Krack wifi flaw could compromise IoT devices for decades to come

WPA2 protocol Reverberations of the wifi vulnerability revealed this week could be felt for many years to come, a security researcher has claimed. Speaking to Wired, HD Moore, a network security researcher at Atredis Partners, said: We re probably still going to find vulnerable devices 20 years from now. The rapid proliferation of internet-connected devices, the infrequency of software patches, and multiple barriers to getting users to launch updates mean the vulnerability could compromise IoT security for a long time yet.

The vulnerability exposes wireless internet traffic to malicious eavesdroppers and attacks. Made by Mathy Vanhoef, a security expert at Belgian university KU Leuven, the discovery is not without precedent. However, previous wifi weaknesses were found in wifi protocols that had already been largely superseded by other, more secure protocols. WPA2, by contrast, comfortably remains the most commonly used wireless security protocol. The attack works against all modern protected wifi networks, said Vanhoef in his report. Infrequently if ever updated to guard against vulnerabilities, wireless routers used in the home are seen as problematic. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. Mathy Vanhoef, who discovered the vulnerability All major operating systems, including Android, Linux, Apple and Windows, are affected. If your device supports wifi, it is most likely affected, said Vanhoef, who dubbed the weakness Krack (Key Reinstallation AttaCK).

Attackers who successfully exploit the weakness and mercifully that is difficult to do, say experts can cause havoc in a variety of ways. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted, said Vanhoef. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on. Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (eg the content of a website). Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites. Developers of IoT devices are limited mostly to email or notices on community forums in how they can notify customers and many will only find out via news reports. Some will not find out at all. Users that do become aware of the problem will have to find the patch download and navigate the sometimes irksome login process of the device s web-management interface.

Glimmer of hope But Wired says there is a glimmer of hope in pioneering new mesh-network routers with less convoluted user interface and an auto-update function. This means fixes can be implemented without input from users themselves. In a statement the UK s National Cyber Security Centre, which opened a year ago, sought to reassure the public that using the internet wouldn t necessarily expose them to risk. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping. Connections to secure websites, virtual private networks (VPN) and SSH communications are still safe, because the attack is unlikely to affect the security of information sent over the network that is protected in addition to the standard WPA2 encryption. Websites that don t display a padlock icon in the address bar, on the other hand, will create an opening for attackers. The United States Computer Emergency Readiness Team (Cert) issued a warning on Sunday in response to the vulnerability: The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others. Android 6.0 (Marshmallow) and Linux are particularly vulnerable because of another bug that results in the encryption key being rewritten as zeros. Not fully implementing the WPA2 protocol iOS and Windows are among the most secure, but no device or software tested has been fully immune to the weakness.

Most tech companies have already had a month and a half to fix the flaw since they were notified of the problem by the international Cert group, based at Carnegie Mellon University, on 28 August. Responding to a request for comment from The Guardian Google said: We re aware of the issue, and we will be patching any affected devices in the coming weeks. Microsoft said: We have released a security update to address this issue.

Customers who apply the update, or have automatic updates enabled, will be protected. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

JPH-JMIR Public Health and Surveillance

JMIR Public Health & Surveillance (JPHS, Editor-in-chief: Travis Sanchez, Emory University/Rollins School of Public Health) is a PubMed-indexed, peer-reviewed sister journal of the Journal of Medical Internet Research (JMIR), the top cited journal in health informatics (Impact Factor 2016: 5.1751). JPH is a multidisciplinary journal with a unique focus on the intersection of innovation and technology in public health, and includes topics like health communication, public health informatics, surveillance, participatory epidemiology, infodemiology and infoveillance, digital disease detection, digital public health interventions, mass media/social media campaigns, and emerging population health analysis systems and tools. We publish regular articles, reviews, protocols/system descriptions and viewpoint papers on all aspects of public health, with a focus on innovation and technology in public health. Apart from publishing traditional public health research and viewpoint papers as well as reports from traditional surveillance systems, JPH was one of the first (if not the only) peer-reviewed journal which publishes papers with surveillance or pharmacovigilance data from non-traditional, unstructured big data and text sources such as social media and the Internet (infoveillance2, digital disease detection), or reports on novel participatory epidemiology projects, where observations are solicited from the public.

