ESA Presents its Weinstock Person of the Year Award to Firestone

/0 Comments/in /by

Steve Firestone has had a distinguished professional career. But what may define Firestone — the individual — most are the personal connections forged by the spirit of community and association for the betterment of all. Firestone’s litany of association work and volunteerism is long and illustrious. It is certainly befitting the very essence of the Morris F. Weinstock Person of the Year, an honor recognizing the lifetime achievement and service to the industry of a dedicated individual.

In a recent conversation, Firestone addressed how he found a work-life balance with volunteering; the personal rewards one gains through association work; and the importance of “staying in school.” He also recalls in detail how countless industry brethren lifted him and his family during one of their darkest moments.

Read the full interview.

ESA Welcomes New Board Members: Rick Seymour & Michael Barnes

/0 Comments/in , /by

The Electronic Security Association recently installed two new members on its Board of Directors – Rick Seymour CEO, CSI Palm Beach, and Michael Barnes, founding partner, Barnes Associates, Inc. Both were installed onto the ESA Board of Directors during the ESA Annual Meeting at ESX and began their term on July 1st. Each Board Member has a responsibility for ensuring strategies and policies that are developed, discussed and implemented will enable the organization to achieve its mission and vision, and to monitor the organization’s implementation of those strategies and policies.

Congratulations to all newly elected and installed board members:

Integrator Chairman John Loud 2022-2024
Integrator Director Kevin Stone 2022-2024
Integrator Director Rick Seymour 2022-2024
Integrator Director Melissa Brinkman 2021-2023
Integrator Director Jeremy Bates 2021-2023
National Company Director Doug Bassett 2022-2024
Associate Member Director Jason Lutz 2021-2023
Competency Director Steve Firestone 2022-2023
Competency Director Michael Barnes 2022-2023
Immediate Past Chairman Director Jamie Vos 2022-2024 

Read More

 

New Study: Communities Find Success with Model Alarm Ordinance

/0 Comments/in , , , /by

A new study by a professor at the UNC-Charlotte, Criminal Justice & Criminology Department shows that most electronic security systems in the communities studied protect life and property without generating calls for police services. The study examined four communities that had adopted the Model Alarm Ordinance, developed by the industry and leaders in law enforcement to reduce unnecessary calls for service while maintaining police response to alarms.

The four communities included Charlotte-Mecklenburg, North Carolina; Atlanta and Marietta, Georgia; and Montgomery County, Maryland. These communities represented two large agencies, one smaller suburban agency and one county agency managing more than 570,000 permitted alarm systems.

“A key finding of the study,” said Dr. Joe Kuhns, “is that the vast majority of alarm systems in these four locations were effective at protecting lives and property while generating zero calls for service in a given year, and only a tiny percentage are problematic systems that generated multiple calls for service.”

The annual average percentage of registered alarms that generated zero dispatches was as high as 92% in Charlotte-Mecklenburg, 82.6% in Atlanta, 87.5% in Montgomery County and 66.4% in Marietta. These statistics represented an 8 or10-year average, depending on how long the ordinance had been in effect.

“It is also noteworthy that the percentage of zero dispatches tends to increase over time,” said Kuhns. “As jurisdictions get better at administration, and the public becomes more familiar with the ordinance, results consistently improved over time in these four settings.”

The proportion of problematic systems, which generate three or more dispatches in a year, was only .09% in Charlotte-Mecklenburg, 3.5% in Atlanta, 1.08% in Montgomery County and 8.7% in Marietta.

The Model Alarm Ordinance was created in collaboration with leaders in public safety through organizations such as the International Association of Chiefs of Police and the National Sheriffs’ Association,” said Stan Martin, executive director of the Security Industry Alarm Coalition (SIAC) which funded the study. “Public safety leaders recognize the important role electronic security plays in their communities and the importance of police response as a deterrent to crime.

“The Model Alarm Ordinance directly addresses the issue that the vast majority of false alarms are caused by user error,” said Martin. “The study demonstrates that the strategy of focusing on the chronic abusers and fining owners who are careless in operating their electronic security systems is the most effective way of minimizing calls for service.

