and map out each activity and how they relate to one another, helping organisations to stay ahead of threats and gain visibility into unknowns. Threat graph data in conjunction with incorporating proactive threat hunting into your security stack creates a formidable 360-degree security package. Managed threat hunting teams are security specialists working behind the scenes facing some of the most sophisticated cyber adversaries through hands on keyboard activity. Threat hunters perform quickly to pinpoint anomalies or malicious behaviour on your network and can prioritise threats for SOC teams for faster remediation. In-depth knowledge Security teams need to beat the clock and condense their responseIt is key for security teams to have an in-depth knowledge of the threat climate and key trends being deployed by adversaries. The TTPs used by adversaries leave are vital clues on how organisations can best defend themselves from real-life threats. Intrusion ‘breakout time’ is a key metric tracked at CrowdStrike. This is the time it takes for an intruder to begin moving laterally outside of the initial breach and head to other parts of the network to do damage. Last year, the global average was four hours and 37 minutes. Security teams need to beat the clock and condense their response and ejection of attackers before real damage is done. Next-generation solutions When managing an incident clients need to be put at ease by investigations moving quickly and efficiently to source the root of the issue. Teams need to offer insight and suggest a strategy. This can be achieved by following the simple rule of 1-10-60, where organisations should detect malicious intrusions in under a minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation activities in less than an hour. The most efficient security teams working for modern organisations try to adhere to this rule. As the threat landscape continues to evolve in both complexity and scale, adequate budget and resources behind security teams and solutions will be determining factors as how quickly a business can respond to a cyberattack. To avoid becoming headline news, businesses need to arm themselves with next-generation solutions. Behavioural analytics The solution can then know when to remove an adversary before a breakout occurs Behavioural analytics and machine learning capabilities identify known and unknown threats by analysing unusual behaviour within the network. These have the ability to provide an essential first line of defence, giving security teams a clear overview of their environment. With this at hand, the solution can then know when to remove an adversary before a breakout occurs. Attackers hide in the shadows of a network’s environment, making the vast volume and variety of threats organisations face difficult to track manually. The automation of responses and detection in real-time is a lifeline that organisation cannot live without as adversaries enhance and alter their strategies. Adversaries continue to develop new ways to disrupt organisations, with cybersecurity industry attempting to keep pace, developing new and innovative products to help organisations protect themselves. These technologies empower security teams, automating processes and equipping security teams with the knowledge to respond quickly. Organisations can set themselves up for success by integrating the 1-10-60 rule into their security measures, giving them an effective strategy against the most malicious adversaries.

