SecurityInformed.com
  • Products
    Video Surveillance
    • Surveillance cameras
    • Video Surveillance software
    • IP cameras
    • Digital video recorders (DVRs)
    • Dome cameras
    • Network Video Recorders (NVRs)
    • IP Dome cameras
    • Security camera lenses
    Access Control
    • Access control readers
    • Access control software
    • Access control controllers
    • Access control systems & kits
    • Intercom Systems
    • Electronic lock systems
    • Access control cards/ tags/ fobs
    • Access control accessories
    Intruder Alarms
    • Intruder alarm system control panels & accessories
    • Intruder detectors
    • Intruder alarm warning devices
    • Intruder alarm communicators
    • Intruder alarm accessories
    • Intruder alarm lighting systems
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    Climax Unveils Hybrid Security System

    Climax Unveils Hybrid Security System

    Hanwha PNM-9085RQZ Multi-Sensor Camera

    Hanwha PNM-9085RQZ Multi-Sensor Camera

    Ava Aware Cloud: Simple, Smart Security

    Ava Aware Cloud: Simple, Smart Security

  • Companies
    Companies
    • Manufacturers
    • Distributors
    • Resellers / Dealers / Reps
    • Installers
    • Consultants
    • Systems integrators
    • Events / Training / Services
    • Manned guarding
    Companies by Product area
    • CCTV
    • Access control
    • Intruder alarm
    • IP networking products
    • Biometrics
    • Software
    • Digital video recording
    • Intercom systems
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
  • News
    News
    • Product news
    • Corporate news
    • Case studies
    • Events news
    Latest
    • Ferrero Rocher Outfits New Global Headquarters In Luxembourg With Custom Golden Boon Edam TQA Automatic Revolving Door
    • Allied Universal Announces The Acquisition Of Atlanta-Based Security Company, SecurAmerica
    • DigiCert Reaches Milestones For Nordic Region Expansion With Growing Customer Base And Channel Partner Community
    • Viking Electronics Unveils PA-250-IP High-Powered Rack-mounted Amplifier For Unicast And Multicast Paging
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
  • Insights
    Insights
    • Expert commentary
    • Security beat
    • Round table discussions
    • Security bytes
    • Round Table Expert Panel
    • eMagazines
    • Year in Review 2020
    • Year in Review 2019
    Featured
    • Safety In Smart Cities: How Video Surveillance Keeps Security Front And Center
    • Which new buzzwords reflect the security industry’s trends?
    • Biometrics Provides Industries With Security, Access Control And Data Protection
    • Retail Security In 2021 And Beyond
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
  • Markets
    Markets
    • Airports & Ports
    • Banking & Finance
    • Education
    • Hotels, Leisure & Entertainment
    • Government & Public Services
    • Healthcare
    • Remote Monitoring
    • Retail
    • Transportation
    • Industrial & Commercial
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    Dahua Technology Installs HD CCTV Cameras With Smart Analytics Using AI To Secure Iconic Battle Of Britain Bunker

    Dahua Technology Installs HD CCTV Cameras With Smart Analytics Using AI To Secure Iconic Battle Of Britain Bunker

    Oliver Law Security Installs Vanderbilt ACT365 Security System To Protect One Of Doncaster’s Largest Gyms, The Fitness Village

    Oliver Law Security Installs Vanderbilt ACT365 Security System To Protect One Of Doncaster’s Largest Gyms, The Fitness Village

    Hikvision IP CCTV Systems Protect Visitors And Stores At Somerset Mall In South Africa

    Hikvision IP CCTV Systems Protect Visitors And Stores At Somerset Mall In South Africa

    CLIQ® Access Control Solution From ASSA ABLOY Helps Secure Museums, Shopping And Indoor Leisure Sites

    CLIQ® Access Control Solution From ASSA ABLOY Helps Secure Museums, Shopping And Indoor Leisure Sites

