Showing posts with label Access Reader. Show all posts
Showing posts with label Access Reader. Show all posts

Thursday, August 15, 2024

3 Cybersecurity Steps to Reduce Threats to your Electrical System

 3 Cybersecurity Steps to Reduce Threats to your Electrical System

When anyone mentions cybersecurity, you may automatically think they are referring to IT systems. That is because protecting IT networks – and their associated personal, financial, and other proprietary data – has been the responsibility of IT professionals for an exceptionally long time. But what about your operational technology (OT) infrastructures? Are they also at risk from cyberattacks? How can you protect them? In this post, we’ll discuss these questions, and three specific recommendations for protecting your electrical systems.

The electricity subsector cybersecurity Risk Management Process (RMP) guideline was developed by the Department of Energy (DOE), in collaboration with the National Institute of Standards and Technology (NIST) and the North American Electric Reliability Corporation (NERC).

OT Cyberattacks: An Increasing Threat

The Ponemon Institute emphatically states that, “Cyberattacks are relentless and continuous against OT environments.” In a survey of over 700 organizations from six countries they found that 50 percent had experienced a cyberattack against their OT infrastructure within the last two years that resulted in downtime. For large and critical operations, this can be devastating.

All you need to do is follow the news to see frequent examples of such attacks. For example, in early 2021, the fast action of a technician narrowly avoided the risk of thousands of people being poisoned due to a hacker gaining access to a Florida city’s water treatment plant. Going back a few years, a breach that came through the HVAC system caused international retailer Target to have 40 million credit and debit card accounts compromised, costing them $290 million.

 

The latter example is just one of many that show why building systems are now widely recognized as OT attack targets. The evolution toward smarter buildings is causing an explosion in the numbers of connected devices – already an estimated 200+ million in commercial buildings alone. With more devices comes more data that needs to be protected, but for facility and business management teams to extract the maximum value, data must be aggregated and shared across OT and IT systems.

This OT/IT interconnection means that a cyberattack on an OT system can:

·        Compromise operational safety or the health of building occupants

·        Impact productivity by taking down production lines or other equipment and processes; more about the relationship between Cybersecurity and Productivity.

·        Ultimately cause an IT threat by passing malware or a virus from the OT to IT infrastructure

The Attack Surface is Now Larger

Essentially, connected OT infrastructures have increased the ‘attack surface’ for hackers and, in many cases, have acted as an organization’s Achilles heel. Clearly, it is not enough anymore to focus attention only on protecting IT and data systems integrity. All organizations must ensure strong OT cybersecurity is in place.

But what OT systems are we talking about? Depending on your type of operation, these can include industrial automation systems (e.g. SCADA) and smart building systems like a building management system (BMS), building security, lighting systems, and the energy and power management system (EPMS) overseeing your facility’s electrical distribution. Navigant Research notes, “Cybersecurity issues are expected to grow in tandem with the digital transformation of real estate through intelligent building technologies.”

In this post, we will consider cybersecurity specifically for your EPMS and electrical distribution system. However, these recommendations and practices equally apply to other OT systems.

Connected Power Means Greater Vulnerability

Energy and power management systems are helping organizations boost efficiency and sustainability, optimize operating costs, maximize uptime, and get better performance and longevity from electrical assets. When combined with BMS, an EPMS can also help make the work environment healthier and more productive for occupants.

Enabling these EPMS benefits is a connected network of smart metering, analysis, control, and protection devices that share data continuously with onsite and/or cloud-based EPMS applications. The application provides extensive monitoring and analytics while providing mobile access to data and alerts to all facility stakeholders. Connection to the cloud also opens the door to expert power and asset advisory support that can augment a facility’s onsite team with 24/7 monitoring, predictive maintenance, energy management, and other services.

All these onsite, cloud, and mobile connections offer a potential target and entry for hackers so you can read our facility managers guide to building systems and cybersecurity.