In 2017, IoT-based cyberattacks increased by 600%. As the industry moves towards the mass adoption of interconnected physical security devices, end users have found a plethora of advantages, broadening the scope of traditional video surveillance solutions beyond simple safety measures. Thanks in part to these recent advancements, our physical solutions are at a higher risk than ever before. With today’s ever evolving digital landscape and the increasing complexity of physical and cyber-attacks, it’s imperative to take specific precautions to combat these threats. Video surveillance systems Cybersecurity is not usually the first concern to come to mind When you think of a video surveillance system, cybersecurity is not usually the first concern to come to mind, since digital threats are usually thought of as separate from physical security. Unfortunately, these two are becoming increasingly intertwined as intruders continue to use inventive methods in order to access an organisation's assets. Hacks and data breaches are among the top cyber concerns, but many overlook the fact that weak cybersecurity practices can lead to physical danger as well. Organisations that deploy video surveillance devices paired with advanced analytics programs often leave themselves vulnerable to a breach without even realising it. While they may be intelligent, IoT devices are soft targets that cybercriminals and hackers can easily exploit, crippling a physical security system from the inside out. Physical security manufacturers Whether looking to simply gain access to internal data, or paralyse a system prior to a physical attack, allowing hackers easy access to surveillance systems can only end poorly. In order to stay competitive, manufacturers within the security industry are trading in their traditional analogue technology and moving towards interconnected devices. Due to this, security can no longer be solely focused on the physical elements and end users have taken note. The first step towards more secured solutions starts with physical security manufacturers choosing to make cybersecurity a priority for all products, from endpoint to edge and beyond. Gone are the days of end users underestimating the importance of reliability within their solutions. Manufacturers that choose to invest time and research into the development of cyber-hardening will be ahead of the curve and an asset to all. Wireless communication systems Integrators also become complicit in any issues that may arise in the future Aside from simply making the commitment to improve cyber hygiene, there are solid steps that manufacturers can take. One simple action is incorporating tools and features into devices that allow end users to more easily configure their cyber protection settings. Similarly, working with a third party to perform penetration testing on products can help to ensure the backend security of IoT devices. This gives customers peace of mind and manufacturers a competitive edge. While deficient cybersecurity standards can reflect poorly on manufacturers by installing vulnerable devices on a network, integrators also become complicit in any issues that may arise in the future. Just last year, ADT was forced to settle a $16 million class action lawsuit when the company installed an unencrypted wireless communication system that rendered an organisation open to hacks. Cybersecurity services In addition, we’ve all heard of the bans, taxes and tariffs the U.S. government has recently put on certain manufacturers, depending on their country of origin and cybersecurity practices. Lawsuits aside, employing proper cybersecurity standards can give integrators a competitive advantage. With the proliferation of hacks, malware, and ransomware, integrators that can ease their client's cyber-woes are already a step ahead. By choosing to work with cybersecurity-focused manufacturers who provide clients with vulnerability testing and educate end users on best practices, integrators can not only thrive but find new sources of RMR. Education, collaboration and participation are three pillars when tackling cybersecurity from all angles. For dealers and integrators who have yet to add cybersecurity services to their business portfolios, scouting out a strategic IT partner could be the answer. Unlocking countless opportunities Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step Physical security integrators who feel uncomfortable diving headfirst into the digital realm may find that strategically aligning themselves with an IT or cyber firm will unlock countless opportunities. By opening the door to a partnership with an IT-focused firm, integrators receive the benefit of cybersecurity insight on future projects and a new source of RMR through continued consulting with current customers. In exchange, the IT firm gains a new source of clients in an industry otherwise untapped. This is a win for all those involved. While manufacturers, dealers and integrators play a large part in the cybersecurity of physical systems, end users also play a crucial role. Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step. Commonplace cybersecurity standards Below is a list of commonplace cybersecurity standards that all organisations should work to implement for the protection of their own video surveillance solutions: Always keep camera firmware up to date for the latest cyber protections. Change default passwords, especially those of admins, to keep the system locked to outside users. Create different user groups with separate rights to ensure all users have only the permissions they need. Set an encryption key for surveillance recordings to safeguard footage against intruders and prevent hackers from accessing a system through a backdoor. Enable notifications, whether for error codes or storage failures, to keep up to date with all systems happenings. Create/configure an OpenVPN connection for secured remote access. Check the web server log on a regular basis to see who is accessing the system. Ensure that web crawling is forbidden to prevent images or data found on your device from being made searchable. Avoid exposing devices to the internet unless strictly necessary to reduce the risk of attacks.

