cybersecurity

ONVIF Q&A: Latest profiles, cybersecurity and the Highways England project

ONVIF recently launched a new access control profile a specification for standardising technologies from different vendors to promote integration and interoperability and has another in the pipeline. We asked Stuart Rawling, chairman of the ONVIF communication committee, to tell us what the new profiles were all about. Director of global business development at Pelco as well, Rawling also reflects on ONVIF s raison d etre , its cybersecurity work, keeping pace with the dizzying evolution of technology and the organisation s standardisation work with Highways England.

IFSEC Global: Please tell us about the new profile you launched in July Stuart Rawling: Profile A is a sister profile to what we already had in the access control space. We have released Profile C, which enables device configuration, event and alarm management, and door access control. So you can configure those devices with all that information. Profile A is a higher level system profile, more about granting and revoking credentials, changing privileges. And it has a functionality that better enables integration between access control and video management systems. So it fits side by side with Profile C but provides that higher level with more functionality. IFSEC Global: Is it worth explaining the purpose of these profiles for someone not familiar with them? SR: A profile is a feature set pulled from an ONVIF core specification, which is a master document about standardising and interfacing different products from a variety of different vendors. When the industry moved into the IT space, a lot of manufacturers came up with their own interfaces.

ONVIF standardises those interfaces to make integration easier for all types of users, because you can have product interoperability from different vendors using the same interface. From an integration perspective, installation is easier because you re not having to download different drivers. Manufacturers follow a troubleshooting, testing and conformance process that enables that to be done up front, so the users only need to do the system configuration. From the manufacturers perspective, interoperability investment is lower because they can use these standard interfaces to talk to multiple products. It allows them to instead invest resources into bringing more relevant features and iterations to the product line. embedded content IG: Is it difficult to keep these standards up to date given the rapid pace of technological change? SR: Yes, to some degree. You could say that standards in general tend to lag a little bit behind technology. But it all depends on how we approach it.

If you take our next profile, Profile T, which we re working on now, that s an iteration that takes into account the fact that technology has progressed since we released Profile S a number of years ago. We write these standards to be somewhat technology-agnostic. For example, right now the big buzz is 4K, H.265 and things like that. While Profile T can support that, we re not tied to that standard. If some better codec comes out in the future we can still incorporate it into our ecosystem. Because one of the interfaces may be: What video formats does this device support? And the devices can negotiate in which format to transmit between each other. IG: You recently did some work with Highways England? SR: That s a great end user story.

Highways England have a lot of legacy equipment from different vendors. The organisation is trying to standardise their deployment model for the long term so they can use a set standard in a way that allows them more flexibility. We had a standard in the analogue days: PAL in the UK, so the video was very standardised. They are looking for that level of standardisation. ONVIF has been working with them to develop something that can help large organisations migrate to a standardised approach but that also works for different stakeholders in the process. It s very similar to an initiative in the US called NTCIP National Transportation Communications for ITS Protocol, the standard for traffic management used by the US Department of Transportation. IG: Anything else you want to add about ONVIF? SR: We tend to get a lot of press these days around the cybersecurity aspects of products, especially with the cybersecurity threats we re reading about every single day. This was a recognised concern for ONVIF several years ago.

The manufacturers got together and as part of our core specification we wrote some security policies for manufacturers to follow, as well as providing a standardised interface for execution policies. But of course, good security is a combination of technology and policy. So while manufacturers who have implemented this standard have the technology, we also rely on the end users and consultants to put in best practices in the deployment of that technology.

Related Topics People of interest were known weeks before terrorist incidents but data was part of an unsearched, unstructured archive The panomorph lens will imitate human eyesight and empower AI How public CCTV operators can avoid eye-watering fines under the GDPR

Free cybersecurity seminar will focus on physical security systems and star ethical hackers

BSIA The British Security Industry Association (BSIA) has announced a free seminar on cybersecurity and data protection for both installers and users of physical security systems. The half-day event will focus in particular on addressing vulnerabilities of physical security products that are connected those that are accessed or operated remotely via the internet. So whether you procure, operate or install IP CCTV, IP access control, IP intruder alarms, IP fire systems and other connected systems, the event is relevant to you.

