NIST - Experts & Thought Leaders

This new algorithmic solution, MBIS 5/MBSS, is fully integrated into the INTERPOL Bio HUB system. It includes increasingly accurate and relevant algorithms, allowing for easy and regular updates. The organisation’s 196 member countries can now query the Interpol database with fingerprints and facial images. The goal is to solve the most complex cases while optimising the use of tools, enabling criminal investigators to access post-event forensic analysis, covering fingerprints, palm prints, and latents. NIST’s latest test results NIST’s test results emphasise IDEMIA’s unique expertise and keys, combining efficiency These advanced algorithms were submitted to the National Institute of Standards and Technology (NIST) test and achieved first place, confirming IDEMIA Public Security’s pioneering position in the NIST latent fingerprint benchmark for forensic identification (ELFT-2024). IDEMIA’s commitment to excellence is reflected in its consistently top-ranked identity and security technologies. IDEMIA continues to lead the biometric tech race, covering iris, fingerprint, and facial recognition. NIST’s latest test results underscore IDEMIA’s outstanding expertise and solutions, combining efficiency, accuracy, and equity. New version of the MBIS "With the delivery of this new version of the Multibiometric Identification System (MBIS), INTERPOL now benefits from the most advanced algorithms, enabling it to solve the most complex cases. This project reinforces the strength of our collaboration, and we look forward to continuing our longstanding, 20+ year partnership with INTERPOL." "I would like to thank our entire R&D team, who put their expertise to work every day in service of this partnership that helps to makes the world a safer place," added Thibaut Sartre, Senior Vice President, International Justice & Public Safety, IDEMIA Public Security. IDEMIA’s multibiometric system  "Adopting cutting-edge biometric technology is key to the ability of law enforcement to counter all types of transnational crime." "I am confident that IDEMIA’s upgraded multibiometric system will allow INTERPOL to further support our member countries in their essential mission to safeguard their borders and communities," added Cyril Gout, Director, Operational Support and Analysis at INTERPOL A longstanding collaboration IDEMIA and INTERPOL first began their collaboration in 1999, when IDEMIA delivered the original Automated Fingerprint Identification System (AFIS). The AFIS was designed to facilitate cooperation between police forces from member countries by providing access to global police tools and services, including forensics, fingerprint evidence, and the exchange of forensic data to support international investigations. In 2016, INTERPOL opted for IDEMIA’s advanced facial recognition capabilities to create the INTERPOL Face Recognition System (IFRS), which contains face images from more than 170 countries. In 2019, INTERPOL renewed its contract with IDEMIA to upgrade the current system and transform it into a Multibiometric Identification System (MBIS). Since its inception, the biometric systems have helped identify several thousand individuals including terrorists, criminals, fugitives, persons of interest and missing persons. Authorised users in INTERPOL member countries can submit and cross-check fingerprints and facial images via the Bio HUB, using INTERPOL’s secure global police communications network.

IDEMIA Public Security, the provider of secure and trusted biometric-based solutions, has announced the appointment of Vincent Bouatou as Chief Technology Officer (CTO) and Head of the International CTO Office. In his role as CTO, Vincent will drive IDEMIA’s technology and cybersecurity strategy, technical governance, innovation, and AI leadership. Vincent Bouatou Vincent is a seasoned technologist and pioneer with over 20 years of experience working within IDEMIA’s Research and Technology Unit, Global R&D, Public Security & Identity, and most recently the CTO Office. Under his leadership, IDEMIA has cemented its biometric technologies leadership expertise and performance in criminal identification, including ranking at the top of the National Institute of Standards and Technology’s (NIST) latest test results and evaluation for its fingerprint, facial recognition, and biometric algorithms and technologies. Impact of biometric technology "Vincent brings a deep understanding of the biometrics and identity industry, incredible technical know-how, and a successful track record of building and scaling technology teams," said Matt Cole, CEO, of IDEMIA Public Security. "As we execute our mission to make the world safer through our best-in-class technology and services for the government, travel, law enforcement, and public sector, I am confident that Vincent will further strengthen our innovation and leadership in the market while focusing on how our biometric technology positively impacts society, with a continued effort on security, equity, and privacy protection." Secure and seamless solutions "I’m very excited to lead the strong CTO team and continue driving IDEMIA Public Security’s commitment to innovation and expand our leadership in the biometric technology space," said Vincent Bouatou, Chief Technology Officer, IDEMIA Public Security. "I’m also thrilled to be pioneering such a talented team and bring our collective skills and experiences together to continue offering the best and most secure and seamless solutions for our customers around the world." Before IDEMIA, Vincent served within Microsoft’s Higher Education and Academic Research Relations group where he developed strong partnerships with academia and fostered student and researcher entrepreneurship within the technology and software space.