Among other innovations, JPH is also dedicated to support rapid open data sharing and rapid open access to surveillance and outbreak data. As one of the novel features we plan to publish rapid or even real-time surveillance reports and open data. The methods and description of the surveillance system may be peer-reviewed and published only once in detail, in a “baseline report” (in a JMIR Res Protoc or a JMIR Public Health & Surveill paper), and authors then have the possibility to publish data and reports in frequent intervals rapidly and with only minimal additional peer-review (we call this article type “Rapid Surveillance Reports”). JMIR Publications may even work with authors/researchers and developers of selected surveillance systems on APIs for semi-automated reports (e.g. weekly reports to be automatically published in JPHS and indexed in PubMed, based on data-feeds from surveillance systems and minmal narratives and abstracts). Furthermore, duing epidemics and public health emergencies, submissions with critical data will be processed with expedited peer-review to enable publication within days or even in real-time.

We also publish descriptions of open data resources and open source software.

Where possible, we can and want to publish or even host the actual software or dataset on the journal website.


  1. ^ Impact Factor 2016: 5.175 (
  2. ^ infoveillance (

Security guard who found Vegas gunman was alone and …

An unarmed security guard at Las Vegas’ Mandalay Bay Resort and Casino was the first to take on gunman Stephen Paddock, getting shot in the process, but providing crucial help for police looking to stop the massacre.

The security guard, identified as Jesus Campos by the International Union, Security, Police and Fire Professionals of America, was shot in the leg after Paddock fired at him through a door, police said.

Police said Paddock managed to fire off over 200 rounds as the security guard approached the suspect’s room alone. But the guard managed to direct police to the exact location of Paddock’s suite and even provided a hotel key to officers looking to clear rooms on the 32nd floor before they insisted he get medical attention.

Reached by phone Wednesday night, Campos told ABC News, “I’m fine.”

The guard who found the shooter and helped bring the massacre to an end said, “I was just doing my job.”

Campos provided information over the phone that helped authorities locate the 32nd-floor room that Paddock was firing from, a spokesperson for the union said.

Campos was on “random patrol” as a security officer at the hotel when he found the shooter, said Liliana Rodriguez, who identified herself as a coworker of Campos’ at Mandalay Bay on a GoFundMe page she set up for him.

Campos went to investigate a door alarm on the 32nd floor of the hotel when he “came under fire,” Las Vegas Metropolitan Police Undersheriff Kevin McMahill said in a press conference Friday.

McMahill called Campos an “absolute hero” who was “doing his job, diligently.”

“I can tell you that this was a remarkable effort by a brave and remarkable man,” McMahill said. “We haven’t done a good enough job recognizing his actions.”

Campos was unarmed when he engaged with Paddock, the union spokesperson confirmed, which was first reported by The Daily Beast1.

“Any one of us could have been in the position he was in,” Rodriguez wrote. “Most importantly we are a home away from home and at the end of the day we are a team and we should all go home together.”

Speaking Thursday evening, Clark County Sheriff Joseph Lombardo praised Campos, saying he aided officers in their search for Paddock.

Lombardo added that Paddock fired “well over 200 rounds” into the hallway when the security guard approached. Paddock had set up a camera in the hallway, apparently to watch for approaching authorities.

“It’s amazing” that Campos didn’t sustain more injuries, Lombardo said.

“His bravery was amazing,” Lombardo added. “He gave our officers the key card for the room and then continued clearing rooms until he was ordered to go seek attention.”

On Sunday, about 22,000 concertgoers were attending the final night of the Route 91 Harvest Festival on the Las Vegas Strip — across the street from the Mandalay Bay hotel — when Paddock began his deadly assault.

It took authorities just minutes to locate where the bullets were coming from after the attack rang out.

