Posts Tagged :

Internet of Things

SALTO achieves BSI Enhanced Level IoT Kitemark™

516 344 Stuart O'Brien

SALTO Systems, a leading manufacturer of electronic access control solutions, has become the first company to achieve the BSI Enhanced Level IoT Kitemark™ for access control systems.

The IoT is typically a network of smart devices and systems that can be connected, enabling data to be exchanged to provide services, efficiency and innovation. Its technology can positively enhance lives and businesses, but the complexity of IoT also means that those of criminal intent may attempt to access it to steal data, hack cameras, enter buildings or otherwise breach security.

The Enhanced Level IoT Kitemark demonstrates that a connected product has a higher level of security controls in place than the market standard for its type and is generally suitable for higher value or risk applications. Assessment to this level involves BSI’s most in-depth and exacting testing and analysis.

To achieve certification, SALTO’s XS4 One access control solution had to meet the requirements of a Quality Management System such as ISO 9001 and was also required to undergo advanced security testing for vulnerabilities and security flaws in BSI’s state of the art IoT laboratory. Furthermore, SALTO’s JustIN mobile app and ProAccess Space web services were also assessed under BSI’s Secure Digital Applications Kitemark, ensuring the wider system associated with the XS4 One had the appropriate security controls in place to provide support effectively.

SALTO Systems Limited MD Ramesh Gurdev says: “This achievement is yet another milestone that sets SALTO apart from others in the market. It provides a mark of trust for current and potential customers to demonstrate that our connected products are safe, secure and fit for purpose throughout their life”. 

David Mudd, Global Digital and Connected Product Certification Manager at BSI said “Achieving the Enhanced Level IoT Kitemark has enabled SALTO to demonstrate that its XS4 One product exceeds the market standard for security control.

“Additionally, certification to the Secure Digital Applications Kitemark for the organization’s JustIN app and web services will provide further reassurance to SALTO customers so that its entire access control eco-system has the appropriate security control in place.”

www.saltosystems.com

Are you keeping an eye on your security system?

960 640 Guest Blog

By Martin Hodgson, Head of UK & Ireland, Paessler AG

The basic tenants of security systems have remained relatively unchanged for the better part of the last few decades. Intrusion detectors, alarm triggers and surveillance systems work in synergy to protect homes and businesses. Nonetheless, in the past few years we have seen security systems become increasingly digitised. Whilst this is not without its benefits such as, remote access for security personnel and alerts sent off site, digitisation has meant that modern security is more reliant on IT networks for success than ever before. 

Blurring the lines between physical and virtual 

Today, many security solutions are connected to the internet as a part of the Internet of Things (IoT). Solutions such as modern CCTV systems will record and monitor footage using IP cameras, which allows security personnel to wirelessly view footage via a connected device without the need for cables or now defunct analogue video signals. This means security footage can be stored on hard drives or even in a private cloud where user access privileges for cameras and stored footage are secured by an IP access controller. However, it is not just CCTV that is digitised, everything from panic buttons to intrusion detectors are now network enabled.

Digitisation of security systems has come as an immense benefit for security staff. Personnel are now able to monitor and secure facilities without the need for a physical presence on site. Likewise, IoT allows for an incredibly high degree of customisability, making it easier and cheaper to build bespoke security systems for each installation.

New points of failure 

Nonetheless, that’s not to say digitisation and IoT network enablement of security systems haven’t created new challenges. Digitisation creates new potential points of failure, sometimes even on top of more traditional security system issues. For example, the increased customisability afforded by the IoT means that bespoke security systems are often a smorgasbord of technologies, protocols, and a variety of devices from multiple vendors. The first challenge security system integrators face is that they need to get all these devices on a secure network, and then ensure each component is configured and optimised to perform as it should and interact with all other devices in the system. This job can take days or even weeks to accomplish. However, system set up is just the tip of the iceberg.  