DigiCert, a pioneering global provider of digital trust, has announced the results of the inaugural DigiCert® Quantum Readiness Awards.  Cloudflare, the pioneering connectivity cloud company, won the prestigious honour, while Migros, one of the largest retail companies in Switzerland, and DXC Technology, a pioneering global technology service provider, were selected as finalists by the judges. Cloudflare's journey The awards ceremony took place during DigiCert’s World Quantum Readiness Day, a virtual event dedicated to raising awareness about the threats quantum computing poses and steps companies should take now to prepare. Cloudflare's journey towards post-quantum cryptography excellence started with experimentations in 2017, to deploying advanced algorithms to its services in 2022, to providing broad post-quantum encryption support for free by default across its products and services to help customers secure their websites, APIs, cloud tools, and remote employees against future threats. Cloudflare’s strategy Cloudflare’s strategy of forming a true task force to facilitate the company-wide transition to secure  Cloudflare has set a benchmark in the industry. Their proactive community-first approach, which includes open-sourcing implementations and extensive collaborations with industry partners, has significantly contributed to global standardisation efforts.  Cloudflare’s strategy of forming a dedicated task force to facilitate the company-wide transition to secure both internal and external connections against quantum threats, showcases a commitment to innovation and security. Cloudflare's leadership Cloudflare's leadership in this field was further underscored by its commitment made at the 2023 Summit for Democracy, to make post-quantum cryptography available for free, solidifying its role as a pioneer in promoting a safer Internet for the future. "Cloudflare recognised early on that it was necessary to get our systems ready for the undefined time at which quantum computers would become a threat to cryptography," said John Graham-Cumming, Chief Technology Officer at Cloudflare. "We made a commitment to post quantum readiness in 2017 through the work of our Research team. We began working, doing experiments, and the result is this Quantum Readiness Award and the fact that all of our customers have post quantum cryptography available today." Expert panel of judges This year's honourees were selected by an expert panel of judges, including: Blair Canavan, Director, Alliances – PQC Portfolio, Thales Tim Hollebeek, Industry Technology Strategist, DigiCert Dr. Ali El Kaafarani, CEO, PQShield Bill Newhouse, Cybersecurity Engineer & Project Lead, National Cybersecurity Centre of Excellence, NIST Alan Shimel, CEO, TechStrong Group Hugh Thompson, Chairman, RSAC. Current encryption standards “Quantum computing presents both an unprecedented opportunity and a significant threat to the current encryption standards that enable security, trust and online privacy. It is encouraging to see many of the applicant companies leaning into this very important transformation to quantum agility in order to protect data and infrastructure,” said Dr. Hugh Thompson, RSAC Chairman and Quantum Readiness Award judge.  “On behalf of the judging panel, we are excited to see Migros, DXC Technology, and of course, the winner, Cloudflare recognised for their efforts in acting with haste on this critical move to quantum-resistant cryptography." DigiCert Quantum Readiness Awards Most firms (61%) report being unprepared for the threat posed by quantum computing Most enterprises (61%) report being unprepared for the threat posed by quantum computing. The DigiCert Quantum Readiness Awards recognises organisations that are at the forefront of safeguarding digital security in the quantum era. These pioneers are setting an example for what it means to be quantum-ready, demonstrating exceptional innovation in addressing quantum challenges. Quantum computing technology DigiCert Quantum Readiness Awards underscore the importance of collaborative efforts in developing robust defences against the looming quantum threats. As quantum computing technology continues to advance, DigiCert remains committed to supporting organisations worldwide in their journey toward quantum preparedness.

As the new year dawns, it's a good time for the security industry to look ahead to 2024. We asked this week's Expert Panel Roundtable: What will be the biggest surprise for security in the year ahead? 

