Cyber security

A study from Exabeam, the Smarter SIEM™ company, revealed that more than one-third of security professionals' defensive blue teams fail to catch offensive red teams. The survey, conducted at Black Hat USA 2019, also showed that 68% find red team exercises more effective than blue team testing, and more companies are practising red over blue team testing.  As cyberattacks become increasingly sophisticated and hack techniques become more highly targeted, organizations must learn how digital adversaries think to help identify gaps in their security programs. Organizations practicing red and blue exercises speak volumes about their dedication to fortifying their security posture Red teams consist of internal or hired external security professionals that emulate cybercriminals' behaviors and tactics and gauge the effectiveness of the company's current security technologies. Blue teams consist of the organization's internal security personnel, tasked with stopping the simulated attacks. In these test scenarios, the blue team must react without preparation, to give the company the most realistic picture of its defensive capabilities.  The study showed that 72% of respondent organizations conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually, and 15% bi-annually. Sixty-per cent conduct blue team exercises, with 24% performing them monthly, 12% quarterly, 13% annually, and 11% bi-annually. The fact that so many organizations practice these exercises monthly speaks volumes about their maturity and dedication to fortifying their security posture. Constantly evaluate security investments Not only do more organizations practice red team testing, but 35% of respondents claim that the blue team never or rarely catches the red team, while 62% say they are caught occasionally or often. Only 2% say they always stop the red team, emphasising that organizations must constantly evaluate and adjust their security investments to keep up with today's adversaries. Adversaries' offensive tactics evolve more rapidly than the majority of security technologies on the market today."Promisingly, the study found that 74% of IT security professionals have seen their companies increase security infrastructure investment as a result of red and blue team testing, with 18% calling the budget changes significant. Only 25% claimed that their company has never upped its security budget after performing these tests. The survey also identified communication and teamwork (27%) as the top skill blue teams need to work on, followed by knowledge of the attacks and tactics (23%), threat detection (20%), the incident response time (17%) and persistence (8%). Technical knowledge a foundation "Adversaries' offensive tactics evolve more rapidly than the majority of security technologies on the market today. It's abundantly clear that regular and relevant red/blue team testing helps companies develop their security capabilities," said Stephen Moore, chief security strategist, Exabeam. "The study also demonstrates that while having technical knowledge is a necessary foundation for all security professionals, interpersonal skills are highly sought after to promote more cohesive teams and better cooperation, especially during an incident or intrusion. We encourage companies to employ these types of testing exercises to find and fill security gaps, which, over time, become methods to evaluate the strengths and weaknesses of their cybersecurity defenders."

Dahua Technology, manufacturer of video surveillance products, has announced a strategic partnership with Pepper, an IoT platform-as-a-service, to allow the integration of its intelligent solutions into Dahua hardware. Highly secure cloud hosting Pepper’s U.S.-based platform powers connected devices around the world, delivering highly secure and private connected services via enterprise partnerships. Pepper’s platform-as-a-service approach caters to global consumer electronics manufacturers, consumer brands, and service providers that aim to harness the benefits of IoT by delivering high-value and on-brand IoT services to end users. Pepper’s turnkey service includes device firmware, highly secure cloud hosting and intuitive user interface designs. Dahua is committed to ongoing innovation, investing nearly 10 percent of revenue annually into R&D Products manufactured by Dahua Technology, including video surveillance equipment, network cameras, recorders and other critical security video hardware components, are widely used in more than 180 countries and regions all over the world, which has promoted the company’s revenue to hit a record high of $3.45 billion in 2018. Physical security manufacturing expert Dahua Technology is committed to ongoing innovation, investing nearly 10 percent of revenue annually into research and development. The company’s ongoing investment in manufacturing facilities and equipment ensures that its capabilities stay ahead of the market. “Dahua Technology is pleased to bring its globally renowned physical security manufacturing expertize to our partnership with Pepper,” said Tim Wang, General Manager of Dahua USA. “By integrating with Pepper’s platform-as-a-service, Dahua Technology’s hardware becomes part of a comprehensive, secure, and feature-based service framework.” Pepper IoT platform Dahua devices will be preconfigured to operate seamlessly on the Pepper IoT platform. For Dahua products distributed in the U.S., all data and video communications will be contained in the United States and held to Pepper’s stringent cybersecurity and data privacy standards. For Dahua Technology’s corporate customers, the Pepper partnership provides access to a set of high-tech security platform and software capabilities designed to deliver video as well as non-video IoT services to end-users. Because video is a critical application in IoT surveillance, home automation, and home security services, Pepper brings quality, security, and privacy advantages otherwise lacking in today’s market. Data security Pepper partnership provides access to a set of high-tech security platforms Pepper’s full-stack approach not only ensures optimal system quality and end-user experience, but also functions to prevent sensitive data and user video from being accessed or redirected by the device manufacturer or third parties. “It is concerning to see millions of vulnerable connected video and non-video devices being distributed to U.S. consumers who are unaware how their personal data is being compromised – and how easy it is for hackers to access their home wi-fi networks through these devices,” said Scott Ford, CEO of Pepper. “We are pleased that Dahua is deploying the Pepper full-stack approach to protect against unauthorized access and redirection of data.”

Qualitest, the independent software testing and quality assurance company, opens its new headquarters in Central London following a period of worldwide growth. Serving as a central location with easy access to Qualitest’s US, Israel, India and Romanian offices, London is also a base for prominent existing clients as well as a wide array of companies seen as prospective clients. The new office, based close to Liverpool Street station, brings together employees located across greater London. Cyber security sectors Qualitest is expected to more than double the number of quality engineers in the UK over the next three years Following an injection of capital resulting from Bridgepoint’s taking of a majority stake in Qualitest, the company is expected to accelerate its acquisition strategy and global expansion. Having recently signed new contracts with companies across the telecommunications, insurance, banking, government and cyber security sectors in the last few months – Qualitest is expected to more than double the number of quality engineers in the UK over the next three years. The London headquarters is expected to be a hub for Qualitest’s EMEA expansion with the expectation of significant growth in terms of clients, headcount and revenue. The new office has been designed to facilitate collaborative conversation between teams, with breakout spaces, an auditorium, spacious meeting rooms and an open plan kitchen. Software testing market Norm Merritt, CEO at Qualitest said: “Having a state-of-the-art global headquarters is a significant step for Qualitest as we continue to expand our global base. London remains a global hotspot for technology and innovation, and we look forward to the new possibilities it will bring.” Brian Shea, Managing Director for UK and Europe at Qualitest said, “Qualitest’s capabilities are London’s best kept QA secret. Moving the headquarters to London begins an exciting phase of development for our corporate and EMEA teams. Capitalizing on the traction of our recent client wins, we expect to create hundreds of new jobs in the software testing market, and advance London as a central hub for Quality Engineering on the world’s stage.”