 

Securing Your Electrical System: A Holistic Approach

A hacker only needs to find one ‘hole’ in one system, at one point of time, to be successful. What you need is a holistic approach to ensure that all potential vulnerabilities are secured. For new buildings, cybersecurity best practices should be a part of the design of all OT systems. For existing buildings, cybersecurity should be addressed when OT systems are starting to be digitized. For both scenarios, the following are three key considerations:

1. Seek Specialized, Expert Assistance

The priorities for IT systems are confidentiality, integrity, and availability. For OT, the top priorities are safety, resilience, and confidentiality. This means that OT security upgrades or problems need to be addressed in a different way from IT, with careful planning and procedures. For these reasons, you need to choose a cybersecurity partner who has proper OT experience, to help you comply with all relevant cybersecurity standards and best practices.

OT systems also use different communication protocols compared to IT systems, such as BACNet, Modbus, etc. If you had your IT team attempt to perform OT security system scans, those scanning tools might cause serious conflicts, risking an OT system shutdown.

Cyberthreats are also constantly evolving, so you should seek a partner who offers ongoing OT monitoring services, updates, system maintenance, and incident response. All of these should be available remotely.

2. Put the Right Controls in Place

An OT cybersecurity specialist will help audit your EPMS and electrical systems to assess the current vulnerabilities and risks, including the gaps in any procedures and protocols.

You and the specialist must determine how secure your electrical system needs to be. The IEC 62443 standard helps protect IoT-enabled OT systems by defining seven foundational requirements (e.g. access control, use control, availability, response, etc.), each of which are designated a security level. Increased security levels offer greater protection against more sophisticated attacks. Your cybersecurity partner will help you determine the level of security you need for each requirement.

An example of one technique for securing networked systems is to break up systems into ‘zones,’ with each secured individually. OT will be separated from IT, and within OT there may be further segregation. A special ‘demilitarized’ zone is typically included, which is a perimeter subnetwork that sits between the public and private networks for an added layer of security. This makes it harder for hackers to find a way in from one system or zone to another. Where required, connections between networks are provided by specially secured data ‘conduits.’

Your electrical system should also be physically secured, with no access by unauthorized personnel. This same strategy applies to EPMS communications network security by means of controlled, multi-tiered permission-based access.

3. Train your Staff

Many cyberattacks are successful because employees have caused unintended errors. It is important that your people become aware of, and vigilant against, cyberthreats. This includes giving your operations team specialized OT cybersecurity training.

This training will typically include multiple steps, including training all individuals to spot social engineering cues, such as phishing attempts or attempts to access protected areas using pretexting (i.e. someone pretending to be a vendor to gain access). This will also include establishing protocols around the use of passwords, multi-factor authorization, policies around WiFi access (e.g., guest network that remains isolated from OT networks), regular auditing of user accounts and permissions, etc.

While the horizontal cybersecurity framework provides a solid basis, specific characteristics of the energy sector such as the need for fast reaction, risks of cascading effects and the need to combine new digital technology with older technologies necessitate specific legislation.

Thanks to Felix Ramos & Khaled Fakhuri to write this article.


Friday, September 1, 2023

Security Integration management systems

Security Integration Management Systems 

Security systems are changing at an ever-increasing pace and are becoming standard Information Technology (IT) products running over a Local Area Network (LAN) or Wide Area Network (WAN). As a result of using standard protocols such as Transmission Control Protocol/Internet Protocol (TCP/IP), the manufacturers to develop new generations of integrated systems. These systems are called System Integration as they bring together the management of all aspects of an organisation’s security. In recent years, the market for security equipment has realized the immense merits of integrating different components in a security system. However, true integration may be offered by all the manufacturers in the field today. A truly integrated security system combines the various components and yet they are all part of a more sophisticated and bigger system.

Some people use the term 'integrated' to describe a multiplexer combining full screen and multi screen images. Or a control desk containing an integrated intruder alarm PC, an integrated fence alarm PC and an integrated CCTV PC sitting next to one another. This is not true integration.