Physical security is essential for a modern production facility, users don’t want just anyone entering the building or accessing secure areas. But what about production machinery? Machine authentication is often a missing link in the security plan for manufacturers. Why machine authentication?  Most manufacturers have made significant investments in physical access control (PAC) for production facilities. Few shops currently hand out physical keys to employees or leave the building unlocked during production hours. For all but the smallest shops, front-door access typically involves individual radio-frequency identification (RFID) badges that enable tracking of who is coming and going and at what times. Use of physical keys, password login It is simply assumed that anyone who has access to the factory floor has the knowledge, authority, and training But when it comes to production machinery, many manufacturers still rely on physical keys, password login on the human-machine interface (HMI), or a shared PIN to unlock machine access. In some shops, machines may not be secured at all, it is simply assumed that anyone who has access to the factory floor has the knowledge, authority, and training to use the machines responsibly. However, this is not necessarily a good assumption, especially in a larger manufacturing plant where many people can access the production floor.  Valuable and sensitive equipment CNC machines, robotic welders, process equipment, and other production machinery can cost anywhere from $5,000 to half a million or more, depending on their size and function. They also have significant safety risks for untrained users and may hold valuable and sensitive IP (such as customer design specs or batch recipes). User authentication Authenticating users at the machine level closes an important security loophole and makes plants safer and more productive. Machine authentication prevents untrained or unauthorised users from accessing production machinery. The right authentication system also allows access levels to be tailored for different users based on training credentials, job roles, or even projects.  Machine authentication benefits A strong machine authentication solution provides several benefits for manufacturers: Minimises unplanned downtime and expensive damage to machines caused by untrained operators. Enables tracking of production outcomes by machine operator for better quality control and troubleshooting. Protects company and client IP held on the machine by preventing unauthorised access to machine controls and memory. Enhances plant safety and compliance by limiting machine access to operators with the appropriate credentials. Reduces the risk of deliberate sabotage by unauthorised operators, including damage to machines and production facilities and data theft or corruption.  Mark Merino, the Director of the Digital Factory Group for Polaris Automation, explains, “Machine authentication allows us to identify which people are logged into different pieces of equipment and make sure they are trained appropriately for the machine and have the right clearances for the data they are trying to access.” Choosing the right machine authentication solution  Access control for production machinery can be accomplished by various means, including password and PIN systems, physical keys or fobs, RFID badges, or smartphone-based mobile credentialing systems. The best machine authentication system will: Be highly reliable and secure to protect the machine from unauthorised access. Enable identification of individual operators and tracking of who has used the machines, at what times, and for what projects. Allow access levels to be differentiated by the user. Be easy to implement and administer. Discourage sharing or cloning of credentials. RFID readers An RFID reader can be easily connected to or integrated with the HMI for the machine In most manufacturing environments, the simplest solution for machine authentication is the RFID badge employees already carry for building entry. An RFID reader can be easily connected to or integrated with the HMI for the machine. All users must do to authenticate themselves is swipe their badge over the reader to unlock machine controls. RFID benefits RFID provides multiple benefits for end users, IT, and managers: It leverages technology already widely used, so users do not have to carry a separate key or fob to access machine controls. It is more secure and easier to manage than a password system, as passwords are frequently forgotten, shared, or hacked. Unlike shared PINs, physical keys, or fobs, user authentication via an ID badge enables accurate identification of who is logging into the machine. Users are much less likely to share their picture ID badge (which is often also linked to HR functions such as time and attendance) than a machine password, PIN, or key. If an ID badge is lost or stolen, or an employee leaves the company, IT can easily disable access to the card. RFID credentials are very difficult to hack or clone. Transmission between the reader and card can be encrypted for added security. Unlike biometric options, RFID is highly reliable even in hot, dirty, or humid environments and does not require workers to remove gloves, safety goggles, or masks. Getting started with machine authentication  Machine authentication starts with selecting the right RFID reader. A universal RFID reader supports easy implementation, integration with other building systems, and scaling. A universal reader also provides flexibility for the future in case companies want to change transponder technologies or allow for user authentication using mobile credentials on a smartphone. IIoT model User authentication must be designed within the context of the wider security ecosystem of the plant To ensure the security of production machinery, user authentication must be designed within the context of the wider security ecosystem of the plant. Modern production machines are increasingly networked and connected in an “Industrial Internet of Things” (IIoT) model. That means machines are not only vulnerable themselves but are also endpoints in the broader IT landscape of the plant. Machine authentication systems must incorporate best practices for endpoint security, such as those outlined by ISO (International Organisation for Standardisation), NIST (National Institute of Standards and Technology), and other industry organisations.  Best practices: The reader installation should be tamper-proofed to prevent physical disruption of the authentication system. Use an encryption standard suitable for the security level of the application. Encryption prevents data interception or card cloning. If higher security is desired, RFID can be implemented as part of a multi-factor authentication system along with biometrics and/or a password or PIN. The authentication system should support different access levels for different users or classes of users. A role-based permission system allows for different levels of access for line operators, supervisors, IT, and maintenance, for example. For maximum safety and security, individual users should only have the minimum access required to do their jobs. With secure machine authentication, manufacturers can protect people, production equipment, and IP, while enabling smooth operations. It all starts with an authentication system that supports reliable and secure operator identification at the machine level. 

