In any connected or IP-based security solution today, cybersecurity is — or should be — a primary focus, both for the security provider and your customer. While everyone knows cybersecurity is important, not everyone is as comfortable or knowledgeable as they could be. A couple recent initiatives aim to move the issue forward and make things “easier” for both security integrators and end customers.
The first is a new release candidate from ONVIF. The TLS Configuration Add-on (release candidate) for secure communications between devices and clients is the first in a new category of ONVIF add-ons, which are specifications that extend ONVIF conformance to product features that address a specific use case or end-user need.
Leo Levit, chairman, ONVIF Steering Committee, explained: “It enables ONVIF conformance in a crucial area of security: secure communications between devices and clients. TLS and other cybersecurity specifications must constantly be kept up to date, and the add-on concept enables those critical adjustments to be made within the confines of the ONVIF conformance process.”
The draft add-on supports configuration for Transport Layer Security encryption would enable a conformant video management system to initially configure or update TLS settings in a conformant device to support encrypted communications between the device and client.
The second initiative comes from the Biden administration, which launched in July the U.S. Cyber Trust Mark initiative in an attempt to put a nationwide cybersecurity certification and labeling program in place to help consumers choose smart devices that are less vulnerable to cyber hacking. The idea is similar to the U.S. Energy Star program, which rates appliances’ energy efficiency, and will be overseen by the FCC. Industry participation will be voluntary.
The “Cyber Trust” label, which will be a shield logo, will debut as early as next year on devices from home security cameras to baby monitors, TVs and more. It is yet to be clarified what the security industry manufacturing world will do with the label, but given the importance of the cybersecurity issue in physical security, it is likely to impact at least the smart home and small business category, if not eventually the enterprise security space.
Director of Technology Policy at Consumer Reports, Justin Brookman, said, “Our hope is that this label will ignite a healthy sense of competition in the marketplace, compelling manufacturers to safeguard both the security and privacy of consumers who use connected devices and to commit to supporting those devices for the lifetime of those products,”
The FCC plans to use a QR code linking to a national registry of certified devices to provide consumers with specific and comparable security information about smart products. Working with other regulators and the U.S. Department of Justice, the FCC plans to establish oversight and enforcement safeguards to maintain trust and confidence in the program.
NIST will immediately undertake an effort to define cybersecurity requirements for consumer-grade routers — a higher-risk type of product that, if compromised, can be used to eavesdrop, steal passwords, and attack other devices and high value networks. NIST will complete this work by the end of 2023, to permit the FCC to consider use of these requirements to expand the labeling program to cover consumer grade routers.
The U.S. Department of Energy announced a collaborative initiative with National Labs and industry partners to research and develop cybersecurity labeling requirements for smart meters and power inverters, both essential components of the clean, smart grid of the future.
It remains to be seen where this will take the overall security industry when it comes to cybersecurity protocols, but it is almost certain to have an impact on customer expectations.