The healthcare market is rife with opportunity for security systems integrators. Hospitals have a continuous need for security, to update their systems, to make repairs, says David Alessandrini, Vice President, Pasek Corp., a systems integrator. “It’s cyclical. Funding for large projects might span one to two years, and then they go into a maintenance mode. Departments are changing constantly, and they need us to maintain the equipment to make sure it’s operating to its full potential.” The experience of Pasek Corp. is typical of the opportunities available for security integrator companies in the healthcare vertical. A single large hospital system can supply a dependable ongoing source of revenue to integrator companies, says Alessandrini. Hospitals are “usually large enough to provide enough work for several people for an extended length of time.”  Healthcare customers in Pasek’s service area around Boston provide the potential for plenty of work. “We have four major hospitals, each with in excess of 250 card readers and 200 cameras, in the Boston area,” Alessandrini says. One appeal of the healthcare market for North Carolina Sound, an integrator covering central North Carolina, is the breadth of possible equipment they can sell into the healthcare market, including access control and video, of course, but also other technologies, such as audio-video systems in a dining room. North Carolina Sound has also installed sound masking in some areas with waiting rooms to protect private patient information from being overheard. Locking systems on pharmaceutical doors are another opportunity. Data capture form to appear here! IP based networked video systems A facility’s IT folks must be convinced an IP solution will function seamlessly on their network Among North Carolina Sound’s customers is Wayne Memorial Hospital, Goldsboro, N.C., which uses about 340 video cameras, with 80 percent or more of them converted to IP. The hospital is replacing analogue with IP cameras as budget allows, building network infrastructure to support the system. The healthcare market tends to have a long sales cycle; in general, sales don’t happen overnight or even within a month or two. In fact, the period between an initial meeting with a healthcare facility and installation of a system could stretch to a year or longer. A lot happens during that time. Healthcare systems involve extensive planning, engineering, and meetings among various departments. Physical security systems that involve the information technology (IT) department, as do most systems today, can be especially complex. Installation of networked video systems based on Internet protocol (IP) requires deep and probing discussions with the IT team about how a system fits into the facility’s network infrastructure. A facility’s IT folks must be convinced an IP solution will function seamlessly on their network. Compatible with the network They must vet the technology to ensure the devices and solutions will be compatible with the network, and must sign off on technology choices. And even more important is determining if the security system will adhere to cyber security requirements of the facility. A complete solution that integrates nearly any system that lives on or uses a facility’s network is ultimately what the healthcare vertical is moving toward, says Jason Ouellette, General Manager – Enterprise Access Control & Video, Johnson Controls. Healthcare security professionals are early adopters of technology, implementing the best technology available” “We are hearing more and more from customers across industries that they want to be able to use their security systems and devices for more than just security: they want added value,” says Ouellette. Many want to use access control, video surveillance and other data sources to assess their business operations and/or workflows with the goal of improving efficiency. Upgrade cost-effectively Historically, three factors have prevented many organisations from moving forward with new technologies: lack of money, proprietary systems, and the need to “rip and replace” large parts of the installed systems, says Robert Laughlin, CEO and Chairman, Galaxy Control Systems. "Today, while funding is almost always a limiting factor at some level, the progression of industry standards and ‘open’ systems has made a big positive impact on the ability of organisations to upgrade cost-effectively,” he says. Despite any obstacles, healthcare customers generally welcome new innovations. “I would say healthcare security professionals in general are early adopters of technology and like to implement the best technology available,” says Jim Stankevich, Global Manager – Healthcare Security, Johnson Controls/Tyco Security Products. “For most, rapid implementation is limited by budgets and available funding." Missed part one of our healthcare mini series? Click here.

