Jump to content
Security Installer Community

Joe Harris

Elite Member
 View Profile  See their activity

  • Posts

    1,048

  • Joined

  • Last visited

  • Days Won

    7

 Content Type 

Blog Entries posted by Joe Harris

  1. Joe Harris
    .
    We should be utilising Dual SIM card devices to improve security and resilience...
    As anyone in the Electronic Security industry will be aware, there have recently been many reported intermittent failures across all of the current Major Network Operators (MNO's) such as T-Mobile and Vodafone
    Some of this has been the result of MNOs upgrading their services to support 4G signalling (In some cases re-purposing 2G bandwidth for 4G services). Other outages have been due to planned maintenance work in the majority of cases. A small number have been the result of unplanned and unforeseen technical issues.
    Our friends in Éire have also seen a number of instances where the mobile communications have been blocked intentionally by those seeking to attack a protected site or asset.
    A significant proportion of the devices which currently utilise GPRS / 3G connections are dual path devices where the signal can be routed through the alternate path in the event of such an outage - Just as it was designed to do so.
    We are as an industry, increasingly embracing the idea of replacing single path PSTN devices with (in some cases) single path mobile path devices. Some would contend that the death of PSTN connectivity is a certainty at some point in the future. It can certainly be agreed that pressures to compress data traffic of analogue communications could lead to further issues such as seen previously.
    If we are to go ahead with such a mass migration of signalling devices, across to a medium that is currently under significant pressure to evolve, then we should ensure that we are taking all appropriate steps to mitigate any potential for our single path devices to fail to signal.
    I propose that we should adopt Dual SIM devices wherever possible to improve our capacity to overcome either malicious attempts to prevent signalling and also provide for redundancy of communications when a MNO has an outage of their core networks (something which has happened too often already).
    Some providers may indicate that they already provide a SIM capable of switching between several networks. This is absolutely true, however, what is not made clear in some cases is that an outage of the MNO with whom the SIM is hosted would mean that the SIM cannot 'lock onto' another network and is in effect rendered incapable of signalling due to an outage of a single supplier.
    With a Dual SIM card device, each SIM can have a different host network and as such provide much greater resilience. A number of smart phones already utilise Dual SIM capability, in part to support international travel and also in part for improved signalling capability and fault mitigation.
    As an industry we have for many years struggled to keep up with the changing pace of technology. In this aspect, we should now take the lead and establish the very best practise in the tradition of true British engineering and quality.
    Take the time to encourage your signalling providers of choice and the ARCs you utilise to support this approach and set the bar higher in our continuing fight to secure and protect our end users.
  2. Joe Harris
    ...Is 2014 the year when we will see the death of the remote control and the introduction of 24hr monitoring inside every living room?
    For many years TV manufacturers have made the bulk of their profits from the selling of increasingly minimised hardware at reasonable profits. This has been supported by innovations such as increasingly larger screens followed by LCD,LED,HD,3D and 4K providing yet another “next new thing” to allow them to sell a combination as yet another new TV to those who always want the latest available technology. This has provided substantial profits to the likes of Samsung, Panasonic and Toshiba and other hardware manufacturers over the years.
    More recently, the introduction of so called ‘Smart TVs’ has provided a new income stream as TV manufacturers have been able to provide their own ‘App stores’ to provide built in software applications to provide additional functionality to users such as Skype or Netflix integrations.
    This has only generated a modest amount of revenue though and is likely still generating more cost in terms of research and development at this time leading to a net loss.
    Both of these areas could soon be overshadowed however by a significant upcoming change in the role that TVs will play in how we interact with the services available…
    A rising number of TVs now ship with built in cameras to allow video calls to be seamlessly integrated and to enable gesture controls. This same functionality has been proven to allow the possibility of tracking eye movements and facial expressions. Extend this one small step further and with a Kinect style ability to recognise individuals there is suddenly a huge new market emerging for TV manufacturers to take advantage of.
    Relevant content
    Why would an advertiser want to show their advert while their target audience is not watching? Why would a teenager watching the TV want to see an
    advert for "shiny, clean dentures"? Similarly, your 100 year old relative is unlikely to want to take up skateboarding. This is wasted advertising money… Instead, if they know that certain people are watching, then they might want to instead show some relevant content for them or place their advert elsewhere.
    If facial expressions and eye movement can be tracked using the built in camera, then advertisers can suddenly learn what impact the wording of their adverts has upon specific users and tailor audio tracks to get their attention. Perhaps “Best pizza in the whole of Manchester!” did not make you look up from your smartphone, but “Best Hot Pepperoni Pizza at your door in 30 seconds!” may have you looking up and/or licking your lips…
    Can you imagine how powerful this could be for the multi-billion pound advertising industry? The humble TV suddenly becomes a tool to target viewers on the basis of who is in the room with different adverts shown to Peter or Paul based on their personal, perhaps even sub-conscious preferences.
    With the significant income that TV manufacturers could generate from advertisers to have access to this immensely valuable metadata, it is likely that they would want all of their new TVs to feature built in cameras. It is also possible that the costs of new TVs in future would be much lower as they do not need lots of new technology to support this technique as it is mostly down to video analysis of the scene caught by a built in camera.
    Privacy Expectations
    If users suddenly begin to understand though, that they have become mere products in this supply chain, then it would be only natural for those who want to protect their privacy to want to cover up cameras so as to maintain their own comfort level of sharing information.
    This of course would stop the TV manufacturers in their tracks and suddenly remove the input of all of the potentially much more lucrative reaction data. This is especially the case if they subsidise the cost of new sets by using the sold data to offset the manufacturing costs.
    So how do you prevent people from covering up the cameras? This tricky issue is perhaps easily resolved by adding a new ‘feature’ by the way of gesture controlled televisions where no remote control is available or indeed possible. If you take the remote control out of the equation then the only way to adjust the volume or change the channel will be to leave the camera uncovered to allow gesture recognition.
    Just before UK readers shout: “Hah! I will just use my Sky box controller or Virgin remote” or American readers grab their TiVo remotes, I would urge you to consider that these set top box providers are probably looking at the exact same market space also at the moment, for the very same reasons.
    It would be interesting to hear the UK Information Commissioners take on this potential development and the impact that it might have regarding privacy versus profit.
    So to summarise, what does this mean in practical terms as the next few years unfold?
    Gesture controls will be advertised as a feature
    TV Remote controls will no longer be provided
    Cameras will be a standard feature at increasing resolutions
    Set top box providers and TV manufacturers will compete for market share
    Viewers will be at risk of living in a viewing ‘bubble’ without diversity
    Blocking the camera will be rendered impractical / inefficient
    TVs will be cheaper
    You will become the product
    Shares in TV manufacturers may be a good purchase decision in 2014
    Adverts may become dynamic and hosted by TV manufacturers as a service
    Advertisement funded TV content providers may feel impact (Think ITV...)
    Service provision may be funded by access to camera output
    Smart TVs already pose a data security risk - Mandatory cameras extend this

