Forum: Security and the Internet of Things

The Internet of Things (IoT) is a hot topic in today’s security industry. What opportunities does it represent? How can they best pursue those opportunities, whether they are a dealer involved in the residential connected home/IoT space or a security integrator working on large industrial or commercial IoT projects? A recent SDMRound Table discussion, conducted as a group by phone, brought together several experts in this area to offer their takes on this topic.

Participants included:

Dan Dunkel — president of consulting firm New Era Associates, Colleyville, Texas. He is also on the Cyber Advisory Boards of the Physical Security Alliance (PSA) and Security Industry Association (SIA)
Joe Gittens — director of standards, SIA, Silver Spring, Md.
Dave Pedigo — senior director of emerging technologies, CEDIA, Indianapolis.
Steve Surfaro — industry liaison, Axis Communications, Chelmsford, Mass. He is also chairman of the Security Applied Sciences Council, ASIS International and vice chair of the Security Industry Standards Council.

SDM: Manufacturers of security systems tend to agree that the IoT movement will come from edge devices and peripherals such as locks and switches — that the IoT is essentially a very large concept made up of billions of very small things. How is that like or unlike the current security systems model?

Gittens: The argument could be made that the security industry could be looked at as one of the first IoT examples. For a long while the security system had to interact with building management and other systems. We’re used to using data from our system to inform other systems…. The panel controls different sensors around the home or office … that can process data and send it back. The concept of what the IoT is going to do is not very foreign to security.
Surfaro: With IoT you have devices that are built to share data…. The emphasis on connectivity is tremendous, to the point where it’s very much like how your kids or even you consume entertainment video…. On a plane or in the backyard you’re using a mobile device and consuming [content]. The network is optimized to move data to the mobile device. But in the security industry, systems aren’t optimized first for mobile devices…. The security industry is using mobile but solutions providers are not thinking IoT-wise. They’re not thinking mobile device first, command center second. They’re thinking command center.

SDM: What is the potential impact of the IoT on the security industry overall and the security systems integrator in particular?

Gittens: It comes around to situational intelligence. Sensors can work autonomously. It gives situational awareness in real time and you can mine that data and process it in a way that can give you predictive capabilities.

What happens before some type of breach of security? The security system can harvest value only if you secure IoT deployments so you know data is being created by that particular sensor…. It’s not fake data coming out…. You have to build apps that are smart enough so they can analyze data and give actionable intelligence in order to have the transformative effect that IoT can bring to the security industry.

Dunkel: Cameras can be doing a lot of facial recognition, license plate reading, and crowd control. The device could actually evolve from just being a video camera to being a security device…. It could be used in crowd control with audio capability built into a device that includes a camera. If there is a … fight involving six to eight teenagers you can put out a blast and people will stop what they’re doing. You can do the same thing with light. You can throw a pulsating light at people and it will disorient them.

Today police have a microphone on their shoulder and a camera on the center of their chest. Why aren’t those one device? [Police would wear the device] on their chest. It would be in a hardened case and they could also use it to fill out an incident report. They could take a deposition and have it automatically [convert] voice to text on the same device.

The platform could be almost like an iPhone that you’re downloading apps to, only it’s a platform more than just a camera. [Users have the] capability to download other apps [to the platform]. Instead of paying $10 a month for a camera, as you add apps the cost goes to $12 or $15 or $18 or $20. The consumer or business would download apps and their bill gets adjusted.

If you had all those cameras in a city or on stoplights and you had a missing child or elderly person, you could download a photo of [the person] and you could have the cameras looking for them.

SDM: What roles do you think a systems integrator or dealer will have in an IoT-based security solution?

Pedigo: From a competitive perspective, especially from a security perspective, the battleground will lie between service providers — these could be cable or satellite operators — and security dealers. All of them see the value in recurring monthly revenue. In general, when the IoT comes in, the concept is mass sensorization. Sensors cost next to nothing. You can underwrite the cost of sensors because the big play is to get into the home and add services to increase RMR…. And whoever can get their foot inside the door will be going after the opportunity.

Dealers have got to become more adept at residential IP networking. They can’t just put the same old Internet service provider router or mass market router in the home. [Those] work when you have a couple of products on them but when you attach more and more devices … you have to put in more sophisticated and robust networks to manage those devices.

SDM: Does the IoT rely on a different architecture than traditional security, i.e., distributed rather than centralized?

Pedigo: You will see a move away from centralized units. That doesn’t mean you don’t do structured wiring. [You also have] wireless protocols and different devices with different formats that won’t be particularly decentralized. In the Z-Wave ecosystem, you have a bridge that goes in to commission equipment. You can take the bridge apart and devices communicate directly back and forth with each other…. One advantage is that if one device goes down, it doesn’t take the entire system down. This also extends the range of devices and improves [system] flexibility.