Hikvision and Dahua have been added to a U.S. government list of entities “reasonably believed to be involved, or to pose significant risk of being or becoming involved, in activities contrary to the national security or foreign policy interests of the United States.” In effect, inclusion on the list restricts the export of equipment to the two companies because of their alleged involvement in “human rights violations and abuses” related to a Chinese government campaign of repression, mass arbitrary detention, and high-technology surveillance against minority groups. Equipment from the two companies is used to provide video surveillance capabilities in the Xinjiang Uighur Autonomous Region (XUAR) of China. The minority groups targeted are Uighurs, Kazakhs and other Muslim minorities. Equipment from the two companies is used to provide video surveillance capabilities in the Xinjiang Uighur Autonomous Region (XUAR) of China The decision to add Hikvision and Dahua, among 26 other “entities,” to the list was made by the United States End-User Review Committee (ERC), composed of representatives of the Departments of Commerce, State, Defense, Energy and (where appropriate) Treasury. A majority vote of the panel is required to add an entity to the list, and a unanimous vote is required to remove or modify an entity. The 26 other entities include the Chinese government’s bureau in XUAR, 18 subordinate municipal and county public security bureaus and one other subordinate institute. Specific licenses (government approval) are required for any transaction in which items are exported, reexported, or transferred (in country) to any of the entities on the list; or in which the entities act as purchaser, consignee or end user. Loosely speaking, inclusion on the list prevents Hikvision and/or Dahua from buying any component parts from U.S. manufacturers. Indirectly and more broadly speaking, the measure affords a new downside to the Dahua and Hikvision brands in the U.S. market. Anyone concerned about human rights abuses might hesitate to buy from the two companies, although the entity list does nothing to prohibit sales of the company’s products. Dahua and Hikvision statements  In a company statement, Dahua has “express[ed] strong protest to such decision, which lacks any factual basis, and call[ed] on the U.S. government to reconsider on it.”’ Indirectly and more broadly speaking, the measure affords a new downside to the Dahua and Hikvision brands in the U.S. marketThe Dahua statement continues: “As a global business entity, Dahua adheres to the business code of conduct, and follows market rules as well as international rules. Dahua is actively working to ensure our investment and business operations around the world comply with all applicable laws and regulations. Regarding the decision of U.S. government, we have actively taken various measures, and we will continue providing outstanding products and services to our customers.” Hikvision has released the following statement: “Hikvision strongly opposes [the] decision by the U.S. Government and it will hamper efforts by global companies to improve human rights around the world. Hikvision, as the security industry’s global leader, respects human rights and takes our responsibility to protect people in the U.S. and the world seriously. Anyone concerned about human rights abuses might hesitate to buy from the two companies "Hikvision has been engaging with Administration officials over the past 12 months to clarify misunderstandings about the company and address their concerns. In January 2019, Hikvision retained human rights expert and former U.S. Ambassador Pierre-Richard Prosper to advise the company on human rights compliance. Punishing Hikvision, despite these engagements, will deter global companies from communicating with the U.S. Government, hurt Hikvision’s U.S. businesses partners and negatively impact the U.S. economy.” “The U.S. Government and Department of Commerce cannot and will not tolerate the brutal suppression of ethnic minorities within China,” said Secretary of Commerce Wilbur Ross in making the announcement. “This action will ensure that our technologies, fostered in an environment of individual liberty and free enterprise, are not used to repress defenseless minority populations.”

ADT Commercial have grown organically in double digits since 2016, in addition to growing through 15 acquisitions completed since the merger of ADT and Protection One. Acquisition of integrator companies such as Red Hawk Fire and Security and Aronson Security Group have expanded ADT Commercial’s presence geographically to more areas of the country. Most of the employees of the acquired companies have stayed with ADT and “helped to create a corporate culture and a good place for employees to work,” says Dan Bresingham, Executive Vice President of ADT Commercial. Happy employees ensure good customer service. Enterprise resource planning Bresingham will lead ADT Commercial as it becomes a separate business unit in 2020 “We adapt to where our clients want us to be,” adds Joe Sanchez, Senior Vice President of Customer Operations of ADT Commercial National Accounts. “We take a strategic approach as we determine how adaptive our customers are going to be to the new technology.” I caught up with ADT Commercial at the GSX trade show in Chicago. Bresingham tells me ADT Commercial has benefitted from the calibre and breadth of leadership talent that have come along with the various acquisitions, including Mike McWilliams of Red Hawk, Bob Dale of Protection One, and Phil Aronson of Aronson Security. The transitioning of internal systems such as enterprise resource planning (ERP), billing and customer repair software will further steamline the ADT Commercial operation in the next several months. Bresingham will lead ADT Commercial as it becomes a separate business unit in 2020. We caught up with ADT at the GSX trade show in Chicago Providing new opportunities for regional integrators Additional acquisitions are also likely; in fact, growth is likely to accelerate. ADT Commercial offers a national footprint that can provide new opportunities for regional integrators it brings into the fold. New acquisitions will continue to fill out ADT’s skillset requirements in specific geographic areas where more expertise is needed. Security directors have a small staff and we help them know what they should be looking at in terms of data" “The industry doesn’t change a lot,” says Bresingham. “The technology just gets better, faster, and cheaper. As a service provider we take the best technology and combine it to provide the best solutions. We’re product-agnostic. Most of our jobs are down-and-dirty, doing the same things, but we’re pushing ourselves to be the best every day at the basics.” An emphasis at ADT is to provide customers ‘actionable’ data compiled from their various security systems. “We have a range of customers,” says Sanchez. Managing networks and video remotely “From small businesses to large data centers, there is no electronic system we cannot do. We are adaptable, from providing basic intrusion all the way to more sophisticated elements. Security directors have a small staff and we help them know what they should be looking at in terms of data.” “Our customers are our ‘true north’,” says Sanchez. A strong relationship with clients forms the basis for ADT Commercial’s success. Helping customers track data utilises ADT Commercial’s eSuite account management system, homegrown software that compiles and analyses various customer data inputs. It also allows the ability to manage networks and video remotely. “We built it from scratch for customers. It’s a web-based system that helps them manage their business,” says Bresingham. “We hold ourselves accountable. We don’t hide from data, we encourage it.” Monitoring refrigeration units The solution is different in every case, just as every customer is uniqueIn addition to data from customer systems, eSuite can compile local weather information, crime statistics and other information that can help provide trending information to guide a customer’s business. The system’s flexibility enables ADT to provide the data each customer needs. ADT helps customers manage their business beyond the security department, too. “We do a lot of things in environmental control, monitoring refrigeration units and making sure humidity and temperature readings are correct,” says Sanchez. Leaving a door open could cause product loss at a pharmaceutical company, for example. In the food industry, a freezer malfunction could cause huge losses. In either case, an alarm can draw attention to the problem in a timely manner. Other customers face regulatory requirements that demand an audit trail of compliance, which ADT’s systems can provide. At the end of the day, ADT asks customers ‘What’s your security need?’ The company then adapts and assembles its solutions using internal resources and outside vendors, to meet that need. The solution is different in every case, just as every customer is unique.

