networks

The value of cyber risk assessments and how to reinforce your soft underbelly: your employees

Headlines revealing the latest cyber-attack have cropped up with concerning regularity in 2017. It will therefore come as little surprise to learn that the latest institutions to be found wanting in the cybersecurity department are universities, as reported recently in The Times . Following a Freedom of Information request, the paper discovered that the number of attacks experienced by leading universities has almost doubled in the past two years, with advances in military and energy technology being particularly targeted.

The director of cybersecurity research at the University of Warwick was reported as saying that lax cybersecurity was a problem at many universities. Another security expert claimed this was due to their use of open networks, insufficient investment in both software and staff to monitor security, and the difficulty of managing a range of different networks. While universities are an obvious target for cyber-attacks (many of which appear to be sponsored by nation states) due to their rich seam of research data and inadequate defences, every business should be aware of the damage cybercriminals can inflict by disrupting their operations. The ransomware attack on a range of organisations (including the NHS) demonstrated this only too clearly earlier this year. Protecting your networks from cyber-attacks Cybercriminals are always looking for the chink in the armour so every business must take cybersecurity seriously to avoid becoming a victim. The first step is to carry out a risk assessment to establish what personal data and other confidential data the company holds and how it is used, transmitted and stored. Once you have identified any weak spots where cybercrime poses a particular risk, the next step is to implement security measures to protect your networks from cyber-attacks. Employees are a weak spot It is right to acknowledge that one of your major weak spots is likely to be your employees. You need to put clear procedures in place, encapsulated in a company policy, to deal with the risk of cybercrime.

And all staff should be trained on what steps they can/should take to prevent it. You can insist that any memory sticks, tablets or mobile phones used by employees outside the workplace must be scanned before using them on company network systems. Indeed, you might even consider whether every employee should have permission to use portable media. Companies should bear in mind the reputational damage it might suffer if found to be excessively monitoring employees You can consider taking out insurance or engaging a third party to manage your cybersecurity where the risk of attack is high or the implications particularly severe. Employees use of social media can also compromise your cybersecurity unless you have a clear social media policy that sets out limits to social media use in the workplace. This is particularly relevant where employees work with, or have access to, sensitive information. Individuals right to privacy versus security Naturally, there are implications for companies which need to monitor and store employee information or data. Any such monitoring must be proportionate and carried out in accordance with the Data Protection Act 1998. Individuals rights regarding their data will be further strengthened by the introduction of the General Data Protection Regulation (GDPR) in May 2018.

The Employment Practices Code contains further guidance for businesses on monitoring employees at work. You need to inform employees that they may be monitored and it may be necessary to seek employees express consent in cases where employee communications are being intercepted. Failure to do so could mean a business facing a claim for damages from the sender, recipient or intended recipient of the communication. Employees also have a right to privacy under the Human Rights Act 1998. An employee can bring a claim for unfair dismissal where they believe their dismissal was based on evidence gathered about them through their employer s monitoring equipment that interfered with their right to privacy. Companies should also bear in mind the unquantifiable reputational damage that it might suffer if it is found to be excessively monitoring its employees. All businesses can be badly affected The bottom line, as university cybersecurity chiefs will attest, is to: Carry out a risk assessment Invest in security measures to keep your networks safe Train your staff to understand the risks to the business from cybercriminals Put clear policies in place so everyone knows what they can and cannot do in relation to portable devices and social media use Although cybercrime poses a particularly virulent threat to high-tech research, development and manufacturing organisations, everyone needs to be aware that a cyber-attack can have very serious financial implications for any business. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now Related Topics How to follow up sales leads following IFSEC and FIREX International How content marketing is boosting web traffic and engagement in the security industry Many engineers are far more valuable than their managers and their salaries should reflect this

Breaking: HID Global to buy Mercury Security Products from ACRE LLC

ACQUISITION HID Global, a subsidiary of ASSA ABLOY, is on the cusp of acquiring Mercury Security Products from ACRE LLC, the group that owns Vanderbilt Industries and ComNet. Founded in 1992 Mercury Security Products supplies OEM access control hardware, with an installed base of four million control panels worldwide. HID Global, which was acquired by ASSA ABLOY in 2000, develops products, services and solutions related to the creation, management and use of secure identities .