Also supported by the Fire Industry Association (FIA), the seminar will take place in Solihull, West Midlands on 4 October. The introduction of the GDPR, which comes into force from 25 May 2018, is raising the stakes when it comes to strengthening protections against data breaches. Fines for non-compliance could be as much as 79 times greater than under the existing data protection regime. The GDPR and its implications will no doubt be a big attraction for those who attend the seminar. Cybersecurity experts from the West Midlands Police digital cybercrime team and the Scottish Business Resilience Centre s team of ethical hackers will also deliver presentations. Another session will discuss the Cyber Essentials accreditation, while the BSIA will review its own work in the cybersecurity field. Exhibition space is still available to companies wishing to showcase products and services to a wide range of delegates from the fire and security sectors. A limited number of stands are still available to book, priced at 395 + VAT for BSIA and FIA members, and 495 + VAT for non-members. Registration for the event will be open from 9:00am, with presentations kicking off at 9:45am and the event expected to finish at around 13:30.

A full programme and online booking forms for both delegates and exhibitors are all available from the BSIA s website. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

Fixed cameras will account for less than 50% of surveillance footage in five years time

Bjorn Skou Eilertsen, CTO of Milestone Systems, was thinking big in the Security Management Theatre on day three of IFSEC International. Speaking on the topic of how hardware-accelerated video content analysis and the internet of things will transform surveillance , he reflected on the changes disrupting the industry now and the paradigm shift still to come. With 90% of the world s data created in the last two years, the term big data doesn t even begin to encapsulate the magnitude of the data revolution, he argues.

Is big data even enough now? Gigantic data might be better, said Eilertsen. Despite the ubiquity of fixed CCTV cameras, they account for a shrinking share of surveillance footage as mobiles, body-worn cameras and drones proliferate. We believe that in less than five years from now, more than 50% of streams managed by video management systems will not be from fixed cameras, he predicted. Aggregation, automation and augmentation A trinity of aggregation, automation and augmentation will equip the industry to accommodate the burgeoning volume of data, said Eilertsen, who joined Milestone in 2013 having worked for both IBM and Microsoft. Aggregation happens all around you, he explained. Only a few years ago it would be a fixed camera, fixed sensors, very rule-based. But now there are 285 million surveillance cameras in operation. That s only a fraction, because everything is being captured on mobile.

With neural networks we can start predicting behaviour. Bjorn Skou Eilertsen, CTO, Milestone Systems How do we automate these things? This is where our vision of intelligent data plays a role. Deep learning plays a role. Augmentation: how do we put these things together? So a vast amount of information is being gathered. This is why a lot is going to happen on the service side. People think it will be on the edge, out there on a single device. Eilertsen pointed out that Data is already being aggregated from multiple sources in an automated process deployed on assembly lines in manufacturing plants.

Aggregating forms patterns, but it s so much information petabyte after petabyte of video and sensor information. What will we do with it? Who is going to look at the patterns and figure out what the intelligence is? That is where the important changes are coming in terms of AI, deep learning and neural networks. For simple systems with only a few components, it s fairly easy to make rule-based analytics and go with the flow. However: When you start aggregating data so big and complicated that humans simply cannot operate them, that s where automation and augmentation come in. Neural networks The shackles are now off thanks to quantum leaps in technology. This has been difficult to do for a long time because conventional CPUs cannot compute fast enough. That s changing now with the introduction of the GPU, said Eilertsen.

The GPU is a multicore computer. It changes the way we can make models, neural networks. It makes a lot of different ways of working the data. The days of having one company try and do everything is over in my opinion. Bjorn Skou Eilertsen, CTO, Milestone Systems He refers to a prototype that can show 1,500 surveillance cameras, to full HD quality, continuously recording, including motion detection. For those who can t do the maths, that s 45,000 frames a second. It is very, very difficult to do on regular computer hardware. He says there is a big shift away from conventional, rule-based analytics to systems managed by neural networks. Neural networks, deep learning algorithms and artificial intelligence are not based on fixed outcomes.

The problem about today s analytics is it s a predetermined outcome. With neural networks we can start predicting behaviour, he says. However, human operators will still have a role to play. How do we make machine intelligence combine with human intelligence? The point is to enable people to make faster and better decisions. He says this new paradigm has huge potential in the field of body-worn video for law enforcement. You can take all the aggregated media from years back, days back, minutes back, and time-lapse it. They identify all different objects and put them into a sequence, so a one-hour video can be reviewed in one minute. That s a really good example of how we start adding human interaction based on machine learning.

It really makes it a lot easier to work with these systems. Collaboration Collaboration with partners has long been part of Milestone s modus operandi, but its importance is growing further still. The aggregation, automation and augmentation will transform the entire industry, says Eilertsen. But it s impossible to do alone. For a very long time it s been everyone on their own trying to make their own analytics a little bit better than the rest. But it s really holding back innovation. What Milestone and the Milestone community is really about is enabling everyone to participate. If he s correct about the industry s direction of travel then the changes ahead are nothing short of revolutionary. The days of having one company try and do everything is over in my opinion.