Bolloré Logistics is one of the top ten transport and logistics companies in the world. Its warehousing and logistics facility near Auckland Airport, New Zealand, has seen significant growth in recent years and often handles in excess of 2,000 items in a day. As a customs bonded warehouse, the location is subject to strict security requirements. All movements and processing in the warehouse must therefore be monitored closely, as the consequences of damage to facilities or loss of stock could be catastrophic. A combination of c25, v25 and i25 hemispheric cameras, along with several MOBOTIX Dual D15 cameras, provides complete coverage of the 6,600-square-meter site. The new system provides full visibility of the warehouse aisles to protect both employees and customers should an incident occur. Tool for risk management A security system that enables monitoring of business processes and guarantees the availability of historical footage can help companies avoid facing expensive compensation claims. As such, the MOBOTIX system is an invaluable tool for risk management, compliance enforcement and dispute resolution. The stream of metadata generated alongside the video feed cannot be manipulated, which ensures that the images will hold up in a court of law. Moreover, this kind of security system even helps save money: Some insurance companies reduce their premiums when this kind of system has been installed.

ADT, a security and automation provider serving residential and business customers, announces a partnership to integrate mobile safety solutions into the Lyft platform. Extending ADT’s safety and technology to mobile applications will bring an additional layer of security to Lyft’s rideshare experience. With ADT’s mobile safety platform, Lyft seeks to give riders and drivers more peace of mind. The pilot will focus on an ADT-powered safety feature within the Lyft app that will discreetly connect Lyft users who feel unsafe - by voice or SMS chat - with a security professional at one of ADT’s owned and operated monitoring centers. Detailed incident information After contacting the user, or if there is no response, the ADT security professional will alert authorities as needed so they can arrive at the user's location, equipped with detailed incident information. “As a rideshare company with an exceptional commitment to rider and driver safety, Lyft is the ideal partner for ADT,” said Jim DeVries, President and CEO of ADT. When it comes to safety, there is no better partner for Lyft than ADT" “We look forward to working closely with the Lyft team as together we bring our industry-leading technology to rideshare riders and drivers. We continue to leverage our deep expertise, technology and the trusted ADT brand to expand our reach into new areas of security beyond the home and business. Partnering with Lyft broadens our exposure while enabling ADT to further realise our mission and belief that people deserve to be safer and more secure wherever they are.” Professional monitoring services ADT’s data-driven mobile safety solution provides Lyft with a platform to extend the safety and security of ADT’s professional monitoring services to its users within its mobile app experience. Beginning in early 2020, Lyft intends to pilot the ADT mobile safety solution in nine U.S. markets including Chicago, Los Angeles and New Jersey, with potential to implement nationally to Lyft’s 30 million riders and 2 million drivers. “When it comes to safety, there is no better partner for Lyft than ADT,” said Ran Makavy, EVP and Chief Product Officer of Lyft. “We are extremely excited to enter into this partnership and look forward to a meaningful, industry-leading collaboration.”

