SIA Provides Robust Industry Cybersecurity Education

Cybersecurity concerns are not going away. Here’s what we’re doing:

Don Erickson is CEO of the Security Industry Association.

Cybersecurity continues to be a major challenge for the security industry. When rapid change reached the security industry a decade ago as security devices began moving onto the network a decade ago, it began to usher in the first concerns about cybersecurity.

Today, with nearly all systems combining elements like network-connected sensors, cloud storage, software-based management systems running on Windows and Linux servers, the threats to today’s systems are often measured by number of exploits, patches required, phishing expeditions and DDoS and ransomware attacks.

Fortunately, the situation is not entirely dire. There’s been a strong effort by the security industry to lean forward into the issue of cybersecurity. Product developers have ramped up their patch frequencies and are being more communicative about known weaknesses. Suffice to say, security industry companies are now treating cybersecurity as the vital, urgent issue that it is.

At SIA, we’re helping member companies – particularly manufacturers, software developers and systems integrators – to lead the charge when it comes to cybersecurity.

Here’s what SIA is doing:

Launching the Cyber:Secured Forum: Together with our partners at PSA Security Network and ISC Security Events, we’re launching the Cyber:Secured Forum on June 4-6 in Denver, Colorado, this 2-day event is designed to bring together leaders in physical security, systems integration and cybersecurity to exchange information and best practices. The content of this conference is both technical and strategic; you will find presentations on the new NIST framework for cyber and physical security, input from the U.S. Attorney’s office, information on product and system hardening, and perspectives from Intel, IBM, Microsoft and more. Register at https://www.cybersecuredforum.com. Registration is significantly discounted for SIA and PSA members.

Partnering with WSJ: To offer insight into the state of cybersecurity readiness for major corporations, we are working with the Wall Street Journal and ESI Thought Lab to produce benchmarking research related to cybersecurity enterprise investments in the financial, technology, and health care sectors. This research project will help SIA member companies understand the overall cyber landscape faced by their customers and provide actionable information to help SIA members guide their customers on how to best protect their businesses and data from cyber threats.

Bringing Together Leaders: In 2016, SIA formed the Cybersecurity Advisory Board to put together some of the sharpest minds in the security industry to provide guidance and create an information sharing channel. The goal of this board has been to raise the awareness of cybersecurity across the broader security industry, while also providing immediate, responsible recommendations.

Providing Product Hardening Information: The Beginner’s Guide to Product and System Hardening was one of the first publications of the SIA Cybersecurity Advisory Board. This document (available on securityindustry.org) details simple measures that product manufacturers and system integrators can implement to thwart the most common methods of cyberattack. Practices described in the Beginner’s Guide, like requiring strong passwords, defaulting to HTTPS for network traffic and implementing patch management tools, can go a long way in preventing a physical security system from being the lynchpin to a targeted cybersecurity breach. The board’s second publication, Recommendations for Initiating an Enterprise Cybersecurity Solution, outlines some of the key discussion points that an enterprise must have when building up the people and processes of any effective cybersecurity defense strategy.

Addressing Data Privacy Concerns: The SIA Data Privacy Advisory Board was created to help SIA member companies and others better understand the threats to their data and the best ways to mitigate risks to secure their customers' information. Using a document titled the SIA Privacy Framework and leveraging the work of the SIA Cybersecurity Advisory Board, the Data Privacy Advisory Board will develop and promote guidelines related to enhancing the security of personally identifiable information (PII), protected health information (PHI) and other sensitive data.

SIA is also taking a role in raising awareness about the EU’s General Data Protection Regulation (GDPR), with education on this subject offered at ISC West 2018 by SIA members and additional education to follow.

Cybersecurity will be an ongoing concern for our industry. It will continue to impact how SIA members create products and solutions, and how our member companies, design, integrate and install security systems. Concerns of cybersecurity promise to always keep SIA members on edge, as these companies try to anticipate the next threat vector or find and fix an undiscovered vulnerability. But, let’s not forget that cybersecurity also offers tangible opportunities for our member companies to lead by presenting solutions and services that represent intelligent approaches to mitigating cybersecurity risks that businesses, organizations and individual citizens face.