We all need to collectively move forward. I think in five years when we look back at the industry, we ll have two ways of looking at it. One person will say: Why did we miss it, why didn t we see what was happening? The other, more interesting way is: How did we use our imagination, how did we change the rules, set the agenda and change the industry? We need to think as a community. We need to start innovating together, and we can move a lot faster. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals.

Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

Critical infrastructure industries face eye-watering fines for cybersecurity shortcomings

Cyber consultation The UK government has proposed imposing punitive fines on critical national infrastructure companies that neglect their cybersecurity resilience. The fines, which could be as high as 17m or up to 4% of annual turnover, have been proposed as part of a consultation by the Department for Digital, Culture, Media & Sport. Critical national infrastructure, which encompasses sectors critical to the national economy and normal civilian life, includes energy and other utilities, transport, healthcare and digital infrastructure.

In common with other sectors, these industries are increasingly connecting critical systems via large networks in order to enjoy the benefits of interoperability, data analysis, remote monitoring and management. Although cybersecurity regulations will require significant effort for the companies that are affected, this new legislation by the UK government demonstrates that they understand the severity of cyber threats in today s digital world and the destruction they can cause, if undeterred, says Eldon Sprickerhoff, founder and chief security strategist at cybersecurity firm eSentire. Even if you re not a CNI, cyber threats should concern you. With cybercriminals constantly adjusting their tactics, it is imperative that companies never stop defending themselves by constantly improving and expanding their cybersecurity practices. Managed detection and response and incident response planning are common ways companies can stay ahead of their attackers. The government consultation was opened on 8 August and closes 30 September 2017. Businesses in all sectors could also receive heavy fines 7.9m or 2% of an organisation s global turnover under the forthcoming General Data Protection Regulations (GDPR), which strengthen EU data protection laws. Despite the ongoing Brexit negotiations, the regulations will be incorporated into British law. eSentire has suggested some steps that organisations can take to make their systems less vulnerable to cyber-attack: Encryption store sensitive data that is only readable with a digital key Integrity checks regularly check for changes to system files Network monitoring use tools to detect suspicious behaviour Penetration testing conduct controlled cyber-attacks on systems to test their defences and spot vulnerabilities Education train your employees in cybersecurity awareness and tightly manage access to confidential information Free Download: Securing the UK s borders.

Getting national security and Brexit right first time is crucial , we do not want to get this wrong.

This report considers the implications of leaving the EU for the management of the UK s borders and making it as easy as possible for international business to thrive and legitimate movement to occur in a post-Brexit UK.

Click here to download now

Hanwha Techwin wins Cyber Essentials certification to burnish cyber credentials

Hanwha Techwin Europe has been certified as compliant with the UK government-backed Cyber Essentials scheme. In gaining the certification, the video surveillance brand has proven that it has procedures in place to minimise the threat of a successful attack on the company s IT infrastructure and laptops used by employees working remotely. The Department for Business, Energy & Industrial Strategy set up the scheme to help organisations protect themselves against the most common types of cyber-attacks.

We are constantly evaluating and updating our IT security in order to negate the risk of any disruption to our business or our business partners, said Bob (H.Y.) Hwang Ph.D., Managing Director, Hanwha Techwin Europe. Our cybersecurity programme is a key element of our WE MOVE with trust philosophy and reflects the proactive stance we are taking to protect confidential data. Beyond the scope of the Cyber Essentials scheme, we remain vigilant to ensure our Wisenet cameras, recording devices and software entrusted to protect property, people and assets are equipped to minimise the threat from cyber attacks. We have a sustained testing and monitoring programme designed to identify evolving new threats to the integrity of our solutions. We are determined to be open and honest with our customers when new cybersecurity threats are identified and will move quickly to develop further advanced versions of our firmware to combat them. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

Milestone Q&A: R&D, cybersecurity and collaboration with tech partners are our top priorities

Milestone has long banged the open platform drum and the physical security industry is now following its lead. But collaboration with other vendors is about more than just creating new integrations and affording end users more flexibility, says Neil Killick, who joined the award-winning VMS software specialist in February 2017 as country manager for UK and Ireland. Killick, formerly of Honeywell Security Group, says that strengthening cybersecurity also demands cooperation between technology partners and across the supply chain.