    References:
    Ongoing - Smart TVs on Wikipedia
    28/10/13 - Getting Smart on Smart TVs: Awareness Increases Likelihood of Consumer Purchasing, Survey Shows
    04/09/13 - Smart TV interactive ad formats increase brand engagement
    20/12/13 - Media Devices Hit 140 Million, Smart TVs Push Increase
    18/08/13 - Google patents 'pay-per-gaze' eye-tracking that could measure emotional response to real-world ads
    08/05/13 - Eye-Tracking Technologies Are About To Make Advertising Even More Invasive
  3. Joe Harris
    Are we ready for the next generation networks?..
    In some ways the traditional notions we hold of privacy are currently holding us back. They are preventing us from taking full advantage of the possibilities that technology is making available to us right now.
    I genuinely foresee a point in time where we will overcome such social stigmas (this really is all it is) and experience the benefits that will come, only from truly embracing all that technology can offer us.
    So how do we get from point A to point B?
    Currently we strictly control who has access to our personal data. We painstakingly and meticulously specify which websites can access what data and are regularly asked to give permission / authorise and sign-in on a daily basis. We default to 'not sharing' and are suspicious (usually rightfully so) of any requests for details that are not giving us what we asked for. Services relating to health, wealth and security among others are slow and painful to authenticate to and only relate to each other when we go out of our way to inform and advise. We settle for sub-optimal performance as we do not know anything better.
    How does this compare to 'Point B'? By the time we reach this stage we can expect all services with which we interact to be uniquely personalised. It would be considered normal that all shops recognise us and offer relevant promotions with clothing shops showing styles modelled by us, content which is interesting to us will be presented from all media outlets and systems which required manual configuration previously just to "work" will instead seamlessly operate based on any interaction we make with any other equipment or system. If we choose to purchase a new fridge then our car, TV and alarm clock should know about it and shops should stop trying to sell us one. Our home power management systems of the future should be able to tell when we are out, our heating should self adjust, windows should close and the premises should automatically become secured.
    These are basic examples, but you get the idea.
    How do we then achieve this huge leap of faith from not wanting anyone to know what TV programs you like to allowing any relevant service to access that data?
    The two stage solution...
    I believe that due to our learnt behaviour of being 'inherently suspicious' the majority of us will need to do this in two stages.
    Firstly we would use an online avatar to represent us that has no known link to our real identity. This avatar can be customised and will allow us to choose to add more understanding and know-how over a period of time without completely signing over access to everything about us. As this avatar becomes more useful and effective we may then come to reach a point where some brave souls volunteer for the second stage which is to give this online avatar our 'real life' identity. Building trust like this may take time but will give a strong foundation to build upon.
    At this point the GUID (Global unique ID) relating to our avatar would instead become linked to our actual self and with less manual effort our behaviour would lead to point B and the ideal symbiosis of technology and personality could be achieved.
    Some cultures may find it easier to jump directly to this second stage due to cultural differences in upbringing and behaviour, this could potentially lead to an advantage to those who 'let go' sooner over those who need to take a longer, winding path to reach the same almost inevitable conclusion.
    Orwellian? Yes maybe, but what can we achieve once we focus beyond our traditional notions of the self?...
  4. Joe Harris
    Unmanned Aerial Vehicles
    Some press exposure was given recently to the news that Secom are actively looking to utilise ‘drones’ for the private security market on a rental basis. [1]
    This appears to relate to the American market with the rental price given in dollars, yet is the UK market also ready to consider the possibilities?
    The usage of drones, also referred to as Unmanned Aerial Vehicles (‘UAVs’), in the military sector has been known about and discussed widely for quite a while now. However, the typical lapse into commercial operations is beginning to take place quite quickly now and with the addition of Chinese CCTV market into the mix along with a thriving amateur hobbyist community (thankfully both non-weaponised for now) we are now able to consider the application of this technology in a serious manner in relation to the UK electronic security industry. [2]
    Scope
    Drones generally come many forms, it seems though that two main types are established at the moment in the commercial and civilian markets – ‘Multicopter’ types which are devices with several rotors designed to assist in direct and immediate flight and the more traditional aircraft types similar to model planes.
    Drones are defined as “an aircraft without a human pilot on board. Its flight is either controlled autonomously by computers in the vehicle, or under the remote control of a pilot on the ground or in another vehicle”
    This also leaves open the possibility of a drone definition as an unmanned aircraft under the control of a pilot in a remote location.
    ARCs & UAVs – A good match?
    There are some restrictions in the utilisation of drones in the UK. The Civil Aviation Authority (CAA) states that drones can be flown without a pilot's licence as long as they meet the following criteria:

    They must weigh less than 20 kilograms
    Remain below a height of 122 metres
    Remain within visual line of sight of the pilot
    Remain within 500m of the pilot
    Only be flown away from populated areas and airports
    Pilots must also be able to take over manual control if required
    Permission must be sought from the CAA [3] [4]

    This would seem to prevent the deployment of drones by remote centres but how would this affect an Alarm Receiving Centre ('ARC') with trained and licensed pilots with drones utilised under regulatory control for protection of a building?
    What about site based rooftop drones, which have a single application following an activation of flying directly upwards, transmitting footage from an aerial viewpoint before descending to recharge again?
    Protection in the event of a fire or duress situation could be more effectively managed perhaps with aerial thermal imaging and CCTV.
    Would manual PTZ control of such devices and utilisation of 4G for transmission purposes open up a new avenue for protection of property?
    Would we, in this scenario, eventually be petitioned by the police to take things a step further and follow suspects away from the property whilst they are en route so as to assist in a successful arrest?
    The use of two way audio in combination with a flyover by a drone device could be a powerful tool to deter would be burglars from a property. With a carefully managed marketing exercise to demonstrate effective results (similar to the smartwater approach) we could as an industry add another difficult to overcome layer of protection causing less well prepared miscreants to be caught and/or identified more effectively.
    Considerations
    There are some caveats to consider of course as with any new technology.
    Weather restrictions – wind shear, storms affecting flight
    Fog and other visibility issues restricting vision – much as with tradtional CCTV
    Recharging the UAV – Contact based charging solutions are now viable however
    Communications – The usage of robust 4G and 5G solutions should resolve this
    Auditing – On board encrypted SD cards should assist here
    Security of control – An important issue which I will describe below in more depth
    Health & Safety – Any such vehicle could potentially cause an accident or harm if lost
    Privacy – As always privacy concerns would have to be addressed and respected [5] [6]
    On the issue of security of control I would like to point out that where control of a Drone is intercepted by a third party we must be able prove that such action has taken place.
    There ought to be mandatory requirements regarding the security of access in line with current standards relating to all other security equipment in use. Though the application may be different the same level of care ought to be considered.
    This leaves us with some more questions to ask and discuss with regards the impact on and usage of UAVs within our sector:
    Would you consider implementing this technology?
    Do our current standards suitably allow for this technology to be utilised?
    Is it appropriate for ARCs to implement licensed pilots for this purpose?
    Would installers consider implementing these devices in specific installations?
    Does an aerial viewpoint offer advantages over properly sited CCTV?
    Should individual ARCs be licensed to pilot security UAVs?
    Would a single RVRC specialising in remotely controlled UAVs be a better approach than many RVRCs/ARCs offering individual solutions?