Once police breached the door to Paddock’s suite on the 32nd floor of the hotel, they found him dead of an apparent self-inflicted gunshot wound.

A total of 58 people were killed and hundreds were injured in the attack.

A motive is still not known, but police said the shooting was “obviously premeditated.”

ABC News’ James Hill and Michael DelMoro contributed to this report.


  1. ^ The Daily Beast (

Fixed cameras will account for less than 50% of surveillance footage in five years time

Bjorn Skou Eilertsen, CTO of Milestone Systems, was thinking big in the Security Management Theatre on day three of IFSEC International. Speaking on the topic of how hardware-accelerated video content analysis and the internet of things will transform surveillance , he reflected on the changes disrupting the industry now and the paradigm shift still to come. With 90% of the world s data created in the last two years, the term big data doesn t even begin to encapsulate the magnitude of the data revolution, he argues.

Is big data even enough now? Gigantic data might be better, said Eilertsen. Despite the ubiquity of fixed CCTV cameras, they account for a shrinking share of surveillance footage as mobiles, body-worn cameras and drones proliferate. We believe that in less than five years from now, more than 50% of streams managed by video management systems will not be from fixed cameras, he predicted. Aggregation, automation and augmentation A trinity of aggregation, automation and augmentation will equip the industry to accommodate the burgeoning volume of data, said Eilertsen, who joined Milestone in 2013 having worked for both IBM and Microsoft. Aggregation happens all around you, he explained. Only a few years ago it would be a fixed camera, fixed sensors, very rule-based. But now there are 285 million surveillance cameras in operation. That s only a fraction, because everything is being captured on mobile.

With neural networks we can start predicting behaviour. Bjorn Skou Eilertsen, CTO, Milestone Systems How do we automate these things? This is where our vision of intelligent data plays a role. Deep learning plays a role. Augmentation: how do we put these things together? So a vast amount of information is being gathered. This is why a lot is going to happen on the service side. People think it will be on the edge, out there on a single device. Eilertsen pointed out that Data is already being aggregated from multiple sources in an automated process deployed on assembly lines in manufacturing plants.

Aggregating forms patterns, but it s so much information petabyte after petabyte of video and sensor information. What will we do with it? Who is going to look at the patterns and figure out what the intelligence is? That is where the important changes are coming in terms of AI, deep learning and neural networks. For simple systems with only a few components, it s fairly easy to make rule-based analytics and go with the flow. However: When you start aggregating data so big and complicated that humans simply cannot operate them, that s where automation and augmentation come in. Neural networks The shackles are now off thanks to quantum leaps in technology. This has been difficult to do for a long time because conventional CPUs cannot compute fast enough. That s changing now with the introduction of the GPU, said Eilertsen.

The GPU is a multicore computer. It changes the way we can make models, neural networks. It makes a lot of different ways of working the data. The days of having one company try and do everything is over in my opinion. Bjorn Skou Eilertsen, CTO, Milestone Systems He refers to a prototype that can show 1,500 surveillance cameras, to full HD quality, continuously recording, including motion detection. For those who can t do the maths, that s 45,000 frames a second. It is very, very difficult to do on regular computer hardware. He says there is a big shift away from conventional, rule-based analytics to systems managed by neural networks. Neural networks, deep learning algorithms and artificial intelligence are not based on fixed outcomes.

The problem about today s analytics is it s a predetermined outcome. With neural networks we can start predicting behaviour, he says. However, human operators will still have a role to play. How do we make machine intelligence combine with human intelligence? The point is to enable people to make faster and better decisions. He says this new paradigm has huge potential in the field of body-worn video for law enforcement. You can take all the aggregated media from years back, days back, minutes back, and time-lapse it. They identify all different objects and put them into a sequence, so a one-hour video can be reviewed in one minute. That s a really good example of how we start adding human interaction based on machine learning.