Global cybersecurity firm GRA Quantum announces the launch of its comprehensive offering, scalable security suite, providing solutions based on a combination of managed security services and professional services, tailored to the specific needs of each client. Scalable security suite was created to give small to mid-sized organizations a running start when it comes to security, providing the same standard of security controls as large enterprises. Providing security solution According to GRA Quantum's President Tom Boyden, “Small and medium-sized firms are prime targets for cybercrime, but many don’t have the necessary resources or guidance to properly strengthen their security stance. Our Scalable Security Suite is designed to help these organizations prioritise their greatest vulnerabilities and provide them a security solution that aligns with their business needs and evolves as these needs and the threat landscapes change.” Professional services can be added to Managed Security Services to overcome vulnerabilities Managed Security Services (MSS), launched in December 2018, is the foundation of Scalable Security Suite. Through comprehensive security assessments, GRA Quantum experts identify vulnerabilities and provide recommendations for a custom combination of professional service offerings to best address these vulnerabilities. Professional services can be added to Managed Security Services to overcome vulnerabilities and build a more comprehensive, proactive security program. Custom security solution Jen Greulich, GRA Quantum’s Director of Managed Security Services, has seen the need arise among current MSS clients for these supplemental services. “Oftentimes, it becomes clear in a scoping call that clients’ needs extend beyond what we offer through MSS. Our new flexible offering allows us to work with the clients to develop a custom security solution for them that compliments MSS — whether they need incident response or penetration testing services.” Aligned with GRA Quantum’s mission, Scalable Security Suite goes beyond the ordinary cyber assessment to understand and remediate acute physical and human-centric vulnerabilities as well.

The cyber security threat is constant and real. Entire businesses, large enterprises and even whole cities have been vulnerable to these attacks. Growing threat of cyber attacks The threat is not trivial. Recently, two cities in Florida hit by ransom ware attacks – Rivera Beach and Lake City – opted to capitulate and pay ransom totaling more than $1.1 million to hackers. The attacks had disrupted communications for first responders and crippled online payment and traffic-ticketing systems. It was reminiscent of the $4 billion global WannaCry attacks on financial and healthcare companies. A full two years after the WannaCry attack, many of the hundreds of thousands of computers affected remain infected.  And hackers are continuously devising new techniques, adapting the latest technology innovations including machine learning and artificial intelligence to devise more destructive forms of attack. Indeed, AI promises to become the next major weapon in the cyber arms race. For enterprises, there is no choice but to recognize the threat and adopt effective countermeasures Enterprise security For enterprises, there is no choice but to recognize the threat and adopt effective countermeasures. Not surprisingly, as the number, scale and sophistication of cyber-attacks has grown, so has the significance of the Chief Information Security Officer, or CISO, who owns the responsibility of sounding the alarm to the C-suite and the board – and recommending the best defense strategies. Consider it a grim irony of the digital economy. As companies have migrated to the cloud to gain scale and efficiency and integrated new channels and touch points to make it easier for their customers and suppliers to do business with them, they have also created more potential points of entry for cyber-attacks. IoT Increases Threat of cyber-attacks Amplifying that vulnerability is the trend of allowing employees to bring their own laptops, smartphones and other digital devices to the office or use to work remotely. And thanks to the Internet of Things, as more devices connect to enterprise systems – from thermostats to cars –  the threat surface or targets of intrusion are multiplying exponentially. According to the McAfee Labs 2019 Threats Predictions Report, hackers will increasingly turn to AI to help them evade detection and automate their target selection. Companies will have no choice but to begin adopting AI defenses to counter these cybercriminals.  Importance of cyber security This escalation in the cyber arms race reflects the sheer volume of data and transactions in modern life. In businesses like financial services and healthcare it is not humanly possible to examine every transaction for anomalies that might signal cyber snooping. Even when oddities are glimpsed, simply flagging potential problems can create so-called threat fatigue from endless false alarms. What’s more, attacks like those from Trickbots are specifically designed to go undetected by end users. The fact is, even if throwing more people at the problem were a solution, there aren’t enough skilled cyber security workers in the world. By some estimates, as many as 10 million cyber security jobs now go unfilled.  AI is being used to conduct predictive analysis at a scale beyond human means Deploying AI As a result, AI is being deployed on multiple cyber-defense fronts. So far, it is mainly being used to conduct predictive analysis at a scale beyond human means. AI programs can sift through petabytes of data, identifying anomalies and even helping an organization recognize and diagnose intrusions before they turn into catastrophic attacks. AI can also be used to continually monitor and allocate levels of access to a network’s multitude of legitimate users – whether employees, customers, partners or suppliers – to ensure that all parties have the access they need, but only the access they need. Countering cyber security threats To harden defenses, some AI programs can be configured to perform simulated war games To harden defenses, some AI programs can be configured to perform simulated war games. Because cyber attackers have stealth on their side, organizations might need dozens of experts to counter only a handful of attackers. AI can help even the odds, scoping out the potential permutations of vulnerabilities.  As CISOs – and the CIOs they typically report to – advise C-suites and boards on their growing cybersecurity risk, they can also help those leaders recognize an enduring truth: AI programs cannot replace experienced cybersecurity professionals. But the technology can make staff smarter, more vigilant and more nimbly responsive. AI-based cyber security tools Financial and healthcare companies are leading this charge because of the sheer volume and variety of transactions they handle and because of the value and sensitivity of the data. Organizations like the U.S. Department of Defense and the space agency NASA, as well as governments around the world are also implementing AI-based tools to address the cyber threat. For businesses of all types, the threat stretches from the back office to the supply chain to the store front. That is why recognizing and countering that threat must involve everyone from the CISO to the CEO to the Chairman of the Board. The AI arms race is underway in security. To delay joining it is to risk letting your enterprise become one of the grim statistics.