For example, in my kitchen, my wife asked for two pendant lights over an island but we didn’t have a way to control them other than to turn on a switch that [also turned other lights on]. We got wireless bulbs and used a mesh network and now even though they’re on the same circuit and switch, you can have the overhead lights turned on and the pendants off or vice versa. They all operate independently even though they’re on the same circuit.

Surfaro: We’re working with several consortia to utilize mobile edge computing and cloud computing models optimized for advanced delivery of media to mobile devices. Data ingested by the mobile devices can get shared to a central data location. This is known as MEC, or mobile edge computing. [There is also] fog computing, which is more of a Cisco [initiative]. MEC optimizes video and security content delivery to smartphones and tablets in areas where the users consume data. Streaming video is delivered faster; tactical response follows.

SDM: How can integrators become better educated about the IoT and how it works?

Gittens: There’s a lot of free information out there on websites and blogs. And in educational panels at ISC West and ISC East you’ll see more panels dealing with IoT and edge security. There’s also a Connected Security Expo that’s about bringing physical and logical and cybersecurity all together.
Surfaro: It’s all about time invested. There are so many resources on the SIA website and FirstResponder.gov Video Quality in Public Safety (VQIPS) website. It’s not by a lack of material…. Take time to go to non-security trade shows that are very much focused on IoT. (See sidebar, page 77.)
Pedigo: At CEDIA EXPO we will have 112 sessions, many of which are on networking and IoT. You also have to learn the networking side and you have to try it out. Get products, put them in, play with them and live with them a bit.

SDM: How difficult will it be to retrofit existing security systems to support Internet of Things capabilities?

Gittens: I wouldn’t say it won’t be difficult. But it won’t be any more difficult than any technology refresh cycle we’re accustomed to. That’s why standards are important. When you’re retrofitting or adding something to a security environment … a standards approach is necessary so you can go piece by piece and have compatibility with other devices that you’ve implemented…. Look for the most open solution you can.

A lot of standards aren’t going to be developed by the security industry. A lot will be developed by the IT [information technology] community…. That doesn’t mean the security industry won’t have influence on consortium activities.

Surfaro: Sooner or later you’ll find someone who has done this before — [for example], Homeland Security…. They’re defining situational awareness of IoT industry applications to require three things: detection, authentication and update. If you can make sure that a device is detectable on a network … you can authenticate it and verify it’s supposed to be there, then you can update it; you’re good. You’ve got a working system.

One very significant trend is the use of microcomputers with the Internet of Security Things. Devices like the Raspberry Pi microcomputer are new platforms for entire video management systems in a sub $100 package and regarded by IT professionals as a “device” rather than a “server.” This represents big opportunities for systems integrators as there are more restrictions to integrate servers on typical corporate networks. Cybersecurity processes protect and run right inside microcomputers.

Recently the solution provider IPConfigure released the Orchid Community Edition to development forum community members for these microcomputers. Systems integrators are already realizing that they can deploy many lower cost microcomputers connected to quality IP video cameras and provide better and a wider range of services to their end users that used to treat the system as a “closed loop.”

Dunkel:From a video standpoint, you can use the cameras you’ve got. We’ll swap out the DVR, plug the camera into our bridge device and enable it for the cloud so you can pass live and recorded video to any mobile device anywhere in the world. You can do a phased-in approach and use some existing equipment. You’re opening up a new realm of opportunity.

SDM: What security issues exist for the Internet of Things and what steps is the industry taking to address them?

Dunkel:What the cybersecurity industry is starting to do is similar to what’s going on with the physical security industry — getting out of silos and going for a holistic view of the network. Cisco talks about the IoT and embedding analytics into the intelligent fabric of the network so [we] can understand where the data is going.

What’s troubling is that IoT security is not keeping pace with the technological evolution of endpoints. There are so many more endpoints now [so there can be] more holes in the dike. The answer lies in intelligent network fabrics so you can understand anomalies in the network and so you can understand where data is going and when.

The nirvana is to get out of the reactive mode and try to be more proactive using analytics and anomaly behavior so the network is smart enough to anticipate attack and reroute communications around or to a different backup network. You have to expect the breach.

Gittens: There are simple ways to mitigate threats. We have a bad habit of calling devices smart devices as if they were smart enough to protect themselves from attack. A lot of these are dumb devices that sense something and [have] the ability to communicate back. But you can have them collect faulty information. That in and of itself is a breach. The way SIA is looking at it is to try to help the industry through a cybersecurity advisory board…. We’re looking at ways to help build education programs to help educate CEOs, end users, integrators, distributors and dealers.
Pedigo: A lot of IoT devices are not specifically designed with security in mind. There are big questions about both security and privacy and they’re not the same. There are ways to accommodate the situation. [For example] with Z-Wave you don’t need a wireless bridge so no one can add devices without a wireless hub. If you take that out, it’s more secure. There are things you can do from the network to increase the difficulty of cracking a password.