  • Virtual events
    Virtual events
    • Video Surveillance
    • Access Control
    • Video Analytics
    • Video Management Systems
    • Integrated Systems
    • Asset Management
    Events
    • International security
    • Regional security
    • Vertical market
    • Technology areas
    • Conferences / seminars
    • Company sponsored
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    Capture New Opportunities With Computer Vision And Video Analytics

    Capture New Opportunities With Computer Vision And Video Analytics

    Maximizing 8K Resolution & LPR Solutions for Stadiums, Municipalities and Government

    Maximizing 8K Resolution & LPR Solutions for Stadiums, Municipalities and Government

    Vanderbilt ACT365 With Schlage ENGAGE Locks

    Vanderbilt ACT365 With Schlage ENGAGE Locks

    How Open Supervised Device Protocol (OSDP) is Revolutionizing Access Control Systems

    How Open Supervised Device Protocol (OSDP) is Revolutionizing Access Control Systems

  • White papers
    White papers
    • Video Surveillance
    • Access Control
    • Video Analytics
    • Video Compression
    • Security Storage
    White papers by company
    • Hanwha Techwin America
    • Eagle Eye Networks
    • ELATEC USA
    • Security & Safety Things
    • Gallagher Security (Europe) Ltd
    Other Resources
    • eMagazines
    • Videos
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    10 Step Guide to Staying Ahead of Emerging Security Threats

    10 Step Guide to Staying Ahead of Emerging Security Threats

    2021 Trends in Video Surveillance

    2021 Trends in Video Surveillance

    5 Security Lessons For Navigating COVID-19

    5 Security Lessons For Navigating COVID-19

    Security Investments Retailers Should Consider For Their 2021 Budget

    Security Investments Retailers Should Consider For Their 2021 Budget

About us Advertise
  • Artificial intelligence (AI)
  • Counter Terror
  • Cyber security
  • Robotics
  • Thermal imaging
  • Intrusion detection
  • Body worn video cameras
  • ISC West
  • Video management software
  • Video analytics
  • COVID-19
  • View all
Cyber security
  • Home
  • About
  • News
  • Expert commentary
  • Security beat
  • Case studies
  • Round table
  • Products
  • White papers
  • Videos
Cyber security

How Physical Security Consultants Ensure Cybersecurity For End Users

How Physical Security Consultants Ensure Cybersecurity For End Users
Larry Anderson
Larry Anderson
Download PDF version
Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Related Links
  • Milestone's Mike Taylor: New Technologies Changing The Role Of Security Sales

Cybersecurity talk currently dominates many events in the physical security industry. And it’s about time, given that we are all playing catch-up in a scary cybersecurity environment where threats are constant and constantly evolving. I heard an interesting discussion about cybersecurity recently among consultants attending MercTech4, a conference in Miami hosted by Mercury Security and its OEM partners.

The broad-ranging discussion touched on multiple aspects of cybersecurity, including the various roles of end user IT departments, consultants, and integrators. Factors such as training, standardisation and pricing were also addressed as they relate to cybersecurity. Following are some edited excerpts from that discussion. 

The Role Of The IT Department

Pierre Bourgeix of ESI Convergent: Most enterprises usually have the information technology (IT) department at the table [for physical security discussions], and cybersecurity is a component of IT. The main concern for them is how any security product will impact the network environment. The first thing they will say, is “we have to ensure that there is network segmentation to prevent any potential viruses or threats or breaches from coming in.” The main concern for IT departments is how any security product will impact the network environment”

They want to make sure that any devices in the environment are secure. Segmentation is good, but it isn’t an end-all. There is no buffer that can be created; these air gaps don’t exist. Cyber is involved in a defensive matter, in terms of what they have to do to protect that environment. IT is more worried about the infrastructure.