    As always, please feel free to discuss, sharing your thoughts and views on this subject…
    References:
    [1] – Engadget.com – Secom offers a private security drone (December 2012)
    [2] – Wired.co.uk – Here come the drones… (July 2012)
    [3] – Civil Aviation Authority – Policy for Light UAV Systems (May 2004)
    [4] – Civil Aviation Authority – CAP722 Guidance (August 2012)
    [5] – Global Research – Civil liberties and the CAA (December 2011)
    [6] – Youtube – BBC coverage of increased drone usage (Decembe 2012)
  5. Joe Harris

    Security 2.0

    By Joe Harris,

    Change is coming, like it or not...
    There is currently a movement by many businesses within our industry to get involved with much more than just 'vanilla' alarm installations. What does the near and distant future hold for those involved with service delivery, manufacturing, installation or the monitoring of such systems? Are we truly on the way to Security 2.0?
    It is a clichéd term, but we are currently on a one way street towards our industry either embracing other technologies and service offerings OR facing the very real prospect that our services will be provided by other industries in our place.
    They will not provide these at a standard which is anything close to our current quality and performance, yet with the apparent move towards an eventual privatisation of emergency response and with apathy from some key stakeholders towards resolving these issues we must accept that maybe the way we have always done things is not perhaps the only viable solution.
    Growing demands of the 'hyper-connected' generation...
    End users have been somewhat spoilt by an age of technology that has provided information at their fingertips. Interaction is available instantly, on-demand and in several different formats allowing end users to decide to use their laptop, phone or several other mediums to check their status and to provide a means for them to control.
    This has been also available in our industry in many ways with smart phone apps for control panels, CCTV systems and direct access to control their alarm monitoring.
    This is not going far enough though. This is control in a granular fashion with multiple applications and protocols being used and a 'clunky' approach to solving issues and having to cross reference several systems to get answers.
    The user experience (UX) needs to improve drastically if we are to keep up.
    Events such as CES2013 have highlighted the developments in white goods and home automation systems showcasing smart homes and their benefits. This has the potential to develop into an 'expectation' in new homes as clients look to a UX that matches the rapid pace of their changing demands.
    What, where and how..
    So where do we fit into all this, considering there is already an established and rapidly growing industry providing home automation and AV solutions?
    As an industry we have previously provided 'system integration' which allowed end users to benefit from the best in class of each type of product whilst still allowing such systems to work together in what was a seamless manner offering a fantastic UX as far as the end user is concerned.
    This has always been a strength in our industry and one that we have shown great expertise in, though this has been supported by rigorous standards and protocols with flexibility and the enforcement of these among equipment manufacturers.
    If we are to provide the same level of interoperability with evolving markets and next generation products that are not yet available (Google Glass / iWatch / Etc...) then we need to begin to agree on how we are going to achieve this.
    One of the most critical points is to try and avoid the closed (proprietary) protocol approach and inflexible standards that have stifled our industry to date which have been a major part of our inability to move as quickly as the technology has.
    We should consider being less technology specific and aim to instead define in our standards a clear end goal and aspirational targets yet with scope for multiple methods of meeting these.
    Standards are by their nature outdated as soon as they are released. We should aim to find ways to improve engagement with their development and enforcement and look to other industries to ensure that we are delivering the best possible offering. Is the current system effective at delivering the intended aims such as protecting end users?
    One of the most crucial elements is to select the most appropriate 'eco-system' of a platform and protocol combination that will support developments and allow complete interoperability.
    Choosing a winner...
    In moving forwards there are currently several platforms to allow communication between our current systems and likely potential future developments.
    We already have some systems available to support building management and 'smart home' systems:
    X-10: Basic protocol which has been in use for a while. Uses home power network
    Z-Wave: Widely supported product range and was the first wireless protocol
    Modbus: Very basic wired serial connectivity
    Insteon: Enables wireless comms on X-10 format and improved UX
    ZigBee: Newer wireless technology but struggles if multiple manufacturers kit used

    Both Z-Wave and ZigBee have an alliance behind them to promote the benefits of the platform and to support uptake.
    In some cases a combination of these technologies can be used to acheive the end result. For example some Smart Meters use Modbus protocol to exchange data via an RS232 port but then Z-Wave or ZigBee or others, to then pass that information on outside the device.
    So how do we pick a winner from all of these standards and more? What benefit is there from all manufacturers and system integrators using the same languages?
    We can focus on patching and fixing multiple disperate protocols until we are blue in the face, or, we can all agree on an approach and then put that same energy into developing the possibilities that are enabled through the agreed technology.
    There may be countless disagreements at first, but if we can stand united as an industry then that would give us strength to tackle some of the more difficult challenges and showcase the potential of our place in this emergent market.
    We have in the past struggled to work collaboratively, but social media and changing attitudes now mean that we can have much more open and frank discussion and can see the immediate benefits of doing so. As an industry we have a lot to offer and we can create world class solutions when we work effectively.
    I am optimistic that we can all pick a winner and that we can all succeed.
    I would ask all readers to consider what they can do to work effectively with others to ensure that we provide a solution that puts us on the map as world leaders in innovation and effective collaboration.
    Legal Notice: All images and logos remain trademarks of their respective owners and are used in accordance with the fair use of a copyrighted work for purposes such as comment, criticism, news reporting, teaching or research.
  6. Joe Harris
    Ghost in the machine...
    With around three quarters of remotely accessible CCTV systems allowing intruders free access to invade privacy and compromise entire corporate computer networks, is it time to say 'enough is enough' to manufacturers and insist upon firmware changes to improve security control?
    This is not isolated to consumer level CCTV platforms only. Many 'professional' DVRs & NVRs are installed with default administrator accounts unchanged or additional accounts created and system owners given control over the default account (which they then fail to change).
    This means that anyone who is able to connect to the unit remotely can simply enter the default username & password (which can be found within seconds through a simple google search in almost all cases) and then have access to the system as completely as if they were standing in front of the unit.
    To compound matters further CCTV systems are rarely secured to only allow specific IP addresses to connect to them and at the same time they broadcast their presence through banner information given out to any device that queries the unit (This means it is easy to find such devices in the wild).
    In ~80% of installations the default passwords remain in place for the first three months. This drops to an average of ~70% after three months as some systems are made more secure by their removal.
    This still leaves vast numbers of units out there which can be listed by country / ISP / city, or date of installation and more which are openly accessible to any IP address.
    Some examples:
    AVTech - Over 420,000 units exposed - (14,000 in Great Britain / 12,000 in America)
    Hikvision - Over 710,000 units broadcasting - (10,000 in Great Britain / 16,000 in America)
    Dedicated Micros - Over 18,000 units detected - (8,000 in Great Britain / 7,000 in America)