Headquartered in Austin, Texas, the company has over 3,200 employees worldwide and operates in more than 100 countries. Subject to regulatory approval and customary closing conditions, the deal is expected to go through in the final quarter of 2017. Financial terms of the agreement are not being publicly disclosed. Houlihan Lokey Capital Inc and Raymond James & Associates Inc acted as financial advisors to ACRE and Mercury. Strategic move Divesting Mercury after many years of success since ACRE purchased the business in 2013 is a strategic move that allows ACRE to focus on its core access control, video and intrusion businesses under the Vanderbilt and ComNet brands, said ACRE CEO Joseph Grillo. HID is the perfect home to provide for the continued growth and success of Mercury, which will remain a valued technology supplier to Vanderbilt. We caught up with Grillo, who came third in our roll call of the top 10 influencers among security manufacturers/service providers 2017, at IFSEC 2017, where he emphasised that ACRE is still very much in the market for more acquisitions.

ACRE (Access Control Related Enterprises) has acquired several security businesses since it was formed in 2012 by Grillo, including Schlage SMS from Ingersoll Rand in 2012, Mercury itself in 2013, the Security Products Division of Siemens AG in 2014, and Access Control Technology (ACT) and ComNet in 2016.

Related Topics Eagle Eye Networks acquires Panasonic Cloud Management Services Europe BV Veracity acquires command and control specialist iComply FLIR Systems acquires developer behind world s smallest drone: Prox Dynamics

New cloud surveillance brand will revolutionise fight against fraudulent slip, trip and fall claims, says founder

VSaaS A new video-surveillance-as-a-service (VSaaS) brand has been launched in partnership with Google Cloud. Ocucon promises users the facility to store, analyse and retrieve unlimited volumes of video surveillance footage for an unlimited number of cameras. Founder Gary Trotter says he saw an opportunity to protect businesses against fraudulent claims related to alleged slips, trips and falls that amount to more than 800 million a year.

Typically, businesses are restricted to saving 30 days of surveillance footage purely because of the sheer scale and size of the data, he explains. However, the threat of litigation and fraudulent claims many of which are received after 30 days has passed has resulted in increasing numbers of businesses needing to store their security footage for longer. Ocucon is the first cloud-based software system that processes and transmits unlimited amounts of CCTV footage into the cloud. Providing organisations with the flexibility to store uncapped amounts of data for as long as required will revolutionise the way in which businesses defend against wrongful allegations and will allow for greater post-recording video analytics that will ultimately generate significant security and business insights. Offering protection against theft, vandalism or fraudulent insurance claims, the new service is already generating significant interest among large retail chains and is expected to be of interest to any organisation capturing large amounts of CCTV data, such as transport hubs or local authorities. Key features include: Secure, affordable, long-term uncapped storage of HD video surveillance footage An easy-to-navigate portal providing near real-time and on-demand download access to video surveillance footage from the cloud, with date, time and camera search function All-encompassing surveillance and data intelligence solution via API access to industry-leading software partners Everseen and Facit analytics Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now Related Topics How to put your physical security systems into the cloud Eagle Eye Networks introduces analytics to the Eagle Eye Cloud Security Camera VMS Turn your employees into human security sensors: Qognify launches Qognify Extend

Best of both worlds: Why an IoT that is both open and secure should be a right, not a privilege

A recent report by SAS and the Centre for Economics and Business Research estimated that by 2020, big data and the internet of things (IoT) will be worth 322bn to the UK economy, and account for 2.7% of GDP. Gartner forecasts that IoT endpoints will reach a global installed base of 20.4 billion units by 2020. IoT networks are already critical to global public and private sector infrastructure, delivering ever expanding capacities and potential benefits.

However, among the many pressures that are rising from the growth of IoT, two are becoming critical: throttled growth of new applications caused by non-interoperative, proprietary technology; and a widening field of security vulnerabilities, only growing more pressing as IoT permeates modern life. As IoT networks connect more and more services throughout our cities, business and homes they are rapidly becoming one of the most critical technologies underpinning our daily lives. Yet we see a great discrepancy in the requirements and demands of cities, utilities and enterprises on the network operators. Does this mean they are not taking their role as seriously as they should, or instead that the essential requirements are not yet well understood? It might seem like wishful thinking to expect that IoT networks should be both open to future development and secure against attack. It isn t. In fact, demanding the best in both these areas is utterly essential. IoT is moving beyond its roots, where devices were predominantly single-ownership/ single-use solutions. They are now able to connect to several different domains and work best when they have open and equal access to data, controllers and platforms simultaneously.