“The Model Alarm Ordinance is a framework that communities can modify to best fit their local needs,” said Martin. “SIAC provides consultation at no cost to law enforcement agencies considering or modifying alarm ordinances.”

“The model alarm ordinance calls for increasing fines or even curtailing response to the very small percentage of systems that place inordinate demands on public safety agencies,” said Kuhns. “In addition, it mandates multiple contacts with the alarm site prior to contacting public safety agencies.”

“False alarms did not consume a lot of law enforcement resources in the four agencies we studied,” said Kuhns. “If we can replicate what they are doing across the nation’s 18,000+ law enforcement agencies, we are going to wind up saving a whole lot of money and time which can be devoted to other public safety priorities.”

Joe Kuhns, Ph.D., Professor, UNC-Charlotte, Criminal Justice & Criminology

Dr. Joe Kuhns teaches courses in policing, community policing, drugs and crime, and research methods at the undergraduate and graduate levels. Prior to arriving at UNCC in 2003, Dr. Kuhns served as a Senior Policy Analyst at the U.S. Department of Justice (Office of Community Oriented Policing Services).

About SIAC

SIAC represents one voice for the electronic security industry on alarm management issues –communicating solutions and enhancing relationships with law enforcement.  SIAC is comprised of four major North American security associations–Canadian Security Association (CANASA), Security Industry Association (SIA), The Monitoring Association (TMA), and the Electronic Security Association (ESA). For more information, go to www.SIACinc.org ,  www.siacinc.wordpress.com, or follow us on www.twitter.com/siacinc.

E&C Announces Subcommittee Markup of Bipartisan, Bicameral Privacy Legislation & Seven Other Bills

/0 Comments/in , , /by

Energy and Commerce Committee Chairman Frank Pallone, Jr. (D-NJ), Ranking Member Cathy McMorris Rodgers (R-WA), Consumer Protection and Commerce Subcommittee Chair Jan Schakowsky (D-IL), and Subcommittee Ranking Member Gus Bilirakis (R-FL) announced today that the Consumer Protection and Commerce Subcommittee will hold a markup on Thursday, June 23, at 10:30 a.m. (EDT) in the John D. Dingell Room, 2123 of the Rayburn House Office Building.

“This week, we will take another major step in putting people back in control of their data and strengthening our nation’s privacy and data security protections by marking up the bipartisan American Data Privacy and Protection Act,” Pallone, Rodgers, Schakowsky, and Bilirakis said. “We continue to welcome and encourage input as we begin this next step in the regular order process. The Subcommittee will also consider seven other bills, including legislation to protect children from dangerous products, prevent unwanted recording by smart devices, and defend horses from inhumane practices. We look forward to working with Committee members on both sides of the aisle to advance these important bills.”   

 The Subcommittee will consider the following bills:

 H.R. 8152, the “American Data Privacy and Protection Act,” which was formally introduced in the House today by Pallone, Rodgers, Schakowsky, and Bilirakis. 

 H.R. 3355, the “Save America’s Forgotten Equines Act of 2021” or the “SAFE Act,” which was introduced by Reps. Schakowsky and Vern Buchanan (R-FL).

 H.R. 3962, the “Securing and Enabling Commerce Using Remote and Electronic Notarization Act of 2021,” which was introduced by Reps. Madeleine Dean (D-PA), Kelly Armstrong (R-ND), and 32 original bipartisan cosponsors.

 H.R. 4081, the “Informing Consumers About Smart Devices Act,” which was introduced by Reps. John Curtis (R-UT) and Seth Moulton (D-MA). 

 H.R.4551, the, “Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act” or the “RANSOMWARE Act,” which was introduced by Rep. Bilirakis.

 H.R. 5313, “Reese’s Law,” which was introduced by Reps. Robin Kelly (D-IL), Jodey Arrington (R-TX), and Ted Lieu (D-CA).

 H.R. 5441, the “Prevent All Soring Tactics Act of 2021” or the “PAST Act,” which was introduced by Rep. Steve Cohen (D-TN) and 212 other original bipartisan cosponsors.

 H.R. 6290, the “Manufacturing.gov Act,” which was introduced by Reps. Paul Tonko (D-NY), Cindy Axne (D-IA), and Fred Upton (R-MI).