    You might be thinking, so what, it's just CCTV - what's the worst that can happen? It should be remembered at all times that modern DVRs are in effect computers in most cases. Usually based on linux these machines are carrying out a specific task but can be put to use for other non DVR activity with ease.
    Each compromised DVR is in effect an open computer allowing anyone and everyone access to a corporate network potentially. If security of the DVR is poor then it is possible that network security within a corporation is equally lax.
    Last year a CCTV module was added to a tool called Metasploit, widely used in the blackhat community this tool allows users to attack a DVR, testing default access and brute forcing passwords. The fact that CCTV systems are often the weakest point of entry on a network is not lost on attackers and those who seek to maliciously access systems.
    Whose fault is it really?...
    It can sometimes be difficult to pin down exactly where the fault lies as there is a blurring of responsibilities in some contractual agreements.
    A professional installer may fit a DVR and put in place a secure username and password combination for remote management or viewing by a remote RVRC or ARC. They may also advise the system owner to put in place ACL (Access control lists) so that only authorised IP addresses are allowed to connect to the device as well as giving advice on blocking netbios responses and port forwarding. However, if a user insists on being able to access the device remotely and chooses to keep the simple to remember default account and not to implement such measures then the machine can remain vulnerable.
    Often the company responsible for installing, maintaining or monitoring the system does not have control over the network used by the device for transmission.
    Even if the password is changed there exist a large number of exploits on known DVRs and in many cases these and similar exploits can be applied to other DVRs as the programming code is sometimes not as secure as it ought to be.
    The CCTV hardware sector has been under intense price pressure in recent years and with a downward spiralling price index it has been common to see a reduction in the number of developers and code writers employed by some companies which could potentially increase the risk of security holes remaining in a product.
    In the event that a breach receives widespread mainstream media coverage it does not just reflect badly upon an end user themselves as the security industry on the whole would receive bad press even if not at fault.
    How do we fix it?...
    In part this may require some contract review to ensure that clear definitions are in place by all businesses as to the responsibility that both they and the client hold. Clear understanding must be given as to the potential risks and good practise should be recommended in securing the unit.
    Perhaps a move towards mobile broadband and IPv6 will mean that we can take back control of securing the communication channel?
    We must however tackle the issue of default user accounts existing in the first place.
    There is no need to have such accounts any more. Even if such accounts could be made unique to each device it would be an improvement, but in an ideal world the units would prompt for a unique username and password combination on first powering up with an option to default the unit only by an physical action on the unit itself in some secure manner. Dedicated Micros units for example come configured with up to five seperate default accounts of which three have admin level access and allow full control over a unit. Are your engineering teams ensuring that all of these accounts are removed?
    I recently asked the technical support staff at several DVR manufacturers why they still use default accounts despite the huge risks involved when they are regularly left in place? I was repeatedly advised that it made their job much easier when providing remote support to users and engineers.
    Newer Axis cameras feature the technique of forcing a password change on first access and it is much more secure as a result.
    We should be hammering the doors of manufacturers to ask them to indtroduce this approach in their new firmware revisions (no hardware change should be required in most cases). We should also be encouraging the standards to push towards a more robust approach to handling default accounts.
    Manufacturers often boast of how much value is protected by their devices (it's a safe boast that does not reveal how many units they sold) - It is this same value that is potentially at risk.
    The next time you are presented with new CCTV equipment or a new manufacturer, ensure that you ask them how they ensure that their products remain secure as it is your reputation at stake.
    Action to be taken:
    Installers
    Check contractual agreements
    Ensure engineers trained in best practise
    Audit existing installations
    Verify guidance given to end users
    Ensure firmware is updated regularly

    Manufacturers
    Remove generic default accounts
    Deploy an effective mechanism for security
    Check existing exploits to ensure none affect your units
    Keep up to date with new exploits
    Notify your clients when you discover older firmware is at risk
    Maintain a 'risk register' of some kind for trade members to be aware of potential risks

    End Users
    Protect their own networks by blocking Netbios
    Allow access only to specific IP addresses
    Change / Remove default accounts!!
    Use secure passwords (6 Characters or more / Alphanumeric / Mixed case)
    Ensure that internal communications to and from the device are restricted

  7. Joe Harris
    Security Flaw
    Some of you may be aware that last year there was some exposure given to a vulnerability in Trendnet camera firmware allowing access to their consumer webcam devices despite password protection being enabled.
    They claimed to have released a patch within a month to solve the issue and to have contacted every customer to advise them to update their devices.
    This is (despite the assurances of Trendnet) still a common issue, to help highlight it a real time map was produced showing where such devices were located and allowing you to connect directly to them.
    The website has now been taken down thankfully as the goal of highlighting the issue in mainstream media again was achieved.
    Professional Security
    This is a pretty good demonstration though of just how prolific an issue this can be when Joe Public gets his hands into the pot but it also reminds me of the many poorly secured 'professional' installations I have come across in my time (I'm sure you have too) and it is hopefully a wake up call to some businesses to improve their security practices.
    How would you feel if 'XYZ Security - Live CCTV feeds' was the next google map mashup launched showing devices which you are maintaining or monitoring?
    Also take note that despite the publicity around the Trendnet devices, they are not the only ones affected. There was a website called Shodan HQ launched some time ago which gives the ability to search devices which are 'web facing' (in other words can be connected to over the internet) and list those matching specific url strings or other flags. This offers much more capability than Google searches for example in highlighting potential 'target devices'.
    It is already possible now to list unsecured access points on some very well known 'professional' DVRs and NVRs.
    Ease of connectivity is very much a double edged blade. We must remember that many of the devices we use are now starting to utilise built in web servers and connectivity.
    Considerations
    How are you ensuring that you are aware when exploits are announced on devices you utilise?
    What are your plans to identify, notify affected users and upgrade potentially affected devices quickly and effeciently?
    Are you considering these issues when investigating new web facing technology?
    How do you measure for and protect against potential built in backdoor access to foreign equipment?
    As well as looking outwards at your clients are your own systems secured and protected?
    Is technology advancing too quickly to ensure adequate security is deployed?
    As always I welcome your thoughts, questions, answers and debate.....
  8. Joe Harris