At the same time, security standards are being agreed to ensure that all devices are insulated against and able to respond to breaches. At Silver Spring Networks, we felt it was time that the buyers of IoT Networks understood how important and achievable balancing security and openness has become. Delivering security at a city-wide scale Persistent detection and safeguards from unauthorised access are two of the most important rights that all IoT network providers should confidently demand. Many IoT network platforms have only the most introductory and basic security measures which, given the interconnected nature of most networks, permits serious vulnerabilities to develop. The 2016 DDOS attack on Dyn, one of the companies running the internet s domain name system, provides an example of the repercussions of insufficiently secured IoT devices: disrupting of the connection of thousands of internet users from big online retailers and other popular sites. Shortly after this attack, a tech industry veteran demonstrated the vulnerability of unsecured IoT devices even further. By connecting a $55 IoT security camera to the internet, it was discovered that a full penetration cyber-attack could be carried out in just 98 seconds. IoT networks are large and are often very complex, with multiple points of entry and multiple touchpoints. Furthermore, when compared to computers, tablets and phones they typically have simplified user interfaces to reduce cost and simplify installation.

However, the assumption that large IoT networks cannot be made secure is wrong. Best in class IoT networks harness top-tier, military grade security, including features such as automated, asymmetric key exchange and rotation; hardened crypto processors used in key generation and storage; AES encryption to protect data in transit; and authentication via certificates at multiple layers, including prior to network enrolment. The ability to deploy formware upgrades swiftly and reliably to all nodes in a network is also an essential feature to ensure that networks remain secure across coming decades. Organisations working with IoT networks should be able to confirm that this level of security is present across their entire network, and address any segments where those standards are not or cannot be met. Ensuring an open, adaptable and future-fit network Cyber-attacks will always present a significant and costly liability to IoT networks, but they are not the only threat to consider. We live in a world where technology is evolving at a break-neck pace and new applications are emerging constantly. Networks which are locked into a single vendor s products or proprietary platform, which can t easily adapt to innovation, will also be the cause to painful costs down the line. The best insurance against this future is to deploy a solution based on proper industry standards. Proprietary technologies posing as standards (LoRaWAN, for example) effectively lock in to an ecosystem built around a single chipset.

This threatens interoperability down the line, which leads to massive and costly technical iteration and system integration efforts, all while capping the network s ultimate functionality. The best way to ensure a diverse ecosystem is to implement open, standards-based technologies that are demonstrated to be interoperable at every level of the system. The Wireless Smart Ubiquitous Network (Wi-SUN) standard is set up on this principle. Wi-SUN was designed to underpin the operation and deployment on next-generation star, mesh and hybrid networks. These networks are designed to capitalise on many connected paths, to deliver fast, reliable and city-scale coverage. Each node relays data for the network to provide strong and stable connectivity. Wi-SUN is maintained by a third-party organisation that constantly tests to certify that the IoT equipment is both conformant to the standard and interoperable with other certified networks, fostering a diverse ecosystem. Open standards allow a far greater number of providers to develop solutions, which are tested for interoperability, ensuring those solutions can work together. The best new IoT software, whether it be for management of Smart Grid applications (smart metering, real time grid balancing, renewable management etc.), management of city services (Smart street lighting, traffic flow optimisation, flood monitoring and management, Smart parking optimisation etc.), smart logistics, smart agriculture or many others the best and most effective functionality will only be unlocked through comprehensive, integrated end-to-end solutions.

Networks built around an industry standard that emphasises openness and development is essential to delivering this. Your right to best-in-class IoT At Silver Spring Networks, we think that its past time that IoT network providers were held to standards which reflect the incredible impact of IoT technology on society, now and into the future. We have set out the lessons we have delivering 26 million IoT devices across five continents into a bill of 10 rights IoT customers must be empowered to demand be enshrined in any IoT network services agreement. Security and openness are just two of these. IoT s potential to provide an incredible uplift to society across the world has only just begun to unfold. The buyers of IoT networks have the means to steer this future, by arming themselves with the information and courage to demand nothing less than the absolute best from their providers. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals.

Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

Petya/GoldenEye: Cybersecurity experts respond to ransomware attack

The latest ransomware virus to sweep the globe started in Ukraine after users there downloaded a popular tax accounting package or visited a local news site, according to Ukrainian police and cyber experts. Called GoldenEye or Petya, the virus has affected thousands of computers, disrupting organisations in a wide range of sectors, from shipping to manufacturing. US shipping company FedEx, Danish shipping giant AP Moller-Maersk and Russian oil giant Rosneft are among those hit by the attack.

The malicious code locks machines and demands that victims pay a ransom of $300 in bitcoins or lose their data. The hackers motives are still unclear, with some experts speculating that, given the modest sums demanded, a motive other than financial gain might be driving them. A number of cybersecurity experts offered their analyses to IFSEC Global, which you can read below. Eldon Sprickerhoff, founder and chief security strategist, eSentire Attacks are becoming more widespread, are moving faster, and are harder to kill The eSentire threat intelligence team has confirmed one variant associated with this attack, however broadly there are more than 50 different flavours of ransomware variants in the wild. Of those flavours, behaviors prompt the rapid deletion of files and exfiltration of data. Recently we ve tracked a new variant which works to lock down passwords before encryption, making backup restoration particularly tricky. This attack amplifies the rapid evolution of ransomware; attacks are becoming more widespread, are moving faster, and are harder to kill. While this attack is hitting Europe harder than other countries (at the moment), it is moving quickly and businesses worldwide should treat this as the warning siren. Take this as an opportunity to ensure that offline backups and system patches are up-to-date, and tested.

