Memoori, profile picture
Uploaded byMemoori
PPT, PDF611 views

Physical Security, IoT & The Role of Open Standards

ONVIF promotes open interfaces for interoperability among IP-based physical security products, ensuring standardization and collaboration across brands. Since its founding in 2008, ONVIF has expanded its scope and membership, now overseeing numerous profiles and thousands of products. The document emphasizes the importance of security standards in the Internet of Things (IoT) and the need for continuous improvement in cybersecurity practices.

Embed presentation

Downloaded 11 times
Physical Security, IoT & The Role of Open Standards Q&A with Per Björkdahl, ONVIF Chairman Any Questions? Please type them in…
2 ONVIF is committed to providing and promoting open interfaces to the security industry for effective interoperability of IP-based physical security products. The cornerstones of ONVIF are: Standardization of communication between IP-based physical security products Interoperability regardless of brand Openness to all companies and organizations Liaison with International standardization IEC & ISO IEC TC79 WG12 Video (IEC 62676-2-3:2013 IEC TC/) WG11 Access Control (IEC 60839-11-1) IEC TC9 WG46 CCTV in trains (IEC62580-2) ISO JTC1 HEVC (H.265) About ONVIF
3 MISSION To provide and promote open Interfaces to the security industry for effective Interoperability. VISION All Security Systems share one Interface. ONVIF Mission & Vision
4 ONVIF Development: 2008 to present 2008/10 ONVIF founded by Axis, Sony & Bosch, Core Specification 1.0 2009/05 Release of test tool and conformance procedure 2009/07 First conformant product launched 2009/10 100 members 200 products 2010/03 Scope extended to Access control 2010/12 Core specification 2.0 & Device Test Tool 1.02 2011/09 300 members 1000 products 2011/12 Device Test Tool 11.1 Profile S released 2012/08 400 members 2000 products 2013/04 1200 Profile S products 2013/12 Profile C released 2014/04 500 members 2700 Profile S products 2014/07 Profile G released 2014/12 Profile Q release candidate 2015/03 Client test tool released 2015/10 500+ members 5009 products 2015/07 Profile A release candidate 2016/05 ≈ 490 members 6´500 products 2011/12 EN 50132-5-2 IP Video Transmission Protocols Based on Webservices 2013/11 IEC 62676-2-3 IP Video Transmission Protocols Based on Webservices 2011/02 IEC60839-11-31 EACS IP Transmission Protocols Based on Webservices 2016/07 Profile Q released 2016/12 Profile A planned release
5 - Availability vs. protection - Different threatscape than a PC - Unmanaged devices - Customers are not cyber mature - IoT vendors are not cyber mature Internet of Things – Cyber challenges
6 Security is vital to IoT “It is a process, not a product” “Bruce Schneier”
7 ­ IoT are easier to hardened compared PC ­ Out­of­the­box hardening ­ Independent researchers ­ Cyber awareness is increasing IoT– Cyber challenges going forward
8 The message is loud and clear security products that can’t connect to an IP network disappear from the market sooner than later! Two possible developments Limited utilization of standards •Isolated system silos from one manufacturer •Proprietary systems •Manufacturer lock in •Limited interoperability Full utilization of standards •True IoT •Openness, •Unlimited interoperability the Role of Standards
9 True IoT is not possible without standards Standards are not only technical Standards are also Procedures Together they can achieve security Let’s not take a leap backwards Security by obscurity is not preferred the Role of Standards
10 Security is a Permanent working group in ONVIF Certificate-based Client Authentication Keystore TLS server General design goals What is ONVIF doing about security
New Website! http://www.memoori.com/ Next Webinar: 12th Sept - “Demystifying the IoT in Smart Buildings”

More Related Content

PPTX
ONVIF IP Protocol
byVictoria Condlln Smallridge
 
PPTX
Intelligent Video Surveillance - Synesis integrated hardware and software sol...
byNikolai Ptitsyn
 