We live in an information and data-led world, and cybersecurity must remain top-of-mind for any organization looking to both protect business operation critical assets. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - from cybercriminals conducting targeted spear-phishing campaigns - like the 2018 Moscow World Cup vacation rental scam, to nation-state actors looking to collect intelligence for decision makers - no organization is safe from innovative cyber threats. Security solutions enterprises Organizations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe The evolving threat space means organizations need to ensure they have the most innovative prevention and detection frameworks in order to withstand adversaries using complex and persistent threats. When implementing new security solutions enterprises must start by assuming that there is already a bad actor within their IT environment. With this mindset, organizations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe. As there is no one silver bullet that truly stops all cyberattacks, organizations must adopt a multipronged approach to be widely adopted to stop adversaries. This must include tracking, analyzing and pinpointing the motivation of cyber actors to stay one step ahead through global intelligence gathering and proactive threat hunting. In addition, deploying new technologies leveraging the power of the cloud give a holistic view of the continuously evolving threat landscape and thereby secure data more efficiently. Traditional security approach In today’s landscape, the propagation of advanced exploits and easily accessible tools has led to the blurring of tactics between statecraft and tradecraft. Traditional security approaches are no longer viable when it comes to dealing with the latest trends in complex threats. To make defending against these threats even more complicated, adversaries are constantly adapting their tactics, techniques and procedures (TTPs), making use of the best intelligence and tools. CrowdStrike’s latest Global Threat Report tracked the speed of the most notable adversaries including Russian, Chinese, North Korean and Iranian groups. As the adversaries’ TTPs evolve into sophisticated attack vectors defenders need to recognize we are amidst an extreme cyber arms race, where any of the above can become the next creator of a devastating attack. Russian efficiency is particularly high; they can spread through an enterprise network in 18 minutes 48 seconds on average, following the initial cyber-intrusion. Sophisticated cyber weapons Actors tend to use a simple trial and error technique where they test the organization's network So, reacting to threats in real-time is a priority. Bad actors are extremely vigilant and committed to breaking down an organization’s defenses, and speed is essential to finding the threats before they spread. Actors tend to use a simple trial and error technique where they test the organization's network, arm themselves with more sophisticated cyber weapons, and attack again until they find a vulnerability. This has highlighted the need for tools that provide teams with full visibility over the entire technology stack in real-time in order to meet these threats head-on. Traditional solutions are scan-based, which means they don’t scale well and can’t give the security teams context around suspicious activity happening on the network. They lack full visibility when a comprehensive approach is needed. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - like the 2018 Moscow World Cup vacation rental scam Malicious Behavior Through leveraging the power of the cloud and crowdsourcing data from multiple use cases, security teams can tap into a wealth of intelligence collated from across a vast community. This also includes incorporating threat graph data. Threat graphs log and map out each activity and how they relate to one another, helping organizations to stay ahead of threats and gain visibility into unknowns. Threat graph data in conjunction with incorporating proactive threat hunting into your security stack creates a formidable 360-degree security package. Managed threat hunting teams are security specialists working behind the scenes facing some of the most sophisticated cyber adversaries through hands on keyboard activity. Threat hunters perform quickly to pinpoint anomalies or malicious behavior on your network and can prioritize threats for SOC teams for faster remediation. In-Depth knowledge Security teams need to beat the clock and condense their responseIt is key for security teams to have an in-depth knowledge of the threat climate and key trends being deployed by adversaries. The TTPs used by adversaries leave are vital clues on how organizations can best defend themselves from real-life threats. Intrusion ‘breakout time’ is a key metric tracked at CrowdStrike. This is the time it takes for an intruder to begin moving laterally outside of the initial breach and head to other parts of the network to do damage. Last year, the global average was four hours and 37 minutes. Security teams need to beat the clock and condense their response and ejection of attackers before real damage is done. Next-Generation solutions When managing an incident clients need to be put at ease by investigations moving quickly and efficiently to source the root of the issue. Teams need to offer insight and suggest a strategy. This can be achieved by following the simple rule of 1-10-60, where organizations should detect malicious intrusions in under a minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation activities in less than an hour. The most efficient security teams working for modern organizations try to adhere to this rule. As the threat landscape continues to evolve in both complexity and scale, adequate budget and resources behind security teams and solutions will be determining factors as how quickly a business can respond to a cyberattack. To avoid becoming headline news, businesses need to arm themselves with next-generation solutions. Behavioral analytics The solution can then know when to remove an adversary before a breakout occurs Behavioral analytics and machine learning capabilities identify known and unknown threats by analyzing unusual behavior within the network. These have the ability to provide an essential first line of defense, giving security teams a clear overview of their environment. With this at hand, the solution can then know when to remove an adversary before a breakout occurs. Attackers hide in the shadows of a network’s environment, making the vast volume and variety of threats organizations face difficult to track manually. The automation of responses and detection in real-time is a lifeline that organization cannot live without as adversaries enhance and alter their strategies. Adversaries continue to develop new ways to disrupt organizations, with cybersecurity industry attempting to keep pace, developing new and innovative products to help organizations protect themselves. These technologies empower security teams, automating processes and equipping security teams with the knowledge to respond quickly. Organizations can set themselves up for success by integrating the 1-10-60 rule into their security measures, giving them an effective strategy against the most malicious adversaries.