Dr Jamie Graves, CEO, ZoneFox It s not just computer systems shutting down; it s energy grids losing power, ships stopping in their tracks and people not being able to access their money This is further confirmation that we now live in a world where nation-state sponsored cyber-attacks are becoming as routine as real-world incidents. This latest attack reminds us of two crucial facts regarding the current state of cyber security: that attackers now have access regardless of whether they are state-sponsored or independent to military-grade cyber weaponry, hence the fact that the attacks are so successful. Secondly, that digital data is directly linked to physical assets; it s not just computer systems shutting down, it s energy grids losing power, ships stopping in their tracks and people not being able to access their money. Despite the headlines it will create, especially in the wake of the recent WannaCry incident, this is old news. The origin of this attack looks to be a phishing email that delivers a rebranded piece of ransomware, with the only addition being the NSA EnternalBlue exploits that WannaCry used. If you don t have adequate security in place and a seriously security-conscious culture, you re going to get a free penetration test to show just how vulnerable your organisation really is. Marty P Kamden, CMO, NordVPN One way to protect yourself is to disrupt a system before it boots, as the ransomware runs on boot The latest ransomware assault seems to be particularly dangerous. One of the best protection mechanisms are patches, but they might not always work with this new version of Petya. Another way to protect yourself is to disrupt a system before it boots, as the ransomware runs on boot.

After the device gets infected with a ransomware, it will wait for about an hour until reboot. Reboot is required for a malware to encrypt the system, so in certain cases, if the device gets terminated in the encryption process, it gets disrupted and information can be saved. Generally, system administrators are still not well-prepared to protect their networks, and these attacks will only keep getting worse. Matt Kingswood, UK head, IT Specialists The best way to prepare for an attack is to back up data regularly to the cloud The news story on the new variant of the Petya ransomware dubbed PetrWrap exposes just how complex and well evolved cyber threats have become. Researchers from Kaspersky have documented that the group behind PetrWrap created a special module that patches the original Petya ransomware on the fly . While Kaspersky has a signature for this ransomware already, other AV providers are sure to follow soon. Although there are a range of best practices to reduce the risk of a ransomware infection (such as installing an antivirus scanner, utilising intrusion detection services, applying updates as soon as possible and avoiding unsolicited email attachments), there is no failsafe method for preventing ransomware. The best way to prepare for an attack is to back up data regularly to the cloud. Secure cloud-to-cloud backup solutions create another, encrypted version of your data and maintain prior versions ‘ in the case of a ransomware attack, the versions before the attack.

And, of course, this second copy has the added benefit of preventing data loss via accidental deletion. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Further topics covered include: The network cameras hijack during the 2017 presidential inauguration, updates on the forthcoming EU data protection law (the GDPR), ultra-low light cameras versus thermal cameras and much more.

Click here to Download now

Physical security professionals: do you really need to care about cybersecurity too?

So we all know that cybersecurity is important. It s mentioned in the national news on almost a daily basis, whether it be about the government vulnerabilities, cyberterrorism, or major retailers letting criminals steal millions of customer s credit card details. But, like securing physical spaces, it s one of those things that only becomes newsworthy when it fails.

For a long time, physical security was strictly analog, and it s only connection to the IT network was at its end point. And therefore, those responsible for physical security didn t need to concern themselves with worrying about network security, while at the same time, the IT department didn t need to be concerned with any undue exposure from cameras etc. Game-changer Sure hacks have always occurred even in analogue systems (the prototypical breach through a baby monitor or garage door opener being well known examples). But now that IP-based security systems are becoming the norm, with all the associated benefits, both sides need to be aware that the game has changed. The challenge, as we see it, is that the physical security team and the IT team have, on the face of it, very different outlooks and priorities, and often don t really understand each other. Physical security is from Mars and the IT department is from Venus! Often it can simply be a language/jargon barrier, where neither side truly gets what the other one is talking about. But in many cases, it can also be more akin to a border dispute, or a custody battle for an unwanted child: the physical security team don t consider cybersecurity to be part of their job, and the IT department may not even be aware of the potential vulnerabilities from a variety of devices that appear to have no obvious users or owners. One phrase stuck in my head after a recent conversation about cybersecurity with a customer: We are glad Axis is thinking about this stuff, and it s interesting, but we are pretty relaxed about it right now, they said.