IFSEC Global: You recently won an award for being the number one provider of VMS solutions for the ninth year in a row. Why do you think you ve had this gong sewn up for so long? Neil Killick: As a new person looking in, I think it s the fact we are so diverse in who we work with. We re an enabler in many areas. It s not just video surveillance. As the market grows in terms of integrations with different products, different manufacturers, Milestone becomes in my mind even more important because we have the device that links it all together. Also consider that we are investing more in R&D than ever before. And a lot of that is integration work and we don t turn anyone away. IG: Milestone has long championed open platforms, which are now becoming the dominant medium NK: Pretty much.

We ve had that constant, persistent message. And we talk a lot about our community. We re trying to engage our partners more than we perhaps have in the past. You ll see that over the next 18 months to two years: a community approach, much like you see with Apple, where we re getting input from others. Agility is so key in software. Other manufacturers are trying to get into software but they can t work at the same speed IG: How big a priority is cybersecurity for Milestone? NK: We re open platform, which on the face of it could cause an issue in that department. Our greatest expenditures at the moment are in cybersecurity and energy saving. That s the message we give in every conversation we have, every presentation, particularly with end users who have grave concerns over cyber.

We re doing three releases a year with updates on cybersecurity. I think we re quite open to talking to third parties who are there to try and integrate with us. I don t always see that with other manufacturers. We re saying: let s work together to make it even safer. IG: What has your message been at IFSEC? NK: Again our message is around strengthening our position, our brand in the UK. I ve come on board to increase our footprint both in the UK and Ireland, especially in the south of the UK. Before we had someone looking after the south of the country; now we have someone sat just outside London, someone sat in the southwest. We ve doubled our headcount, more or less, in six or seven months.

But that s not just to cater to your typical integrator; it s the whole value chain end user, integrator, distributor The wider scope is beyond security. Who else can we work with? And it s not just about video surveillance. We do get inundated with different technologies, different manufacturers, sometimes in the same space, because they see us as a gateway. Certainly in areas like the UK, where perhaps these guys wouldn t have feet on the street , if you like, or local support, they see Milestone as a way into the market. IG: Why did you leave Honeywell to join Milestone? NK: Because of all the things they re talking about now. Because it s an aggressive, agile business. Agility is so key in software.

Other manufacturers are trying to get into software but they can t work at the same speed. That s the number one reason I m here. The second is the opportunity in the UK. What was your most recent software launch? NK: We had our ER2 launch, which was basically a software update. But what we ve done now is include two new software products in one package, which we call plus products , which are targeting the mid to low end sector. VMS can be viewed as very technical and it can be if you want it to be. But certainly Milestone can work in all areas, from small to big enterprises in all verticals with all end users. These two key products launched June 8 th .

We expect a big interest in it. We ve already seen incremental revenue within a week of it being launched. Again, with that launch the messaging is around putting a lot of investment into cyber and energy saving products. A lot of companies have carbon footprint responsibilities we can help them reduce that. That s becoming a bigger message with the big end users we re going after. If they don t comply they get severely financially penalised. IG: In what ways can you help reduce a business s carbon footprint? NK: It s really about storage space. The more storage space you have, the higher the carbon footprint.

Because of our software capability, we allow you to get more out of the system. So you pay less for storage and there s less power consumption. We ve done quite a few tests, comparing what they would have paid before updates and what they pay now in terms of storage space.

They re saving tens of thousands. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

Eagle Eye Networks introduces analytics to the Eagle Eye Cloud Security Camera VMS

cloud surveillance Eagle Eye Networks has released the first phase of its video analytics platform, which offers users line crossing, intrusion detection and object counting functions within the Eagle Eye Cloud Security Camera VMS. Businesses needn t necessarily replace existing cameras to install Eagle Eye Analytics, because it will function on any camera including analogue variants that is supported by the Eagle Eye Cloud Security Camera VMS. Here are some advantages that the platform offers by dint of being cloud-based, according to Eagle Eye Networks: Cloud benefits Rapid deployment Users needn t install additional hardware or software to access the analytics, which are activated from the web dashboard or mobile app No requirement for on-site technicians, remote project management or system replacement Available to customers for as little as $4-5 per camera, per month Analytics functions Line crossing.

Detects when an object crosses a virtual line. Users can specify direction and can receive notifications. Useful for receiving notifications when a security boundary (eg a fence, restricted area or one-way road) is crossed. Also well suited to monitoring building entrances, loading docks and parking lots. Intrusion detection. Detects when an object encroaches into an area defined by the customer, generating an instant notification. Object counting. Counting how many objects cross a line in both directions, object counting is useful for counting cars as well as people. Total daily count and current count delta are displayed.

