Category: International

Farpointe Data, the access control industry’s trusted global partner for RFID solutions, has just posted the first radio frequency identification (RFID) Cybersecurity vulnerability checklist for access control manufacturers, distributors, integrators and end users to use to protect their access control systems from becoming hacker gateways to their facilities and IT systems. Knowing what to do is especially important now that government agencies such as the United States Federal Trade Commission, have begun filing lawsuits against businesses that do not provide good cyber security practices. “Seemingly daily, end users are being reminded of how their access control systems are no longer secure,” emphasizes Farpointe Data President Scott Lindley, “They learn how a hotel had to pay a ransom to release guests that got locked into their rooms via a hack of the electronic key system or how easy it is to spoof popular access cards.” Since the start of 2017, end users have been informed of a series of hacks on various credentials states Lindley. The Chaos Computer Club stated that they hacked a padlock product and its accompanying mobile app which communicates via Bluetooth Low Energy (BLE) to the padlock. This could potentially also affect hotels with mobile room keys as their door locks also communicate with smart phones via BLE technology and exchange confidential information. IPVM reported how a $30 copier easily spoofed a popular proximity card. The column stated that the copier used to copy the cards works much the same way as normal card readers, with transceiver coil, power supply, IC chip, buzzer and even LEDs components shared by both. Given the principal operation of contactless card readers, the copier excites the coil and delivers power wirelessly to the card, which then momentarily stores energy and then uses it to broadcast card details back to the copier. In an on-site demonstration at the ShmooCon hacker conference, an ESPKey, a small device that costs about $100 to make and has half a dozen wire clamps, a Wi-Fi transmitter and 4MB of memory, showed that it takes two or three minutes to break into an RFID card reader wall plate, attach the ESPKey and reinstall the wall plate to capture the ID codes of everyone in the workplace. To help prevent such attacks, the new Farpointe Cybersecurity Vulnerability Checklist covers a range of topics that can lead to hacks of contactless cards and readers. Sections include default codes, Wiegand issues, reader implementation tips, card protection solutions, leveraging long range readers, assuring anti-hacking compatibility throughout the system and leveraging additional security components. “We are encouraging every access control manufacturer, dealer, distributor, integrator or end user to go to our website to either download or print out this Cybersecurity Vulnerability Checklist and use it,” adds Lindsey, “The link is available right on our home page. With increasing news stories of hacking throughout the world and the fact that government agencies are now reviewing such cybersecurity lapses should make channel partners providing access control products and systems take notice and implement anti-hacking solutions, such as Farpointe provides, to their customers.”

New gold member partners with CII to improve internet security and fortify open source infrastructure The Core Infrastructure Initiative (CII), a project managed by The Linux Foundation that collaboratively works to improve the security and resilience of critical open source projects, has recently announced that Thales is joining as a new gold member. A leader in critical information systems, cybersecurity and data security, Thales offers advanced data security solutions and services, delivering trust wherever information is created, shared or stored. It is recognized for its deep information and cryptographic security expertise that enables organizations to confidently accelerate their digital transformation. Thales technology is found right across the enterprise, in financial services, retail, healthcare and government and secures more than 80% of debit card transactions around the world. The CII’s mission is to ensure that the open source code that underpins business today is secure and resilient. Many of the world’s largest technology companies already belong to CII, and Thales is the first global security business to join the initiative. “CII is incredibly excited to see our membership base expand and add a security-focused company like Thales, which has a vast understanding of the complex information technology demands we face in today’s digital world,” said Nicko van Someren, CII Executive Director, “Its investment validates the importance of CII and is a great vindication of our work to security harden open source infrastructure to combat today’s complicated threat landscape.” “Thales has implemented open source building blocks and standards both internally and for customers for two decades,” said Jon Geater, Chief Technology Officer at Thales e-Security, “Open Source in general and Linux in particular have become core to delivery of modern products and system, offering distinct utility, cost and performance advantages that we increasingly leverage to solve real-world problems. By joining CII we can bring our expertise and focus on security to bear on strengthening core open source infrastructure and working to eliminate the security weaknesses that can emerge from less well maintained or directed inclusion of Open Source technology into products and infrastructure in the Cloud and IoT era. This shared vision of Thales and the Linux Foundation is critical to Thales’s strategic development objectives, our ability to serve our customers, and to improving the state of the Connected World more generally.” CII recently celebrated its three-year anniversary and announced a new governance structure to enable it to scale up its operations going forward.