Critical infrastructure facilities that must secure large areas with extended outer boundary and numerous entry points, present a particularly difficult challenge when it comes to perimeter protection. As such, true end-to-end perimeter protection calls for the utilization of a sophisticated, multi-layered solution that is capable of defending against anticipated threats. Integrated systems that incorporate thermal imaging, visible cameras, radar and strong command and control software are crucial for covering the various potential areas of attacks. Let’s look at these technologies and the five key functions they enable to achieve an end-to-end solution that provides intrusion detection, assessment and defense for the perimeter. 1. Threat Recognition The first step in effectively defending against a threat is recognizing that it’s there. By combining state-of-the-art intrusion detection technologies, facilities can arm themselves with a head start against possible intruders. An exceptionally important aspect of effective perimeter protection is the ability to conduct 24-hour surveillance, regardless of weather conditions, environmental settings, or time of day. Visible cameras do not perform as well in low light scenarios and inclement weather conditions. However, thermal imaging cameras can provide constant protection against potential intruders, regardless of visual limitations, light source or many environmental factors. In fact, facilities such as power stations located near bodies of water can use thermal cameras to create what is known as a “thermal virtual fence” in areas where they are unable to utilize the protection of a physical fence or wall. Deterring suspicious activity can be achieved through real-time two-way audio, a simple but powerful tool Critical infrastructure applications require not only continuous video surveillance and monitoring, but also a solution that yields highly reliable intrusion detection, with fewer false alarms. This need makes advanced video analytics a must for any adequate surveillance system. Features like dynamic event detection and simplified data presentation are game changing in supporting accurate intrusion analysis and facilitating a proactive response. Advanced analytics will provide multiple automated alarm notification options, including email, edge image storage, digital outputs or video management software (VMS) alarms. Incorporating high quality, unique and adaptive analytics can virtually eliminate false alarms, allowing security personnel to respond more efficiently and effectively, while also lowering overall cost for the end user. While surveillance technologies such as radar, thermal imaging and visible cameras, or video analytics work well on their own, utilizing all of these options together provides an advanced perimeter detection system. For example, ground surveillance radar can detect possible threats beyond the fence line as they approach and send a signal to pan-tilt-zoom (PTZ) cameras, triggering them to slew to a specific location. From there, embedded analytics and visible cameras can further identify objects, notify authorized staff, and collect additional evidence through facial recognition or high-quality photos. 2. Automatic Response Systems Once an intrusion attempt is discovered, it is important to act fast. Organizing a response system that can initiate actions based on GPS location data, such as the slewing of PTZ cameras, automated intruder tracking or activated lighting sensors, greatly increases staff’s situational awareness while easing their workload. For instance, thermal imagers deployed in conjunction with video analytics can be used to generate an initial alarm event, which can then trigger a sequence of other security equipment and notifications for personnel to eventually respond to. Having all of this in place essentially lays the entire situation out in a way that allows responders to accurately understand and evaluate a scene. Power stations located near bodies of water can use thermal cameras to create a “thermal virtual fence” in areas where they are unable to utilize the protection of a physical fence or wall 3. Deterring Suspicious Activity  After the designated auto-response mechanisms have activated and done their job, it is time for responders to acknowledge and assess the situation. From here, authorized personnel can take the next appropriate step toward defending against and delaying the threat. Deterring suspicious activity can be achieved through real-time two-way audio, a simple but powerful tool. Often, control room operators can diffuse a situation by speaking over an intercom, telling the trespasser that they are being watched and that the authorities have been notified. This tactic, known as ‘talk down’, also allows officers to view the intruder’s reaction to their commands and evaluate what they feel the best next step is. If individuals do not respond in a desired manner, it may be time to take more serious action and dispatch a patrolman to the area. 4. Delay, Defend, Dispatch And Handle The possible danger has been identified, recognized and evaluated. Now it is time to effectively defend against current attacks and slow down both cyber and physical perpetrators’ prospective efforts. Through the use of a well-designed, open platform VMS, security monitors can manage edge devices and other complementary intrusion detection and response technologies, including acoustic sensors, video analytics, access control and radio dispatch. A robust VMS also enables operators to control functions such as video replay, geographical information systems tracking, email alerts and hand-off to law enforcement. With the right combination of technologies, facilities can take monitoring and evidence collection to the next level The primary purpose of the delay facet of the overall perimeter protection strategy is to stall an attempted intrusion long enough for responders to act. Access control systems play a key role in realizing this objective. When a security officer sees a non-compliant, suspicious individual on the camera feed, the officer can lock all possible exits to trap them in one area all through the VMS. 5. Intelligence: Collect Evidence And Debrief More data and intelligence collected from an event equals more crucial evidence for crime resolution and valuable insight for protecting against future incidents. With the right combination of technologies, facilities can take monitoring and evidence collection to the next level. One innovative resource that has become available is a live streaming application that can be uploaded to smart phones and used for off-site surveillance. This app gives personnel the power to follow intruders with live video anywhere and allows operators to monitor alarm video in real-time. Geographic Information System (GIS) maps are computer systems utilized for capturing, storing, reviewing, and displaying location related data. Capable of displaying various types of data on one map, this system enables users to see, analyze, easily and efficiently. Multi-sensor cameras, possessing both visible and thermal capabilities, provide high-contrast imaging for superb analytic detection (in any light) and High Definition video for evidence such as facial ID or license plate capture. Integrating these two, usually separated, camera types into one helps to fill any gaps that either may normally have. Still, in order to capture and store all of this valuable information and more, a robust, VMS is required. Recorded video, still images and audio clips serve as valuable evidence in the event that a trial must take place to press charges. Control room operators can use data collection tools within their VMS to safely transfer video evidence from the field to the courtroom with just a few clicks of their mouse. More advanced video management systems can go a step further and package this data with other pertinent evidence to create a comprehensive report to help ensure conviction.

Some of the electronic features we all love in our new cars depend on a connection to the Internet. But what are the cybersecurity risks involved in that connection? Could a widespread cyberattack turn our cars into deathtraps and create a traffic catastrophe on the scale of 9/11? That’s the scenario described in a report from the nonprofit group Consumer Watchdog, which warns that a fleet-wide cyberattack at rush hour could result in a 9/11-style catastrophe with approximately 3,000 deaths. The organization recommends that automobile manufacturers install a ‘kill switch’ that would disconnect a vehicle from the Internet in an emergency to mitigate the threat. Protecting transportation system Automakers are keeping the public in the dark as they market new features based on Internet connections"Consumer Watchdog contends that the vulnerability of automotive computer systems, and the possibility of a cyberattack, has been communicated privately to investors but not widely to consumers. “Automakers are keeping the public in the dark as they market new features based on Internet connections,” says Consumer Watchdog. “Connecting safety-critical systems to the Internet is an inherently dangerous design,” says Jamie Court, President of Consumer Watchdog. “American car makers need to end the practice or Congress must step in to protect our transportation system and national security.” Future designs should completely isolate safety-critical systems from infotainment systems connected to the Internet or other networks, according to Consumer Watchdog. By 2022, at least two-thirds of new cars on American roads will have online connections to the cars’ safety-critical systems, putting them at risk of deadly hacks. Updating vehicle software over-The-Air One economic motive of connecting vehicles to the Internet is the ability of car manufacturers to update vehicle software over-the-air rather than having to recall a vehicle. Systems also enable collection of valuable data on how fast a car owner drives or where he/she shops. Security-critical components inside cars are driven by ‘black boxes’ that may contain software of questionable origin Security-critical components inside cars are driven by ‘black boxes’ that may contain software of questionable origin. Software may be written by third parties and/or include contributions from hundreds or thousands of different authors around the world, with little accountability for flaws. The ability to update software ‘over the air’ without touching the vehicles lets automakers cover up safety problems and sloppy testing practices, contends Consumer Watchdog. “Allowing consumers to physically disconnect their cars from the Internet and other wide-area networks should be a national security priority,” says Court. “If a 9/11-like cyber-attack on American cars were to occur, recovery would be difficult because there is currently no way to disconnect our cars quickly and safely. The nation’s transportation infrastructure could be gridlocked for weeks or months. Mandatory ‘kill switches’ would solve the problem.” Understanding the risks of connected cars In addition to more attention to cybersecurity, there also needs to be more transparency to enable consumers to understand what is at risk and the choices they make. For example, a group of more than 20 car industry engineers and insiders helped to prepare the Consumer Watchdog report, but many of them remained anonymous for fear of losing their jobs. Consumers have a right to understand the risks they are taking and how they can minimize them. In the Internet of things, cybersecurity dangers extend to almost every device in the connected world, from cars to smartphones to medical devices. Increasingly, we will be asked to weigh the convenience of cranking our car with a smartphone, for example, against the possible risk in the form of vulnerability to cyberattack.