And if they haven t been attacked (or at least don t know if they have been attacked), then that response is often followed by Cybersecurity is something that the IT department is worried about I just have to make sure this building is secure. At the same time, when I have talked to the IT department, they have sometimes been unaware of the potential exposure of unsecured IP cameras. So, how do we, as an industry, get the physical security manager to take IT security seriously? And conversely, how do we help the IT security team to talk to their physical security colleagues in a language that they understand? Actually, it s not that complicated. The best way is to use the terminology that they are both familiar with: IT Team Physical Team Don t use default passwords, make them hard to guess and change them often Install decent locks and make sure the keys are hard to copy Make sure to have proper user management tools in place Don t give out more keys than you absolutely have to instead put in some access controls Make sure devices lock themselves if not being used Lock the doors! Detect network breaches Detect intruders Don t leave any backdoors open, just in case Don t prop open that fire escape just in case Put up a firewall around your network to stop people casually wandering in Put a fence up around your perimeter to stop people casually wandering in However, not all organisations and businesses are the same, and some already have good communication between these two departments, and a good awareness of the threats they need to tackle together. What I have seen is that organizations tend to fit into one of three broad categories depending on their understanding of the threat they face. From enterprise-level to small businesses: how cybersecurity approaches compare At the top are those whose brand, business or credibility is based around trust and security for example banks.

By and large, they place security very high up their list of priorities, be it physical or computer-related, and it is ingrained within their corporate culture. They are often cautious about embracing new technologies until they can be sure that their security won t be compromised. This is especially true of new devices being connected to their network, such as cameras, access control points, etc. So their IT departments are highly unlikely to allow any new IP-based equipment to be connected without ensuring they have been properly sourced, tested and set-up. Next there are those who are aware that they may be vulnerable to cyber-attacks, but may not have the specific expertise in-house to properly analyse their risks, nor how to mitigate them. However, they are at least willing to get advice, even if it s not a critical priority for them. These companies probably are the most at risk with enough complexity in their networks to make management a full-time job, but possibly without sufficient resources to properly police every device that gets connected. Lastly, there are those, usually smaller businesses, who have very little understanding of cybersecurity at all, and even less idea that devices such as cameras need to be properly secured before being connected to a network. They rarely have a full-time IT manager, let alone a person with sole responsibility for physical security.

For these businesses, a very simple, automated set-up is ideal, with all security being taken care of out of the box. For example, the Axis Companion provides cameras, recorders, memory cards and a video management system all in one package. Lessons from major camera hacks In the end, though, both the IT and physical security departments need to care about the problem enough to want to engage with each other, and not just pass the buck back and forth until an attack actually happens. So how to do that? Unfortunately, the case has already been made for us, on several recent occasions. It was only a few months ago, that the Mirai BotNet attack demonstrated how vulnerable IoT devices can be, how ubiquitous they are, and how these two facts make for a highly attractive opportunity for hackers. Over several months, cybercriminals infected multiple millions of devices, including IP cameras, DVRs, home routers, etc. Then, in September 2016, it was first used to run a massive DDoS (Distributed Denial of Service) attack on the website of a prominent security journalist, KrebsOnSecurity.com. A month later, it was followed by the largest DDoS attack in history, going after Dyn.com, one of the key parts of the US internet backbone, upon which services such as Netflix, Spotify and Amazon rely.

Now, some may say that not being able to watch the latest episode of Orange is the New Black may not be a huge threat to Western civilization, but this just goes to show the potential of what can be done with physical security devices that haven t been properly hardened against cyber-attack. The majority of the devices infected had easy-to-guess default passwords that had never been changed or even worse, could not be changed at all. Or there were the devices with backdoors built into them to make it easier for the manufacturer to debug them during development, but were never closed again before production. In December 2016, 80 plus cameras from a major manufacturer were found to have backdoor accounts. A month later, it was reported in the Washington Post that for three days the Washington DC Police were unable to record video from their security cameras due to 70% of their storage devices being hacked. So, we know that this won t be the last time. The internet of things is currently an easy target, and even more so because there are very few human beings in the loop, so there is almost no-one to notice when an attack has occurred until too late. As the Mirai BotNet attack showed, an attack might not even directly affect the host, so there is even less chance of spotting an infection unless you are paying close attention. Attend IFSEC International 2017 to stay protected As systems and software become increasingly connected, the consequences of a cyber-attack become greater every day, with the average breach costing businesses up to $3.8 million, do not leave it until tomorrow to act.

Visit and see the latest product developments from leading suppliers, live hacking demonstrations, and education from the best in the industry, Cyber & IT Security at IFSEC is an area you can t afford to miss.