Integrators need to be well versed in Total Cost of Ownership (TCO), when discussing video surveillance options with their customers. Business leaders are looking for the best, most economical technology that will address their security needs, and they also want to avoid being blind-sided by unplanned technology operations and service costs. While most folks understand that the initial cost of a video surveillance system is not the same as the total cost of ownership, many might be surprised to learn that the costs to operate and maintain video surveillance system on-premises technology is often double and sometimes even quadruple the original purchase price, particularly when IT servers are involved.  TCO landscape changed with advent of cloud systems Fortunately, the TCO landscape has changed with the advent of cloud systems Fortunately, the TCO landscape has changed with the advent of cloud systems. What has changed? To begin with, there are certain characteristics built into true cloud systems that offer tremendous economies of scale and save the customer money. The three examples described below are also outlined in the National Institute of Standards and Technology (NIST) Definition of Cloud Computing: Resource pooling - This is a term that describes how businesses, who are cloud system subscribers, all share the significant cost savings from equipment purchases and servicing at large scale. Cloud system subscribers all receive high-power and high-capacity computing at a much lower cost than would ever be possible with an on-premise system. Rapid elasticity - This is the cloud-computing term for the ability to provide scalable services. Rapid elasticity ensures that each cloud system subscriber is always using only and exactly the high-performance computing resources needed. This is a much different situation than an on-premises system, which must be sized and continually powered to satisfy occasional peak system usage. Measured service - Each subscriber’s account only uses and pays for the resources allotted by subscription. This ensures predictable data center costs and reasonable subscription pricing. True cloud offers high system reliability, strong cyber security Additionally, true cloud offers high system reliability, wide-area internet-based remote access and strong cyber security that surpasses what is feasible for on-premises deployments. When you compare all the costs to own and operate video management systems (VMS), as opposed to using purchase price alone, the TCO of a true cloud system is considerably below that of a typical on-site system. The savings vary, but generally safe ranges are: Small business: 5% to 15% Multi-site retail operation: 25% to 40% Large commercial business: 15% to 25% Classic TCO Cost Categories Let’s take a look at the classic TCO cost categories for physical security systems. The chart in Figure 1 shows eight categories, whose relative sizes vary depending upon type and configuration of the project. Figure 1 - The classic TCO cost categories for physical security systems For small single-site deployments, calculating TCO is simple. For multi-site, large commercial, and enterprise deployments it is more complex. With multi-site deployments, these costs are typically grouped with other costs across a variety of budgets and are typically difficult if not impossible to accurately predict or track. Cost of server and network installation The cost of server and network installation, maintenance and repair will be about the same for any VMS However, for video surveillance systems, even if a security manager wanted to calculate the TCO, what benefit would there be? The competitive part of a commercial video surveillance system is not the server and network infrastructure, which is often provided or specified by the organisation’s IT department and is substantially the same, regardless of the brand of video management system (VMS) software. The cost of server and network installation, maintenance and repair will be about the same for any VMS. Only the software purchase price and ongoing licence fees will make a competitive difference, right? In the past, that was generally true. However, with a cloud video system, this is no longer the case. Cloud reduces Video Management System TCO A well-engineered true cloud VMS includes capabilities that are typically not affordable in on-premises systems. For example, a true cloud VMS offers server and data redundancy, high bandwidth wide-area network infrastructure, and very strong cyber security, all of which would require a very significant investment in a non-cloud system.  