This will be a hybrid markup that includes both in person and remote member attendance via Cisco Webex video conferencing. Members of the public may view the markup via live webcast accessible on the Energy and Commerce Committee’s website. Please note the webcast will not be available until the markup begins.

IMPORTANT NOTE:

Our language is included under Sec. 101 (b) (4) as a permissible service

1              (4) To prevent, detect, protect against, or re-

2             spond to a security incident, or fulfill a product or

3             service warranty. For purposes of this paragraph,

4             security is defined as network security as well as in-

5 t           trusion, medical alerts, fire alarms, and access con-

6             trol security.

Analysis of American Data Privacy and Protection Act (ADPPA) Discussion Draft Released June 3

/0 Comments/in , /by

The following information and analysis is being shared with TMA members courtesy of The Security Industry Association (SIA).

Over the last week, SIA Government Relations has been collecting and analyzing feedback from their members on the bipartisan data privacy discussion draft under consideration in the House Energy and Commerce Committee (which was released June 3).  SIA has concerns pertaining to some specific issues addressed in the language as it appears that could have sweeping impact on the use of video surveillance systems, alarm systems and biometric technologies (see below).

SIA Government Relations will be working quickly to raise concerns about these issues with the key Congressional offices to ensure they are addressed, as it is likely this measure would clear committee before the July 4 recess and possibly the House by August on its current trajectory.  Subcommittee markup could occur as early as next week.

Below is described SIA’s analysis and member input received as of June 14th. Additional analysis of the House bill (and a competing Senate bill released by Sen. Cantwell that may also receive consideration this month) is also provided.

Framework: The overall framework ADPPA does not align with the GDPR and existing state data privacy laws in important respects, fails to preempt laws harmful to businesses and consumers, e.g., the Illinois Biometric Information Protection Act (BIPA), and includes a private right of action sure to encourage abusive class action lawsuits. Specific to our industry, significant and interrelated flaws in the definition of key terms and provisions make it incompatible with the effective use of many security systems, among other negative impacts. Without substantial revisions the measure would have serious – and likely unintended – negative impact on public safety.

Security Systems: The draft’s broad definition of “biometric information” combined with the prohibitions on its collection, processing, and transfer in Sec. 102(a)(3) would essentially prohibit the commercial use of security cameras of any kind without obtaining the “affirmative express consent” of all individuals who are recorded – consent a malicious actor is unlikely to provide. Apart from this concerning outcome, this would create an insurmountable burden in the security setting, when such cameras are ubiquitous components of security systems widely used and accepted for protecting most businesses, commercial facilities, schools, transit systems, and connected public spaces in the country – and virtually every business and non-profit organization is considered a “covered entity” subject to requirements under the bill.

By including “facial imagery” (versus biometric measurements) in the definition of “biometrics”, any photo or video recording of a face becomes “biometric information” under the draft, regardless of how it’s used. Significantly, data privacy laws in five states already specifically exclude photographs, video recordings and derived information from their definition of biometric information. Additionally, all current state data privacy laws include some form of an exception for security and anti-fraud purposes and/or cooperation with law enforcement. Likewise, the general exceptions in Title II Sec. 209 of the discussion draft include (albeit narrowly) “to detect or respond to a security incident” and “to protect against fraudulent or illegal activity.” However, the Title I’s Section 102(a)(3) prohibition with respect to biometric information appears to supersede the exceptions in Title II, rendering these limited security and anti-fraud exceptions inapplicable to photo and video data.

Similarly, due to the overly broad definition of “precise geolocation information” in the bill, the transfer prohibition in Section 102 (a)(2) likely encompasses the date, time and location information typically associated with photo and video data when it is created and included when it is transmitted, impeding operation of security and life safety systems. For example, remote video verification for intrusion detection systems is increasingly utilized to reduce false alarms. Use of this technology may include the transmission of facial imagery along with this associated information. It is objectively impossible to obtain consent from all individuals that may trigger such alarms. Additionally, while the exceptions in Section 209 apply to “covered data” in the draft text, this does not also explicitly include “sensitive covered data” (like biometric information and precise geolocation information).