To deliver exceptional wireless collaboration experience with ClickShare Barco announced that it has joined the Logitech Collaboration Program (LCP) as an integration partner in the program’s complementary technology provider track. The Logitech Collaboration Program (LCP) provides a unique framework for delivering high-quality video collaboration experiences across customer environments. Through the LCP, Barco augments the Logitech solutions to provide an easy-to-use wireless presentation system that allows up to four meeting participants to simultaneously share their content on the main display using their own laptop, cellphone or tablet, with a single click of a ClickShare button. “We are excited about the opportunity to integrate ClickShare with Logitech’s collaboration solutions to deliver an effective content-sharing user experience,” comments Wim De Bruyne, Vice President Meeting Experience for Barco, “ClickShare is the leading wireless collaboration solution offering excellent image presentation, proven ease of use, and high reliability. All of our models are compatible, offering the perfect complement to enhance the quality and simplicity of Logitech’s video collaboration solutions.” ClickShare is Barco’s wireless presentation and collaboration system that enables any meeting participant to quickly and easily share content on the central meeting room screen. Barco provides a variety of ClickShare models to facilitate collaboration across the entire enterprise, from huddle spaces to executive boardrooms. While each offers unique capabilities and deployment scenarios, all offer extreme ease of use and the same high level of security, with the top-of-the-line model providing enhanced security features. “We are pleased that Barco has joined our program” said Scott Wharton, Vice President and General Manager of Logitech Video Collaboration, “By closely collaborating with Barco, we are able to offer an enhanced collaboration experience to our joint customers.”

Increased AML regulatory oversight and enforcement actions anticipated by about 45% of respondents NICE Actimize, a NICE business provider of a single financial crime, risk and compliance software platform for the financial services industry has recently released a global survey outlining the top operational market drivers and spending priorities that are shaping the strategies behind current CDD/ KYC anti-money laundering programs. Titled ‘Accelerating Value of CDD/ KYC Programs with Automation Technologies in a Complex Global Market,’ the survey showed that an overwhelming 63 percent of respondents from financial services organizations said their number one budget priority was to increase spending on automation through the adoption of new technologies over the next 12-18 months. Additionally, 49 percent indicated that their budgets would increase over the previous year while only 8 percent indicated that they were anticipating budget cuts or decreases. Other spending patterns covered in the survey noted the importance of training programs for existing staff (38 percent) and increased staffing requirements (36 percent). “We feel that this survey exposes the dissonance between long-term strategy and short-term reality. While looking to incorporate more automation and technology, respondents are grappling with the expense of additional overhead to address regulatory requirements,” said Joe Friscia, President, NICE Actimize, “We are currently focused on developing intelligent automation, machine learning and artificial intelligence-based solutions that function as enablers to enhance the quality and consistency of CDD/ KYC programs while reducing the cost of compliance.” The NICE Actimize survey also focused on the top market trends influencing CDD/ KYC program strategies. According to the findings, some of these trends include the importance of company reputation in the marketplace (indicated by 59 percent as ‘very influential’); new beneficial ownership regulations (indicated by 51 percent as ‘very influential’); and regulatory focus on model risk management and model validation (indicated by 45 percent as ‘very influential’). In response to anticipated changes within the regulatory landscape following the recent US elections, about 45 percent stated that they expected to see an increase in anti-money laundering regulatory oversight and enforcement actions. The NICE Actimize market surveywas conducted online in March 2017 via a range of digital channels. About 36 percent of the survey respondents came from financial institutions across North America, with respondents from EMEA and APAC comprising about 45 percent of the total. The majority of the respondents, about 69 percent, indicated that they were responsible for banking segment business units. The remaining mix of respondents consisted of money service bureaus (7 percent), securities firms (5 percent), and insurance (3 percent) segments. Respondents from payment processor/ networks, government, gaming and other segments each contributed 2 percent or less of the total. About 18 percent of the institutions surveyed had assets greater than $100 billion, 2 percent between $60 and $99.9 billion, 5 percent of $40 to $59.9 billion, 13 percent between $10 billion to $39.9 billion, and 45 percent had less than $10 billion.

