Data was always bound to be a hot topic at this year's IFSEC International event. Artificial Intelligence (AI) has been a buzzword since last year's show. This year, manufacturers are ready to demonstrate solutions capable of processing and analyzing large volumes of information to bolster security and provide business intelligence.

Organisers deliberately positioned IFSEC as a converged security event, highlighting the inherent link between the security of physical assets and the security of data. In the wake of the recent passing of the European General Data Protection Regulation (GDPR), visitors to the London-based show sought reassurance that physical security systems could help them comply to stricter rules regarding the collection and protection of personal information.

Analyzing Big Data

Seagate Technology, known for providing the surveillance industry with hard disk drives and storage solutions, showcased its Skyhawk AI hard disk drive, its first drive created specifically to enable artificial intelligence (AI) applications for video surveillance. Seagate's drive is designed for data-intensive workloads associated with recording large volumes of footage

The drive is designed for data-intensive workloads associated with recording and analyzing large volumes of video surveillance footage. According to Seagate's Sales Manager Andy Palmer, AI-enabled analytics at the edge can avoid the latency associated with cloud-based systems. This makes the solution suitable for smart city applications requiring 24/7 intelligence from multiple cameras. 

The company also highlighted its strategic partnership with video surveillance provider Dahua Technology, with the latter seeking to leverage Seagate's technology to boost its own AI solutions.

Digital Barriers showcased the latest in video streaming technology at IFSEC 2018 London
The Digital Barriers solution allows organisations to optimise how video data is transmitted depending on their particular needs

 Video Transmission And Privacy

One manufacturer addressing the challenges of data transmission was Digital Barriers. The company demonstrated the integration of its EdgeVis Live platform with Milestone's XProtect video management system (VMS). The platform is designed for safe city applications, in which law enforcement and security professionals may need to stream incidents and events in real time over a limited bandwidth.

The Digital Barriers solution allows organizations to optimize how video data is transmitted depending on their particular needs. For example, while some applications may favor a high clarity of video, others necessitate low data usage or a quick turnover of frames. The full, high quality video can then be downloaded later, meaning no intelligence is lost.While some applications may favour a high clarity of video, others necessitate low data usage or a quick turnover of frames

The company also demonstrated its deep-learning facial recognition software, which can be used to identify suspects or vulnerable persons. To maximize accuracy, the deep learning system is trained on a wide range of images with varying angles and lighting.

The solution is designed around data protection and privacy, explained Product Manager Fernande van Schelle, as all information is encrypted, and the system only identifies faces of known individuals on a pre-defined watch-list.

Integrators must ask why the customer intends to install the system, and what they want to do with the data
Daniel Chau, Overseas Marketing Director at Dahua; Adam Brown, security Solutions Manager at Synopsys; Udo Scalla, Global Head Centre of Excellence - IOT Privacy, TÜV Rheinland Group

GDPR For Physical Security Professionals

Dahua Technology addressed data protection concerns with an expert panel dedicated to the cybersecurity questions posed by the new European General Data Protection Regulation (GDPR). Speakers included Daniel Chau, Overseas Marketing Director at Dahua; and Adam Brown, security Solutions Manager at Synopsys.

Chau explained that Dahua encourages customers to address cybersecurity by undertaking independent audits and penetration tests. Brown elaborated that for any organization, cybersecurity must be a boardroom issue. Stakeholders must avoid a 'tick box' methodology for assessing cybersecurity, and instead integrate the concept into the company's overall strategy so that best practices can cascade through the organization.Stakeholders must avoid a 'tick box' methodology for assessing cybersecurity 

The panel also included insights from Udo Scalla, who specializes in data protection for IoT and smart home devices at TÜV Rhineland Group. Scalla proposed that manufacturers must avoid focusing on how best to capture data, and instead ask why the data is being collected, and whether it should even be collected in the first place.

Integrators must ask why the customer intends to install the system, and what they want to do with the data – only then can they begin to assess the GDPR requirements. While the possibilities for collecting data are now endless, explained Scalla, not everything that is technologically possible ought to be made into a business reality.

Every element of the system, from image capture through to video management, must be encrypted
MOBOTIX highlighted its Cactus Concept cybersecurity campaign with a large blue cactus

Protecting Video Surveillance Systems

Video surveillance manufacturer VIVOTEK also tackled cybersecurity, with a presentation on 'Security within Security.' The company showcased its partnership with cybersecurity software provider Trend Micro, which enables VIVOTEK to provide cybersecurity-enhanced cameras.

The cameras include embedded anti-intrusion software to prevent and mitigate cyber-attacks by detecting hacking attempts and blocking the source IP address. Should a camera be compromised, explained Shengfu Cheng, VIVOTEK's Director of Marketing and Product Planning, it can be quarantined to stop the spread of the attack, thus controlling the damage and reducing the cost of the infection. The Cactus Concept campaign aims to educate partners and customers on how to build a cyber-secure video surveillance system

Cybersecurity was also a key theme at the MOBOTIX stand. The stand played host to a large blue cactus, a very literal representation of the German manufacturer's Cactus Concept. The campaign, launched earlier this year, aims to educate partners and customers on how to build a cyber-secure video surveillance system.

According to the concept, every element of the system, from image capture through to video management, must be encrypted. These are the digital "thorns" which prevent the entire system –the cactus – being compromised.

