Issue link: http://securitymedia.uberflip.com/i/721230
Issue 20 the newspaper for the security industry Wherever you look, demand for thermal security camera technology is certainly on the rise. In the latest market report, Security News Desk takes the temperature of this ever growing market. • Read more – page 24 - 25 Market Report: Thermal Security News Desk finds out why Body Worn Video camera solutions are more and more in the frame for patrolling police officers across the globe. • Read more – page 8 - 9 Public Sector Security Tim Compston speaks to P.W. Singer, the author of 'Cybersecurity and Cyberwar', who shares his thoughts on how states are increasingly turning to the cyber domain for their future military planning. • Read more – page 11 Industry Interview Maritime security on the home front navigating the maritime security concerns a little closer to home Page 6 - 7 www.SecurityNewsDesk.com Issue sponsor General Data Protection Regulation (GDPR) or Regulation (EU) 2016/679, to give it its official reference, comes into force on 25th May 2018 and, to a greater or lesser degree, will almost certainly affect every business in the country. e underpinning philosophy of GDPR is to facilitate the free movement of data within a framework that upholds, respects, and assures privacy and the proper and appropriate use of data. Even post-Brexit the GDPR will apply to any organisation holding data on European citizens, so the requirements may well be the same irrespective of the UK's relationship with the EU. "e regulations at over 200 pages long are substantial and their content is ambiguous," according to the legal firm Bird and Bird LLP. e Information Commissioner's Office (ICO) writes that, "Many of the GDPR's main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently." e ICO emphasises that, "It is essential to start planning your approach to GDPR compliance as early as you can and to gain 'buy in' from key people in your organisation. You may need, for example, to put new procedures in place to deal with the GDPR's new transparency and individuals' rights provisions. In a large or complex business this could have significant budgetary, IT, personnel, governance and communications implications." Accountability, compliance, visibility and the ability to demonstrate this is at the heart of the GDPR regulations. ere are lots of guidelines being produced and many different legal companies are circling with guides aimed at providing the help needed to ensure compliance. However, the ICO have produced a comprehensive 12 step guide that is readily available on their website and is the ideal place to start preparations. Security responsibilities grow under GDPR. e broad requirement, in current data protection legislation for "appropriate technical and organisational measures" remains. However, the GDPR fleshes out the requirement with additional factors to take into account. ese include the ability to ensure ongoing confidentiality, integrity, availability and resilience of systems and processing (including pseudonymisation and encryption), the ability to restore availability and access in a timely manner, and processes for testing the effectiveness of security. e GDPR expressly provides for the use of approved codes of conduct or approved certification mechanisms as means to demonstrate compliance. Both the data controller and data processor are responsible for implementing appropriate security. Data breach notification is one of the most profound changes introduced by the GDPR. ere are two strands: notification to regulators "without undue delay" but with an exacting 72 hour target, and communication to affected data subjects. Organisations potentially have a huge amount to do so that they can detect and report breaches to supervisory authorities within the extremely tight deadline. e threshold for breach notification is very low and is defined as "likely to result in a risk for the rights and freedoms of individuals". is will require review of current technologies (firewalls, network monitoring and threat detection logs), incident response procedures, crisis management procedures and policies. e danger is with such a low threshold that breach responses will be mishandled in the rush to get reports to the authorities. However, it is hoped that over the next couple of years guidance will be issued to help organisations and regulators standardise and streamline notification procedures so that time and resource can be freed up to deal with the most serious incidents quickly. As the GDPR changes gear on data compliance, companies can only hope that regulators will adopt pragmatic guidance and take a risk-based approach when it comes to enforcement. However, given the scale of fines at stake and the rise of claims by individuals, businesses cannot afford to take a chance. e long road to GDPR compliance starts now. For further discussion on GDPR and other cyber issues turn to our Cyber Security section, page 20 -21. GDPR is coming up fast – are you ready? a fine of up to four per cent of your global annual turnover or 20 million euros... whichever is the greater. "It is essential to start planning your approach to GDPR compliance as early as you can." - Information Commissioner's Office The Internet of Things: a growing attack surface paul peachey looks at the growing attack surface coming about through the rise of smart homes and iot. For a home camera security system that boasted of its high-levels of protection, it proved remarkably easy to infiltrate. All it needed was a flick of the switch on the back of the outdoor camera and minor technological expertise for it to reveal the password to the home internet network. "We just had to press a button on the outside - ludicrous," said Ken Munro of Pen Test Partners which uncovered the breach. "It was a three-second job. And they said they have bank level security." e breach in the system meant that the researchers – alerted by a concerned customer – could potentially tap into 24-hour streaming from the cameras, according to findings of its testing that have yet to be released. e researchers have alerted the company to the failure, but it appears that no fix has so far been made. "Not the kind of security product I'd want in my home… doesn't fill me with any confidence that security has been baked into this product's development," Pen Test Partners concluded. To read further, turn to page 16. Evolution to revolution Many of today's mission-critical security solutions are a far cry from what was fielded even ten years ago thanks to unprecedented, fast-paced, advances in technology and the lessons learnt from the battle against criminals seeking to exploit vulnerabilities in physical and cyber defences. We find out how security solutions have been geared up over the years to meet these ever evolving challenges - taking a look at vehicle mitigation, CCTV, drones, access control, aerostats and the 'rise of the robots.' We also speak with Martin Gren, Co-Founder and Director of New Projects at Axis Communications, on bringing network video to market. Turn to pages 12 -13 to read the double- page feature.