Under my watch the past 16 years it has been my mission that Security Sales & Integration be the industry’s go-to vehicle for sharing thought leadership that strikes the perfect balance of expert security business and technology information. Integral to that is keeping a watchful eye on what lies ahead while keeping a foot firmly planted in current reality. That is why I was so keen and intrigued a couple of months ago when my longtime friend Bill Bozeman, president & CEO of PSA Security and a member of SSI’s Editorial Advisory Board, told me about the organization’s plan to launch a cybersecurity program aimed at physical security integrators. This is a critical area for the industry to address and shore up ASAP, and so SSI and its sister publication, ChannelPro, have signed on as exclusive media partners for the first PSA Cybersecurity Congress Jan. 20-21 outside Denver.
Any doubt about how imperative it is for the physical security industry to get a handle on cybersecurity would have likely been squelched during the recent PSA Convention in Bermuda. I was among the attendees who were more blown away by the evidence presented showing the cyber-attack storm brewing on the horizon than by the actual hurricane that ravaged the island during the event.
Eagle Eye Networks CEO Dean Drako’s eye-opening key-note detailed the staggering universal challenge governments, businesses and individuals are facing trying to fend off hackers and cyber threats. He then drilled down to describe the specific vulnerabilities with which physical security solutions providers must contend. He discussed five “attack vectors” that security companies need to concern themselves with: Windows OS; Linux OS; DVRs/NVRs/VMS; endpoints (i.e. cameras, controllers); and firewalls. In particular, Drako talked about the high vulnerability in the industry due to the use of Web browsers, shared enterprise networks and the recently discovered Unix Bash shell vulnerability that puts anything embedded with Linux (including a high percentage of security devices) at risk.
“More sophistication in programming means higher vulnerabilities too,” said Drako, who is also the founder of Barracuda Networks. “With all the embedded programs in recorders, who is updating and tracking all the vulnerabilities? All of them are too high. DVRs and NVRs for the most part are disasters waiting to happen. And cameras are also at high risk.” According to Drako, whose Eagle Eye firm offers a cloud-based VMS solution, the typical machine with an open port on the Internet is scanned more than 10,000 times daily by nefarious bots and cyber threats, and so staying off the network is the only truly safe measure one can take.
It is to the benefit of the physical security industry to have forward-thinkers like Drako bringing in fresh perspectives and innovative ideas. Even if you disagree, the discussion and debate process is vital. I had the pleasure of dining with Drako, who subsequently participated in the cybersecurity roundtable I conducted (see page 44) for this issue. Drako and I both serve on the new PSA Cybersecurity Executive Advisory Council, which held its first face-to-face meeting at October’s ASIS expo in Atlanta.
Up until very recently dismissed by most physical security industry manufacturers and integrators, cyber has seemingly taken center stage overnight. The topic has gained so much traction that it dominated conversation throughout the PSA Convention. When technology panel moderator Eric Yunag (Dakota Security) asked security manufacturer reps Carole Dugan (Arecont), Dan Murray (Bosch), Rob Munro (Exacq), Rick Mohr (HID) and Dave Uberig (March Networks) what the most disruptive force being exerted on the electronic security industry is today, the answer was unanimous: cybersecurity.
It is crucial to note that cybersecurity should not be approached with dread or even as a necessary evil but rather as an exciting new frontier. It’s a scenario that presents security integrators with new opportunities to partner with managed service providers and other cyber experts to cover themselves against liability, tap into the billions of dollars being allocated in this area, and deliver total security solutions to end users.
Bozeman calls cybersecurity the industry’s most transformative development since the advent of networked devices and systems. I concur. PSA Director of Education Barbara Shaw says the new cybersecurity program will provide companies the knowledge, skills and tools to help identify, assess and monitor cyber-security threats. I urge you to take this issue very seriously, and I hope to see you at the Cybersecurity Congress next month.