For the reasons outlined above, it is imperative to, among other things, 1) provide a more robust and workable security exception in Section 209, 2) clarify that Section 209 exceptions apply to practices in Title 1 and to sensitive covered data, and 3) exclude photos and video from the definition of “biometric information.”

Consent: Instead of aligning with GDPR and the latest state data privacy laws providing for a “clear affirmative act” to signify consent, the discussion draft would require a similar sounding – but different – “affirmative express consent” which could be inferred to negate the ability to use notice and consent mechanisms like signage, etc. Affirmative express consent” as defined in the draft should be replaced with the common definition of consent used in existing state data privacy laws in Colorado, Virginia, Utah and Connecticut.

Law Enforcement: All current state data privacy laws include an exception to requirements when it comes to cooperating with or assisting law enforcement investigations, including Connecticut’s data privacy law enacted last month. Subsection (a)(9) on law enforcement cooperation in Section 209 of the draft (which is currently bracketed for review) should be retained and expanded to include facilitation with a law enforcement investigation.

Government Contractors: Related to law enforcement and other functions, there are many private entities that collect, process and/or transfer information to federal, state or local governments as a contractor, including acting upon their behalf in some cases. It appears under the bill’s framework that government entities, while not covered entities, could be considered third parties in this arrangement. Therefore, it should be clarified that contractors acting in this capacity are considered service providers and not covered entities.

First Responders and Alarm Systems: Additionally, to address the third-party issue above, the exceptions should be clarified in Section 209 to include covered data that may be transmitted to first responders (as third parties) for responding life safety emergencies, such as fire, etc. in addition to security incidents.

Publicly Available Information: Information about individuals that is available to the public is not private and thus is excluded from the definition of covered data. However, the draft substantially narrows the commonly accepted definition of “publicly available information” used across existing state data privacy laws with additional caveats. This definition should be adjusted to align with definitions in existing state laws to ensure publicly available information continues to generally mean information lawfully available to the general public through government records, widely distributed media or required to be displayed in public by local, state or Federal law.

Biometrics Definition/Provisions: As currently drafted, data could be included as “biometric information” that is not actually biometric or does not present a privacy risk, because there is no requirement that such data is used to identify a specific individual. The definition should be aligned with all existing state data privacy laws in the U.S. that address biometrics, by requiring an identification capability or purpose for data to be considered biometric information. Also, unless the Section 102 prohibition with respect to biometric information is altered or removed, it will effectively prevent beneficial applications of biometric technologies for access control and security, where the collection of biometric data and use of analytics is necessary to distinguish between enrolled/non-enrolled individuals.

Facial Recognition: Under Section 404(k) any state law solely addressing facial recognition is not preempted. This section should be removed. Facial recognition data is not fundamentally different than all other biometric data. Software-specific templates are created based on biometric measurements that are compared with enrolled data for similarity to make probabilistic match determinations. While some states have specifically restricted or regulated use of facial recognition by law enforcement and/or other government entities, no state has enacted a law specifically regulating or restricting use of this technology by the private sector entities covered by the ADPPA. At the same time, commercial use of facial biometrics around the world for applications like identity protection and authenticated access to accounts and services is rapidly growing. For these reasons it makes little sense encourage future state laws that might be at odds with the principles and structure of national data privacy rules, and no reason why the rules specific to biometric information contemplated in ADPPA would be insufficient to protect such data.

Homeland Security Department Warns of More Mass Casualty Violence

/0 Comments/in , , , /by

Homeland Security warns of individuals using high-profile events to justify violence against ideological opponents, public gatherings, schools and more

The Department of Homeland Security issued a bulletin Tuesday warning of a “heightened threat environment” over the next several months as they monitor both risks of domestic terrorism and foreign adversaries looking to sow discord within the U.S. to promote acts of violence.

The United States remains in a heightened threat environment, as noted in the previous Bulletin, and several recent attacks have highlighted the dynamic and complex nature of the threat environment,” DHS said in a new bulletin from the National Terrorism Advisory System.

“In the coming months, we expect the threat environment to become more dynamic as several high-profile events could be exploited to justify acts of violence against a range of possible targets,” DHS said.