Global Security Exchange (GSX) 2019 will blow into the Windy City this fall, combining a tradeshow, a full schedule of professional education sessions, plenty of industry networking opportunities, and an annual reunion of the top professionals from around the world tasked with protecting people, property and assets. GSX – the trade show and industry event 'formerly known as' the ASIS Annual Seminar and Exhibits – will be Sept. 8-12 at Chicago’s McCormick Place. The show promises to 'elevate the event experience with modern education learning experiences, revitalized networking opportunities, and a reimagined trade show floor.' More than 550 exhibitors will be featured in the expo hall (open Sept. 10-12), according to ASIS International. Chicago is a great location for GSX, as evidenced by the successful 2013 ASIS show. Cutting-Edge solutions X1 Stage sessions are designed to highlight cutting-edge solutions and increase contextual understanding GSX seeks to attract more attendees to the exhibition hall with education events positioned alongside the industry’s latest-and-greatest equipment and technology exhibits. On the expo floor, the GSX: Disruption District will include new and enhanced programs such as the X Learning stages, the D3 (drones, droids, defense) Learning Theater, the Pitch Competition and the Innovative Product Awards. X Learning is a series of experiential sessions. X1 Stage sessions are designed to highlight cutting-edge solutions and increase contextual understanding of new technology. GSX: Startup Sector highlights new companies with emerging technologies; and GSX: Pitch Competition brings together entrepreneurs, investors and industry leaders to feature early-stage startup pitches. Career HQ will provide free resume reviews, career coaching, professional development and networking opportunities. A Sharpshooter Contest sponsored by Smart Simulators and SB Tactical will allow contestants donating $20 to compete for $500 in prizes each day. Pre-Conference certification courses More than 300 security courses, plus pre-conference certification courses, will provide security professionals expertise to enhance their career development. Programming will be led by ASIS and InfraGard subject matter experts. (InfraGard is a non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation.) Seventeen education tracks will serve the needs of security professionals interested in topics from business continuity to crime/loss prevention, law and ethics to national security, information security to physical and operational security. The show also provides opportunities for dealers, installers, integrators, consultants, specifiers, architects and engineers 'Game Changer' sessions will address hot and controversial topics, including 'The Ever-Changing Drone Landscape: What You Need to Know' and 'Accelerating Digital Transformation: Insights and Applications.' Ian Bremmer of Eurasia Group will speak on navigating the geopolitical landscape; Steve Demetriou and Joe Olivarez of Jacobs, a global professional services company, will speak about harnessing technology and big data to make strategic decisions. Providing new opportunities Wednesday morning, General John F. Kelly of the U.S. Marine Corps (Ret), will provide insight into the evolving geopolitical landscape around the world. His keynote presentation on Sept. 11 will kick off Military and Law Enforcement Appreciation Day. Tarah Wheeler, cyber security researcher, will speak on protecting assets in the age of cybersecurity leaks and scandals. More than 20,000 registered attendees are expected from 110-plus countries across the entire industry Although the attendee emphasis is on security end-users, the show also provides opportunities for dealers, installers, integrators, consultants, specifiers, architects and engineers. More than 20,000 registered attendees are expected from 110-plus countries across the entire industry, according to ASIS International. Networking events will include an ASIS Town Hall Meeting on the afternoon of Sept. 8, aimed at opening communication between ASIS staff and membership. There will be an Opening Night Celebration Sept. 8 centred on the theme 'Chicago on the Silver Screen' at Revel Motor Row, a popular Chicago landmark originally home to the Illinois Auto Club. Emphasis on education On Monday (Sept. 9) a networking luncheon will be followed by the Awards Reception later in the day. A reception in the evening will present the Karen Marquez Honors Award, recognizing a female security professional. Tuesday (Sept. 10) will have a Happy Hour at the exhibit hall, followed later by a Women in Security and Young Professionals Happy Hour. Wednesday evening will be the President’s Reception at Wintrust Arena, with a 1980s theme. The annual trade show has declined in recent years, and ASIS International has implemented changes that seek to reinvigorate the show, culminating in the rebranding last year. One challenge is that the show’s emphasis on education keeps attendees engaged for hours of the day, making it harder to meet the expectations of exhibiting companies who want more booth traffic. More attractions on the show floor, including the Tuesday happy hour, are aimed at increasing overall foot traffic in the hall.

The devil is in the details. The broader implications of the U.S. Government ban on Chinese video surveillance manufacturers are being clarified in the federal rule-making process, and a public hearing in July gave the industry a chance to speak up about the impact of the law. Ban on equipment The hearing centered on Section 889 of Title VII of the National Defense Authorisation Act (NDAA) for FY 2019, specifically paragraph (a)(1)(B). The paragraph "prohibits agencies from entering into a contract (or extending or renewing a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system." “Covered equipment” refers to products and services from Huawei, ZTE Corp., Hytera, Hikvision and Dahua “Covered equipment” refers to products and services from Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co. Hikvision and Dahua are two of the largest manufacturers of video surveillance equipment, and Huawei manufactures HiSilicon chips widely used in video cameras. ‘Chinese ban’ provision The public hearing was part of the rule-making process for paragraph (a)(1)(B), which the industry has informally referred to as the “blacklist” provision of the NDAA. However, the “Chinese ban” provision [Paragraph (a)(1)(a)] is not at issue, was not covered by the public hearing, and is already scheduled to go into effect a year after the law was signed by President Trump (August 13, 2018).   There were seven presentations at the public hearing. Presenters included the Security Industry Association (SIA), two Hikvision integrators, a representative of communications manufacturer Hytera, an economist and an attorney on behalf of telecommunications company Huawei, and Honeycomb Secure Systems, a federal contractor. There was no livestream or transcription of the meeting, although PowerPoint summaries of the 10-minute presentations were published.   SIA emphasizes on clarity In its presentation, the Security Industry Association (SIA) emphasized that contractors need clarity, i.e., that paragraph (a)(1)(B) applies to an entity's use of covered equipment or services in the performance of federal contracts, but NOT to non-federal sales or use of covered equipment by a contractor that is unrelated to federal work. SIA also focused on the distinction (and contrasting risk profiles) between video surveillance equipment, which are endpoint devices that may or may not be on the Internet, and telecommunications equipment. In contrast, telecommunications equipment is essential to Internet infrastructure and manages all data on a network, encrypted or not.    Fully-compliant video surveillance products Security equipment suppliers and integrators doing federal work can offer fully compliant video surveillance products" SIA's presentation included the following "outcome" statement: "Security equipment suppliers and integrators doing federal work can offer fully compliant video surveillance products in the federal market, while offering other products tailored to technical requirements, price points and specific customer needs that vary widely for non-government commercial sectors – e.g. malls, banks, convenience stores, etc.” In other words, involvement in government contracts should not restrict an integrator’s flexibility to offer any and all products and services (included those from the listed Chinese companies) to non-government customers. The two integrators made similar points, specifically about their business with Hikvision. One presenter was Rick Williams, General Manager of Selcom, a systems integrator in Selma, Ala., with 10 employees. They have been a Hikvision partner since 2012 with a year-to-date revenue from Hikvision products of approximately $400,000. Hikvision integrators speak out A second integrator at the hearing was Mark Zuckerman of Clear Connection Inc., a security company in Beltsville, Md., with 32 local employees, that focuses on electronic security, telecommunications and IT. Clear Connection designs, installs and services systems throughout Metro DC and Baltimore, including commercial entities, schools and non-profit organizations. They do about $120,000 a year in business as a Hikvision partner and have over $500,000 in business awaiting federal NSGP [Nonprofit Security Grant Program] approval. In two almost identical presentations, the integrators sought clear guidance on how to comply with the language of the law as written, specifically confirmation that Section 889 of the NDAA does not apply to non-federal sales or use of covered equipment. "This is critical to my company as I provide integrated security solutions across multiple government and commercial markets, using a mix of products from different manufacturers tailored to the technical requirements, price points and customer needs that vary widely for each sector," said Williams. Hytera speaks at hearing It is not clear what Section 889 means, who it applies to, or how far its prohibitions extend" "It is not clear what Section 889 means, who it applies to, or how far its prohibitions extend," commented Zuckerman. "If interpreted broadly, some of my customers would be barred from entering into a federal contract because they have covered products installed in their facility to protect their property and staff.” Also presenting at the hearing was Hytera, a manufacturer of open standard digital mobile radio technology. The presentation emphasized that Hytera does not sell to U.S. telecommunications carriers, and does not supply 5G components or video surveillance equipment. Hytera equipment is used by federal customers such as the National Gallery of Art, National Archives, National Zoo and the Holocaust Museum. Impact on clients and commerce "These federal entities do not play a role in national security, and the Hytera systems do not connect to any critical systems," says the company. "However, the lack of clarity in the implementation of the NDAA has a significant impact on Federal, state and commercial clients, impacting competition and choice." Hytera's presentation continues: "Hytera has never been informed by any U.S. government entity that its equipment posed a national security risk and as such has not been given the opportunity to respond to any concerns. The result of Section 889 is the creation and circulation of misinformation in the marketplace." Hytera also said that the federal proposed rules and regulations should exempt federal agencies that do not include a national security component, and equipment not interconnected with the public network. Impact on cybersecurity Consolidating the number of equipment suppliers hinders rather than helps cybersecurity" James E. Gauch, an attorney with James Day speaking on behalf of Huawei, offered a global argument that could be applied to any of the banned companies: “Virtually all equipment manufacturers rely on a global supply chain and face security risks from a wide range of sources, excluding may be one or two vendors based on their national origin will not address these risks.” He adds, “However, consolidating the number of equipment suppliers hinders rather than helps cybersecurity. Creating a small number of dominant suppliers, regardless of national origin, reduces the incentives of those suppliers to embrace industry-leading standards and creates greater exposure to vulnerabilities of a single supplier.”