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has awarded $38.5 million to 33 research and development (R&D) projects aimed at advancing broadband communications technologies for first responders. “Through programs like FirstNet, President Trump and this administration are working hard to keep Americans safe,” said Secretary of Commerce Wilbur Ross, “These grant awards will help fulfill our mission, ensuring that first responders have access to advanced tools that can save lives.” The multiyear grants are intended to help modernize public safety communications and operations by supporting the migration of data, video and voice communications from mobile radio to a nationwide public safety broadband network, as well as accelerating critical technologies related to indoor location tracking and public safety analytics. The grants are part of the Public Safety Innovation Accelerator Program funded by NIST’s $300 million allocation from the 2015 auction of advanced wireless service licenses. The Middle Class Tax Relief and Job Creation Act of 2012 provided the funding so that NIST could conduct an R&D program to help public safety overcome critical technical barriers, spur innovation as well as investment in public safety broadband, and realize the full potential of wireless broadband capabilities. NIST reviewed 162 proposals from a diverse pool of national and international applicants across industry, academia and public safety organizations. The 33 selected projects span five key technology areas that have the potential to greatly enhance public safety communications and operations: Mission critical voice: Moving from traditional radios to cellular systems. Location-based services: conducting indoor positioning, navigation and mapping. Public safety analytics: handling and exploiting more data. Research and prototyping platforms: enabling low-cost R&D tools. Resilient systems: ensuring systems work in poor conditions.

Promise Technology, a leading developer of open storage platforms for video surveillance, announced that its Vess A-Series network video recorders (NVRs) are certified for use with Bosch video management system software (BVMS). Certifying Vess A-Series NVRs with the BVMS strengthens the companies’ partnership and offers customers an optimized solution that has been tested to deliver the highest levels of performance and reliability. Extensive documentation of the testing results is available and ensures that customers can fully leverage the performance offered by the integrated Vess A-Series and the BVMS solution while also reducing deployment and management costs by having the VMS and surveillance storage on a single device. The BVMS is a unique enterprise IP video security solution that offers seamless management of digital video, audio and data across any IP network. It provides the best VMS to go with Bosch video devices and integrates seamlessly with Promise’s servers and storage solutions for video surveillance. Vess A-Series NVRs are purpose-built for video surveillance and include a suite of features unique to Promise called SmartBoost Technologies, which optimize system performance. The Bosch and Promise solution is resilient, affordable and scalable for systems of any size. “The last few years have seen the ecosystem surrounding BVMS become very robust,” noted Mario Verhaeg, Product Manager for Bosch Security Systems, “BVMS integrates with third-party cameras, storage devices and software applications to provide end-to-end solutions. We look forward to the collaboration between Promise and Bosch, as it will ensure that customers can benefit from the many advantages provided by our combined solution.” “We place great importance on working closely together with our ecosystem partners to certify our solutions, ensuring that they are compatible and optimized for our shared customers,” said John van den Elzen, General Manager, Surveillance Business Unit, Promise Technology, “Bosch is one of the most innovative companies in the surveillance industry, so it is really exciting to certify our solutions for interoperability. Now, the unique capabilities of our NVRs and storage solutions can be fully leveraged with BVMS.”