The bulletin listed potential targets to include “public gatherings, faith-based institutions, schools, racial and religious minorities, government facilities and personnel, U.S. critical infrastructure, the media, and perceived ideological opponents.”

The department stressed that “foreign adversaries-including terrorist organizations and nation state adversaries-also remain intent on exploiting the threat environment to promote or inspire violence, sow discord, or undermine U.S. democratic institutions.”

“We continue to assess that the primary threat of mass casualty violence in the United States stems from lone offenders and small groups motivated by a range of ideological beliefs and/or personal grievances,” the bulletin said.

DHS pointed to several recent high-profile events including the mass shooting in Buffalo, New York, where the suspect in the grocery store attack allegedly claimed that he was motivated by racist, anti-Black, and anti-Semitic conspiracy theories. The department said it is monitoring online forums following the mass shooting at an elementary school in Uvalde, Texas, that have been encouraging copycat attacks.

Parks Associates Hosts Smart Energy Summit, Feb. 28-Mar. 2

/0 Comments/in /by

Parks Associates’ research reveals that 44% of US internet households say they actively work to reduce energy consumption at home. Join The Monitoring Association as we support the firm’s upcoming Smart Energy Summit featuring Google, Constellation, AutoGrid and more talking about the future of energy #SmartEnergy22, taking place Feb 28–March 2 in Frisco, TX.

Event keynotes:

  • Aaron Berndt, Head of Energy Industry Partnerships / Americas, Google
  • Michael Wajsgras, Executive Director Innovation, Growth and Digital & Managing Director Constellation Connect, Constellation
  • Saadia Raveendran, Senior Director of Industry Solutions, AutoGrid

 In-person Conference 

Register today: http://bit.ly/2SdCeAg

Important: Potential Solution for Replacement of Certain 3G Devices

/0 Comments/in , , /by

From AICC

Status of AT&T 3G Sunset

Yesterday, February 22nd, was the day that AT&T was scheduled to start its 3G shutdown. AICC has been working to have AT&T delay the shutdown until later in 2022, but thus far no extension has been granted. As a practical matter, it will likely take several weeks for AT&T to shut down 3G nationwide, so in certain parts of the country alarm service providers may have a brief period of time to continue replacing 3G units before AT&T service goes down.

Temporary Roaming Solution

A partial solution has been brokered by the FCC just last week to help remaining 3G users: Certain 3G units can roam on T-Mobile, which will not shut down its 3G network until July 1, 2022, giving the alarm industry and others an additional four months to replace those units that are compatible with the roaming arrangement. This is not a global solution, but will hopefully apply to about 25% of existing 3G alarm radios, including certain PERS units as well as fire/burglar/CO radios. However, by delaying the deadline for replacing a sizable percentage of the 3G units, this solution can allow the industry to focus first on those units that cannot roam. Certain alarm industry members have tested the roaming solution with good results so far.

It appears that the roaming solution will apply to your units if (1) they are on the Cisco Jasper platform, and (2) have a SIM card that is configured to allow roaming. Your aggregator/equipment vendor may be able to let you know if you have units that fall into that category; and AT&T should be able to do so as well. We encourage you to explore the use of this solution ASAP, and to implement it right away if it is available for any of your customers’ alarm radios.

To start the process, we recommend starting with your aggregator/equipment vendor. They can reach out to their AT&T reps to start the process. However, it appears that some AT&T reps have not yet been trained with regard to the roaming solution, so if you encounter push back or other problems, you or your vendor should contact:

Susanna Biancheri
AT&T Network & Engineering Operations
847 212 4191 (Mobile)
sb2321@att.com

SecurityCEU.com Launches Frontline Project Management Online Training Course

/0 Comments/in /by

SecurityCEU.com has launched the Frontline Project Management Course, a new online training in partnership with industry-renowned educator Nadim Sawaya, MSCE, CPP.

Frontline Project Management training program is tailored to the low voltage electrical/construction industry. It was conceived to teach the Security and Systems Project Managers how to play the construction game and manage their projects as electrical and general contractors.