The Role Of Consultants And Specifiers

Phil Santore of DVS, division of Ross & Baruzzini: As consultants and engineers, we work with some major banks. They tell us if you bring a new product to the table, it will take two to three months before they will onboard the product, because they will run it through [cybersecurity testing] in their own IT departments. 
If it’s a large bank, they have an IT team, and there will never be anything we [as consultants] can tell them that they don’t already know. But we all have clients that are not large; they’re museums, or small corporations, or mom-and-pop shops. They may not be as vulnerable from the international threat, but there are still local things they have to be concerned about. 
It falls on us as consultants to let them know what their problems are. Their IT departments may not be that savvy. We need to at least make them aware and start there.

Wael Lahoud of Goldmark Security Consulting: We are seeing more and more organisations having cybersecurity programs in place, at different maturity levels. At the procurement stage, we as consultants must select and specify products that have technology to enable cybersecurity, and not choose products that are outdated or incompatible with cybersecurity controls. 
We also see, from an access control perspective, a need to address weaknesses in databases. Specifying and having integrators that can harden the databases, not just the network itself, can help.

The broad-ranging discussion touched on multiple aspects of cybersecurity, including the various roles of end user IT departments, consultants, and integrators
The impact of physical security products on the network environment was a dominant topic at the MercTech4 consultants roundtable discussion

The Need For Standards On Cybersecurity

Jim Elder of Secured Design: I’d like to know what standards we as specifiers can invoke that will help us ensure that the integrator of record has the credentials, knows what standards apply, and knows how to make sure those standards are maintained in the system. I’m a generalist, and cybersecurity scares the hell out of me.
We’re not just talking about access to cameras, we are talking about access to the corporate network and all the bad things that can happen with that. My emphasis would be on standards and compliance with standards in the equipment and technology that is used, and the way it is put in. It can be easier for me, looking at some key points, to be able to determine if the system has been installed in accordance. We are seeing more and more organizations having cybersecurity programs in place, at different maturity levels"
I’m taking the position of the enforcement officer, rather than the dictator. It would be much better if there were focused standards that I could put into the specification— I know there are some – that would dictate the processes, not just of manufacturing, but of installation of the product, and the tests you should run accordingly.

Pierre Bourgeix: With the Security Industry Association (SIA), we are working right now on a standard that includes analyzed scoring on the IT and physical side to identify a technology score, a compliance score, a methodology, and best-of-breed recommendation. Vendor validation would be used to ensure they follow the same process. We have created the model, and we will see what we can do to make it work.

Terry Robinette of Sextant: If a standard can be written and it’s a reasonable process, I like the idea of the equipment meeting some standardized format or be able to show that it can withstand the same type of cyber-attack a network switch can withstand. We may not be reinventing the wheel. IT is the most standardized industry you will ever see, and security is the least standardized. But they’re merging. And that will drive standardization.

Jim Elder: I look to Underwriters Laboratory (UL) for a lot of standards. Does the product get that label? I am interested in being able to look at a box on the wall and say, “That meets the standard.” Or some kind of list with check-boxes; if all the boxes are checked I can walk out and know I have good cybersecurity threat management.IT is the most standardised industry you will ever see, and security is the least standardised"

The Role Of Training

Phil Santore: Before you do any cybersecurity training, you would need to set the level of cybersecurity you are trying to achieve. There are multiple levels from zero to a completely closed network.

Wael Lahoud: From an integrator’s perspective, cybersecurity training by the manufacturer of product features would be the place to start – understanding how to partner the database, and the encryption features. 
We see integrators that know these features are available – they tick the boxes – but they don’t understand what they mean. Cybersecurity is a complex topic, and the risk aspects and maturity levels vary by organization. That would be a good starting point.

The Role Of Integrators

Wael Lahoud: Integrators like convenience; less time means more money. So, we see some integrators cut corners. I think it is our role (as consultants) to make sure corners are not cut. If you rely solely on integrators, it will always be the weak password, the bypass. We have seen it from small projects to large government installations. It’s the same again and again.

