Johnson Controls, Inc.
11 Jul 2017

Editor Introduction

For many years, cybersecurity was the unmentioned elephant in the room. Possible vulnerability of IP-connected devices to a cyber-attack was seldom, if ever, mentioned, and even the most basic measures to prevent such an attack were not implemented. For the last couple of years, however, the physical security industry has begun talking more about cybersecurity, in some cases with an abounding enthusiasm typical of the newly-converted. Have our discussions sufficiently addressed the long-standing lack of awareness? We asked this week’s Expert Panel Roundtable: Are we talking enough about cybersecurity? Or too much? (And why?)


Bill Bozeman PSA Security Network

We are probably still not talking enough about cybersecurity. What makes it so challenging is that cybersecurity is a constantly moving target. Integrators and manufacturers might feel like they have it all figured out, and then the next cyber-breach presents itself and opens new issues. Cybersecurity requires everyone in the security industry to be playing offense and defence at the same time, every single day. It needs to just become part of the standard conversation when we are talking about physical security because they are so intertwined. I don’t think we are there yet. I still hear from security professionals who deny that cybersecurity is now part of our industry’s DNA. Until we can overcome that misconception, we cannot talk about it enough.

John Bartolac Axis Communications

The industry talking about cybersecurity is an improvement over the past years when the topic wasn’t openly discussed. As the cyber landscape is evolving, discussing cyber preparedness has become top of mind for many organisations. Organisations’ (cyber) success and efficiency depend on the reliability of the networks which are the backbone of all functionality and operations. Organisations also need to protect their data and intellectual property. Talking about cybersecurity allows us to be good stewards in raising awareness about measures and policies to ensure that systems and data are better protected. It also allows us to be more diligent about smarter devices we can add to the network. The advent of smarter devices provides organisations with a world of opportunity to improve their operations and overall customer experience. So, we shouldn’t paralyse ourselves by avoiding the discussion.

No, we are not talking enough about cybersecurity! The constant demand for lower and lower prices on advanced products will bring us lower and lower quality products with less and less robust software. These low-cost security devices that sacrifice robust software for price are made that much more vulnerable to attack and takeover by malware and other cyber-attacks. A buyer may think he/she is getting a “great deal” from a supplier, but it’s wise to question your integrator and/or supplier on why, if it’s the case, the cost is so low and to determine the source of your supplier’s hardware and software. Dare to question your supplier!

Reinier Tuinzing Milestone Systems

In today’s age of hackers and general “bad people,” the physical security market needs to address the needs of cybersecurity. To the physical security industry this is a little bit of a new concept. Those customers and integrators who are solely physical security-focused will need to adopt some of the learnings from the IT industry, which has been addressing cybersecurity needs for years. Right now, there is a lot of “chatter” about cybersecurity, but little information. Cybersecurity means many things to many people. The industry needs to be educated on the implementation of cybersecurity, and there are several levels of implementation depending on the type of business: a grocery store will not need the same level of cybersecurity as an airport.

Jim Nannini Johnson Controls, Inc.

In this day and age, cybersecurity can’t be discussed enough. Every day we hear about attacks on financial, customer and product data, consequently cybersecurity will continue to be the forefront of building and enterprise strategic plans. As access to building data and operational systems increases, so do the challenges associated with securing the smart building environment. This is a shared responsibility, requiring focus and commitment from the systems integrator, manufacturer, and customer, and requires consistent, open communication. This is critically important as cybersecurity is often mistakenly considered an issue related to software, when in actuality, many cybersecurity issues arise from improper systems installation. Developing an ecosystem with trusted partners who are focused on cybersecurity for building wide systems integration can make all the difference. 

Corey Tyriver Security 101

It’s an all-too-common event: Hackers breaking into critical systems at hospitals, universities and corporations and putting patient healthcare, sensitive personal data and trade secrets at risk. Admittedly, cybersecurity is a field most in the physical security industry try to avoid. Yet, we can help our customers prevent these potentially devastating attacks. As integrators, we install a variety of network-connected devices – such as surveillance cameras and card readers – each having its own IP address. This is the path hackers use to get onto a network. We urge our customers to immediately change the simple default factory passwords on new equipment. By creating strong passwords and changing them frequently, we can make our equipment much more difficult to hack. In some cases, we may even recommend adding a second identity verification method such as a biometric (iris, fingerprint or facial scan). We can’t talk – or plan – enough about stopping hackers.

Mitchell Kane Vanderbilt Industries

In my opinion, you can't talk about the possibility of a data breach enough within the enterprise organisations we serve today with security-related products. At their core, these products should be safe to use while deploying the best possible technology to keep personal data safe and secure. With the rise in cloud technology and increased connectivity of devices, encrypting communications between devices is paramount – and it starts with manufacturers. Especially when legacy, new and different technologies are used together; a single insecure system or poor deployment can make the entire system vulnerable. This is where a strong relationship with IT professionals throughout the process of a security system upgrade can be invaluable. Keeping up with remote and instant access to security solutions must be weighed with the ability to keep data safe and secure from threats.

Kevin Wine Verint Systems

Cybersecurity is one of the primary challenges facing organisations in today’s environment. Recent results from the Security Executive Council’s Security Barometer Polls found that survey respondents reported cybercrime is the top risk facing their organisations. With that in mind, I believe there needs to be more conversation about how to mitigate these risks in a collaborative manner across the enterprise. Over the course of the past year, we’ve discussed the convergence of physical, IT, and cybersecurity within organisations – possibly even more than we’ve discussed how technology is converging. There are significant benefits to this level of collaboration; it is crystal clear that this approach benefits the greater purpose of security as well as overall strategies for continued success. An ongoing dialogue between IT, cyber security, and physical security teams is necessary to help gain a greater knowledge of how to best mitigate today’s most prevalent threats.

