It’s Time for Manufacturers to Step Up Their Cybersecurity Game
SSI Editor-in-Chief Scott Goldfine says manufacturers should take a more proactive approach in responding to cyber concerns.
In a conversation about the most transformative technologies to sweep through the modern electronic security and life-safety industries (1960s onward) you would likely encounter smoke detectors, digital alarm dialers, microprocessors, software supplanting firmware and hardware, addressable fire systems, PIR sensors, RFID, digital video, biometrics, wireless devices and cellular communications.
There is one not yet mentioned that I believe is not just at the top of that list but also is the most disruptive of all: IP-based devices. In fact, even subsets of that breakthrough — like network-converged physical security systems, security as a service (SaaS), mobile-enabled controls, home networks, the Cloud, Internet of Things (IoT) and especially cybersecurity — give any prior technology advances a run for their money as having the greatest impact to our industry.
If you have been in the security business even just five years you know that not long ago cybersecurity was as much an industry topic as the Furby — in other words it wasn’t. That all began to change after the highly publicized December 2013 Target stores data breach where an HVAC contractor took the blame.
Mostly due to fear of a similar fate, security dealers/integrators and manufacturers slowly and begrudgingly began to take notice. But because of the rapid adoption of the aforementioned IP-enabled technologies and their hacking-intense environments, cybersecurity has snow-balled like a Mount Everest avalanche the past two years.
Cybersecurity was easily cited as the area calling for the most urgent attention when I put together SSI’s 2018 Industry Forecast and, aside from a rush of M&A activity, has been dominating this year’s security headlines as follows:
- Razberi Launches Channel Partner Program for Video Surveillance, Cybersecurity Platform
- ADT Cybersecurity Tabs Treuting as SVP Sales and Marketing
- Mercury Says New SIO Modules Enhance Cybersecurity, Extend Integration Capabilities
- PSA to Present Cybersecurity Education Track at ISC West
- Eaton Testing Lab First in UL Cybersecurity Program
- Vanderbilt Exec Talks Cloud Opportunities, Cybersecurity
One of the companies that has most been in the cybersecurity news has also been one of the most embattled: Hikvision. As the Chinese video surveillance manufacturer has surged in North American market share so too have concerns and allegations about its cybersecurity.
To the company’s credit it has responded by being among the industry’s most proactive in this realm. Here is a sample of recent headlines that it has generated:
- Hikvision Tabs Ex-IBM Exec Security Architect as North American Cybersecurity Czar
- Hikvision Introduces Dedicated Cybersecurity Hotline
- Hikvision 2018 Cybersecurity Road Show Kicks Off in Southern California
- Hikvision Opens Security Industry’s First Source Code Transparency Center
That last and most recent item provides government and law enforcement agencies the ability to review the manufacturer’s product source code. “By opening our source code for review, we continue to demonstrate Hikvision’s commitment to product security and transparency,” says Chuck Davis, director of cybersecurity for Hikvision North America.
Intrigued by what this could mean for other vendors in our space, I asked Alex Asnovich, senior director, corporate marketing, how companies like Hikvision safeguard against losing competitive advantages when becoming so transparent in their technology/coding.
“This is challenging because we want to be transparent; however, source code is confidential, intellectual property,” he says. “A lot of discussion and planning went into deciding how to achieve a satisfactory level of transparency while still keeping control of our intellectual property.”
No doubt balancing trade advantages and transparency will be an imperative with which many other security vendors will be forced to grapple — a particularly tall order for those clinging to proprietary platforms. But the bottom line is in today’s cyber world integrators and their end customers deserve to know.
When asked in this year’s fourth annual SSI Physical-Logical Security Assessment to identify the top challenge facing physical security companies regarding cybersecurity, manufacturers came up often.
“The rate of change is quickly obsolescing hardware and SaaS platforms,” said one respondent. “Then the related system marketing, sales, design, implementation and maintenance processes are laid to waste when the dust settles. Too many ‘solutions’ are two steps forward and five steps back.”
The situation is still very fluid as the industry navigates this new and potentially hazardous terrain. However, we mustn’t lose sight of the potential opportunities as well.
Refer to my column in this spot a year ago for a refresher on best practices, and consider attending June’s first Cyber:Secured Forum in Denver. SSI is a media partner and I hope to see you there. Now get busy closing those device/system backdoors.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!