This unique program consists of two parts: (1) The online program which is about eight hours of interactive self-paced and (2) two-hours Instructor-led workshop to review lessons learned, implement best practices, and allow students to discuss specific real-life projects challenges. In essence, SecurityCEU.com took a well-established traditional course and transformed it into a two-hour instructor-led workshop and eight hours of a self-paced online program.

Nadim Sawaya, President of Enterprise Performance Consulting (EPC), has been consulting and training on project management in the security and systems industries for over 22 years. Nadim has over 35 years of executive and operations management experience and managed projects from $5k to $50M in general construction, fire alarm, communication, building automation to security systems. In addition, Nadim has held leadership roles with companies such as Pauling/Rapco, Stanley Security, Siemens Building Technologies, Honeywell, Pinkerton, and Convergint Technologies.

The Frontline Project Management Module 1: Managing the Project Team, covers topics such as: The overall project lifecycle; Roles and Responsibilities of the Project Team; Key duties, responsibilities and competencies of the project manager; and defining the project team tasks using the RACI Matrix.

The Frontline Project Management Module 2: Defining Phase, discusses: Steps required in the Defining Phase of a project; Reviewing and interpreting contract documents; Validating the project scope; Block diagrams; Reviewing and confirming the project’s estimated budget; and validating the projects scope, cost and schedule.

The Frontline Project Management Module 3: Planning Phase, focuses on: Work Breakdown Structure (WBS); Task duration estimating; Milestones; Manpower schedules; Critical Path Method (CPM) techniques to determine project duration, floats, and critical path; Cost re-estimates; Scheduling; and Resource commitment.

The Frontline Project Management Module 4: Implementation Phases, covers: Resource procurement; Golden rules of using subcontractors; Controlling and proper documentation of the project; Coordinating with other trades; Managing quality; and Safety, OSHA overview requirements and employer responsibilities.

The Frontline Project Management Module 5: Closing Phase, discusses: Closing steps; Customer Training; As-built documentation; Final testing and acceptance; Project audits; and Closeout checklists.

The Frontline Project Management Course will sell for $325 on SecurityCEU.com. Corporate and volume rates are available. The course is in the process of getting approved for CEUs at the national and state level for license compliance.

“We are so proud to be offering this course in partnership with Nadim Sawaya, who is known throughout the industry as the expert on Project Management,” said Connie Moorhead, CEO at The CMOOR Group who owns and operates SecurityCEU.com. “This much sought-after live training is now available online!  Now security and system integrators can get the best industry project management training in a safe, convenient and cost-effective format.”

“SecurityCEU.com has proven to be a valuable partner in taking my course on project management and bringing it to life online, providing a more convenient way to reach larger audience, limit the project managers time away from their daily tasks and help security and systems integrators deliver successful projects every time,” added Sawaya. “Partnering with SecurityCEU.com holds the potential to bring this important and well-needed performance improvement program to many more Integrators.”

For details on the Frontline Project Management Course online training program, visit https://catalog.securityceu.com/frontline-project-management.html.

US Defense Industry Targeted with New USB-Based Ransomware Attacks

/0 Comments/in , /by

The FBI recently released a notice about cybercriminal group FIN7, according to a Bleeping Computer article, warning defense contractors to be wary of USB drives being sent through the mail. According to the notice, FIN7 is impersonating Amazon and the Department of Health & Human Services (depending on the target victim) in an effort to get them to plug in the USB drive.

The USB drives are “Bauds” or “Bad Beetle USB” devices with the Lily GO logo, and are commonly available for sale on the Internet. The drives register with the victim computer as a keyboard and include a wealth of hacker tools, including Metasploit, Cobalt Strike, Carbamic malware, the Griffon backdoor, and PowerShell scripts.

The goal of these drives is to infect networks with either BlackMatter or REvil ransomware.

This is a real-world form of targeted attack that uses the same social engineering we commonly see in phishing attacks. Users that undergo continual security awareness training are already aware they should not be plugging in unknown USB drives – especially those sent unsolicited.

These attacks could just as easily be turned into an access for sale attack, given the amount of control hackers have over the compromised endpoint. Be on guard.

Published by: KnowB4 CyberHeist News, 1/25/22