Like all IoT systems, a digitised security is only as strong as the network it is hosted on. Bottlenecks, bandwidth issues, or routing problems that prevent data being sent or received properly can all lead to physical security breaches going undetected. 

Nonetheless, it’s not just physical criminals those in charge of security systems have to be wary of. All connected security systems are potentially hackable. A cybercriminal with access to the network can have the power to shut down the security system entirely or use connected devices for nefarious purposes.  

Ensuring peak performance

Although the risks cannot be entirely avoided; device malfunction and network failure can and do happen to even the most meticulously set up systems. The good news is there are clear and simple preventative steps security staff can take to ensure their digitised security system operates at peak performance with minimal downtime. Just like a security system monitors a physical location to keep it secure and operational. Digitised security systems must be monitored so at any time staff can see whether there are any issues on the network that need to be addressed. This way problems can be solved proactively, often before any downtime can occur.

Visibility is everything

The same general steps that apply to monitoring traditional IT environments also apply to monitoring a security system network. First the admin in charge of the security system needs to establish the metrics that define a healthy system. For example; they must work out how much bandwidth specific devices use when operating normally, define normal traffic flow across key areas of the network at different times of day, as well as set limits for standard CPU usage for servers and storage systems.

Once all key metrics for each component are defined, this can be input into a specialist monitoring system in order to set up thresholds. This way the monitoring solution knows to alert admins to abnormal readings that may indicate a problem. Only with a monitoring system in place is it possible for admins to get a clear view of the entire network at any one time. Not only does this help to minimise downtime, it also gives admins a component by component view of the system that can help to make adjustments to continually track and improve security system performance. 

Digitised security systems are here to stay. With the correct management systems in place they can help us stay secure whilst offering a wealth of benefits for businesses and staff. To keep us safe, we must monitor to master.

New security laws proposed for internet connected devices

960 640 Stuart O'Brien

Plans to ensure that millions of items that are connected to the internet are better protected from cyber attacks have been launched by Digital Minister Margot James.

Options that the Government will be consulting on include a mandatory new labelling scheme. The label would tell consumers how secure their products such as ‘smart’ TVs, toys and appliances are. The move means that retailers will only be able to sell products with an Internet of Things (IoT) security label.

The consultation focuses on mandating the top three security requirements that are set out in the current ‘Secure by Design’ code of practice. These include that:

  • IoT device passwords must be unique and not resettable to any universal factory setting.
  • Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy.
  • Manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.

Following the consultation, the security label will initially be launched as a voluntary scheme to help consumers identify products that have basic security features and those that don’t.

Digital Minister Margot James said: “Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk. Our Code of Practice was the first step towards making sure that products have security features built in from the design stage and not bolted on as an afterthought.

“These new proposals will help to improve the safety of Internet connected devices and is another milestone in our bid to be a global leader in online safety.”

National Cyber Security Centre (NCSC) Technical Director Dr Ian Levy said: “Serious security problems in consumer IoT devices, such as pre-set unchangeable passwords, continue to be discovered and it’s unacceptable that these are not being fixed by manufacturers.

“This innovative labelling scheme is good news for consumers, empowering them to make informed decisions about the technology they are bringing into their homes.”

Physical security demand to hit $119bn by 2023

960 640 Stuart O'Brien

It’s been predicted that the global physical security market will to grow in value from $84.1 billion last year to $119.4 billion by 2023.

That’s equivalent to a Compound Annual Growth Rate (CAGR) of 7.3%, according to analysis from ResearchandMarkets.

Its report, The ‘Physical Security Market by Component and Services, Organisation Size, Vertical and Region – Global Forecast to 2023’ found that (deep breath) rising incidents of terror attacks, technological advancements and deployment of wireless technology in security systems, increasing use of IP-based cameras for video surveillance, implementation of mobile-based access control, and adoption of Internet of Things (IoT)-based security systems with cloud computing platforms are projected to drive the growth of the market across the globe.

However, violation of privacy related to physical security systems and services is expected to restrict the growth of the market across the globe in some instances.

The Services segment is projected to lead the physical security market during the forecast period. The report says physical security services play a vital role in enhancing the existing video surveillance system by integrating digital video surveillance with network and IT systems.

This integration enhances property safety and reduces loss from thefts. Moreover, the service segment is being continuously affected by the introduction of the integrated Social, Mobile, Analytics, and Cloud (SMAC) solution, which need proper monitoring.

The Large Enterprises segment is expected to lead the physical security market in 2018. These enterprises were the early adopters of physical security solutions and services, as they have larger revenue pool to spend and a larger infrastructure to be protected.

High spending on security, followed by the high need for securing large assets is leading large enterprises to contribute to a higher market share in the physical security market.

The residential segment faces the challenge to manage security without violating the privacy of their guests, comfort, and travel experiences. In residential premises, the implementation of access control and video surveillance security systems is growing.

The residential properties are installing access control systems to prevent invasion and burglary. Residential properties are increasingly adopting electronic lock-based access control systems. The demand for electronic products is growing with the increased home automation trend.

The APAC physical security market is projected to grow at the highest CAGR during the forecast period. This growth is primarily driven by the rising adoption of access control systems in Small and Medium-sized Enterprises (SMEs), hospitality businesses, airports, ATMs, banks, residential buildings, and religious places, among others are expected to drive the physical security market.

Security systems are expected to witness increasing adoption in APAC as the countries in the region are emerging economies with a growing number of manufacturing bases, and there is also a constant risk of terror threats in the region.

Government offers £6m for IoT security solutions

960 640 Stuart O'Brien

The UK government is offering up to £6 million in funding to support new ideas that can help keep connected devices and applications safe and secure.

The competition aims to join up the UK’s research base with industry to transfer knowledge and develop new products and services that tackle cyber security in the IoT.

Projects should include artificial intelligence or machine learning and have a clear plan for commercialisation.

They should focus on at least one of the following:

  • operational resilience technologies that can protect and recover data
  • intelligent control systems for industry, commercial and public sector buildings
  • protection of people living in digital homes and their smart systems

Projects could also look at complementary technologies, such as distributed ledger technologies that support the sharing of data across multiple locations, or 5G mobile networks.

Innovate UK has up to £6 million to invest in organisations with ideas that address industry-focused cyber security-related challenges.

The investment forms part of the UK Research and Innovation Strategic Priorities Fund, which supports the highest priorities identified by researchers and businesses.

It is part of a set of measures by UK government to build increased security and protections into digital devices and online services. As well as this programme, this includes an up to £70 million investment through the Industrial Strategy Challenge Fund to tackle digital security by design.

The competition opens on 18 February 2019 and the deadline for applications is at midday on 1 May 2019 – more information can be found here.

BeCyberSure joins EEMA to provide ‘strong security’ education…

800 450 Jack Wynn

The cyber security information company, BeCyberSure, has been welcomed by the not-for-profit think tank, EEMA, which specialises in identification, privacy, risk management, authentication, cyber security, mobile applications and the Internet of Things (IoT), as its newest member.

It follows an appearance made by BeCyberSure in June at the two-day Trust in the Digital World (TDW) conference in The Hague, hosted by EEMA, TDL and IDnext. The company participated in a seminar which focused on cyber security for small and medium-sized enterprises (SMEs), and provided an opportunity to become involved in initiatives such as Information Security Solutions Europe (ISSE), Trust in the Digital World (TDW) and EEMA’s high-level fireside briefings.

Chairman of EEMA, Jon Shamah, commented: “We’re delighted to welcome BeCyberSure as members of EEMA. The company’s knowledge and expertise in assisting business throughout Europe with regards to their information security strategies makes it an important addition to our expanding network.”

 

To find out more about EEMA membership, click here