AASA, The School Superintendents Association, has formed a new partnership with Armor At Hand™, a company that manufacturers Smart Shields™ connected to the internet and are capable of protecting users from handguns and high-powered rifles. The Shields serve as a first layer of protection in the event of an intrusion and serve as an alarm to alert those connected to the system a potential threat is occurring. Armor At Hand manufactures the world’s first lightweight, mobile Smart Shields with internet connectivity and U.S. National Institute of Justice (NIJ) level 3 equivalent test rating, giving it the ability to stop high-powered rifle rounds. Schools, workplaces, places of worship and other venues now have access to the Smart Shield. AASA members can receive a special offer to receive a Smart Shield from Armor At Hand. Immediate protection at first encounter "Armor At Hand’s partnership with AASA speaks to both organisations’ commitment to providing resources to assist school districts before, during and after a crisis,” said Chad Ahrens, founder and CEO, Armor At Hand. “With access to more than 12,000 school districts, the AASA partnership enables us to reach the people that the Smart Shields are designed to protect.” The Shields hide discreetly in plain sight, yet, provide immediate protection at first encounter. Once one of the shields is moved, all the shields in the area are alerted and will light up and buzz while autonomously sending an alert to authorities of a potential threat. Armor At Hand Smart Shield uses ArcGIS by Esri to map real-time danger areas and safe zones while simultaneously offering route guidance to safety for those in harm’s way. Activation movement amount and timeframes are setup at installation to meet the needs of each site. Emerging technology in security “AASA is proud to be partnering with Armor At Hand,” said Daniel A. Domenech, executive director, AASA. “Threats of violence at our schools has continued to be an issue that must be addressed. AASA is committed to keeping students, teachers and schools around the country safe. Launching this partnership with Armor At Hand is indicative of our commitment to doing that by using emerging technology in security.” AASA is the premiere membership organisation representing public school district superintendents across the country and the world. The primary goal of AASA is to advocate for highest quality public education for all students, as well as to develop and support school system leaders.

Carlisle Support Services are pleased to announce that they have been awarded a 3 year contract to provide Manned Security and Stewarding services to the All England Lawn Tennis Club (Championships) Limited (AELTC). The AELTC is one of the world’s oldest and most prestigious private members’ tennis clubs and the home of The Championships, Wimbledon, one of the sporting events. Building a good working relationship In addition to the 24-7/365 Site Security, Carlisle will also be providing in excess of 350 event staff during the two weeks of The Championships. Adrian White, Operations Director at Carlisle, said: “We are delighted and honoured to be working with this Iconic venue.” “Already we have built a good working relationship with the AELTC Security Team and we understand the culture of the venue and the goals they are looking to achieve. Wimbledon is a unique event and location, for 50 weeks of the year it is a tennis club and for 2 weeks of the year it takes centre stage in the sporting calendar.” Understanding the contrasting needs of the service “Our experiences with other major sporting venues that have similar calendars, such as Ascot and Lords, meant we understood the contrasting needs of the service. We are really looking forward to a positive working relationship” Stephen Grainger, AELTC Head of Security, said “We are delighted to have selected Carlisle Support Services to deliver an important component of our security provision for both our year-round operations and The Championships and we look forward to working with them and our other providers.”