Offering benefits beyond just security, the analytics generates meaningful insights from which businesses especially retailers can optimise processes and enhance customer experience. Eagle Eye Networks says The Eagle Eye Cloud Security Camera VMS Analytics are a true cloud solution that are available on demand, per camera, instantly activated, and customers are only charged for what they use, says Eagle Eye Network s founder and CEO, Dean Drako. Over the next few years, customers will have the option to turn on more sophisticated analytics as Eagle Eye Networks cloud-based model leads the physical security industry in making analytics more functional and more accessible. A customer says If cloud-based solutions appeal to large enterprises on account of their rapid scalability, then smaller businesses that choose them often do so because they unburden them of so many system management and maintenance tasks. Aaron Diaz, owner of Gulf Coast Hardware stores in Southwest Florida, explains how he intends to deploy the new analytics platform: Our store is nearly 6,000 square feet with additional outside retail areas and I m really excited about the ability to receive alerts based on activity in areas I specify. The counting will come in handy for me to gain a better understanding of the number of visitors (daily), who may or may not make a purchase. About Eagle Eye Networks Founded in Austin, Texas in 2012, Eagle Eye Networks has in a short space of time become the undisputed leader of cloud-based video surveillance solutions in North America. Having acquired Panasonic Cloud Management Services Europe BV in June 2017, it can now claim dominance of the European market too. Eagle Eye Networks, which also has offices in Asia, supports cloud and on-premise recording as well as both digital and analogue cameras all accessed via the web or mobile applications.

The company says it offers bank-level security and encryption. Eagle Eye s RESTful API platform and Big Data Video Framework accommodates indexing, search, retrieval, and analysis of live and archived video. Eagle Eye s open Video API has facilitated integrations with alarm monitoring, third party analytics, security dashboards, and point of sale system integrations.

Eagle Eye sells its products through authorised global resellers and installation partners. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

Botched software update disables unlocking function on hundreds of smart locks

LockState The demise of the humble mechanical lock and key might be some way off yet. For all the possibilities they open up, so-called smart locks can readily become dumb in several scenarios. Hundreds of people recently discovered that they were unable to open their doors by their usual means when their smart locks were disabled digitally, at least by a botched software update.

Earlier this month LockState issued an update to its 6000i series smart locks that was designed for its later-generation 7000i models. The 6000i locks were subsequently unable to reconnect to the company s web service. As well as the remote locking and unlocking function, the mistake cost users access to remote access, status alerts and keypad entry code-management. The company couldn t even remedy the situation with a remote fix, meaning customers have to return part of the lock for repair turnaround time one week or wait three weeks or longer for delivery of a replacement lock. In a statement, the company attempted some damage limitation by giving owners one free year of access to connected services. Roughly 500 locks have been affected, says LockState. Users had to resort to the time-honoured method of inserting a metal key. Anyone using the locks for Airbnb hosting may be more inconvenienced still. Users of the peer-to-peer accommodation portal can make letting out property easier in theory by recruiting the services of LockState through the Host Assist program.

Around 200 Airbnb hosts are reported to have been affected. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

CSL recruits head of BT Redcare Andy Fyvie

NEW HIRE CSL has appointed Andy Fyvie as head of European customer development. Andy, who joins the specialist in M2M/IoT devices from competitor BT Redcare, has 16 years experience in the fire and security sector. As head of BT Redcare Fyvie oversaw the rollout of Redcare networks in Scotland and Northern Ireland.

In his new role he will join CSL s operational team, which develops new service initiatives and product propositions with the help of CSL customers. Joining a future facing, fast-growing and innovative company like CSL is a great opportunity, says Fyvie. Having seen the success they have had in recent years I am looking forward to adding my industry experience to the team and helping the company to continue its expansion. Said CSL CEO Ed Heale: We are delighted to announce Andy s appointment. His knowledge and expertise will greatly assist us in sustaining our first-class customer service and product innovations. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

Watch: Installer World debuts with Tool Zone, Trade Counter and Engineers of Tomorrow competition

IFSEC 2017 IFSEC International this year launched an area dedicated to the needs of installers of fire and security technologies. Sponsored by RISCO, Installer World brought together manufacturers and distributors, the Tool Zone, workwear, the Engineers of Tomorrow competition, recruitment consultants and a networking bar. In the Tool Zone (big thanks to its exclusive partner, Anglia Tools), visitors sampled a wide range of hand and power tools and took advantage of exclusive discounts and special offers.

VanTainer also provided racking and storage systems. Check out our video review of Installer World below. embedded content Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals.

Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now