Security Systems News

MAY 2017

Security Systems News is a monthly business newspaper that reaches 25,100 security installers, product distributors, central stations, engineers & architects, and security consultants. Our editorial coverage focuses on breaking news in all major se

Issue link:

Contents of this Issue


Page 29 of 80

TechSec 2017 IoT panel "[IoT is] not about the Internet and … it's not about things. What this whole IoT thing is is all of the different verticals—which one do you want to participate in?" Jim Coleman, president of Operational Security Systems Inc., said, "We live in an industry where 'how much does it cost?' has become more important today than it was when I started in the business." End users seeking lower costs can create vulnerabilities, he added. "We have to worry about doing the right thing, and some- times doing the right thing for a manufacturer means is has to cost a little bit more." Interoperability is a key word right now, Ragusa noted, "But with interoperability comes some risk." He asked the panel how IoT relates to cybersecurity. "I think that there's a misunderstanding in the whole IoT community; IP is not necessar- ily always the right thing," Klein said. "That said, interoperability is obviously critical going forward. The exposure is not neces- sarily in the platform you use, but in how the particular platform is deployed." In regard to interoperability and the Inter- net of Things, Dorrier Coleman said that devices do not need access to the entire Inter- net. "A security camera is never going to want to watch a YouTube video, and if it does that, something very wrong is going on," he said, adding that manufacturers can help devices identify this behavior. Lakomiak said that connected systems also need to accomplish their main task. "It's great that things can talk to one another. But, when you hook all of these things, these sys- tems, these devices‚ together—do they actu- ally work harmoniously together? Are they doing all of the things that were intended to be done?" Jim Coleman addressed how aspects, such as low-security passwords, create cybersecu- rity challenges. "Just simple cyberhygiene— without getting into public key infrastructure and that kind of complexity—goes a long way. While we're learning, we haven't quite had full immersion yet." Lewit agreed that poor cyberhygiene, specifically low-security passwords, is a main cause of cybersecurity issues. Lewit said that there are three main compo- nents in security: product manufacturers, internal company processes, and the end users. "The real solution involves all three of those working together. I think, what we can do from a stan- dards perspective is help highlight some of the best practices in the industry, and that's one of the things that ONVIF has been trying to [do]," he said. "The first real substantial push forward that we covered was within the profile Q specifica- tions that came out, where we covered some of the basic elements of password security and user authentication and encryption transmis- sion," Lewit continued. UL has developed new cybersecurity stan- dards for products and systems, Lakomiak pointed out. "What we set out to do is pro- vide some testable criteria that's repeatable and reproducible around that. As we talked to the industry … we were actually learning that the bigger need is really education—training and education around cybersecurity," he said. Different technology platforms have differ- ent standards, Z-Wave's Klein noted. "The standards that we adopt are the stan- dards of our customers, and they're usually very different [across vertical markets]," Jim Coleman said. "As integrators, you know who your cus- tomers are and what your business is," Klein said. "It's your responsibility to make sure that the types of products or the brands that you're working with are utilizing the current best practices and best standards." Various regulations stand to impact the Internet of Things industry. Jim Coleman brought up the increased need and expense of insurance. A large concern for insurance companies is water damage, Klein pointed out, and that devices for detection are relatively inexpen- sive. Insurance companies are looking to incentivize customers to have more moni- tored solution, he added, which will span across several areas. Lakomiak said that incentives are needed for customers to consider cybersecurity. "It's expensive—it's vastly expensive—and, frank- ly, unless you're customers are asking about it, it's hard to justify the cost for your products. Then, of course, there are companies out there that do a lot to invest in cybersecurity, and they're able to leverage that as a differentiator," he said. Ragusa asked the pan- elists for their key consid- erations when it comes to new projects with the IoT. "What I always find of interest is the dif- ference between … security and privacy. It seems as though there's a heightened level of sensitivity to the cybersecurity, to the physical security, to data security, and yet, at the same time privacy does not seem to be a problem for most people. And, to me, they're one and the same," Klein said. "A question that I'd want to know with any project, before going in: how sensitive is your data?" Education is key, according to Lakomiak. "From an end user, specifier, and integrator perspective, I think they just simply need to understand what the risks are, associated with connecting all of these things together," he said. Companies should also understand the benefits to connecting systems, he added. "There are different risk profiles based on the devices that you're talking about. When you're talking about systems, that risk profile is about the data, the security of the data that that system is storing," Lewit said. "When you're talking about devices, it's not so much about the data … it's about potentially turning all of those devices into an army of complicit bots." An attendee asked about cloud platforms, and whether there is value in cloud platforms for securing IoT. "I think that there is an almost irrational fear among end users to put security information in the cloud," Jim Cole- man said, adding that perceptions are chang- ing and there can be less expense in the cloud while bringing more things together. SSN Continued from page 24 Jon Lewit Jim Coleman Mitchell Klein WHOLESALE MONITORING FUNDING PROGRAM LOAN PROGRAM mPERS PROGRAM BULK ACQUISITION M2M COMMUNICATOR (855) 776-2210 everything under one roof SECURIT y S y STE m S NEWS may 2017 Residential s ystems 25

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Systems News - MAY 2017