Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.
Issue link: http://sdi.epubxp.com/i/927906
12 Security Dealer & Integrator / www.SecurityInfoWatch.com January 2018 Read the full article: www.SecurityInfoWatch.com/12386395 SECURITY WATCH Tech Report / The industry's top technology news BY JOEL GRIFFIN, EDITOR, SECURITYINFOWATCH.COM can be incorporated into the product development process. Despite some of the finger-point- ing within the industry as to who is to blame for lax cybersecurity of sur- veillance cameras and other security products, Lakomiak says it really is a shared responsibility. "There is a lot of room for improvement on the manufactur- ing side, such as not allowing users/ integrators to install a product if they don't change the default password," Lakomiak says. "On the user side, are they changing the default password? Do they know to do that and are they doing it or they (taking shortcuts) to get it installed for convenience? Are they updating their software? "Integrators should be looking out for their customers," Lakomiak adds. "They should be asking a lot of ques- tions of the vendors about cyberse- curity. Find out what they are doing to address cyber risks and then use that as a vetting tool to determine what products to recommend and install. Everybody in the value chain needs to elevate their cyber posture." ■ For all of the potential benefits touted by industry pundits about the Internet of Things (IoT), there remain significant concerns about the ability to secure these devices and systems from malicious actors. Following distributed denial of ser- vice (DDoS) attacks launched against domain service provider Dyn and the website of cybersecurity jour- nalist Brian Krebs last year as part of the Mirai botnet, it was revealed that many of the devices used in the attack were actually unsecured sur- veillance cameras and DVRs – rein- forcing the role that security equip- ment manufacturers, installers and even end-users have to play in pro- tecting these systems from hackers. Last January, the Federal Trade Commission sued D-Link and its U.S. subsidiary, alleging the company used inadequate cybersecurity safeguards on its wireless routers and IP cam- eras. A judge has since dismissed three of the six complaints; however, the government's willingness to take enforcement actions are clear. One organization that is work- ing to help manufacturers bol- ster their cybersecurity measures is Underwriters Laboratories (UL), whose seal has long been the gold standard in product safety testing. According to Neil Lakomiak, direc- tor of business development and innovation at UL, the attitudes of many of the life safety and security manufacturers they work with initi- ating cybersecurity runs the gamut from heavy cybersecurity investment to next-to-none. "I think as we see more stories about breaches and more people being held accountable, you're going to see more action," he says. "It is quite an investment to be sure your UL: Collaborative Effort Needed for IoT Cybersecurity With the feds stepping up regulatory efforts, our industry needs to come together to secure Internet of Things products, including surveillance cameras Photo: Bigstock products are hardened – especially because the threats change daily." Lakomiak says UL decided to get involved in cybersecurity issues sev- eral years ago at the request of its customers and because it is a grow- ing risk across all consumer and commercial product sectors. "We help mitigate and understand safety performance reliability risk, and I think cyber is an emerging and growing risk," Lakomiak says. "We have a responsibility as part of fulfill- ing our mission to address that." UL has already begun develop- ing standards in earnest, and it offers services around them. For companies just beginning to invest in harden- ing their products, Lakomiak recom- mends they utilize subject matter experts to help guide them, while paying close attention to already established industry standards that ■ The security industry cannot wait for regulators to issue an IoT compliance checklist but rather need to be proactive in locking down crucial life safety technologies – be it for commercial or residential applications. Integrators should find out what vendors are doing to address cyber risks and then use that as a vetting tool to determine what products to recommend and install." — Neil Lakomiak, UL