A CYBER security centre opened in Adelaide, South Australia, as part of a global network to thwart cyber crime The Global Security Intelligence Centre was established by NEC and is the newest hub of its worldwide network, which includes Japan, Brazil, Singapore, the United States and Austria. NEC Director of Solutions and Sales Andy Hurt said that Adelaide centre would allow the company to offer around the clock services to its clients. “This is a hub of an international services model where we have offices in five other countries servicing 24/7,” Hurt said, “The AU$4.38 million cyber security centre had been built to operate within the high security certifications and standards required by government and enterprises for the management and support of their data and applications. Zones are built for various levels of security and the zones and operations undergo rigorous assessment to achieve certifications.” The centre employs 50 security staff recruited from around the world. NEC is also working with South Australia’s three universities to train new staff in the specialised skills. South Australia’s Minister for Investment and Trade Martin Hamilton Smith said that the new security centre was a good fit in a state heavily invested in defence infrastructure such as the AU$50 billion project to build Australia’s future submarines. “Cyber security is important to our defence industry, and it’s also important to business,” Hamilton Smith said. A 2016 Lloyd’s-Cambridge study found that cybercrime was the seventh biggest global economic threat and would cost Australia an estimated AU$16 billion over the next decade, and US$294 billion globally. Australia features prominently as a target for cyber-attacks due to its rapid adoption of technology and relative global wealth. NEC Australia also manages the central and local data networks of all South Australian government agencies. The company was recently awarded a contract by the South Australian Police to develop facial recognition software and is working with the University of Adelaide to develop smart city technology. Investment and Trade Minister Hamilton Smith said that the centre was an example of how a state, which has been reliant on more traditional industries such as automotive manufacturing, could transform itself into a service centre. “South Australia’s total services exports were $2.6 billion in 2016, an increase of 11 percent on the previous year and better than the national average of nine per cent,” Hamilton Smith said.

The smart city market can be observed through various lenses; however, through all of them, fragmentation is the current state: The smart city market continues to grow, presenting great opportunities for all players, despite its current fragmented state. This fragmentation appears in the type of smart city projects developed, in the technology, in the ecosystem, and in the solutions. Smart cities are home to many projects with diverse scopes and sizes across various verticals, although pilot projects remain most common as the market continues to test solutions, models and results. Fragmentation is tied to market complexity, ecosystem and other challenges: Players in the market range from small start-ups to international giants and span a variety of backgrounds, from telecom operators and network vendors to software companies, device manufacturers and connectivity players. Each company works to advance its own market strategy, contributing to a fragmented landscape. Fragmentation is also evident in the wide array of competing technologies used for smart city initiatives. These include the proprietary, such as Sigfox, and the standardized, such as 4G and NB-IoT. Long term, few technologies will obtain a leading market share; however, the shakeout process will be long, and multiple technologies that target different use cases and needs will continue to coexist.  Successful business models should leverage an extremely wide ecosystem of possibilities and collaborations to move the market into its next stage: Most smart city projects remain in the pilot stage with key obstacles which must be addressed before the full development of the market can occur. Business models which promise long-term project sustainability and desired results are a key market challenge. Given the nature of the market, opportunities can be strengthened by leveraging adjacent sectors. Whether through advertising or leveraging mobile network deployments, business models can tap into other revenue streams to monetise a smart city initiative. The market will continue to grow as it tackles major issues affecting multiple stakeholders, from governments to cities and citizens: Smart cities are long-term prospects and companies and cities involved are wise to focus on long-term results. The more smart-city initiatives tackle fundamental issues facing cities and countries, the more they are likely to become essential parts of government and business agendas. As a result the entire value chain will grow: IHS Markit forecasts that smart city device shipments will increase from 202 million in 2017 to 1.4 billion in 2026. Vertical applications related to physical infrastructure and mobility show particular potential for growth; in 2026 these applications are expected to comprise approximately 65 percent and 22 percent of total device shipments, respectively. The largest market will be Asia Pacific with more than 700 million smart city device shipments by 2026. Other key regions will be North America and Europe, with more than 400 million and 200 million shipments, respectively. IHS Markit Smart Cities IoT Intelligence Service: This service is the single source of comprehensive intelligence on the Smart Cities IoT market, providing real-time access to a continuous flow of research across geographies, topics and application areas. Among the key intelligence and assets available with this service: the smart city project database which tracks more than 700 smart city projects, city profiles, case studies and market reports analysing pivotal aspects of the market from technology to strategy and business models. Smart city device shipments expected to grow from 202 million in 2017 to 1.4 billion by 2026. Smart city market is growing but fragmentation defines its current state. Various vertical applications, horizontal layers and heterogeneous stakeholders contribute to market complexity and fragmentation. Business models and long-term project sustainability must be addressed to unlock full market potential. By Pablo Tomasi, Senior Analyst, Smart Cities and IoT, IHS Markit