PPTX
IoT System SalesBytes Overview Final
bySarah Reinbolt, MBA
 
PPT
Perimeter Protection: "Stairway to IP"
bycias-elettronica
 
PDF
Expo Milan 2015 Case Study_EN
byCisco Case Studies
 
PDF
Innovation Summit 2015 - 11 - morpho
byThibault Cantegrel
 
PDF
Track 2 session 8 - st dev con 2016 - lora(senet)
byST_World
 
PPTX
Internet of everything
byJayesh Pai
 
ONVIF IP Protocol
byVictoria Condlln Smallridge
 
Intelligent Video Surveillance - Synesis integrated hardware and software sol...
byNikolai Ptitsyn
 
IoT System SalesBytes Overview Final
bySarah Reinbolt, MBA
 
Perimeter Protection: "Stairway to IP"
bycias-elettronica
 
Expo Milan 2015 Case Study_EN
byCisco Case Studies
 
Innovation Summit 2015 - 11 - morpho
byThibault Cantegrel
 
Track 2 session 8 - st dev con 2016 - lora(senet)
byST_World
 
Internet of everything
byJayesh Pai
 

What's hot

PDF
Neotel
byCisco Case Studies
 
PDF
Industries On Transformation
byTelefónica IoT
 
PDF
Bridgera enterprise IoT security
byRon Pascuzzi
 
PDF
The cellular network: a vital link in the world of drones
byAGILE IoT
 
PDF
Delivering the IoT ecosystem
byTelefónica IoT
 
PPTX
ARM mbed connect
byJinbuhm Kim
 
PDF
Internet of Everything: The CIO's Point of View
byCisco Canada
 
PDF
“IoT and Vision: Why It’s a Security Minefield and How to Navigate It,” a Pre...
byEdge AI and Vision Alliance
 
PDF
Bridgera enterprise IoT Software Solutions
byRon Pascuzzi
 
PDF
ARM Bryan Lawrence at Smart Homes 2013 Cambridge
byJustin Hayward
 
PPTX
IoT Platform Meetup - Sigfox
byFilip Kolář
 
PPTX
Talk To Your Things
byJordan Eller
 
PDF
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
byNabil Bouzerna
 
PPTX
WIZnet OSHW Global Business
byJinbuhm Kim
 
PDF
Track 2 session 8 - st dev con 2016 - lora (mydevices)
byST_World
 
PDF
SODA-IIoT4ConnectedCars: Spread updates between cars with limited Internet ac...
byNabil Bouzerna
 
PDF
CDE Marketplace: 2iC
byDefence and Security Accelerator
 
PDF
Considerations for a secure enterprise wlan data connectors 2013
byAirTight Networks
 
PDF
LG Security
byjfjpvo
 
PDF
NG EXPERTS Services and Solutions
byToufik Zemri
 
Neotel
byCisco Case Studies
 
Industries On Transformation
byTelefónica IoT
 
Bridgera enterprise IoT security
byRon Pascuzzi
 
The cellular network: a vital link in the world of drones
byAGILE IoT
 
Delivering the IoT ecosystem
byTelefónica IoT
 
ARM mbed connect
byJinbuhm Kim
 
Internet of Everything: The CIO's Point of View
byCisco Canada
 
“IoT and Vision: Why It’s a Security Minefield and How to Navigate It,” a Pre...
byEdge AI and Vision Alliance
 
Bridgera enterprise IoT Software Solutions
byRon Pascuzzi
 
ARM Bryan Lawrence at Smart Homes 2013 Cambridge
byJustin Hayward
 
IoT Platform Meetup - Sigfox
byFilip Kolář
 
Talk To Your Things
byJordan Eller
 
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
byNabil Bouzerna
 
WIZnet OSHW Global Business
byJinbuhm Kim
 
Track 2 session 8 - st dev con 2016 - lora (mydevices)
byST_World
 
SODA-IIoT4ConnectedCars: Spread updates between cars with limited Internet ac...
byNabil Bouzerna
 
CDE Marketplace: 2iC
byDefence and Security Accelerator
 
Considerations for a secure enterprise wlan data connectors 2013
byAirTight Networks
 
LG Security
byjfjpvo
 
NG EXPERTS Services and Solutions
byToufik Zemri
 

Viewers also liked

PPTX
Highly customizable video surveillance platform for manufactures and system ...
byNikolai Ptitsyn
 