It really makes it a lot easier to work with these systems. Collaboration Collaboration with partners has long been part of Milestone s modus operandi, but its importance is growing further still. The aggregation, automation and augmentation will transform the entire industry, says Eilertsen. But it s impossible to do alone. For a very long time it s been everyone on their own trying to make their own analytics a little bit better than the rest. But it s really holding back innovation. What Milestone and the Milestone community is really about is enabling everyone to participate. If he s correct about the industry s direction of travel then the changes ahead are nothing short of revolutionary. The days of having one company try and do everything is over in my opinion.

We all need to collectively move forward. I think in five years when we look back at the industry, we ll have two ways of looking at it. One person will say: Why did we miss it, why didn t we see what was happening? The other, more interesting way is: How did we use our imagination, how did we change the rules, set the agenda and change the industry? We need to think as a community. We need to start innovating together, and we can move a lot faster. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals.

Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

Radiation-blocking underwear and 18 other bizarre smart things that could let hackers into your smart home (and one device to protect you)

No object, however mundane, cannot be improved with a computer chip: this seems to be the philosophy driving development of smart things in the smart home arena. It was partly this scattergun approach that prompted Wired magazine to prophesise the demise of the internet of things (IoT) at the start of 2017. Click on the icons in our infographic below to check out 19 of the most bizarre or according to IoT sceptics pointless devices that are creating new vectors of attack for cybercriminals.

Security is little more than an afterthought on too many devices, with criminals able to guess default usernames and passwords by trawling Google. We haven t chosen these 19 devices based on security some may have very rigorous security mechanisms in place. Rather, we chose the most bizarre devices, and paradoxically, in this context, bizarre also means mundane the point being: is a smart hair brush or smart fork really going to deliver benefits that warrant creating new avenues through which hackers could break into your home network? Several products designed to boost IoT security were launched at CES 2017, suggesting the industry is waking up to the threat. We ve included one of them below flagged with a red icon. Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself. Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now

Wavestore launches version v6.8 of its video management software

VMS Wavestore has launched v6.8 of its open-platform, Linux-based video management software (VMS). The latest incarnation includes support for VMWare ESXi, which brings virtualization to the Wavestore VMS platform. Operators with virtual machines, which can license the VMS via the internet or a virtual-machine dongle, can reduce energy, software, and IT administration costs.

Version 6.8 also introduces to Wavestore s WaveView client software dynamic search and instant display of ad-hoc groups of devices. For instance, type in ground floor will filter down to all devices with ground floor in its name. Our one screen, total control philosophy drives us to ensure that our Partners can seamlessly bring a wide range of technologies together so that operators can easy work day-to-day with Wavestore s VMS , says Julian Inman, Head of Product Management. Wavestore s VMS running in a virtualised environment can even be used in conjunction with traditional Wavestore NVRs/HVRs and the operator can simply see and control the entire mixed group from a single screen if they wish. We bring together multiple devices, such as cameras, access control, intruder detection and advanced analytics; and now multiple server technologies all with the same easy to use front end to deliver a fully scalable and future-proof solution . The latest version of Wavestore s VMS will now integrate with the latest smart IP camera feature sets from Hikvision and Uniview, the AllGoVision analytics suite, while individual detection zones from Optex Redscan detectors can now be associated with specific actions. Now shipping with all new orders, Wavestore v6.8 is available as an upgrade for existing users with active upgrade bundles. The package comes in a block of six successive in-version upgrades without any time limit imposed. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals.

Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

How is smart technology making businesses more safe and secure?

It s no secret that founding, growing and managing a business takes a lot of determination and hard work. As a business owner, it s common to feel extremely proud yet protective of the business you ve invested a lot of money and time into from the office building itself, to the furniture inside it and the tech-savvy devices you ve purchased to ensure your employees are able to do the best job possible. Thanks to smart technology, businesses are starting to rely on the latest digital trends and developments to stay ahead in their industries.