It is possible to integrate components like a public address system, CCTV, fence alarms, intruder alarms, fire alarms (life safety) and access control system within a single system. The system can be multi-station networks or even a single PC. All these components should interact with one another as a single entity. For example, whenever the fire alarm gets activated, the screen of the Visual Display Unit should pop up a new text window where detailed instruction should be given on what to do next. Simultaneously, the integrated system may release the doors meant for fire exit and display those CCTV cameras, through which the operator can view the affected area so that the operator in question can engage in a communication with the other staff and do not have to take the help of any public address system.

It is not always necessary to purchase all of the components of a system from one supplier. Manufacturers of Security Management Systems realise that the customer wants choice and will often link to components from other specialist manufacturers. Many manufacturers provide integration modules and protocols such as BACnet and OPC, and data integration methodologies such as eXtensible Markup Language (XML), ActiveX and others, which can in theory link to almost any business system. You will need to talk to individual suppliers to discover what development tools such as Software Development Kits (SDK) and Application Programming Interfaces (API) are available for integrating systems. Yes, the system should be able to function with the help of a battery backup though the duration of this backup time may vary according to the type of panels used within it. In my experience this has not been an issue, but some manufacturers are very cautious to whom they release this information. If you are a competitor it is almost impossible.

Even when protocol has been received 90% of the time it is either incorrect, incomplete or even misleading! It is essential to test product before installation, I know it is an old fashioned idea but it is really nice to see the system actually working.

Opportunities of System integration

There are a number of advantages to be gained in both the security and commercial aspects of designing and adopting an integrated system. This section lists some of the advantages that may be considered when combining separate systems into an integrated solution.

Access Control Systems (ACS)

Access Control is typically specified to provide protection to both property and employees. Generally it is thought of in terms of managing doors. However, it often extends to public areas when coupled with turnstiles, gates and barriers, or highly sensitive areas when coupled with biometrics.  If the access control and intruder alarm systems are linked together, the access control system can be programmed to automatically change, based on the type of alarm that sounds. By integrating Access Control with other systems many advantages may be realized. For example:

Fire Alarm mustering – know where your employees are at a given time.

Know which doors / areas employees are entering, or trying to enter.

Link CCTV images with access control events.

Link Time & Attendance monitoring using the same badge / token software.

Link Visitor Monitoring with Access Control & CCTV using badge / token software.

Increase security through systems such as dual card access or access using a biometric technology.

Intruder & Hold up alarm system control functions can be managed by the Access Control system.

Logical Security

Logical access control is the brother of physical access control but is often limited to secure PC logon. Integrating these two elements can significantly increase your security. For instance, you can restrict PC access to only those who have a smart card and use this to logon to your IT network. Alternatively, you can inhibit network logon if the person is not in the building, further enhancing your security.

One example is to use the CCTV system and access system to monitor and lock doors during a denial of service (DOS) attack at the same time as sending a message to the security guards. Quite often physical and logical attacks go hand in hand.

Time & Attendance (TA) monitoring

The same badge/token used to identify a person in Access Control can register them on and off work with Time & Attendance monitoring. Also as more integrated software systems become available, use of the same software to handle Access Control, Time & Attendance and Visitor Monitoring can be achieved. Remember however, that just because a person went through an Access Control door does not mean they are registered for work, especially under Working Time Directive (WTD) rules. You will need separate T&A clocking stations, albeit on the same network, to monitor working hours and software to calculate employee hours, monitor absences and WTD hours and infringements.

Human Resources (HR) / Payroll

Why enter data twice? When a new employee joins a company his personnel details are often entered into both the appropriate HR system and then again into the security system. By integrating these two systems, a subset of the employee data can automatically be transferred into the Access Control System when an employee joins. Alternatively, when an employee leaves, his rights can be automatically deleted from the Access Control System, again reducing effort and increasing security.

CCTV Systems

By integrating CCTV and other systems such as Access Control, the benefits of more than one system can be coupled to provide a more efficient and usable solution for the end user. IP camera can be integrated with Motion Sensor not only that If IP camera has I/O port you can integrate with other systems like, Hooter, Auto dialer etc. Through Video management intelligent Software you can get face reorganization, license plate reorganization etc.  For example:

Live camera views can be integrated with the Access Control Software, equally Access Control or other data can be integrated with the CCTV system.