Register right now.

Reform Surveillance – Official Site

Reform Government Surveillance

Global Government Surveillance Reform

The undersigned companies believe that it is time for the world s governments to address the practices and laws regulating government surveillance of individuals and access to their information. While the undersigned companies understand that governments need to take action to protect their citizens safety and security, we strongly believe that current laws and practices need to be reformed. Consistent with established global norms of free expression and privacy and with the goals of ensuring that government law enforcement and intelligence efforts are rule-bound, narrowly tailored, transparent, and subject to oversight, we hereby call on governments to endorse the following principles and enact reforms that would put these principles into action.

The Principles

  1. 1

    Limiting Governments Authority to Collect Users Information

    Governments should codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances, users reasonable privacy interests, and the impact on trust in the Internet. In addition, governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.

  2. 2

    Oversight
    and Accountability

    Intelligence agencies seeking to collect or compel the production of information should do so under a clear legal framework in which executive powers are subject to strong checks and balances. Reviewing courts should be independent and include an adversarial process, and governments should allow important rulings of law to be made public in a timely manner so that the courts are accountable to an informed citizenry.

  3. 3

    Transparency About Government Demands

    Transparency is essential to a debate over governments surveillance powers and the scope of programs that are administered under those powers. Governments should allow companies to publish the number and nature of government demands for user information. In addition, governments should also promptly disclose this data publicly.

  4. 4

    Respecting the Free Flow of Information

    The ability of data to flow or be accessed across borders is essential to a robust 21st century global economy. Governments should permit the transfer of data and should not inhibit access by companies or individuals to lawfully available information that is stored outside of the country. Governments should not require service providers to locate infrastructure within a country s borders or operate locally.

  5. 5

    Avoiding Conflicts Among Governments

    In order to avoid conflicting laws, there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty or MLAT processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict.

Voices For Reform

AOL is committed to preserving the privacy of our customers information, while respecting the right of governments to request information on specific users for lawful purposes. AOL is proud to unite with other leading Internet companies to advocate on behalf of our consumers. Tim Armstrong, Chairman and CEO, AOL Reports about government surveillance have shown there is a real need for greater disclosure and new limits on how governments collect information. The US government should take this opportunity to lead this reform effort and make things right. Mark Zuckerberg, CEO, Facebook The security of users data is critical, which is why we ve invested so much in encryption and fight for transparency around government requests for information. This is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many governments around the world. It s time for reform and we urge the US government to lead the way. Larry Page, CEO, Google These principles embody LinkedIn s fundamental commitment to transparency and ensuring appropriate government practices that are respectful of our members expectations. Erika Rottenberg, General Counsel, LinkedIn People won t use technology they don t trust. Governments have put this trust at risk, and governments need to help restore it. Brad Smith, General Counsel and Executive Vice President, Legal and Corporate Affairs, Microsoft Twitter is committed to defending and protecting the voice of our users. Unchecked, undisclosed government surveillance inhibits the free flow of information and restricts their voice. The principles we advance today would reform the current system to appropriately balance the needs of security and privacy while safeguarding the essential human right of free expression. Dick Costolo, CEO, Twitter Protecting the privacy of our users is incredibly important to Yahoo.

Recent revelations about government surveillance activities have shaken the trust of our users, and it is time for the United States government to act to restore the confidence of citizens around the world. Today we join our colleagues in the tech industry calling on the United States Congress to change surveillance laws in order to ensure transparency and accountability for government actions. Marissa Mayer, CEO, Yahoo

May 19, 2015

Dear Members of the Senate,

Later this week the Senate has an opportunity to pass meaningful and balanced surveillance reform by considering the bipartisan USA Freedom Act. The bill overwhelmingly passed the House with 338 votes. Members from across the political spectrum supported it. Delaying action on reform by extending expiring authorities for two months or any extended period of time would be a missed opportunity. The USA Freedom Act prevents the bulk collection of Internet metadata under various authorities. The bill allows for transparency about government demands for user information from technology companies and assures that the appropriate oversight and accountability mechanisms are in place.

Our companies came together two years ago to push for essential reforms that are necessary to protect national security, strengthen civil liberties, reaffirm user trust in the Internet, and promote innovation. The Senate can begin delivering on those reforms by passing the USA Freedom Act. Sincerely,

Reform Government Surveillance

RGS Statement In Support of Bipartisan, Bicameral FISA Reform Legislation

Statement of Reform Government Surveillance:

Reform Government Surveillance commends the introduction of surveillance reform legislation today in the House and the Senate. We support the bicameral, bipartisan legislation, which ends existing bulk collection practices under the USA Patriot Act and increases transparency and accountability while also protecting U.S. national security.