A cloud-based VMS makes these affordable due to the large economies of scale in the flexible computing, data storage and wide-area networking resources of a cloud data centre and the internet. Cloud-based system offer data redundancy and cyber security Notice that, in the TCO calculation examples that follow, the cloud-based system contains data redundancy and cyber security measures that on-premise systems simply do not offer. Other benefits include: Hot redundant computing Geographically desirable video storage locations Information security audits Continuous penetration testing Continuous feature delivery Automatically applied application security updates Backups are current, encrypted and verified In a true-cloud VMS, backups are kept current, encrypted and are verified In a true-cloud VMS, backups are kept current, encrypted and are verified, and cyber security controls are tested, as part of normal cloud operations. Another cost-lowering element is intelligent bandwidth management with local on-premises buffering, typically allowing existing business internet connections to be utilised for uploading video to the cloud VMS, incurring no additional internet bandwidth costs. Video-optimised data centre technology Furthermore, TCO is even better from a cloud company that designs and builds its own public or private cloud, using hardware and software optimised for video applications, in order to maximise system performance and reliability, and minimise costs. VMS software that is built using public cloud providers’ services, are built for a wider variety of application types, and offer fewer system optimising options. Furthermore, margin-stacking occurs because the public cloud’s profit margin on its computing, networking and storage services are then resold by the cloud VMS provider. That means subscribers now pay for two profit margins on the VMS platform’s supporting infrastructure. TCO Comparison – True Cloud vs. On-site NVR Enterprise System Figure 2 - TCO Calculations for True Cloud Enterprise VMS Figure 3 - TCO Calculations for On-Site NVR Enterprise System Deployment TCO Comparison As Figures 2 and 3 above show, a 5-year cost TCO comparison between a True Cloud VMS and an On-Site NVR Enterprise System shows a 35% savings for the True Cloud VMS.   On-Site NVR Enterprise System: US$ 1,138,255 True Cloud VMS: US$ 741,470 TCO Diff: US$ 396,785 Savings: 35% However, in addition to the cost savings, there are several critical information security elements included in the True Cloud VMS that can’t be feasibly achieved in the On-Site NVR Enterprise System (Figure 3, items 5b, 5c and 6c). Thus, the True Cloud Deployment is without question the better value. Cloud System TCO Wins The above TCO comparison underscores the typical advantages of cloud-based over premises-based video management systems. The hard and soft benefits are clear: Lower TCO. Lower total cost of ownership. Lower Up-Front Costs. Lower up-front expenditure costs. No Margin Stacking. TCO is even better from a cloud company that designs and builds its own data center technology, eliminating vendor margin-stacking. Full Hot Redundancy. Data storage and video recording and processing are fully redundant. Cyber security. Strong cyber security including data encryption in transit and at rest. Mobile Performance. Better wide-area mobile device performance. Automatic Updates - Automatic security and feature updates with no action needed by the service provider. Only Pay for What You Use - Cloud customers can add and subtract video analytics and other system capabilities on demand, paying only for the period in which they use them. Instantly Adjustable Video Retention - Cloud customers can expand video retention and recording resolution and frame rate on a per-camera basis, without having to make any on-premises infrastructure changes. No Refresh Cost Bump - There is no server refresh cost bump, typically required with on-premises systems for: (a) upgrading outdated server computers for increased processor power and memory, to meet new software requirements; and (b) replacing hard drives nearing their failure point. No Downtime and Accelerated New Features - True cloud systems remain current through continuous delivery software engineering, incrementally improving software in intervals of weeks, rather than months or years. Security/bug-fix updates and version upgrade downtime are eliminated as are staff learning curves. Cloud has changed the TCO landscape Cloud has changed the TCO landscape, and this offers integrators a great opportunity to demonstrate to their customers how security systems costs can be easily measured and predictable. Customers appreciate when the cost (subscription price) is in plain sight. Business leaders appreciate understanding the bottom line—which is that the TCO for a True Cloud VMS system, when correctly calculated to include on-premises VMS equipment refreshes, will typically cost less than an on-premises VMS – while providing greater value.