ANSecurity, globally renowned specialist solutions firm in advanced network and data security, has announced the successful completion of a Secure Access platform upgrade for the South Hams District Council and West Devon Borough Council. South Hams District Council and West Devon Borough Council serves a large portion of the county of Devon in South West England. With just under 400 staff, the council provides a variety of services to over 100,000 properties and 140,000 residents. Due to a need to protect sensitive data and at the same time accommodate modern, flexible ways of working, South Hams District Council and West Devon Borough Council was undergoing the process of transforming the way it worked. Secure Access platform The council opted for an “always on” VPN - one which would use a device ID to authenticate to the council’s network The council wanted to ensure that in the future, its employees could work in a location agnostic way. Secure Access was central to that transformation, providing a secure connection between an employee’s device and the council’s network. The council approached ANSecurity for help in managing the upgrade to the latest platform. After a series of calls and on-site meetings, the full upgrade was purchased. It chose Pulse Secure appliances for their unparalleled ability to combine Secure Access with a user friendly experience.  The council opted for an “always on” VPN - one which would use a device ID to authenticate to the council’s network - thereby circumventing the manual sign-in process and providing a streamlined authentication process for users. From there the processes of logging in at home, or the office became almost identical. By deploying fewer physical 2 factor tokens, the council made further savings. ANSecurity helped the council configure the VPN with a couple of days of on-site consultancy. Pulse Secure VPN Mike Ward, the council’s head of IT commented, “Security of this type is an enabler to the way we work - we couldn't do it without a VPN. ANSecurity have been a great partner for us and nothing was too much trouble, they provided good guidance and were there every step of the project. We look forward to working with them on an on-going basis.” The council’s new operating model has proved tremendously popular with staff, allowing them to work agilely in whatever location they choose. The council’s offices are now hot desking locations with around 100 to 150 people using Pulse Secure VPN to log into the office network every day. The ability to capture business processes into its workflow allowed the council to downsize its staff costs and save £1.4 million a year. The resultant savings in money, staff and space has also cut its carbon footprint and paper waste significantly.