PPTX
Video Analytics Encoder Overview
byNikolai Ptitsyn
 
PDF
Global Security and Russia Outlook 2016
byIvideon
 
PDF
Measuring the Benefits of a Smart Building Solution
byMemoori
 
PDF
Buildings Need to be Operated with More Precision!
byMemoori
 
PDF
LEDs Lighting the Way towards Smart Cities
byMemoori
 
PPTX
Making Big Data a Reality in Smart Buildings!
byMemoori
 
PDF
Why don't we have REAL IP to the Edge in Buildings?
byMemoori
 
PDF
ReInventing Green Building!
byMemoori
 
PDF
Brochure-Agenda - Smart Building Automation Summit 2016
byTharun Sholarajan
 
PPTX
Arduino Yun 物聯網 Lesson 1
byCAVEDU Education
 
PDF
Smart Buildings Need Smart Thinking!
byMemoori
 
PPTX
What's Better in a Smart Building World?
byMemoori
 
PPT
PCTY 2012, IBM Smarter Buildings v. Claire Penny
byIBM Danmark
 
PPTX
MIRAI: What is It, How Does it Work and Why Should I Care?
byMemoori
 
PDF
Demystifying the IoT in Smart Buildings
byMemoori
 
PDF
Smart Buildings + Intelligent Solutions
byBob Sawhill, CFM
 
Highly customizable video surveillance platform for manufactures and system ...
byNikolai Ptitsyn
 
Video Analytics Encoder Overview
byNikolai Ptitsyn
 
Global Security and Russia Outlook 2016
byIvideon
 
Measuring the Benefits of a Smart Building Solution
byMemoori
 
Buildings Need to be Operated with More Precision!
byMemoori
 
LEDs Lighting the Way towards Smart Cities
byMemoori
 
Making Big Data a Reality in Smart Buildings!
byMemoori
 
Why don't we have REAL IP to the Edge in Buildings?
byMemoori
 
ReInventing Green Building!
byMemoori
 
Brochure-Agenda - Smart Building Automation Summit 2016
byTharun Sholarajan
 
Arduino Yun 物聯網 Lesson 1
byCAVEDU Education
 
Smart Buildings Need Smart Thinking!
byMemoori
 
What's Better in a Smart Building World?
byMemoori
 
PCTY 2012, IBM Smarter Buildings v. Claire Penny
byIBM Danmark
 
MIRAI: What is It, How Does it Work and Why Should I Care?
byMemoori
 
Demystifying the IoT in Smart Buildings
byMemoori
 
Smart Buildings + Intelligent Solutions
byBob Sawhill, CFM
 

Similar to Physical Security, IoT & The Role of Open Standards

PDF
About IoT Protocols and Security Techniques
byBalasundaramSr
 
PPT
Introduction to IooT protocols in IoT.ppt
bysushantraj495
 
PDF
A Survey of Interoperability among Surveillance System using ONVIF
byRSIS International
 
PDF
From the Internet of Things to Intelligent Systems: A Developer's Primer
byRick G. Garibay
 
PDF
unit 2.pdf
bySupratimNandi3
 
PPTX
Unit 4
byMayura shelke
 
PDF
IoT Security and Privacy Considerations
byKenny Huang Ph.D.
 
PDF
Trends in IIoT and OT Security
byOliver Pfaff
 
PPTX
Modulmnbjkjnbnjnbnj,kkjebnmhnvfghjhgbcvxv
bysneharaju2025
 
PPTX
Unit_3.pptx
byRAMESHMRA21130030110
 
PPTX
Without App Standards, There's No Internet of Anything
byOpen Interconnect Consortium
 
PDF
Iot architectures slides important.pdf
byASTIECE
 
PPTX
module 3.pptx
byssuserb7947f
 
PDF
Unified Middleware for Internet of Things
byHonbo Zhou
 
PPTX
KATS 4th Industrial Revolution Forum Seoul , Korea
byGabriela Ehrlich
 
PDF
Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.4)
byThierry Lestable
 
PDF
IoT Security Assessment - IEEE PAR Proposal
bySyam Madanapalli
 
PPTX
ch2.pptx huuuuhy hhhh bjuuu huuujkjjjf hh
bydarshangd9899
 
PPTX
ch2.pptxnnbhyyg uuggy jgugjb huuuhj hihij
bysigmatej123
 
PPTX
Industrial IoT Security Standards & Frameworks
byPriyanka Aash
 
About IoT Protocols and Security Techniques
byBalasundaramSr
 
Introduction to IooT protocols in IoT.ppt
bysushantraj495
 
A Survey of Interoperability among Surveillance System using ONVIF
byRSIS International
 