    Super Arcs

    By Joe Harris,

     
    Bigger = Better?
    Many barriers currently exist for businesses which are planning to run their own Alarm Receiving Centre (ARC).
    In the coming months we could potentially see some of those barriers crumble and a whole new way of doing business materialise.
     
     
    Winners & Losers
    Traditionally setting up an ARC from scratch has been an expensive and time consuming process, which can rely upon expertise in the field to implement and is surrounded by very little shared information or open resources (ARCs for Dummies is not out yet).
    Existing ARCs face to lose out if more competition enters the fray and yet at the same time suppliers could benefit if more new business is generated.
     
    Barriers
    So what exactly are the barriers to setting up a modern ARC?
    Building / Structure
    Buildings and structures must comply with specific requirements of the standards
    Equipment / Hardware
    In some cases specialist equipment may be required
    Communication Networks
    From voice communications to PSTN to IP via fibre links and all flavours in between
    AE Platforms
    Software packages used to monitor remote system
    Licensing / Accreditation
    Strict standards must be met in order to escalate calls to authorities
    Employees
    Skilled and capable staff are needed (You can automate some of this process but not all - yet
    Processes & Procedures
    You can have all of the above but without the correct procedures they will fall over
    Investment
    A large amount of money must be spent before you can earn a penny back
    If you think of any others please add them in a reply...
     
     
    What's so 'Super' about that?...
    These and I am sure other points which I have likely overlooked, all make that first step of implementing an ARC a tough proposal.
    Given an ever improving core broadband network, with rapidly reducing prices and a growth in 4G wireless IP communication, can we now consider another approach though?
    ARCs usually build in a certain amount of spare capacity at any given time; this is good practice and is recommended at all times.
    Could some of this spare capacity be utilised to allow an ARC to operate as a 'Super ARC' by receiving and processing signals on behalf of a client ARC and relaying these processed alarms and signals back to them for handling?
    Why even go to another ARC? Could suppliers of alarm handling software packages not offer their own hosted 'Super ARC' platform?
    Maybe signalling providers could operate their own Super ARC to encourage more startups or extend reach?
    Why would a user choose to go to an ARC outsourcing to a Super ARC? Well, maybe they prefer the personal service offered by the smaller ARC but want the assurance of the capacity of the larger ARC.
    This could give rise to a stepping stone approach to bringing an ARC online, streamlining costs whilst allowing processes and procedures to be ironed out.
    The current standards would not lend to such a proposal, however the incoming standards allow a much less restricted approach and this type of centralised cloud based processing of signals is going to become a reality in many industries.
    Current latency and bandwidth restrictions will simply not exist in the same way in future.
     
    Questions, questions...
    As usual we can end up with more questions than answers so I would like to ask you all to consider the following:
    1. What problems would you foresee with such an approach?
    2. Would you use an ARC which outsourced it's platform in this way?
    3. Would you want to host services on behalf of a.n.other ARC?
    4. What pros and cons do you see with this type of solution?
    5. Is more ARCs a good thing or a bad thing?
    As always, please feel free to discuss, debate or disagree...
  9. Joe Harris
    Crossing of paths...
    Alarm Transmission Systems (ATS) are increasingly adding capabilities that would traditionally have been performed by dedicated devices, for example CCTV verification.
    At the same time Control and Indicating Equipment (CIE, or control panels in plain English) feature built in IP communication functionality and are giving us access to Home Automation integration and more.
    This type of blurring of what would previously have been clear and distinct roles that equipment played is becoming much more common and is set to extend even further in the future.
    We are already in a position where individual cameras and detectors of all types can communicate directly with the software at an Alarm Receiving Centre (ARC) without utilising at ATS if they so wished.
    Installers are being empowered with the ability to not only connect instantly to a remote CIE to analyse a potential fault, but to be in a position to connect directly to a detector or camera or any other component of a system to amend settings, re-enable or even repurpose a generic multi-purpose device to enable the maximum potential protection for clients at all times.
    This type of convergence leads to some fantastic opportunities and will mean that the next few years will certainly be interesting. It will also however, mean that those whom are writing the standards to which we each adhere, will have to write them without constraints on the form of equipment utilised in some cases. A very tough ask of them when they are trying to give reasonably specific guidance.
    Confusion or cohesion?
    Given this merging of functions and the seemingly inevitable move towards every component being addressable where does that leave our suppliers?
    Will there be a place for specialised equipment if the same function is provided to the same standard in an integrated manner by another supplier?
    Does this lead to an eventual move away from processing of alarms by dedicated CIE at the protected property to instead provide processing 'in the cloud' at the ARC or any other centralised location?
    Will instant and thorough control of remote devices by installers lead to a change in business models when attendance is much reduced?
    Does dedicated equipment improve the structure of the overall system or benefit us in another way?
    Will ATS suppliers be bypassed or will they 'lead the revolution'?
    Will we see less competition as a result or more?
    As always, please feel free to discuss, sharing your thoughts and views on this subject…
  10. Joe Harris

    Very Much Reality...