Even having an internal standard within an organization, there may be no one overseeing that and double-checking. Tools will help, but we are not there at this point. I will leave it up to manufacturers to provide the tools to make it easy for consultants to check, and easier for integrators to use the controls.

Before you do any cybersecurity training, you would need to set the level of cybersecurity you are trying to achieve
Cybersecurity is a complex topic, and the risk aspects and maturity levels vary by organization - so training is very important

The Impact of Pricing

Pierre Bourgeix: The race to the cheapest price is a big problem. We have well-intended designs and assessments that define best-of-breed and evaluate what would be necessary to do what the client needs. But once we get to the final point of that being implemented, the customer typically goes to the lowest price – the lowest bidder. That’s the biggest issue.

You get what you pay for at the end of the day. With standards, we are trying to get to the point that people realise that not all products are made the same, not all integrators do the same work. We hope that through education of the end user, they can realise that if they change the design, they have to accept the liability.It’s not just the product that’s the weakest link, it’s the whole process from design to securing that product and launching it"

The big picture

Wael Lahoud: The Windows platform has a lot of vulnerabilities, but we’re still using it, even in banks. So, it’s not just the product that’s the weakest link, it’s the whole process from design to securing that product and launching it. That’s where the cybersecurity program comes into play. There are many vulnerable products in the market, and it’s up to professionals to properly secure these products and to design systems and reduce the risk.

Pierre Bourgeix: The access port to get to data is what hackers are looking for. The weakest link is where they go. They want to penetrate through access control to get to databases. The golden ring is the data source, so they can get credentialing, so they can gain access to your active directory, which then gives them permissions to get into your “admin.” Once we get into “admin,” we get to the source of the information. It has nothing to do with gaining access to a door, it has everything to do with data. And that’s happening all the time.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version
  • Network / IP
  • CCTV surveillance
  • Video surveillance equipment
  • Physical security
  • Network monitoring
  • Electronic access control
  • Security training
  • Security education
  • Bank security
  • ONVIF
  • Museum security
  • Human area network
  • Testing & Approvals
  • Integration software
  • Trade Show/Exhibition
  • Qualification & Training
  • Research & Testing
  • Cyber security
  • Training services
  • Crime prevention
  • Corporate Security
  • Security Integrators
  • Data Security
  • Related links
  • Network IP cameras
  • Related categories
  • Video Surveillance software
  • Access control software
  • Video servers (IP transmission)
  • IP cameras
  • Network Video Recorders (NVRs)
  • Storage
  • Fibre optics, telemetry receivers, transmitters, transceivers
Related articles
What are the New Trends and Opportunities in Video Storage?

What are the New Trends and Opportunities in Video Storage?

How Can Cybersecurity Impact Physical Security (and Vice Versa)?

How Can Cybersecurity Impact Physical Security (and Vice Versa)?

Security And Safety Things Demonstrates Growing IoT Platform For Security Cameras At CES 2020

Security And Safety Things Demonstrates Growing IoT Platform For Security Cameras At CES 2020

Follow us

Sections Video Surveillance Access Control Intruder Alarms Companies News Insights Case studies Markets Virtual events Events White papers Videos April 2018 news RSS
Topics Artificial intelligence (AI) Counter Terror Cyber security Robotics Thermal imaging Intrusion detection Body worn video cameras ISC West Video management software
About us Advertise About us 10 guiding principles of editorial content FAQs eNewsletters Sitemap Terms & conditions Privacy policy and cookie policy

Subscribe to our Newsletter

Stay updated with the latest trends and technologies in the security industry
Sign Up

DMA

SecurityInformed.com - Making The World A Safer Place
Copyright © Notting Hill Media Limited 2000 - 2021, all rights reserved

Our other sites:
SourceSecurity.com | TheBigRedGuide.com | HVACInformed.com

Subscribe to our Newsletter


Sign up now for full access to SecurityInformed.com content
Download Datasheet
Download SecurityInformed.com product tech spec