We thank Representatives Goodlatte, Sensenbrenner, Conyers and Nadler and Senators Lee, Leahy, Heller, and Franken, as well as other Members, who have worked hard over the past several months to draft a common sense bill that addresses the concerns of industry, the Intelligence Community, and civil society in a constructive and balanced manner. We look forward to working with Congress to pass this legislation by June 1st.

An open letter to Washington

December 2013

Dear Mr. President and Members of Congress,

We understand that governments have a duty to protect their citizens. But this summer s revelations highlighted the urgent need to reform government surveillance practices worldwide. The balance in many countries has tipped too far in favor of the state and away from the rights of the individual rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It s time for a change.

For our part, we are focused on keeping users data secure deploying the latest encryption technology to prevent unauthorized surveillance on our networks and by pushing back on government requests to ensure that they are legal and reasonable in scope. We urge the US to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight. To see the full set of principles we support, visit ReformGovernmentSurveillance.com1

Sincerely,

AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter, Yahoo

2014 – 2015.

All trademarks are the property of their respective owners.

References

  1. ^ ReformGovernmentSurveillance.com (www.reformgovernmentsurveillance.com)

Top trends in security tech to expect in 2017

Top Trends In Security Tech To Expect In 2017

The shops are super busy and, depending on which hemisphere you live in, it s either time to turn on the central heating or break out the shorts and shades. But it s also time to look ahead to 2017 and wonder what it might have in store for us. On a global level the world is going through turbulent times, with conflicts, political uncertainty, an ongoing refugee crisis and a somewhat fragile economic recovery from the most recent financial downturn.

At the same time, technological developments continue unabated, with high-speed networks, big data and deep learning moving beyond that initial phase of just being marketing buzzwords to enabling new and improved security offerings. Similarly, we expect the so-called internet of things to be much less of a novelty and become part of the fabric of our daily lives. However, that means manufacturers of internet-enabled devices will have to step up and take much more responsibility for the level of default security they ship with. All of these factors are likely to fuel demand for increased security, both physical and online. The security industry will continue its trend of offering more specific solutions to particular problems, rather than one-size fits all hardware/software Security as a service (SaaS) As many other technologies have done, we expect customers will stop looking at physical security as simply being a collection of hardware and software connected to a network. Instead, we think they will start to see their security as a service remote and professionally hosting and monitoring of video transmitted from the customer s premise. Whether by themselves, or more likely by sector-specific specialists who can not only take away the burden of managing the complex systems involved, but also reduce the costs of keeping those systems up to date and secure. This will not only free up internal resources which could be better focused elsewhere, but also improve the service level of the security system, enable better device management, and strengthen cyber security processes. On the topic of cyber security, we see an increased use of tools and practices that make network video a less vulnerable to attacks.

In general, wider use of pre- and post-installation tools (such as Axis Site Designer, for example) will help in ongoing monitoring and maintenance of systems. embedded content Integrated solutions The security industry will continue its trend of offering more specific solutions to particular problems, rather than one-size fits all hardware/software. In the end, customers aren t looking to buy a camera, or a video management system (VMS) what they really want is to reduce shoplifting, or make sure only certain people can access the cash office, or keep track of potential threats in an airport. Although the word solutions gets bandied around by technology companies a lot, for once this really is the most apt term. The convergence of hardware and software as well as pre-installation and post installation tools as mentioned above, into end-to-end solutions will be able to address specific security problems. They will consist of high-performance cameras, storage and access controls tightly integrated with video management and analytics tools. This approach will be easier for customers to purchase, install and implement, while offering a great return on their investment. We expect to see 2017 as the year when these new camera capabilities are combined with real-time analytics to address several security challenges, including facial recognition, forensic analysis and perimeter protection More analytics As part of this, we see that while high quality video footage is a core feature of modern security cameras, ultimately that information needs to be assessed and analyzed before a decision can be made to respond to its content. The recent advances in camera technologies, such as thermal imaging and enhanced low-light capabilities have been significant steps forward.

But in the end, they just generate more footage that needs to be watched/reviewed. So, much like how tools have been developed to sift through the huge pools of numerical/text data that is being captured every day, the security industry has been working hard on video analytics software that can work in real time to help professionals make informed decisions. We expect to see 2017 as the year when these new camera capabilities are combined with real-time analytics to address several security challenges, including facial recognition, forensic analysis and perimeter protection. embedded content Deep learning With all this data being gathered, we are seeing deep learning technologies coming to the fore. These use pattern recognition software to learn about different kinds of behaviours as seen through the multitude of security cameras installed around the world. Techniques involving deep learning and artificial intelligence will see broader utilization within the security industry. The benefits are that although all customers are different, the environments and locations they are based in tend to fall into the same general categories, with people exhibiting the same general behaviours. Once those behaviours have been learned the patterns that underlie them can be shared, enabling the system to flag up when something unexpected occurs. We see this as only the beginning and a very exciting space to keep an eye on.