Arecent study conducted by IFSEC Global reveals how trusted identities can serve as the backbone for smart buildings and today’s connected workforce. Sponsored by HID Global, the access control study on the connected workplace explores the trends in smart buildings and the increasingly important need for identity-aware building systems that offer greater convenience, security and productivity. “Most respondents want more integrated smart buildings and business applications that seamlessly work together. While many of them are realizing these benefits by using common management frameworks with centralized databases, this approach is generally quite expensive,” said Ashish Malpani, Director of Product Marketing with HID Global, “The study reveals how trusted IDs offer a viable alternative for achieving a connected building at lower cost, better ROI and improved user experience – all by providing systems with knowledge of identities and their authorizations for access to elevators, parking garages, vending machines, printers and other systems.” IFSEC Global’s study focused on how the access control infrastructure combined with trusted identities can connect disparate systems for enhanced monitoring and a better user experience as people enter and move around buildings, access various systems and consume building services. According to the report, 85 percent of respondents are aware that identities can be connected across multiple systems and devices, and more than 60 percent believe that having everything on one ID card or mobile device will provide operational efficiencies. More than half have already connected their building systems to access control applications, and converging systems can even be a factor in deciding to upgrade the access control infrastructure. Top applications include integrated logical access, AV conferencing, elevators, secure print, locks for interior draws and racks and HVAC control. Other key findings include: 63 percent define their building as ‘smart’ to at least some degree, a 13 percent increase as compared to a 2016 IFSEC Global report on smart buildings. 60 percent of access control systems are already integrated with other buildings systems. Roughly the same percentage believe that system integration is hugely beneficial for user convenience while adding value to existing systems. 51 percent of respondents have already integrated time and attendance systems. 45 percent cite asset tracking as the most likely system to be integrated in the future. System integration can also be a trigger for access control upgrades – at least 40 percent cited converged physical and logical access as a decision factor. Other top upgrade triggers include enhanced security (65 percent), multi-factor authentication (46 percent), and multiple ID form factors such as mobile devices and cards (41 percent). Two-thirds of respondents believe that IT and facilities/ security management teams need to work together more closely when buying, installing and using new technologies. Another finding from the IFSEC Global study is the growing awareness of the Internet of Things (IoT), with 86 percent of respondents either ‘very aware’ or ‘modestly aware’ of the IoT. For a more connected workplace, trusted IDs can help organizations take a first step towards integrating building systems by securing, customizing and enhancing IoT applications that help connect people, places and things.

The Secure Identity Alliance (SIA), the global identity and secure e-Services advisory body, announces the launch of a new initiative to help issuers and manufacturers evaluate the integrity and effectiveness of current and planned secure e-Document physical security design features. With the current lack of a formal, industry-recognized evaluation process for design, this certification initiative will see the development of a much-needed ‘common criteria-like’ approach to the development of security features for passports, identity cards, driving licences and similar identity-based e-Documents. The security risk-based scheme will analyse a wide variety of factors. It will identify threats, create different protection profiles based on the specific document, and evaluate effectiveness against detailed criteria. It will assess how widely security features are distributed across different parts of the document and the overall security design of the document. The results will enable issuers and manufacturers to identify potential gaps, streamline their planning and development processes, and ensure the highest levels of document security. “The integrity of today’s e-Documents is an issue at the very heart of government strategies to identify and protect its citizens,” says Frederic Trojani, Chairman of the Board, “As it stands today, and without a common and formal evaluation scheme, issuers risk long development cycles and potential exploitable gaps in e-Document security. Having established a clear need for consistency and maximum security, the initiative will provide considerable support throughout the design and manufacturing process. “I call on all organizations responsible for the development of e-Documents to join the scheme to help us build a truly effective and common reference scheme.”