A Standards-Based Approach to the Internet of Things

Security Industry Association (SIA)

The security industry is on notice. The Internet of Things (IoT) will have a revolutionary impact on business as usual in the electronic physical security industry. Within the next few years, this “new convergence” will drive enormous change in both physical and cyber security, along with its profound impact on automation.

In response to this major shift in the electronic ecosystem, the Security Industry Association’s Cloud and Mobility Working Group will meet early this fall to announce a new name and an altered focus, adding IoT considerations to the group’s charter. The newly renamed Cloud, Mobility and IoT Working Group will explore the security standardization challenges as cloud services and mobile devices all become part of the control mechanism of this larger Internet of Things ecosystem.

IoT promises a world of smart, connected devices that are able to monitor and communicate their own status and the status of the systems that they are a part of in order to make automated decisions for human convenience and efficiency. Many of these devices will provide data streams that could be used as part of security and risk management. In the aggregate, they will also produce enough information that Big Data analytics now become a relevant tool for the improvement of an organization’s overall security posture.

One example of how IoT technologies are changing the landscape is the widespread deployment of wireless technologies for “presence” detection. Bluetooth Low Energy (BLE) is often cited as one of the backbone technologies for the IoT revolution. In access control, this technology is enabling a shift from physical card credentials to virtual tokens on smart phones. However, the same sensors that are used to read these credentials at a doorway can be placed throughout a building or other public structure, where they can now follow the movements of everyone in the space. This kind of information will be fed into building management and security systems to improve their ability to operate efficiently and predict potential problems.

But now imagine what havoc can be wreaked if this system control were to be assumed by a destructive agent. The fact that IoT devices are all network-capable means that they can be compromised if the proper identity controls are not in place. Ensuring that there are strong identity authentication measures on both people and IoT devices is the only way to mitigate the risk of fraud, extortion, theft and sabotage of the system.

The security industry is uniquely positioned to help address these IoT security concerns. We have addressed access and identity concerns in physical security with a standards-based approach and can ensure that security devices in this IoT can provide the identity controls necessary to ensure that these smart connected devices are working for us and not harnessed to work against us.

The Security Industry Association (SIA) will announce the date and time of the kickoff meeting for the SIA Cloud, Mobility and IoT Working Group in the upcoming days. For more information please contact me at jgittens@seurityindustry.org.