From the Internet of Things to Intelligent Systems: A Developer's Primer
byRick G. Garibay
 
unit 2.pdf
bySupratimNandi3
 
Unit 4
byMayura shelke
 
IoT Security and Privacy Considerations
byKenny Huang Ph.D.
 
Trends in IIoT and OT Security
byOliver Pfaff
 
Modulmnbjkjnbnjnbnj,kkjebnmhnvfghjhgbcvxv
bysneharaju2025
 
Unit_3.pptx
byRAMESHMRA21130030110
 
Without App Standards, There's No Internet of Anything
byOpen Interconnect Consortium
 
Iot architectures slides important.pdf
byASTIECE
 
module 3.pptx
byssuserb7947f
 
Unified Middleware for Internet of Things
byHonbo Zhou
 
KATS 4th Industrial Revolution Forum Seoul , Korea
byGabriela Ehrlich
 
Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.4)
byThierry Lestable
 
IoT Security Assessment - IEEE PAR Proposal
bySyam Madanapalli
 
ch2.pptx huuuuhy hhhh bjuuu huuujkjjjf hh
bydarshangd9899
 
ch2.pptxnnbhyyg uuggy jgugjb huuuhj hihij
bysigmatej123
 
Industrial IoT Security Standards & Frameworks
byPriyanka Aash
 

More from Memoori

PDF
Smart Buildings 2025 Wrapped! The Rise of Outcomes-as-a-Service
byMemoori
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
What's Driving Growth in the Video Surveillance Market 2025?
byMemoori
 
PDF
A SEA of Energy Efficiency Opportunities!
byMemoori
 
PDF
The Drone Dividend: Practical Applications for Commercial Buildings
byMemoori
 
PDF
Startups in Smart Buildings H1 2025 | Acquisitions & Investments
byMemoori
 
PDF
A Guide to Smart Building Open Standards 101
byMemoori
 
PDF
The 4 Billion Device Future: IoT Insights for Commercial Building Leaders
byMemoori
 
PDF
State of the Smart Building Startup Landscape 2024!
byMemoori
 
PDF
AI as an Interface for Commercial Buildings
byMemoori
 
PPTX
Laying the Data Foundations for Artificial Intelligence!
byMemoori
 
PDF
The Market for AI in Commercial Buildings 2024.pdf
byMemoori
 
PDF
A BluePrint for the Future of Smart Building Retrofits
byMemoori
 
PDF
AI + Memoori = AIM
byMemoori
 
PPTX
How Tenants & Landlords Can Work Together to Reduce Energy Consumption!
byMemoori
 
PPTX
How Can Smart Building Technology Become Mainstream?
byMemoori
 
PPTX
The Carbon Lifestyle - Not a Fad
byMemoori
 
PDF
Hybrid Work: Driving the Workplace Tech Market!
byMemoori
 
PPTX
AI IoT Edge Applications Insights and Trends
byMemoori
 
PPTX
What Building Owners Need to Know About Cyber Security Insurance!
byMemoori
 
Smart Buildings 2025 Wrapped! The Rise of Outcomes-as-a-Service
byMemoori
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
What's Driving Growth in the Video Surveillance Market 2025?
byMemoori
 
A SEA of Energy Efficiency Opportunities!
byMemoori
 
The Drone Dividend: Practical Applications for Commercial Buildings
byMemoori
 
Startups in Smart Buildings H1 2025 | Acquisitions & Investments
byMemoori
 
A Guide to Smart Building Open Standards 101
byMemoori
 
The 4 Billion Device Future: IoT Insights for Commercial Building Leaders
byMemoori
 