But, innovative technology and the Internet of things (IoT) is not only making businesses more efficient, it s also being used to improve business safety and security systems. As home-owners we ensure that our houses are burglar-proof and protected against risks and hazards but, as business owners, are we implementing the same safety measures? In fact, with the amount of expensive technology and equipment businesses have, it could be argued that businesses have more to lose if their properties don t have substantial safety and security measures in place. So, how should businesses be using smart technology to keep their property as safe and secure as possible? Use technology to oversee the office remotely Whether you re out of town for a business trip, working from home or on a well-deserved holiday, it s expected for you to feel concerned about whether everything is in order in your absence. With smart technology, business owners are able to put their minds at ease and oversee the office remotely. Smart security systems that connect to cameras, such as Netgear s security camera, enable you to view areas of your office and property straight from a smartphone from anywhere around the world. As smart security cameras develop, more and more are equipped to detect suspicious activity and notify the owner with a simple text or email to their smartphone, and video recording features mean you can replay and watch back footage too. In a similar way to smart security cameras, smart alarm kits work to keep offices safe and secure except with the use of motion sensors or detectors; as soon as a business owner leaves the office for the evening, the kit can be activated and will instantly notify them via smartphone if the alarms are triggered.

With both a security camera and a smart alarm kit working around the clock to keep your property safe and secure when no employees are at work, business owners can focus on running their business rather than worrying about safety and security measures. Your very own flying CCTV This smart tech device is particularly useful for owners of large businesses that occupy a lot of land, such as a factory. Whilst smart security cameras can be set up all around the area, a flying drone can take security levels one step further. Drones can take on watchdog tendencies and patrol your business property; they circulate the land or follow intruders whilst filming any suspicious activity, which is streamed directly to your smartphone. For businesses that aren t as large, a drone might not be necessary so technology such as a smart security light or even a RoboDog could be better suited for your security needs. Kuna s security light combines both a security camera and a light; it starts recording 10 seconds before an event is triggered so you can see the full footage of any suspicious activity, and you can choose what you want to happen when the device is triggered such as sound an alarm or call the police. No key? No problem If you, or a few members of your staff, are guilty of losing your office keys from time to time causing a lot of issues with the risk of burglars and replacing locks and keys smart locks, virtual keys and geofencing technology could be your saviour. Smart security systems allow you and your team to enter and leave the office without a key, as long as you have a smartphone on your person and, let s be honest, who doesn t?

August s smart lock allows multiple people onto its system and supplies each individual with their own virtual key, so they can all lock and unlock a door with just their smartphone. Similarly, geofencing technology defined as a virtual perimeter for a real-world geographic area enables business owners to be notified when someone enters or leaves the property, so any out of hours trespassers will be caught out. As a business owner, your time should be spent on growing your business and managing employees and shouldn t be consumed by concerns over your property s safety and security.

We re already seeing smart technology shape security systems that are making our businesses more burglar and hazard proof than ever before, and we can only expect to see this technology continue to advance.

HID Global unveils HID location services

IFSEC 2017 HID Global, which provides identity technologies, is exhibited its location services in Europe at IFSEC 2017, along with its range of access control systems and other products. The company promoted its newest development, HID Location Services for workforce optimisation, which is designed to meet demand for accurate and real-time location of an organisation s workforce. By combining Internet of Things (IoT) and wireless communication technologies organisations can increase the visibility of the location of their workforce in a facility or building.

The technology can make it possible to analyse the use of rooms for better building management and improvements in operational efficiencies. Future use cases could include building automation capabilities, rich security features and capabilities that facilitate life safety management and compliance. Harm Radstaak, vice president and managing director of physical access control at HID Global, said: HID Location Services extends the traditional capabilities of access control to improve security and area governance within buildings. This new solution underscores our commitment to developing innovative trusted identity solutions that power people, place and things. Other systems and products HID Global showcased included secure door/gate access using smartphones, wearables and tablets via HID Mobile Access, and intelligent visitor management with EasyLobby Solo that only takes 20 seconds to register a visitor, capture detailed information, print a badge and notify someone that a visitor has arrived. HID s parent company, ASSA ABLOY, also showcased new wireless locks that work with HID s Seos credential technology on the stand. And visitors witnessed demonstrations of credential encoding, configuration and management with HID s iCLASS SE CP1000 Encoder and the company s Lumidigm biometrics technology with multispectral imaging, which can read unique fingerprint characteristics from the surface/subsurface of the skin. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Further topics covered include: The network cameras hijack during the 2017 presidential inauguration, updates on the forthcoming EU data protection law (the GDPR), ultra-low light cameras versus thermal cameras and much more.