Access Control and other security detection systems can initiate pre and post-event video recording, linking the video recording with the event information. This makes searching for events on the DVR/NVR more effective as only the event needs to be searched, for example ‘Door forced – Stores Door’ or ‘Zone 1 – Perimeter breached.’

Track individuals and record their access details against the recording to track suspect users or stolen card users.

Initiate camera presets when specific pre-determined events occur, e.g. when entering a room in a bank, switch the camera to zoom into the door to identify the individual.

Use CCTV with Time & Attendance system to detect / eradicate ‘buddy-clocking’, a practice where employees clock each other on and off work.

Intruder Alarms Systems (IAS)

By integrating intruder with other systems, the benefits of more than one system can be coupled to provide a more efficient and usable solution for the end user. For example:

Set / unset the intruder system using an access reader. No need to use the intruder keypad.

No entry delay time if main door forced. The entry timer is bypassed thus providing an instant alarm.

Disabling of access readers when the intruder system is in the armed state, to prevent false alarms due to unauthorised entry into an armed area.

Using an occupancy count from another system, the Intruder & Hold Up Alarm system can be notified that there may be persons present in the building when the system is being set.

External Perimeter Detection

One of the fundamental objectives of a security system is to provide protection at the outermost perimeter of a property. A perimeter intruder detection system can be used, linked with CCTV to provide early warnings and increased security through verification in the event of a breach. For example, external doors could be automatically locked if the perimeter system detects an abnormal event.

Fire Detection & Alarm Systems

Fire protection / Detection systems have traditionally been isolated from other building management and security systems. By integrating fire with other systems, the benefits of more than one system can be coupled to provide a more efficient and usable solution for the end user. For example:

In the event of a fire all emergency exit doors on the fire escape route need to be automatically released from an electrical point of view, but physical quick release locks may be in place to maintain security and still allow people to escape. It is common practice to install a relay in series with the electric locking mechanism controlled by the fire panel. An alternative is to feed a fire input into the Access Control System, which then automatically releases the appropriate electric locking mechanisms. The proposed link between the Access Control System and the fire system should be evaluated as part of the fire risk assessment.

In addition to providing hardware control during a fire situation, it may be necessary to provide a ‘roll call’ or ‘muster’ report to list all people in the building at the time of the fire alarm.

PA system (PAS)

In general IP paging and intercom systems are used to direct people in emergencies, control doors and control other situations such as crowd control. However, integrating such systems with others leaves the door open to new uses and can push a technology to its full potential. For example, integrating a campus’ PA system with security systems such as video surveillance could give campus security operators more control over emergency communication. Paging can be integrated with IP camera systems. Small amplifiers are used to power speakers that can be used with the cameras.

It is also important that the video management software (VMS) supports the audio. Some VMS will provide an alert if they detect a button activation from the IP camera. The VMS then allows the security person to see what is happening and then talk to the person near the IP camera.

The Digital Acoustic intercom system is independent of the VMS and uses its own Windows paging software. In this case, the security person can receive an alert from an intercom and be notified on their Windows computer. The software also allows the security person to view a nearby IP camera. This is not quite as integrated as the first method, but can provide additional security.

PA Controller should be integrate with Fire Detection system, in case of fire PA system automatic start announcement to evac said area.

Visitor Management Systems (VMS)

For many companies and organizations, a manual paper-based VMS will suffice, providing visual identity of visitors. However, computerized systems linked to Access Control and Time & Attendance systems are the natural bedfellows for integrated security systems. These not only print ID passes, but can also incorporate biometric identification and the scanning of visitor/contractor documentation, licenses, certificates and insurance certificates.

Lift Control

By integrating lift control with the access control system, access to certain floors in a building may be

Restricted, particularly outside normal working hours or in multi-tenanted buildings. To monitor of lift you can fix CCTV Camera which is integrate with Access Control.