State of the Smart Building Startup Landscape 2024!
byMemoori
 
AI as an Interface for Commercial Buildings
byMemoori
 
Laying the Data Foundations for Artificial Intelligence!
byMemoori
 
The Market for AI in Commercial Buildings 2024.pdf
byMemoori
 
A BluePrint for the Future of Smart Building Retrofits
byMemoori
 
AI + Memoori = AIM
byMemoori
 
How Tenants & Landlords Can Work Together to Reduce Energy Consumption!
byMemoori
 
How Can Smart Building Technology Become Mainstream?
byMemoori
 
The Carbon Lifestyle - Not a Fad
byMemoori
 
Hybrid Work: Driving the Workplace Tech Market!
byMemoori
 
AI IoT Edge Applications Insights and Trends
byMemoori
 
What Building Owners Need to Know About Cyber Security Insurance!
byMemoori
 

Recently uploaded

PDF
Finovate report on the outlook for Fintechin 2026
byChris Skinner
 
PPTX
CMMI Consulting & Implementation Services.pptx
bySunil Yadav
 
PDF
How to Buy Instagram accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
How to Buy Snapchat Accounts in 2026 first year .pdf
bywc0fr9qf43i5qo5kn3
 
PDF
The safety revolution - Origins of workplace health and safety
byBarry Naismith
 
PDF
When Paychecks Stop: Are We Financially Ready
byAurumCapital
 
PPTX
DeFi Passive Income: From definitions to practical examples
byAli Mohammad Saghiri
 
PDF
24 Best Tiktok Seller Center Services To Buy Online.pdf
byidc1w3adizw383go
 
PDF
ActARion - The Future of Work with AI and Augmented Reality
byOrtwin Verreck
 
PDF
Dubai Multi Commodities Centre (DMCC) – Supplier Code of Conduct Policy
byDubai Multi Commodity Centre
 
PDF
ASD SCO Introduction December 2025 (1).pdf
byHenry Tapper
 
PDF
What You in 2026 Buy Twitter Accounts_.pdf
byh3lfp4332e3gctbnm22w
 
PDF
Mobile and Online Banking_ Open an Account Today.pdf
bykmn4gloa39pwajpujj
 
PDF
Buy Twitter Accounts and Platforms account in 2026.,..pdf
byh3lfp4332e3gctbnm22w
 
PDF
Where to Buy Verified Chime Accounts for Quick ....pdf
bykmn4gloa39pwajpujj
 
DOCX
How to Buy Verified Wise Accounts .docx
byGoogle Business Site Google & Gmail / Buy Old Gmail Accounts
 
PDF
Juniper Research's Top 10 Trends for Fintech in 2026
byChris Skinner
 
PDF
The Easiest Way to Buy Snapchat Accounts (1).pdf
byidc1w3adizw383go
 
PDF
LinkedIn Accounts in 2025_ Social Commerce, Trust Signals.pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
Step-by-Step Guide to Buying LinkedIn Accounts in 2026.pdf
byasikurrhmanxyzit
 
Finovate report on the outlook for Fintechin 2026
byChris Skinner
 
CMMI Consulting & Implementation Services.pptx
bySunil Yadav
 
How to Buy Instagram accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
How to Buy Snapchat Accounts in 2026 first year .pdf
bywc0fr9qf43i5qo5kn3
 
The safety revolution - Origins of workplace health and safety
byBarry Naismith
 
When Paychecks Stop: Are We Financially Ready
byAurumCapital
 
DeFi Passive Income: From definitions to practical examples
byAli Mohammad Saghiri
 
24 Best Tiktok Seller Center Services To Buy Online.pdf
byidc1w3adizw383go
 
ActARion - The Future of Work with AI and Augmented Reality
byOrtwin Verreck
 
Dubai Multi Commodities Centre (DMCC) – Supplier Code of Conduct Policy
byDubai Multi Commodity Centre
 
ASD SCO Introduction December 2025 (1).pdf
byHenry Tapper
 
What You in 2026 Buy Twitter Accounts_.pdf
byh3lfp4332e3gctbnm22w
 
Mobile and Online Banking_ Open an Account Today.pdf
bykmn4gloa39pwajpujj
 
Buy Twitter Accounts and Platforms account in 2026.,..pdf
byh3lfp4332e3gctbnm22w
 
Where to Buy Verified Chime Accounts for Quick ....pdf
bykmn4gloa39pwajpujj
 
How to Buy Verified Wise Accounts .docx
byGoogle Business Site Google & Gmail / Buy Old Gmail Accounts
 