Click here to Download now

Optex demonstrates five security scenarios for sensors

IFseC 2017 Global sensor manufacturer Optex exhibited different sensor products centred on five security scenarios, including perimeter protection and tailgating detection, during IFSEC 2017. At the security show Optex s stand included a high security perimeter protection zone, where the company demonstrated its CPNI-approved fibre optic fence detection system, Fiber Sensys FD-322 series. The system detects intruders climbing or cutting through a fence.

Optex s REDSCAN RLS-3060 creates another layer of security around the perimeter fence to warn if a person or vehicle is approaching the fence. The company s perimeter intrusion detection systems are integrated with the GEMOS PSIM platform to trigger video surveillance drones to fly to the point at which the intrusion is occurring and send a live video stream to a control centre. In a second zone, Optex demonstrated its time of flight technology, where a scene is mapped in 3D to give an accurate representation of the objects present. The technology is used in Accurance 3D, Optex s tailgating detection system for interlocks. Other applications include object protection. Also at the show, Optex s REDSCAN RLS-2020 was on display, for visitors to see how the technology can protect assets and detect people jumping over turnstiles or climbing through skylights. REDSCAN RLS-2020 is already proven in identifying small objects or thrown objects being smuggled into restricted areas. For commercial and residential security, Optex also exhibited its new wireless infrared beam, the SL-TNR that works with universal batteries (CR123). The product can be partly hardwired.

The fifth zone included demonstrations of Optex s wireless outdoor sensors used in Internet of Things applications, for sending alarms and other data via the cloud to a smartphone, or to a remote monitoring station. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Further topics covered include: The network cameras hijack during the 2017 presidential inauguration, updates on the forthcoming EU data protection law (the GDPR), ultra-low light cameras versus thermal cameras and much more.

Click here to Download now

We need joint cyber-physical teams for cyber-physical alerts

IFSEC presentations James Willison BA, MA, MSyI is a respected specialist in security convergence and enterprise risk management. Also founder of Unified Security Ltd, Willison is speaking at IFSEC 2017 about How vendors can support ESRM and CSM strategies and What security managers need to know about cybersecurity . We caught up with James to find out a little more about these topics in advance of Europe s largest annual security show.

IFSEC International takes place between 20-22 June 2017 at London ExCeL. Get your free badge now. IFSEC Global: Hi, James, please tell us a bit about what you ll be talking about at IFSEC with Sarb Sembhi James Willison: We re going to be talking about how vendors can support enterprise security risk management. There s lots happening in the corporate strategy of bringing risk silos together and identifying cyber-physical attacks which is great. However, how can vendors help them better achieve this? Can they provide technologies which will actually calculate enterprise security risks? How can they make sure they re supplying secure software and secure technology? We ll also cover the strategic side of security management. So security managers, what do they do on their side?

How do they manage technology they re going to buy, how do they know it s good rather than bad so looking at principles really. It s high level strategy rather than technical. We won t be giving details on all the firewall stuff or what sort of software you re using. It s more about what sort of thing you should be looking for and relationships between suppliers and installers and what impressions they re giving the client. I m doing that talk with Sarb Sembhi. What we re saying to vendors is you ve got an opportunity to lead the market in identity access management because the information security guys aren t really doing it on a large scale IG: And what about your talk, alongside Steven Kenny of Axis Communications, about cybersecurity? JW: We ll be talking about what Axis are doing, which I know quite a lot about because I m working with them. Steve will cover hardening the cybersecurity of their products and systems and I will look at how these should be managed in an enterprise or smart city. And I ll be giving a strategic look at multi-disciplinary security teaming, which is what converged security really is.