Each day, over 55,000 electrical substations in the United States funnel massive amounts of energy to homes and businesses across the country. An array of specialized equipment allows these facilities to keep up with demand, and each component must run smoothly to adequately transfer and distribute energy. Housing mission-critical assets vital to the community means that substations must track everything—from condition monitoring to intrusion and sabotage threats. Thermal imaging cameras, video classification analytics, and radiometric measurement offer unmatched maintenance and security insight for substations and help prevent costly issues that hurt the bottom line. AI and deep learning technologies Advancements in artificial intelligence technologies are expanding the capability of security systems Advancements in artificial intelligence and deep learning technologies are expanding the capability of security systems. As security solutions improve, customer expectations grow. Systems that were once limited to perimeter protection are now able to provide valuable process efficiency and maintenance information. Substations should consider integrating new technology that improves efficiency and safety as they move to satisfy NERC CIP-014 requirements. Problematic heating and cooling connections can plague substations. Overheating and burning a transformer is a costly, potentially multimillion-dollar error that can take several months to correct. Beyond damage costs, the abrupt loss of equipment can lead to extended service interruptions and significant revenue loss. The consequences of equipment failure highlight the importance of asset monitoring, asset resiliency, and predictive maintenance for substations. Radiometric thermal cameras Integrating cutting-edge technologies like radiometric thermal cameras and temperature trend analysis software allows facility operators to remotely inspect equipment and quickly detect issues, preventing overheating and fires. Image quality and software compatibility are vital in planning an asset monitoring ecosystem. To best serve both the security and condition monitoring needs of substations, thermal sensor manufacturer FLIR Systems and software developer Embedded Logix collaborated to create a multi-purpose solution. Security and asset monitoring For over 30 years, FLIR has developed security and asset monitoring solutions for utility providers For over 30 years, FLIR has developed security and asset monitoring solutions for utility providers. A full lineup of fixed and pan-tilt thermal cameras allow security operators to monitor assets and perimeters in complete darkness, smoke, fog, and harsh weather conditions. FLIR thermal cameras provide superior resolution, capturing sharp imagery and minute details for high-performance video analytics and immediate threat detection. Quick intervention during intrusions prevents escalation, and rapid detection with thermal imaging supports fast response time. Smart-LX Sensor Gateway Recognizing threats before they ever reach the fence line deters theft, vandalism, and assault, keeping facility personnel safe and reducing the risk of equipment repair and legal costs. As an industry leader in thermal imaging, FLIR looks to partner with other innovative solution providers to create more advanced technologies. Embedded Logix, a Detroit, Michigan-based test and measurement solutions provider for the utility, plastic, food, and metal industries emerged as an ideal partner to integrate smart analytics software into thermal sensors. Their Smart-LX Sensor Gateway is an open-architecture platform that features Smart-LX Analytics with support for infrared cameras, programmable logic controllers, and SCADA systems. It opened the door for a complete predictive maintenance solution. FLIR thermal cameras Partnering with FLIR means being in the center of the infrared universe" The Smart-LX system allows both maintenance and security personnel to leverage networked thermal imagers on a single platform. By 2012, Embedded Logix was FLIR’s exclusive smart sensor software partner for temperature trending in predictive maintenance, bringing the Smart-LX platform to FLIR thermal cameras. “Partnering with FLIR means being in the center of the infrared universe. We can’t imagine any better product lineup to feed data into our Smart-LX Analytics,” said Deborah McLeod, president of Embedded Logix. “We have bench tested many other brands over the years, but FLIR’s products always come out on top, and that is why we recommend FLIR cameras to our customers. When you combine Smart-LX Analytics with FLIR cameras you turn an incredible sensor into an extraordinary solution.” Smart-LX Analytics Embedded Logix Smart-LX Analytics read, process, analyze, and create a visualization of sensor readings, generating asset performance reports on trends and rules that can be sent to maintenance personnel for further assessment. The software adapts over time with customer input, relying on user feedback to create an expert system. The Smart-LX platform works with both legacy and new equipment, analyzing signals from all sensors and systems, and is capable of aggregating information into VMS, OSI PI, and SCADA platforms. The FLIR FC-R fixed thermal camera leverages a radiometric sensor for noncontact temperature measurement FLIR offers several high-performance thermal imaging solutions for Smart-LX integration, including the FLIR A310 and FLIR FC-R Series cameras. Dual thermal and optical sensors on the FLIR A310 PT offer reliable perimeter protection and automated condition monitoring while pan/tilt controls maximize coverage. The onboard radiometric thermal sensor measures slight changes in surface temperature, allowing the A310 PT to monitor hotspots on equipment and alert an operator if temperatures exceed preset levels. FC-R fixed thermal camera The FLIR FC-R fixed thermal camera leverages a radiometric sensor for noncontact temperature measurement. Onboard human and vehicle classification analytics offer reliable intrusion detection and work in tandem with external monitoring systems to quickly alert operators and security personnel. “FLIR’s innovative A310F, A310PT, and FC-R radiometric thermal cameras have been paramount in substation monitoring for years,” said Michael Chaffee, director of business development at FLIR. “With the addition of Embedded Logix and its SmartLX software, our customers can take FLIR thermal cameras to the next level. When combined, FLIR cameras and Smart-LX software create a data goldmine, allowing a more frequent analysis of substation assets right from the security control room.” Facility security FLIR and Embedded Logix systems revolve around facility security and asset monitoring FLIR and Embedded Logix systems revolve around facility security and asset monitoring. Installing different cameras and network components throughout a substation creates an ecosystem ready to detect and prevent issues. Most security and asset monitoring systems from FLIR and Embedded Logix begin with several FLIR FC-ID cameras along the perimeter of the substation, one A310 PT mounted in the center of the substation, FC-R or A310F cameras installed around high priority assets, and several Smart-LX Sensor Gateways. When the system detects an object of interest, FLIR FC-ID cameras trigger the A310 PT camera to track and zoom on the object for further threat assessment, allowing security personnel to quickly and safely gauge the situation. Condition monitoring thermal imagers can continuously survey any asset in their field of view. Fixed FLIR A310F camera Fixed FLIR A310F and FC-R cameras monitor specific equipment 24/7, while the A310 PT can focus on multiple areas, viewing transformer connections, incoming power transmission lines, switch gears, fans, and more. Generated reports compare the performance of similar assets across all stations Smart-LX Sensor Gateways control the A310 PT preset scanning to gather temperature information on equipment, triggering an alarm if a temperature exceeds the preset threshold. Generated reports compare the performance of similar assets across all stations, address historical temperature trends, and label each temperature reading with the substation location, asset ID, and asset class information. This reporting is vital, as temperature trends can indicate trouble even when alarms remain untriggered. Remote monitoring “If the temperature is rising and falling on one asset, but the temperature on the other assets are steady, it can indicate a problem,” McLeod explained. “Even if the asset doesn’t reach the temperature threshold, the temperature slowly creeping up to that threshold is valuable information.” FLIR and Embedded Logix systems leverage remote monitoring to catch issues before they occur, preventing expensive downtime and maximizing substation efficiency. Predictive maintenance programs can identify poor-performing components, allowing operations teams to decide whether to proactively replace components or to continue monitoring. An unknown failure could cause catastrophic damage to other substation elements, causing customer outages and costing the utility millions of dollars. Thermal imaging Smart-LX Sensor Gateways also allow thermographers to inspect equipment remotely “The FLIR and Embedded Logix solution allows you to qualify with more frequency,” said Chaffee. “It ultimately enables you to save money and identify failures sooner. It’s much more expensive to replace a component after failure versus pre-failure. When a failure happens, you shut down the substation and part of the grid, which costs a lot of money.” Smart-LX Sensor Gateways also allow thermographers to inspect equipment remotely, improving efficiency during repairs. Traditionally, a thermographer would report to a substation to manually inspect equipment in need of service. Using a handheld thermal imager, the thermographer would take temperature measurements and check for load balance to determine whether equipment should be taken offline for repair. The need for a pre-work assessment and post-repair verification can make for long days. Embedded Logix Smart-LX Sensor Gateways remove this pain point. Live data access The Smart-LX Sensor Gateways give thermographers the ability to inspect equipment remotely and access live data from each networked FLIR thermal camera. Real-time temperature measurement and analytics allow the maintenance crew to confirm repairs or safely identify any additional issues. Thermographers would only need to go to a site when something is critical" “The FLIR and Embedded Logix solution enhances the role of thermographers,” Chaffee said. “Not needing to drive hundreds of miles to do a regularly scheduled thermal scan saves a lot of money. Your thermography team can scan safely, and with more frequency, from the security operations center. Thermographers would only need to go to a site when something is critical. Time is money, so being more productive as a utility and building a substation predictive maintenance program is an important element.” Critical asset monitoring Smart-LX Software works continuously to monitor critical equipment and uncover even small changes that can indicate impending failure. Intelligent maintenance and security systems are making substations safer and more efficient, positively impacting the bottom line. The insurance deductible of a significant substation asset can be hundreds of thousands of dollars. Detecting just one instance of equipment failure can prevent inordinate costs. “The Smart-LX Software solution reduces the cost of an event by detecting it much earlier. Instead of detecting a fire, you’re preventing a fire,” McLeod added. “It’s important for all stakeholders that utilities monitor changes in asset health as a means of improving reliability and reducing the total cost of repairs. Asset security and management Utilities are moving towards proactive deterrence and away from reactive monitoring He adds, “Stakeholders want to see that steps are being taken to reduce insurance claims from unnecessary escalations when a malfunctioning asset is not discovered until it fails and takes out expensive assets or infrastructure around it. Preventing costly downtime by repairing equipment at the first sign of trouble can reduce the number of unscheduled downtime events dramatically and create significant cost-savings.” Leveraging radiometric thermal cameras and analytics for both security and asset monitoring represents a paradigm shift. Utilities are moving towards proactive deterrence and away from reactive monitoring. Substation security FLIR radiometric thermal cameras and Embedded Logix Smart-LX Sensor Gateways safeguard substations and reduce the risk of critical equipment failure. Investing in stronger security keeps substations and their assets safe, and innovative, multipurpose solutions from FLIR and Embedded Logix create a win-win for utility providers throughout the country.