A lot of manufacturers are designing a product based on a need and security is an afterthought…. That being said, there are a lot of influential universities that are looking at reinventing the Internet or IoT 2.0. It will be built with security top of mind but will take a few years to hit.

The consumer really has to weigh convenience versus security. The dealer [would likely] use a camera and do port forwarding so the homeowner can see the camera when they are away from home, but that opens up a security flaw. Are you going to get hacked? The [probability] is low but it does exist, so you have to weigh the probability of someone seeing a feed of your devices being port forwarded. It’s a small chance but it is possible.

SDM: There seem to be a lot of competing protocols and alliances and consortia for the Internet of Things. Which ones are most relevant for the security industry and why do we need them?

Gittens: The IEEE has reclassified some standards as “IoT-enabling.” Some things will win out because they’re better for commercial applications and some are better for consumers…. The natural order will be some shaking out of winners and losers. You will have different standards and protocols that meet certain niches.

[Some examples are] the AllSyn Alliance, the industrial Internet consortium, Thread, and Google Weave. Those are the ones that are making the most noise.

Pedigo: I’d look at Zigbee, Z-Wave, the Wi-Fi Alliance new one called 802.11ah, and BluetoothMesh. I would also pay attention to protocols that Apple and Google are putting in. Apple HomeKit is starting to pick up steam. And under Google you have Weave and Brillo. The purpose is to create an atmosphere where devices easily communicate back and forth with [the customer’s] mobile device.

With Apple HomeKit, for example, people will be able to control locks, lights or whatever. Apple, Google and Amazon realize they need to be in the connected home and have standards to make devices work better.

SDM: What is the relationship of the cloud to the IoT?

Pedigo: The cloud is incredibly important. With Amazon Echo, for example, when I do a voice command to turn on lights, that data goes to the cloud, and Amazon servers in the background translate what needs to be done, and the translation comes back to the hub and turns the lights on…. Most IoT devices are lightweight; they’re not doing much processing…. Somewhere in the cloud [you’re] doing the data crunching.
Gittens: SIA has a cloud, mobility and IoT subcommittee…. They’re all inter-related…. You don’t get a clear picture until all those things are working together. [For example], the cloud is really what allows mobile to be mobile.

With the cloud, [data] can be stored in real time, moved around, stored and accessed on demand. When you add IoT on top, you gain the ability to get data from all [sorts of] devices.

You can’t talk IoT without the cloud and you can’t talk mobility without the cloud. It’s the glue that sticks it all together.

IoT-Related Conferences

Data and Analytics Conference (Analytics, Big Data, Data Science): http://bit.ly/2aAdDA5
Industry of Things World (General IoT): http://bit.ly/2atnBV4
IoT Emerge (General IoT): http://iotevents.org/iot-emerge
IoT Tech Expo North America (General IoT): http://bit.ly/2ay7JSL
Lightfair International (Lighting IoT): http://www.lightfair.com/lightfair/V40/
Small Business Expos: http://bit.ly/1wXNGT3
Stream Con (Video streaming): http://iotevents.org/stream-conf-2016
Streaming Media West (Video streaming): http://bit.ly/2b30qAT
Unmanned Systems Tecnhology Commercial UAV Show: http://bit.ly/2aTRUFa

MORE ONLINE

For more on the Internet of Things visit SDM’s website where you will find the following stories:

“The Internet of [Security] Things”
www.SDMmag.com/internet-of-security-things

“The Difficulty of Defining the Internet of Things”
www.SDMmag.com/difficulty-of-defining-the-internet-of-things

“HP Study Finds Alarming Vulnerabilities with Internet of Things Home Security Systems”
www.SDMmag.com/study-finds-alarming-vulnerabilities-with-iot-home-security

“Beyond the IoT Hype: A Primer for Security Dealers”
www.SDMmag.com/beyond-the-iot-hype

QUOTES:

‘What the cybersecurity industry is starting to do is similar to what’s going on with the physical security industry — getting out of silos and going for a holistic view of the network.’ — Dan Dunkel

‘You can’t talk IoT without the cloud and you can’t talk mobility without the cloud. It’s the glue that sticks it all together.’ — Joe Gittens

‘One very significant trend is the use of microcomputers with the Internet of Security Things.’ — Steve Surfaro

‘When the IoT comes in, the concept is mass sensorization. Sensors cost next to nothing. You can underwrite the cost of sensors because the big play is to get into the home and add services to increase RMR.’ — Dave Pedigo

Join us for an insightful webinar where we delve deep into the ever-evolving landscape of video surveillance. As the demand for robust security solutions continues to surge, staying ahead of the curve is imperative.

PSA Security Network is one of the nation’s leading sources for education, training, and industry networking events. With multiple settings and events throughout the year to meet and exchange industry knowledge, there is something for everyone.