But basically I ll be saying that people have talked about convergence quite a lot in the last few years, all over the world. But what we need is united cyber-physical teams working in tandem on cyber-physical alerts. Barclays recently merged their physical and cybersecurity teams into one big security team with technology that is cyber-physical and responding in real time. The highest level of achievement in this area would be them, Deutsche Telekom and BT. Some corporations are doing this converged security management but others are doing enterprise security, which is looking at all security risks but their teams are still siloed. So they re looking at all security risks but separately. What we re advocating is that even if you can t form one big department because of organisational problems, you form a separate team that includes both information and physical security people not just one or the other. CISOs tend not to think physical security systems providers really have the capability to offer cyber-physical security solutions IG: At least it makes sure they re talking to each other JW: Yes. I know these teams exist, but they re quite rare.

In our talk we consider how these teams can use converged technologies to respond to attacks on their physical security systems. We look at important actions to take in this area and this will be of particular relevance for security professionals working in the smart cities of the future. Out of interest, South Korea, a leader in smart cities, had an InfoSec type show recently and they had 15-20,000 information security people there, with 28,000 physical. So that was interesting as they discussed cyber-physical security, convergence, IoT and new technologies. Something to watch IG: Why do you think there is so little take up of cyber-physical security offerings from physical security vendors? JW: I think because the people looking after that would usually be the chief information security officer, and they don t think physical security systems providers really have the capability to offer cyber-physical security solutions. These vendors have specialised in physical up until now and to get into that market is quite hard because there are a lot of information security type access systems, obviously for IT, but identity access management is a big part of that. I think some of that will converge. I ve been to conferences where they talk about identity access management all day because it s on the network.

Then there are loads of products around that and some will include a physical element. What we re saying in our talk is you ve got an opportunity to lead the market because the information security guys aren t really doing it on a large scale. It s a growth area. And the internet of things obviously will impact all this. IG: Could you just clarify the kind of security professionals who will benefit from the talk? JW: We have a three-pronged approach. What you should be doing in your organisation to converge or have multi-disciplinary teams and how you can do that. You can take the initiative by going to HR and saying you want to form one, can you help me, because maybe I m not getting help from the IT people. So that shows initiative, to see what they say back before they come back and make you do it anyway.

HR might just realise they can form one department to save money. They no longer need two security functions. That s been an issue in the past. Someone tells them they need only one person to run the whole security department to include every area of security. There s this fear that all the chief information security guys are going to take over physical security. A lot of jobs are now advertised in this area, when you dig deep into them they re looking for chief information security officers. The IT companies don t see the point of siloing off. They tend to be more digitalised and, well, you need to know about IT anyway. But if you don t know about it, what are you doing here?

IG: As ever, it sounds like the technology is evolving faster than the corporate culture can keep up with. Is there anything else you want to mention? JW: Just that we re publishing a white paper with Axis on this subject, called Supporting Enterprise Security Risk Management, How vendors can support ESRM and CSM strategies . We are delighted to announce that this will be launched at IFSEC and available as a PDF on the Axis website (click here) or if you contact me at [email protected] We hope to have some printed copies for those who attend our presentation! So please come and get a copy! James Willison is speaking twice at IFSEC 2017: 20 June / 14:00-14:40 / Supporting Enterprise Security Management How vendors can support ESRM and CSM strategies / James Willison and S arb Sembhi, CTO & CISO, Virtually Informed / Borders & Infrastructure Theatre 21 June / 13:30-13:55 / What security managers need to know about cybersecurity / James Willison and Steven Kenny, Axis Communications / Security Management Theatre View the full conference agenda here IFSEC International takes place between 20-22 June 2017 at London ExCeL. Get your free badge now. Visit Europe s only large-scale security event in 2017 IFSEC International is taking place at Excel London, 20 22 June 2017, here are 5 reasons you should attend: Exclusive hands-on access to over 10,000 brand new security solutions Network with over 27,000 security professionals Discounts of up to 30% exclusively for IFSEC 150 hours of seminars, workshops and keynote speeches A 1-2-1 meetings service to pre-book face to face meetings.

Time is running out, register now to avoid missing out