We aren’t talking enough about cybersecurity! Many people are still blasé about making their private information public online. More vigilance is needed to tackle issues such as identity theft, grooming and stalking. Equally, some businesses/corporations also leave themselves open to security issues by failing to frequently patch their systems, as demonstrated by the infamous WannaCry ransomware. Even the most recent large-scale cyber-attack could have been prevented with fully updated systems, and it is frustrating that these issues could have been avoided! With IoT, the threat can only become more severe. Without the right security built into each network component, there is always a “back door” for malware. Even with security in place, some people still fail to update passwords and keep this protection watertight. Technology is changing and evolving faster than the habits of users, so we need to ensure everyone is aware of the need for vigilance.

Brandon Reich Pivot3, Inc.

I don’t think we can ever talk “enough” about the importance of cybersecurity. As cyber threats continue to increase and evolve in sophistication, the industry must stay proactive in its approach to mitigating these risks. Video surveillance can be considered the first real IoT application and, in fact, connected cameras are ubiquitous. Since we have already seen the impact of unsecured IoT devices (the Mirai Botnet attack), we don’t know the extent of additional vulnerabilities. Therefore, manufacturers, integrators and end users all must take precautions on any new products installations. At the same time, we also need to be aware of the significant installed base of IP-based technologies, which includes cameras and also NVRs, IP-connected access control devices, intrusion detection systems and more. Unforeseen vulnerabilities could lead to more damaging attacks, such as accessing or tampering with private video, controlling door locks and access control systems, disabling alarm systems, and more.

Steve Birkmeier Arteco Vision Systems (Arteco, Inc.)

Cybersecurity is at the forefront of both our professional and personal lives and, therefore, I don’t think we are talking about it enough. The reality is that as we continue to move toward IoT in all aspects of our lives, we continue to uncover new cyber vulnerabilities. As security professionals, we are entrusted by our customers to provide secure products and guidelines to safeguard these products from potential hacking and at the very least understand these vulnerabilities. In many ways this understanding comes from partnerships throughout the industry and combining the knowledge base across multiple platforms. By working together to provide a solution-based system that is rigid against cyber-attacks, we improve overall protection. This will only increase in importance going forward.


Editor Summary

Granted we are talking a lot about cybersecurity, but our Expert Panelists agree it’s still not enough (and may never be enough!). Cybersecurity is one of those problems that will never go away. More than that, it is constantly changing and reemerging in new forms to forever thwart our best struggles to prevent, protect, and/or address. There will be plenty to talk about for the foreseeable future, and no possibility of every saying enough. So, let the discussions continue.

Johnson Controls, Inc. news

How is the Internet of Things (IoT) impacting physical security?

The Internet of Things (IoT) has revolutionised many industries, including physical security. By connecting physical devices to the internet, IoT technology offers significant enhancements to security systems. Benefits include real-time monitoring, remote access, and the utility of new devices such as temperature and humidity sensors. At the same time, IoT devices come with challenges, including greater cybersecurity vulnerability. We asked this week's Expert Panel Roundtable: How is the Interne...

AI-powered security by Johnson Controls at GSX 2024

Johnson Controls, the global pioneer for smart, healthy, and sustainable buildings, is showcasing its industry-pioneering products, digitally-enabled solutions, and service offerings at Global Security Exchange (GSX) 2024 in Orlando, Florida, from Sept. 23-35. At booth 1275, the company will discuss how its proven solutions address every stage of a building’s lifecycle, and proactively mitigate everyday security challenges and emerging threats, while promoting smarter, safer, and more sus...

PSIA showcases PKOC devices at GSX 2024

At GSX 2024, the Physical Security Interoperability Alliance (PSIA) will show an expanded roster of devices supporting its Public Key Open Credential (PKOC) specification. PSIA will be showcasing the latest information and demonstrations for PKOC at the JCI Security Products demo room S230 A&B.  They will be able to see interoperability following open specifications between mobile and physical credentials from multiple manufacturers with multiple manufacturer readers leveraging Bl...

Johnson Controls, Inc. case studies

SwiftConnect integration with Software House C•CURE 9000 access control extends employee badge in Apple wallet to more customers

SwiftConnect, a pioneering provider of connected access enablement, is powering easy, secure, and private access using an iPhone and Apple Watch with the Johnson Controls Software House C•CURE 9000 access control system. The SwiftConnect AccessCloud platform integration with the Software House C•CURE 9000 access control system makes it possible for Software House C•CURE 9000 customers to take advantage of the employee badge in Apple Wallet for physical access. Deployments of emp...

Johnson Controls’ video solution ensures safer school environment

It may sound like a small change, but installing security cameras on a property can significantly impact occupant and visitor behaviour by enabling more accountability. This is notable for environments such as K-12 schools where occupants are younger and more impulsive. Lack of visibility A public school system on the East Coast faced frequent incidents of bullying, vandalism and theft among students as well as the harassment of faculty and staff and was struggling to keep its occupants accou...

Salient Systems provides CompleteView Video Management Platform to enhance campus security for the University of Massachusetts

Salient Systems, a pioneer in open architecture video management systems, announces that UMass Amherst, the flagship campus of the University of Massachusetts system, has standardised its video surveillance operations on the Salient CompleteView Video Management Platform, enabling campus security and safety staff to protect the campus population of 32,000 with a 24/7 view of its video surveillance and integrated access control operations. Using CompleteView, UMass Amherst is centrally monitorin...