Car Park Management (CPM)

Where access to a car park is restricted, the ISMS can automatically monitor the number of spaces left for each tenant or department and regulate access accordingly. For example:

Visually through CCTV.

Audibly through an intercom system.

Automatic number plate recognition.

Access Control tokens.

Guard Tour System (GTS)

By using a guard tour package that integrates with the access door readers can be used to define and monitor a tour by a specific guard, providing a real time indication if the guard does not reach a set point in time (or even if he arrives too early) – equally integration with the CCTV system can provide visual verification of the guard’s location and wellbeing. Many Time & Attendance systems incorporate Guard tour functions as part of their software package.

Building Management Systems (BMS)

Building management systems are responsible for monitoring and controlling the environment of a building, for example lighting control, heating and ventilation (HVAC). In the current climate of energy saving, why leave lights on when an area is unoccupied? By integrating Access Control Systems with BMS systems, the lighting can be automatically controlled by recording when people access an area. The system can also be configured to control the heating by reducing the room temperature when no one is present rather than leaving it on all day and off at night.

Electronic Point of Sale (EPOS)

The logic of integrating security systems together is evident, however if information from systems such as EPOS can be interfaced then a powerful security solution for applications in the retail market and casinos can be deployed.

Data sent from an EPOS system can be overlaid on a live video display, allowing operators to view the camera feed and till transaction simultaneously. The transaction information and alarms enerated by the EPOS system can be bookmarked and recorded alongside the video. This facilitates visual identification of an incident in both real time and through post-event analysis. Powerful transaction analysis can be undertaken on the stored data, for example, finding out when a particular credit card was used by searching every till in a store or across all stores from the head office.

Conversely, recorded video can be searched using a thumbnail feature, which displays a video still image for every transaction, allowing the operator to quickly identify the relevant footage. Evidential quality video clips and associated transaction data can be exported for investigation or use in court.

Alarms generated by the EPOS system, such as ‘register drawer left open’, ‘refund’, or ‘large dollar amount’ can automatically trigger a number of events, including displaying the nearest camera to the specific till and pinpointing the alarm on an interactive map.



Wednesday, August 16, 2023

Difference Between CCTV and Surveillance Cameras?

Difference Between CCTV and Surveillance Cameras?

When it comes to matters of security, there is a great deal of misunderstanding regarding the distinction between closed-circuit television and surveillance cameras. In spite of the fact that many people use these phrases synonymously, there is a significant difference between the two.

In this article, we will go over the key distinctions between closed-circuit television (CCTV) systems and surveillance cameras, and then we will assist you in selecting the system that is most suited to meet your requirements and how to Select The Right CCTV System.

What Is CCTV?

A CCTV system consists of a number of cameras to record activity, a digital video recorder (DVR) to store footage, and a monitor to view the recordings. You can also add security features like motion detectors and alarms.

Most people install CCTV systems for security purposes. They deter burglars and can help identify criminals after the fact. But they have other uses too. For example, you can use them to keep an eye on employees or children.

CCTV systems come in all shapes and sizes. They can be as simple as a single camera connected to a DVR, or they can be more complex with multiple cameras, different types of storage, and remote viewing capabilities. The type of system you need depends on your specific needs.

Installing a CCTV system can be a great way to improve security at your home or business. But it’s important to make sure you understand all the ins and outs before making any decisions.

What Is A Security Camera?

The word “security camera” is often used, although many people have no idea what they are. Monitoring and recording activity in a certain area is the primary function of security cameras.

They’re commonly found in public locations like shops, banks, and other establishments of a commercial nature. The usage of security cameras to discourage criminals and safeguard families is becoming more common.

There are a wide variety of security cameras to choose from. Small enough to fit in your hand, yet with a wide range of size options.

The region you want to keep an eye on will dictate the kind of camera you require. In order to watch your front entrance, you’ll need a different kind of camera than you’ll need to monitor your backyard, for instance.

Wireless and wired security cameras are available. A cable connects a wired camera to a recorder, such as a DVR. Wi-Fi is a common method of transmitting footage from wireless cameras.

Wireless cameras are preferred by many people since they are easy to set up and can be put anywhere in your house or company.