Crossword Cybersecurity plc, has announced that Stevenage Borough Council, Peterborough City Council and East Hertfordshire District Council (‘the Councils’), will use Rizikon Assurance to manage compliance with the GDPR (General Data Protection Regulation) with their suppliers and for wider information governance. GDPR compliance GDPR makes many requirements of organizations, including taking adequate steps to ensure data is both encrypted and anonymized, so that in the event of a breach, the data cannot be exploited. Infringements under GDPR can lead to fines of €20 million, or 4% of annual global turnover for an organization. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack With a combined residential population of over 430,000, the Councils have a duty to ensure that the personal information of all residents is adequately protected against the risk of data breach, either by the Councils themselves or the third-party suppliers and agencies with which they work. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack.  GDPR risk exposure Using Rizikon Assurance, the Councils will improve the process and accuracy of securing third party assurance. This will support compliance with GDPR, and establish a way to manage on-going assurance checks when needed at regular intervals. Additionally, the Councils will be in a position to identify GDPR risk exposure across their supplier portfolio, so that remedial action can be taken to improve the protection of citizen data. Jake Holloway, Director responsible for Rizikon Assurance, commented, “The role of every public service organization is to serve its citizens, often holding personal information about them on many sensitive topics such as health, benefits and education. With that comes the responsibility of ensuring that information is protected, especially when it needs to be shared with partner organizations.” Rizikon Assurance Jake adds, “Rizikon Assurance will help any organization dramatically improve the speed and reliability of its third-party assurance processes, covering areas such as GDPR, health & safety, the Modern Slavery Act and any other requirements that they may have.  It moves third party assurance from a siloed and reactive activity, to a connected, proactive continuous process that delivers a complete view of third-party risk.”

AlertEnterprise Inc., the physical-logical security convergence software company, announced that its Airport Guardian software has been selected by Los Angeles World Airports (LAWA) as the new Identity Management and Credentialing System (IMCS) at Los Angeles International Airport (LAX). Airport Guardian cyber-physical security software will be deployed to deliver a new level of converged security, identity and access intelligence, and enhanced customer experience across IT, physical and OT systems. “At LAWA, we work hard to provide a high level of safety, security, and service for our customers, communities, and stakeholders,” said Aura Moore, Deputy Executive Director - CIO of LAX. “We’ve selected AlertEnterprise software as our new Identity Management and Credentialing System for its integrated, configurable, and futureproof design. This new system will enable us to improve security, enhance customer experience, minimize risk, and proactively enforce compliance for many years to come.” Ensuring real-Time compliance With Airport Guardian software, LAX will be able to streamline and automate their entire badge lifecycle processWith Airport Guardian software, LAX will be able to streamline and automate their entire badge lifecycle process, from application to badge printing, and access provisioning. By automating core processes with role-based workflow and active policy enforcement, the airport can ensure compliance in real-time, which helps to eliminate costly auditing efforts. The deployment of Airport Guardian software will include a secure, web-based portal that will enable LAX personnel to manage employees, vendors, and visitors across their enterprise landscape. Applicants and Authorized Signatories will be able to start, save, and submit applications, including requesting access to critical areas that require additional approval. Streamline application processes With built-in schedule management, Airport Guardian software will help the LAWA Badge Office streamline application processes and enhance customer experience, including reduced wait times, and application status visibility to applicants and authorized signatories. The aviation content pack features DACS, STA, CHRC, Rap Back, and LMS integrations as part of the Airport Guardian software Airport Guardian software includes an aviation specific content pack comprised of Tenant Management, Incident Management, Asset Governance, built-in airport compliance, industry reporting, badge auditing, and process automation best practices. The aviation content pack features DACS, STA, CHRC, Rap Back, and Learning Management Systems (LMS) integrations as part of the Airport Guardian software. Airport Security Awareness training The Airport Guardian software’s powerful LMS integration feature is designed to assist LAX administration teams in tracking and enforcing mandatory training for personnel including active shooter, Airside Vehicle Operating Permit, and Airport Security Awareness training.  “LAX is one of world’s premier and busiest airports, and we are thrilled that they have selected AlertEnterprise as part of their security modernization and digital transformation,” said Ruby Deol, AlertEnterprise Chief Operating Officer. “Our game-changing approach of converged cyber-physical security is helping to make airports and critical infrastructure around the world more secure while creating a positive workforce and customer experience.”

The new school year is a good time to reflect on the role of security in protecting our schools. From video to access control to some newer technologies, our Expert Panel Roundtable found plenty to talk about when we asked this week’s question: How does security technology make our schools safer?

Passwords are one of the most familiar elements of information systems, but also one that can be overlooked or underutilized. New alternatives are emerging, and the role of passwords is evolving in the age of the Internet of Things. We asked this week’s Expert Panel Roundtable: How is the role of passwords changing in physical security systems?

One impact of Chinese companies entering the physical security market has been an erosion in product pricing, creating what has been called the "race to the bottom." However, political forces and cybersecurity concerns have presented new challenges for Chinese companies. Adding cybersecurity increases costs, and the addition of more functionality to edge devices is another trend that has impacted product pricing. We asked this week's Expert Panel Roundtable: Has price erosion ended (or slowed down) in the security market?