    By Joe Harris,

    Augmented Reality


    There was a glut of press attention given recently to a free Android and iPhone application called "Chestburster" which allowed users to see a 3D ‘alien’ type creature emerge and come to life when viewing a particular static image along with gory sound effects. This image could be downloaded from their website and placed; for example, on a t-shirt / computer screen or as a printed image.
    Whilst this was very much a niche ‘toy’ to demonstrate the possibilities it is a powerful reminder that augmented reality (AR) is very much here and all of the tools required to utilise it are available now.
    AR uses static ‘trigger’ images or location data such as GPS to overlay virtual content on top of the real world. This virtual overlay can then be interacted with based on user input if they so wish.
    To bring people up to speed and help explain the possibilities we can look to Google as a good example of usage.
    Apple have been developing wearable systems (iShades?) to provide AR functions since 2008 or earlier.
    Google have been working for just as long on "Project Glass" which is in effect a pair of clear glasses which overlays 3D virtual images and data onto a real 3D landscape.
    In a basic form it would effectively allow you to have a ‘Streetview’ style view of streets as you walk around in an area or for the purposes of directions. This could theoretically extend to whilst driving and can indicate locations of landmarks or retail outlets etc…
    Go a step further if you would and imagine looking at a retail outlets signage and suddenly it comes to life listing the current special offers and promotions.
    With this being Google of course the content of such promotions can be specifically targeted for your demographic or interests. They can even remind you of that item which you looked at before but didn’t buy at the time for which they can offer you a unique one off discount….
    Billboards will just be blank canvasses in future, a man and woman walking down the road may see a different moving advertisement each or may even see a different advert if together than they would each see apart. Those in a vehicle would see the same billboard specific perhaps to the type of vehicle they are driving or their plans for that evening.
    This is aside from any seamless integration of social networking applications, checking in to locations, advising stores or restaurants of your details as you enter the premises… “Hello Mr. Smith, it’s good to see you again, did you enjoy the steak last week?”
    You can begin to see what could be achieved through careful application of this additional layer of reality when usage becomes common.
    -
    So you may rightfully ask ‘What does this mean to us in the Electronic Security Industry though Joe?’
    Whilst it is arguably the retail and entertainment sectors that will see the most dramatic impact from this technology it still allows our industry many ways of capitalising on the technology to deliver our services more effectively and efficiently.
    Some examples could be as follows:

    Training


    Whilst there is no replacement for full on training it would be a powerful tool to allow engineers to see a video demonstration or a list of specifications when viewing a signalling device or alarm panel. A link can be given to contact the manufacturer or ARC or maybe to documentation or a replacement parts lists.
    Circuitry can be overlaid with plans and inputs and outputs labelled to millimetre accuracy in clear text and full colour with active links to enable context based content.
    This training can also be extended to security system users to explain how to reset an alarm or to help them understand how to omit a detector or zone or other such issues.
    Marketing


    It can be difficult sometimes to convey an important message in the short length of time in which you hold captive a persons attention whilst they read a brochure or advertisement.
    Through AR you have an opportunity to showcase your products and services in a manner that is relevant to the end user. Complex issues can be more effectively delivered through media playback or animated images or diagrams triggered by static images on a website or leaflet for example.
    Day to day usage


    Aside from training and graphical overlays it may be that suppliers can start to think more diversely in their approach. Why have a keypad on the wall at all if a virtual keypad could display upon approach for verified users carrying an authenticated fob or similar?
    Why not allow engineers to receive feedback from detector positioning and any masking to allow an overlay showing precisely where the detection covers within an environment during the installation of equipment? This data could even be used as a form of Kinect style visual overlay of a scene to provide ARCs with an image of the specific activity that led to an alarm activation so as to allow them to make an informed decision on a relevant handling procedure.
    Bell Boxes


    These already provide a form of advertising for Electronic Security companies but what if the same devices could trigger advertisements in full even with geographic based promotions?
    Imagine a virtual billboard on every home which can be constantly updated remotely if you wish?
    Promotional offers could be provided simply on the basis of having viewed an existing installation and then making an enquiry or you could even elect to provide some form of promotion for specific properties which generate enquiries based on their location. -
    I have only scratched the surface of some of the possibilities that could potentially be achieved.
    With a little imagination I am sure that each of you could find a way to use this technology to your advantage and I would ask that you begin to consider how you could go about utilising it to full effect in your own business by making it a reality before it becomes ubiquitous.
    The final word goes to T.S.Eliot...
    Human kind
    Cannot bear very much reality.
    Time past and time future
    What might have been and what has been
    Point to one end, which is always present
  11. Joe Harris
    Summary


    Many specific industries in the UK are currently being targeted for online attacks in order to access the information which they hold. This information is rapidly becoming a new commodity in these changing times.
    The financial sector saw a 3000% increase in the volume of attacks directed specifically at them in the first quarter of 2012. [1] [2]
    The electronic security industry is a definite target due to the ‘low risk, high yield’ target nature of ARCs & Installers for potential attackers coupled with the lack of up to date awareness in many parts of the industry.
    The risk from DDoS type attacks in particular is a well founded one but also comes on the back of other concerns in respect of “information security”.
    Our industry is at particular risk from this threat for a number of reasons:
    In the first case we hold (as an industry) vast amounts of sensitive data on our clients. We are ourselves a means by which access can be granted to further information from our clients. As an example consider an attacker armed with a security firms authorisation credentials or a site password then contacting a client of the ARC whilst performing a social engineering attack. Mobile telephone numbers can lead to location data or voicemail access of end users.
    The other aspect to consider is that as an industry we face an increased exposure from this type of attack that can be very detrimental to business. “Electronic security” is not the same thing as information security but to end users and clients this distinction is not so clear. We operate in an environment of trust and robust security protocols. Clients would potentially steer clear of the victim of a data breach as they would be seen as ‘untrustworthy’; this can have a massive impact within the industry. [3]
    A small investment in time and resources now could save businesses a great deal of cost and time at a later date.
    Following some basic principles [4] of system management will help. In the long term a complete managed structure is the only effective solution to mitigate the increasing risk and exposure.
    To manage system updates, audit all of the many server and client machines, keep up to date with trends and exploits and to effectively harden the many networks, software platforms and systems is a lengthy and laborious task which businesses small and large may struggle to keep up with. [5] [6]

    Threats & Exposure


    To understand the risks and better manage them we ought to first understand who would be aiming to access data.
    I believe we can categorise the majority of potential attacks as coming from one of five primary sources presenting the highest risk factors for our industry:
    Hacktivists


    Whilst traditionally few ARCs or Installers are seen to have any specific political or corporate ties (which reduces exposure to this threat) the servers and bandwidth available to ARCs can be seen as a potentially lucrative target to use for attack redirection or to include within a zombie network for attacking other targets Staff / Industry competitors


    Whilst a lower risk it needs to be considered and accounted for. Attacks such as competitors taking up similar domain names in the hope of emails being mistakenly delivered to them needs to be monitored for and addressed. Sensitive commercial information is in itself of value to a potential attacker from this sector. Criminals


    Well, at least with this source it is one we are all very familiar with. It is interesting that information security and electronic security are both very similar when criminals form the source of the attack. Target hardening is effective and will cause criminals to instead opt for an easier alternative target. The reason and target of attack is financially motivated. The best defence here can be to make it labour intensive, time consuming and expensive for anyone to perform a successful attack and it will reduce the impact from this source. It must be remembered though that the criminal enterprises can have *significant* resources available to them and they are becoming wise to utilising cheap mass labour to perform the legwork which can complicate matters. Script Kiddies