Analog and digital security cameras are two of the most common varieties. Analog cameras record footage using an analogue signal. Unlike digital cameras, this sort of camera is older and less prevalent.

What is The Main Differences Between CCTV and Security Camera

CCTV cameras, or closed-circuit television cameras, are a type of security camera that is typically used in public places in order to deter crime.

Security cameras, on the other hand, can be used in both public and private settings and are often used in homes in order to provide extra security. Here are five main differences between CCTV cameras and security cameras:

-CCTV cameras typically have a wider field of view than security cameras.

-CCTV cameras are usually mounted on ceilings or high up on walls, while security cameras can be placed anywhere that provides an adequate view.

-CCTV footage is usually monitored by security personnel in a separate location, while many home security systems allow users to monitor their own footage remotely.

-CCTV cameras typically record footage continuously, while security cameras can be set to record only when motion is detected.

-CCTV cameras are usually larger and more noticeable than security cameras.

Both CCTV cameras and security cameras serve an important purpose in terms of security. It’s important to choose the right type of camera for your needs in order to ensure that you’re getting the most out of your investment.

Comparison Table Between CCTV and Security Camera

CCTV

Security Camera

CCTV stands for ‘closed-circuit television’ 

Security cameras are also known as IP cameras; Internet Protocol Cameras.

As wired network cords, CCTV cameras utilize

Power over Ethernet (POE) is used by security cameras to reduce the requirement for electrical cables.

CCTV systems have a lesser video quality and image quality than security cameras.

Security cameras provide greater video quality and pixel density than CCTV cameras.

A television is used to transmit feeds from CCTV cameras.

Wi-Fi, LAN, or cellular networks are used to link security cameras.

CCTV is not wirelessly accessible and can be disarmed easily.

Security or IP cams are much more efficient and can be controlled wirelessly regardless of distance.

How To Select The Right CCTV System

When it comes to choosing a CCTV system, there are many things to consider in order to find the right one for your needs. Here are a few tips on how to select the right CCTV system:

-First, you need to determine what type of coverage you need. Are you looking for indoor or outdoor coverage?

-Second, you need to decide on the features that are important to you. Do you need night vision or motion detection?

-Third, you should consider the size and placement of the cameras. You will need to make sure that they are placed in strategic locations in order to get the best coverage possible.

-Fourth, you will need to choose a system that is compatible with your existing security system. If you don’t have a security system, you will need to choose one that is easy to install and use.

-Finally, you will need to decide on a budget. There are many different CCTV systems on the market, so you will need to find one that fits your needs and budget.

When it comes to choosing a CCTV system, there are many things to consider. With these tips in mind, you should be able to find the perfect system for your needs!

How To Select The Right Security Camera

It’s important to do your research when selecting a security camera. You want to make sure you’re getting a high-quality product that will be effective in protecting your home or business. Here are a few things to keep in mind when making your selection:

– The type of camera you need will depend on the area you’re trying to monitor. Indoor cameras are typically small and unobtrusive, while outdoor cameras need to be weatherproof and durable.

– Resolution is an important factor to consider. Higher resolutions mean better image quality, but they also require more storage space and processing power.

– Night vision is another key feature to look for. Many cameras now come with infrared LEDs that allow them to see in low-light conditions.

– Some cameras come with additional features like motion detection and two-way audio. These can be useful in certain situations, but they’re not essential for everyone.

Take your time to compare different security cameras and find the one that’s right for you. With so many options on the market, there’s sure to be a perfect match for your needs.

Conclusion

Make sure you’re getting exactly what you want with SSA INTEGRATE’s services.
We ensure that the solutions we are implementing will meet your demands now and in the future by going through our clients’ requirements.

No matter how many cameras you need, our team can manage all the design, estimating, specifications, equipment use and new equipment installation along with the necessary training and maintenance. We are not recommended to install HikVision, Dahua & Huawei.

It is our goal to give the best possible customer service prior to and following the installation. Regardless of the situation, customers can always rely on our knowledge and team.