Juniper Research's Top 10 Trends for Fintech in 2026
byChris Skinner
 
The Easiest Way to Buy Snapchat Accounts (1).pdf
byidc1w3adizw383go
 
LinkedIn Accounts in 2025_ Social Commerce, Trust Signals.pdf
bykeb2bq5cegc6m2xa32ay
 
Step-by-Step Guide to Buying LinkedIn Accounts in 2026.pdf
byasikurrhmanxyzit
 

Physical Security, IoT & The Role of Open Standards

  • 1.
    Physical Security, IoT& The Role of Open Standards Q&A with Per Björkdahl, ONVIF Chairman Any Questions? Please type them in…
  • 2.
    2 ONVIF is committedto providing and promoting open interfaces to the security industry for effective interoperability of IP-based physical security products. The cornerstones of ONVIF are: Standardization of communication between IP-based physical security products Interoperability regardless of brand Openness to all companies and organizations Liaison with International standardization IEC & ISO IEC TC79 WG12 Video (IEC 62676-2-3:2013 IEC TC/) WG11 Access Control (IEC 60839-11-1) IEC TC9 WG46 CCTV in trains (IEC62580-2) ISO JTC1 HEVC (H.265) About ONVIF
  • 3.
    3 MISSION To provide andpromote open Interfaces to the security industry for effective Interoperability. VISION All Security Systems share one Interface. ONVIF Mission & Vision
  • 4.
    4 ONVIF Development: 2008to present 2008/10 ONVIF founded by Axis, Sony & Bosch, Core Specification 1.0 2009/05 Release of test tool and conformance procedure 2009/07 First conformant product launched 2009/10 100 members 200 products 2010/03 Scope extended to Access control 2010/12 Core specification 2.0 & Device Test Tool 1.02 2011/09 300 members 1000 products 2011/12 Device Test Tool 11.1 Profile S released 2012/08 400 members 2000 products 2013/04 1200 Profile S products 2013/12 Profile C released 2014/04 500 members 2700 Profile S products 2014/07 Profile G released 2014/12 Profile Q release candidate 2015/03 Client test tool released 2015/10 500+ members 5009 products 2015/07 Profile A release candidate 2016/05 ≈ 490 members 6´500 products 2011/12 EN 50132-5-2 IP Video Transmission Protocols Based on Webservices 2013/11 IEC 62676-2-3 IP Video Transmission Protocols Based on Webservices 2011/02 IEC60839-11-31 EACS IP Transmission Protocols Based on Webservices 2016/07 Profile Q released 2016/12 Profile A planned release
  • 5.
    5 - Availability vs.protection - Different threatscape than a PC - Unmanaged devices - Customers are not cyber mature - IoT vendors are not cyber mature Internet of Things – Cyber challenges
  • 6.
    6 Security is vitalto IoT “It is a process, not a product” “Bruce Schneier”
  • 7.
    7 ­ IoT areeasier to hardened compared PC ­ Out­of­the­box hardening ­ Independent researchers ­ Cyber awareness is increasing IoT– Cyber challenges going forward
  • 8.
    8 The message isloud and clear security products that can’t connect to an IP network disappear from the market sooner than later! Two possible developments Limited utilization of standards •Isolated system silos from one manufacturer •Proprietary systems •Manufacturer lock in •Limited interoperability Full utilization of standards •True IoT •Openness, •Unlimited interoperability the Role of Standards
  • 9.
    9 True IoT isnot possible without standards Standards are not only technical Standards are also Procedures Together they can achieve security Let’s not take a leap backwards Security by obscurity is not preferred the Role of Standards
  • 10.
    10 Security is aPermanent working group in ONVIF Certificate-based Client Authentication Keystore TLS server General design goals What is ONVIF doing about security
  • 11.
    New Website! http://www.memoori.com/ NextWebinar: 12th Sept - “Demystifying the IoT in Smart Buildings”