Exhibitors at IFSEC 2018 made a conscious effort to address customers' challenges around the collection, transmission and protection of security system data. As solutions become more powerful, with increasing numbers of connected sensors, this is a theme which is unlikely to go away anytime soon.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Jeannie Corfield Editorial & Content Manager, SourceSecurity.com

Jeannie is Editorial & Content Manager at SourceSecurity.com, where she keeps up-to-date with the fast-paced security market.

In case you missed it

What Is The Impact Of Remote Working On Security?
What Is The Impact Of Remote Working On Security?

During the coronavirus lockdown, employees worked from home in record numbers. But the growing trend came with a new set of security challenges. We asked this week’s Expert Panel Roundtable: What is the impact of the transition to remote working/home offices on the security market?

Water Plant Attack Emphasizes Cyber’s Impact On Physical Security
Water Plant Attack Emphasizes Cyber’s Impact On Physical Security

At an Oldsmar, Fla., water treatment facility on Feb. 5, an operator watched a computer screen as someone remotely accessed the system monitoring the water supply and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. The chemical, also known as lye, is used in small concentrations to control acidity in the water. In larger concentrations, the compound is poisonous – the same corrosive chemical used to eat away at clogged drains. The impact of cybersecurity attacks The incident is the latest example of how cybersecurity attacks can translate into real-world, physical security consequences – even deadly ones.Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. The computer system was set up to allow remote access only to authorized users. The source of the unauthorized access is unknown. However, the attacker was only in the system for 3 to 5 minutes, and an operator corrected the concentration back to 100 parts per million soon after. It would have taken a day or more for contaminated water to enter the system. In the end, the city’s water supply was not affected. There were other safeguards in place that would have prevented contaminated water from entering the city’s water supply, which serves around 15,000 residents. The remote access used for the attack was disabled pending an investigation by the FBI, Secret Service and Pinellas County Sheriff’s Office. On Feb. 2, a compilation of breached usernames and passwords, known as COMB for “Compilation of Many Breaches,” was leaked online. COMB contains 3.2 billion unique email/password pairs. It was later discovered that the breach included the credentials for the Oldsmar water plant. Water plant attacks feared for years Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. Florida’s Sen. Marco Rubio tweeted that the attempt to poison the water supply should be treated as a “matter of national security.” “The incident at the Oldsmar water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers, but also from malicious actors with unknown motives and goals,” comments Mieng Lim, VP of Product Management at Digital Defense Inc., a provider of vulnerability management and threat assessment solutions.The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online “Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasizes the need to ensure the systems are defended against any adversary,” Mieng Lim adds. “Proactive security measures are crucial to safeguard critical infrastructure systems when perimeter defenses have been compromised or circumvented. We have to get back to the basics – re-evaluate and rebuild security protections from the ground up.” "This event reinforces the increasing need to authenticate not only users, but the devices and machine identities that are authorized to connect to an organization's network,” adds Chris Hickman, Chief Security Officer at digital identity security vendor Keyfactor. “If your only line of protection is user authentication, it will be compromised. It's not necessarily about who connects to the system, but what that user can access once they're inside. "If the network could have authenticated the validity of the device connecting to the network, the connection would have failed because hackers rarely have possession of authorized devices. This and other cases of hijacked user credentials can be limited or mitigated if devices are issued strong, crypto-derived, unique credentials like a digital certificate. In this case, it looks like the network had trust in the user credential but not in the validity of the device itself. Unfortunately, this kind of scenario is what can happen when zero trust is your end state, not your beginning point." “The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online for the first time as part of digital transformation projects,” says Gareth Williams, Vice President - Secure Communications & Information Systems, Thales UK. “While the move towards greater automation and connected switches and control systems brings unprecedented opportunities, it is not without risk, as anything that is brought online immediately becomes a target to be hacked.” Operational technology to mitigate attacks Williams advises organizations to approach Operational Technology as its own entity and put in place procedures that mitigate against the impact of an attack that could ultimately cost lives. This means understanding what is connected, who has access to it and what else might be at risk should that system be compromised, he says. “Once that is established, they can secure access through protocols like access management and fail-safe systems.”  “The cyberattack against the water supply in Oldsmar should come as a wakeup call,” says Saryu Nayyar, CEO, Gurucul.  “Cybersecurity professionals have been talking about infrastructure vulnerabilities for years, detailing the potential for attacks like this, and this is a near perfect example of what we have been warning about,” she says.  Although this attack was not successful, there is little doubt a skilled attacker could execute a similar infrastructure attack with more destructive results, says Nayyar. Organizations tasked with operating and protecting critical public infrastructure must assume the worst and take more serious measures to protect their environments, she advises. Fortunately, there were backup systems in place in Oldsmar. What could have been a tragedy instead became a cautionary tale. Both physical security and cybersecurity professionals should pay attention.

How Have Security Solutions Failed Our Schools?
How Have Security Solutions Failed Our Schools?

School shootings are a high-profile reminder of the need for the highest levels of security at our schools and education facilities. Increasingly, a remedy to boost the security at schools is to use more technology. However, no technology is a panacea, and ongoing violence and other threats at our schools suggest some level of failure. We asked this week’s Expert Panel Roundtable: How have security solutions failed our schools and what is the solution?