Four networked MxPro 5 fire panels from global systems provider, Advanced, are now protecting one of Serbia’s most prestigious higher education facilities. The project at the University of Belgrade’s School of Electrical Engineering, involved installing a fire system to reliably protect lives and property while respecting the value and authenticity of its 1920s features. This meant overcoming various problems presented by outdated construction methods, inaccessible areas and high ceilings. 4-loop and 1-loop MxPro 5 fire panels Advanced’s partner in Serbia, TVI Ltd, was responsible for the design, installation, commissioning of the project Thanks to their performance, quality and ease of use, a network of three of Advanced’s 4-loop and one of its 1-loop MxPro 5 fire panels, including over 1000 Argus detectors, were chose to protect the entirety of this top educational and scientific institution, including the facilities of Civil Design, Mechanical and Electrical Engineering. Advanced’s local partner in Serbia, TVI Ltd, was responsible for the design, installation and commissioning of the project. Electrical Engineer, Radomir Kerkez, at TVI Ltd, said, “The flexibility of Advanced’s fire panels to adapt to sites both large and small is what makes us choose them time and time again. Advanced products make even the most complex installation challenges straightforward and we can always rely on them to deliver complete protection.” Multiprotocol fire system solution MxPro 5 is a renowned multiprotocol fire system solution and was recently certified to the EN 54 standard by FM (Factory Mutual). It offers customers a choice of two panel ranges, four detector protocols and a completely open installer network, backed up by free training and support. MxPro panels can be used in single-loop, single-panel format or easily configured into high-speed, multi-loop networks of up to 200 nodes covering huge areas. MxPro’s legendary ease of installation and configuration plus wide peripheral range, make it customisable to almost any application. Building fire safety Our fire systems offer many ways to meet the challenges of protecting a building’s heritage"Vladimir Zrnic, Advanced’s Regional Sales Manager for Southern Europe, said, “Our fire systems offer many ways to meet the challenges of protecting a building’s heritage features while providing robust and reliable fire protection. It is great to see that potential put into practice in yet another successful and prestigious site.” Advanced, owned by FTSE 100 company - Halma PLC, has a long history of protecting some of Europe’s most notable and prestigious buildings, including Athens’ Stavros Niarchos Foundation Cultural Centre, Istanbul’s Hagia Sophia and Sofia’s Sofia University. Intelligent fire systems firm Advanced is a globally renowned company in the development and manufacture of intelligent fire systems. The legendary performance, quality and ease-of-use of its products see Advanced specified in locations all over the world, from single-panel installations to large, multi-site networks. Advanced’s products include complete fire detection systems, multi-protocol fire panels, extinguishing control, fire paging and false alarm management systems.

Following a competitive tender process Corps Security has been awarded a three-year contract to provide security services to Registers of Scotland at Meadowbank House, in Edinburgh. A team of 10 officers will provide guarding services with a focus on front-of-house, customer service, CCTV monitoring and patrols. Like-minded organisation Registers of Scotland is the public body responsible for compiling and maintaining registers relating to property and other legal documents in Scotland. Mike Bullock, Chief Executive of Corps Security, said: “We are delighted to be working with such a like-minded organisation. Corps Security is a trust which was set up to provide employment for ex-servicemen returning from the Crimea. We share values with Registers of Scotland and look forward to working closely together.”

Along with the integration of security and other systems in an enterprise environment comes a need to centralise monitoring and control of the unified network. A control room is at the center of managing integrated systems, providing the focal point to collect information from a variety of sensors, analyse the data, and then respond appropriately. The technologies that drive these functions are changing and evolving, thus increasing the efficiency and efficacy of systems. We asked this week’s Expert Panel Roundtable: What’s new in command-and-control systems, and what is the impact?

Fire and security systems are two elements of the same mission: To keep buildings and their occupants safe. However, the two systems often operate independently and may not be integrated. Should there be more integration and what are the pitfalls? We asked this week’s Expert Panel Roundtable: What are the challenges and opportunities of integrating security and fire systems?

An aging employee population and the influx of a new generation of workers and customers is driving change in the physical security industry. Millennials – those born in the 1980s and mid-1990s – are especially impacting how the industry operates, the technologies it produces, and the customers it serves. This tech-savvy generation grew up with the Internet at their fingertips. They embrace innovation in all its glory and expect it to play a seamless role in their lives – and work. We asked this week’s Expert Panel Roundtable: How are millennials changing how security systems are designed, installed and/or operated?