    This is becoming a dwindling form of attack source, however, it cannot be discounted entirely. While this particular source of attack generally uses widespread and basic tools which can be protected against, there is also the opportunity for talented and determined individuals to find previously unknown 0sec (zero seconds / newly discovered) exploits, which would not be so easily detected. State sponsored


    This is the largest threat to our industry. The sheer numbers involved and the impunity in which attackers operate highlight the fact that the internet is now very much like the old west with very few laws and regulations and several different highly active groups (the UK is no exception).
    Please take a moment to consider the type of information that could be useful to a potential attacking state. Vast amounts of data is stored which can all be funnelled into pool of information for later analysis. Nation states have many Petabytes / Exabytes of data storage for just this purpose and in many cases employ very effective attack teams.
    They have staff dedicated to harvesting and categorising target clients (IPV4 means fairly limited numbers which they can go though quite literally one by one). In the case where a target client is not immediately exposed to any current risk their equipment and services can still be categorised. When a new ‘0sec’ exploit is then released / discovered or purchased then these categorised targets can all be revisited quickly and with ease.
    This is also a form of attack that will not entirely disappear in the future without significant changes, indeed there are claims that this is now the modern battlefield between nations, we need to be careful to ensure that as an industry we do not become the injured innocent bystanders.
    Attack Vectors


    For the modern ARC or Installer there are several attack vectors and points of exposure:
    External webservers / client interfaces
    Company websites
    Mail servers
    Corporate intranets
    USB / Removable media
    Precompiled VMs
    IP Signalling device connectivity
    Receiver software / firmware

    You must ask questions of yourselves in relation to each of the above vectors remaining honest with yourself whilst doing so.
    Are each of your systems adequately protected?
    Is the authentication procedure appropriate to the risk exposure?
    How do you know if you have already been infiltrated?
    What measures can you take to prevent exposure to each of the above?
    Are your staff members trained to respond to and recognise these risks?
    Are you opening up more data than is required to perform the task at hand? If so why?
    Are your contingency arrangements formed with these risks in mind?
    Does your backup procedure give you scope for recovering to a point prior to an attack occurring which may be discovered at a later date?

    The reality in our industry is that the technical expertise employed within and by third parties on behalf of ARCs and Electronic Security Installers is often quite specialised.
    Whilst there are very many incredibly talented individuals working in the industry, it does not follow that they are necessarily aware of all aspects which are required in order to effectively protect company assets.

    The Solution?


    There is no "one size fits all" solution that would work for all types of businesses. There are however, some good practises and recommendations that can be made.
    Where possible implement managed network provision from a suitable supplier. Ensure that you have the support of any ISP utilised in order to help counter DDoS types of attacks.
    There has been a gradual evolution of some signalling products and back office systems to utilise remote access and various forms of IP technology. Ensure that the systems you are utilising have approached the implementation of this technology with a sound understanding of the risks involved. Other products have been designed from the very start around the core principles of data security and robustness, this should be a primary consideration.
    With all the points raised above, the key thing is awareness. Understand the capabilities and weaknesses of each product and perform your own risk assessments.
    You may conclude that it is no longer appropriate to utilise some equipment or demand more robust solutions from the supplier. In either case at least you are prepared and aware.
    Ensure that you are able to accurately track the flow of data in and out of your business and be able to see the status of all critical equipment and networks instantly at any time (keep your fingers on the pulse).
    We are all in the habit of assuming the worst case scenario in order to minimise risk. This puts our industry in a good position to be able to overcome such issues as and when they arise as long as we continue to be prepared.
    Consider your existing networks and infrastructure carefully. What is your exposure to risk? Can action be taken to reduce or ideally, entirely negate the risk?
    It will become crucial in future for Installers and ARCs to communicate effectively to highlight and manage risks.
    We have already begun to see the efectiveness of this approach when nationwide issues occur and in future we should all take advantage of these networks to help mitigate and protect from risk.
  12. Joe Harris
    Collaboration


    Our current generation is without doubt the most "connected" generation yet. We have numerous tools available which allow us to convey our thoughts instantly in every possible media format and yet we still occasionally struggle to communicate with each other effectively.
    I want to look at some specific examples of platforms for collaboration and see how our industry might be able to put them into useful practice as well as considering our motivation for contributing towards a collaborative approach.

    Documentation


    Creating standards and policy documents is a very difficult and often thankless task which must be carried out in order for our industry to continue to progress.
    If we were to sit everyone around a table to try and agree the wording of an important document then we could be there for a very long time (if indeed we were able to sit down in the first place).
    Using free, secure applications such as Google Drive (formerly Google Docs) means that a collective of people could all work on a single document as and when they have time to do so, and at a pace that suited them.
    All changes would be audited, commented upon and can be discussed in an easy manner alongside the document so that people can find a way to reach an agreement.
    At any stage people can look at who has edited what and why and a final draft document would be the output of the process.
    People may be hesitant at the idea of putting content out securely into ‘the cloud’. To those people I ask one simple question: "Realistically, whose servers are more secure? Is it Googles data centres or your own servers?" What would an independent auditor say if comparing the two options on a like for like basis?
    The primary consideration will always be one of risk versus reward. The opportunity to encourage engagement from an occasionally apathetic and yet well informed industry is one which we should strive to grasp.

    Impact & Opinion


    I recently had the pleasure of contacting representatives of all NSI Gold and SSAIB accredited ARCs. It was quickly apparent that across a broad spectrum of different types of alarm receiving centres, that the people I was talking to were all well informed, had a great deal of experience in their particular disciplines and were passionately interested in the industry on the whole moving forward and progressing.
    They all had something useful and positive and unique to contribute. This is a valuable resource which our industry ought to be taking the fullest possible advantage of (in the nicest way possible).
    The same I am sure can be said of installers, manufacturers and other interested parties.
    Often the difficulty can be in taking the wide variety of people and preferred contact methods they may have into account when trying to gauge the opinion of the whole.
    We could use tools such as private LinkedIn groups and built in polling facilities:

    This can quickly help to identify the collective opinion of individual members. However, though users can comment on polls in such groups it is important that a facility somehow remains for users to contribute comments anonymously if they wish as it may be that an unpopular or controversial opinion may in fact be an important point for all to consider.
    It is also important that such questions remain relevant, neutral and help to identify or resolve key concerns in the day to day operation of such facilities, as this will promote participation and engagement while providing useful output for interested parties.