Editor's Notes

  • #3 First, let me briefly introduce ONVIF, what we are and what we do.
  • #4 This is our Mission and Vison. I think we can all agree that we are beyond the point of no return when it comes to expected interoperability. In this scenario Cyber security and IT security are extremely important but perhaps not so often talked about!
  • #5 During 2015 ONVIF has increased its efforts to be recognized as a thought leader and establish itself as an industry organization for manufacturers in the physical security industry. ONVIF is frequently quoted in security media and articles are re-published ONVIF specifications for both Video and Access control have been included in the newest IEC standards for Video Security Systems and Electronic Access Control
  • #6 Availability vs Protection An IoT device is a single service device, a.k.a. micro service. The service it provides adds value to a system but does not have enough value to make it the primary attack target. It does not hold the customer database nor is it the primary corporate web server. In order to maximize the service value you may need to increase availability. Availability increases the attack exposure area the thus the risks. Protection on the other hand may add deployment cost and system limitations, possibly reducing the service value. Customers and solution providers needs to make a calculated risk analysis to find the appropriate balance between the two. Different type of threat Due to the nature of an IoT device it does not expose the same types of threats/risks as clients and servers. - The service may expose risks for privacy and data integrity. - The vast amount of devices, inadequate hardening combined with easy physical access makes the devices a valuable attack platform. A malicious agent in the device may be a preparation for a larger targeted attack. Understanding the risks and threatscape around IoT helps focus the protection measures on the important stuff. Unmanaged devices Once deployed it is easy to forget an IoT device compared to a PC, tablet or server. This increases the risk of an IoT device not being monitored or patched. During deployment the device may have limited amount of known vulnerabilities, but a later discovered vulnerability can quickly be exploited if the device is exposed to direct Internet access. Also, IoT devices may have a short life-cycle and the vendor stops supplying patches and updates. These things needs to be taken into considerations. Customers are not cyber mature Many customers are neglecting or underestimating cyber threats. Majority of IoT devices do have some standard hardening capabilities such as password protection. A strong password will protect from more than 95% of attacks becoming a successful breach. Nevertheless, there are many examples where customers do not bother with basic hardening such as setting the password. Poor password management is the single most common reason behind a successful breach. IoT Vendors are not cyber mature Cyber immature vendors does not have to mean that the devices are insecure. But it increases the risk of products being shipped with unsecure interfaces and poor pre-configurations, exposing unnecessary risks for the owner. One driving factor behind this is that even though customers are concerned over cyber threats - they do seldom explicitly request or discuss cyber risks. Cyber immature customers drive vendors to focus on the device feature value.
  • #7 You can spend thousands of dollars securing your infratsructure! All it takes is that a password gets out and you are toast! It is hard to protect the system from intended breach from insider (social hacking) Bruce Schneier is an American cryptographer, computer security and privacy specialist, and writer. Another quote is If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. It is the combination of technology and procedures that creates the process that protects you! Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products. The trick is to reduce your risk of exposure regardless of the products or patches.
  • #8 IoT are easier to cyber hardened compared to clients and servers IoT device have less internal services and interface to protect Majority of devices are protected by infrastructure only accessible through cloud/server services IoT devices do not have users installing insecure applications, opening email attachments or surf suspicious sites Some manufacturers provides a Hardening Guide for their products where they recommend different settings depending on environment and end customer infrastructure and policies. Out-of-the-box hardening Almost all successful breaches are due to people mistakes and misconfiguration. By addressing out-of-the-box hardened, pre-shipped configurations, enhanced user interfaces and hardening guides, vendors can help customer archive sufficient standard protection. Additional tools and services will help management, configuration and monitoring. We see an increasing growth of encryption infrastructure and simplified certificate management that will make it easier to deploy communication protection. Independent researchers As the volume of IoT devices and services increases it will attract more independent researcher, consultants and white-hat hackers. They will help expose (unknown) device vulnerabilities before they may be exploited. We will also see more media coverage that will highlighting threats, risks and best practices. Cyber awareness Both customers and vendors are becoming more aware of cyber threats. This will push vendors to put more effort on cyber threat issues. Not only to device vulnerabilities but to configuration, management and maintenance.