2017 should be the year when security cameras work hand in glove with intelligent doors, intercoms and speakers, both locally and remotely Beyond video However, we know that physical security doesn t just involve surveillance of people/places/objects. It is also about physical access control, one and two-way communication and managing emergency situations and often managing this from a significant distance. So, to extend the concept of integration even further, 2017 should be the year when security cameras work hand in glove with intelligent doors, intercoms and speakers, both locally and remotely.

That means one simple system that can manage them all, in real time enabling customers to see, hear and talk to the people in/near their buildings. Cyber security As mentioned above, the internet of things has evolved from buzzword status to mainstream reality, but not without its challenges. While we still think the idea of millions of IP-enabled devices is an exciting prospect for the future, 2016 gave us a sobering reminder of the pitfalls of not properly securing all those internet-connected fridges, DVRs and unfortunately security cameras. Given that most of those devices are just plugged in and switched on by customers, it is down to manufacturers to take responsibility to ensure they are secure out of the box. Axis has always taken its customers security seriously, but we will hopefully see 2017 as the year when all manufacturers make this a priority. We will continue to strengthen our existing offerings and make it easier for our customers to keep their networks and devices secure. We think the internet of things should be about better security, and more efficient businesses, organisations and cities thanks to smart cameras, door stations and audio equipment with network connectivity.

Next year will add more smarts to those devices, while also enabling customers to focus on what they do best and allowing security specialists to improve the services they provide.

Download: The Video Surveillance Report 2016 This exclusive report covers the security needs of surveillance systems as shaped by the physical environment including: What do security professionals think about plug-and-play systems Challenges like low-light conditions or large spaces and the threats posed in various sectors Which cutting-edge features such as mobile access, PTZ smart controls or 4K resolution are most important to security professionals What are the most important factors driving upgrades and would end users consider an upgrade to HD analogue Download the full report here.

Smart Cities?

Few even have an IT department!

Q&A with Silver Spring Networks on IOT in connected cities

Indian Government Wiretapping and started BlackBerry interception …

According to a report, All major Indian telecom companies, including Bharti Airtel, Vodafone India and Tata Tele services, have agreed to share real-time interception of BlackBerry calls and data services on their networks with Security agencies to meet the December 31 deadline fixed by the Indian government . Research In Motion (RIM), the manufacturer of BlackBerry, has been directed to provide the resolution and web-browsing needs of the BlackBerry Internet Services. This is to be done in discussion with concerned service providers and law interception organisations.

Earlier in 2011, the government set the deadline for RIM to come up with facilities for interception, or face closure of their operations in India. The security agencies in the country have been trying to get the company to install local servers so they could access and monitor the stream of messages going back and forth to implement better security in the country. The Ministry for Home Affairs ordered interception of about 10,000 phones and 1300 email ids, during October to December 2012.

According to an Indian news paper report1, About 500 new e-mail addresses of individuals were also added to the existing 800 e-mail IDs already under surveillance. Most requests for surveillance came from the Intelligence Bureau, followed by the Narcotics Control Bureau, Directorate of Revenue Intelligence, Army’s Signals Intelligence Directorate, State Intelligence units followed by Police Departments of Andhra Pradesh and Maharashtra. Wire tapping to detect tax evasion by Income Tax authorities is however not allowed. According to the Section 5(2) of the Indian Telegraph Act of 1885, the government is authorized to intercept or detain messages, if satisfied that it is necessary to do so in the interests of the sovereignty, integrity, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence.

Read More News on – The Hacker News..

About Author:

photo of Mohit Kumar

aka ‘Unix Root‘ is Founder and Editor-in-chief of ‘The Hacker News‘.

He is a Security Researcher and Analyst, with experience in various aspects of Information Security. His editorials always get people thinking and participating in the new and exciting world of cyber security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.

His all efforts are to make internet more Secure.

Follow him @ Twitter | LinkedIn | | Email | Facebook Profile234567

References

  1. ^ report (articles.economictimes.indiatimes.com)
  2. ^ (thehackernews.com)
  3. ^ Twitter (twitter.com)
  4. ^ LinkedIn (in.linkedin.com)
  5. ^ (plus.google.com)
  6. ^ Email (thehackernews.com)
  7. ^ Facebook Profile (www.facebook.com)

More Bargain Basement Bundles