    Sharing ideas


    Why would potential competitors want to share information and ideas? Everyone knows that our industry historically has thrived on secrecy and that unique technology can give businesses a cutting edge over others with whom they are in competition, so why would anyone want to share?
    There is value in effective collaboration which can simply not be achieved in isolation.
    We have gone from being one way consumers of information to instead being very effective communicators of information. What seems interesting to one person could inspire another to actually create an innovative idea or approach.
    It is now recognised that there is a "cognitive surplus" which is often untapped and which is willing to give input autonomously to the benefit of the greater good.
    Now, whilst I am very mindful of intellectual property and issues related to it, there are issues which are broader and affect all interested parties within a group.
    These are the types of challenges to which a collective group of experienced and interested people can help to overcome. Given the opportunity to participate and with enough barriers to participation removed, then people will go out of their way to help.
    Many individuals in our industry have valuable contributions to make, it is a question of giving them an opportunity to have a voice whilst accounting for their hectic schedules and any genuine concerns.
  13. Joe Harris
    App-something?....


    The recent launch of the Windows 8 operating system has become the flagship of a new thrust in technology culture that is here to stay if we like it or not.
    Windows are trying to push their desktop experience into the App based smartphone sector whilst at the same time crossing paths with Google who are busy working on selling their App based platform to desktop users.
    At the same time Apple is looking to futher improve communications between their many available devices to ensure a smooth user experience and to bond users more closely to their brand.
    Users are increasingly being taught to think less about the specific machine that they are using to access tools and data (Laptop / Mobile / PC) and to instead focus on a common interface and a shared pool of data.
    More content is being delivered to users in the 'App' format. By 'App' I mean simple, modular applications that are generally geared towards a specific focus area or subject. The aim in most cases is to simplify the interface used, allowing the more non-technical minded among us to interact in ways that would have been either slow or difficult to achieve previously.
    This combines with an ever increasing 'Always on' mindset to create a demand whereby users are surprised and disappointed if they can't 'find an app for that' when they search.

    Conversion


    One of the most common themes at the moment is the migration of existing products and services from a traditional email / letter / phone approach to instead utilise an App.
    What name is given to the process of converting something which is not an App into an App though?
    Imagine converting your hard copy lens calculator into an App, or maybe making your invoice payment system into an App. How do you describe this process of taking a none-app format procedure or task and making the same process achievable through an App?
    I came across this dilemma recently and discovered the following terms actively being used in this context:
    Appifying? (4.7k Google hits)


    Sounds satisfying but not quite self explanatory enough Appverting? (14.4k Google hits)


    "Converting into an App" sounds feasible however this term was hijacked by the marketing industry for use as 'Appvertising' (A failed marketing attempt to channel adverts to mobile devices) Appetising? (Huge number of irrelevant Google hits)


    Hungry? This causes confusion already... Apping? (576k Google hits)


    A term that is used already to cover many different non App based uses (Such as applying for something) Appification: (23.3k Google hits)


    Probably the most prominent term currently in use, perhaps also the least self explanatory one for ‘Joe Bloggs’ non-technical person
    Applicable applications


    Why would this process be important to the Electronic Security industry? Our industry already embraces this technology in many ways you could say, with many hardware manufacturers beginning to make interfaces to their products possible through apps. Is this the only narrow use for this approach though?
    We are a service industry. Many of the services we provide can be made more efficient or more easily accessible to a wider audience if converted to a format with which an end user can easily and securely access.
    Processes which currently soak up valuable staffing hours could instead be made automated or at least interactive. The evolving possibilities presented by the internet of things (IoT) and IPv6 offer amazing scope but also an amazing level of potential complexity. Apps could help organise and empower users so that they are able to be informed, advised and participatory in the naming and configuration process.
    Communication can be made much simpler and the secure sharing of information to relevant parties can be done in a transparent, seamless and immediate manner.
    Many of the back end systems currently utilised by Installers and ARCs have common protocols such as SOAP or XML available which means that your App can directly interface with your core products if you wish.
    You may find it worthwhile to take some time to stand back from your organisation and consider how you could use this ‘App momentum’ to your advantage.
    There is potential for all sectors of our industry to take advantage of this migration including but not limited to Installers, ARCs and service providers. How can you empower your end users and staff through this technology?
  14. Joe Harris
    Innovation
    It is easy with hindsight to look at some developments and think 'why didn't I come up with that?'
    We are currently living at point in time where technology is developing rapidly across a wide spectrum of disciplines, this is at the same time as we are bringing billions more people online to join the global discussion. Will this inevitably lead to progression or will these new minds need first to assimilate all of the current and existing ideas in order to further innovate?
    I beleive that there is immense value in being able to look at your existing problems from an outside perspective. It is all too easy today to say that something is "impossible" if you have only one or a few fixed ideas about how something can be acheived. We can focus too often on fixing the symptom of an issue rather than looking to the root cause.
    In addition, some of the barriers that led to dead ends when perhaps we first investigated an issue have perhaps been removed since or will be over the next few years.
    There is a risk that a viable solution could be missed as you may automatically write off what is a valid answer based on your past experiences, without looking objectively at the issue as it presents itself here and now (and in the future).
    Progress
    The British government has indicated in the past that it sees innovation as a key 'currency' in the future as more mundane or manual tasks become automated:
    "We want to make sure that Britain is the best place in the world to run an innovative business or service - this is critical to the UK's future prosperity, our quality of life and future job prospects" (Department BIS - Policy statement)
    Innovation is celebrated in our sector with annual award schemes and peer review.
    There have been attempts within the industry to push the benefits of apprentiships with programmes such as the "Engineers of tommorow - 100 in 100" (pdf) which has been vocally led by Simon Banks
    We have a history within our industry of being at the cutting edge of technology in order to stay one step ahead of the more manevolent members of society and this continues to be the case.
    There is no doubt that many of the people working within the industry already have an idea of the capabilities they want to see from equipment within 5 - 10 years and currently the technology is lagging behind the ideas being generated, how long will this last for though?
    Electronic Security
    This perhaps leads to some questions that the Electronic Security industry can ask of itself regarding innovation:

    What steps can we take to avoid blind spots and recognise all possibilities?
    How do we as an industry ensure that such opportunities are not missed?
    Are we introducing enough new thinkers to our industry through measures such as apprentiships?
    Should we do more to encourage transparency from manufacturers about their roadmaps?
    Is some innovation only possible through collaboration?
    Not all change is good, how do we differentiate the good from the bad?
    Do we consider other points of view enough?
    Does your business carry out enough research and development?

    These questions are worth considering regardless of the sector of the industry to which you belong as they may have a impact upon you at some point.
    As always please share your thoughts and views on the subject.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept