Security Systems News

APR 2016

Security Systems News is a monthly business newspaper that reaches 25,100 security installers, product distributors, central stations, engineers & architects, and security consultants. Our editorial coverage focuses on breaking news in all major se

Issue link: http://ssn.epubxp.com/i/657862

Contents of this Issue

Navigation

Page 28 of 60

By Kenneth Z. Chutchian A ndrew Lanning enjoys visiting college campuses and "the ubiq- uity of their Wi-Fi access." But the reason he is on campus, usually, is that easy Wi-Fi access means easy prey for hackers and cyber- threats. L a n n i n g i s t h e co-founder of Inte- g r a t e d S e c u r i t y Te c h n o l o g i e s i n Wai Pahu, Hawaii. Like other security e x p e r t s c h a r g e d with tackling cyber- threats in educational settings, his main job is to remind integrators, manufactur- ers and end users that while no system is immune to hacking, all problems can be addressed through education, collabora- tion and attention to detail. "The best way to teach is to learn," Lanning said. "We distill it down to peo- ple, process and products." In the worlds of physical and cyberse- curity, college campuses look and feel dif- ferent than government offces and large businesses in many obvious ways. Less obvious to laymen may be the approach and adjustments that security manufac- turers and integrators must make when their end users of security products and services are institutions of higher learn- ing. When Duane Djie, sales engineer at Hikvision USA, compares the cyberse- curity needs of corporations, the U.S. Defense Department and a large univer- sity, he sees three different worlds and knows there's a decent chance hackers see more vulnerabilities than his experts do. At a military base or within the Depart- ment of Defense, the primary threat is obviously terrorism and public safety. In the private sector, the threat is cor- porate espionage. At a college campus, Djie said, "A disgruntled student can do a lot of damage." "It's more about protection of data for their students," Djie said. "Univer- sity protection is more about protecting individual identity and property." This is especially true in research labs, where graduate students need to protect their work with vigilance. C y b e r s e c u r i t y i n e d u c a t i o n s e t - tings demands an ongoing, two-way teaching and learn- i n g p r o g r e s s i o n between manufac- turers and integra- tors. The providers of products include p r e v e n t i o n a n d "hardening" tech- niques into their training for integra- tors. The integrator, from the feld, alerts manufacturers to vulnerabilities that the best engineers may not have considered. Nobody points fingers. "No system is 100-percent protected from cyber- threats," said Djie."When an integra- tor finds a security threat, we have a response team activated to shoot it up the chain of command." For many security experts, Lanning said, that means "humbling yourself before you go to the IT community to fgure out how to engage in the conver- sation." John Bartolac, senior manager of industry standards and government programs at Axis Communications, concurred, noting that problems arise "if integrators aren't aware of different IT policies" at their end user's campus setting. B a r t o l a c ' s p e o p l e d e p l o y of a variation of Lanning's "peo- ple, process and product" mantra. Axis' education efforts focus on "policies, proce- dures and products," Bartolac said. Integrators can add more value to the end user by learning as much as possible about internal IT policies on various col- lege campuses, he said. Kimberly Roberts, director of edu- cation and training at the Security I n d u s t r y A s s o c i a t i o n , s t re s s e d t h e critical role integrators assume in dis- covering and sharing information on cyberthreats on college campuses. "Obviously because of how closely t h e y w o r k w i t h the end user, inte- grators have more information about the 'in production' cybersecurity issues that may arise when t h e p ro d u c t s a re installed," Roberts stated in an email. " M a n u f a c t u re r s should leverage the collective knowledge of their integra- tors, and make it easy for integrators to pass on information about these breaches in order to harden their products and disseminate patches for these products in a more effective way." "Education is really the responsibil- ity of all parties," said Jacob Hauzen, regional sales manager for education at Genetec. "Cam- pus security has to stay on top of things. Integra- tors have to stay on top of encryp- tion mechanisms. … It's the respon- sibility of all par- t i e s t o m a n a g e software or hardening." From the manufacturers' end, Hauzen said, that means offering webinars to end users or integrators, as well as newslet- ters, social media and training work- shops. "What seems to be a trend in the security industry is that previously (two or three years ago) we would address encryption data from the server side, whereas now it seems to be addressed at the edge devices, such as card readers or cameras," he said. "Manufacturers have to take respon- sibility for authentication. Software designers have to take responsibility for authentication. IT must put in its own security authentication. We emphasize strong passwords." Passwords are so embedded into the routines and thinking of everyday life that their critical role in cybersecu- rity may be underestimated, say secu- rity experts. Unchanged passwords can become serious security threats. In the not-too-distant past, said Djie of Hikvision, "mom-and-pop integrators that were set up didn't bother to change their default passwords. We force integra- tors to use complex passwords at every step, down to the camera level … We said, 'They may not like it, [but they couldn't deny that the changes made sense.]'" Policies on passwords and aggressive preventative maintenance by integrators "to make sure the system is up and run- ning and up-to-date on a regular basis" are examples of "day in, day out" strate- gies and routines for beefng up cyberse- curity for end users, Hauzen said. Attention to fundamentals goes a long way, said Bartolac. The most seasoned veterans in the security industry need reminders of basics that they probably learned early in their careers. "Video is data. The integrator needs to work with end users to understand the value of that data," Bartolac said. Security insiders agree that no system is 100-percent safe from a breach, and that vulnerabilities on college campuses include variables not seen in private industry or government offces. "Let's face it, if I want, for fve dollars I can fnd out everything about you on the 'dark web' and maybe sell that information for 10 dollars," said Lanning. "You have to decide if you can live with risks … it's incumbent upon us to elevate our game." SSN Educating integrators on campus cybersecurity John Bartolac Jacob Hauzen IST's co-founder Andrew Lanning asserts that 'It's incumbent upon us to elevate our game' Duane Djie "No system is 100-percent protected from cyberthreats." —Duane Djie, Hikvision USA #HEARTBEATOFSECURITY Security isn't about products, it's about people. Watch their stories unfold at www.hikvision.com/h eartbeat What makes my job so enjoyable is that we're providing solutions that address current issues society is facing." Daryl Whitt, VP of Operations at eCamSecure Inc. " www.securitysystemsnews.com April 2016 SECUriTY SYSTEMS NEWS NEWS 26

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Systems News - APR 2016