April 20, 2026
image
Home Articles posted by a&s Adria (Page 176)

Fire safety all set to modernize as smart buildings become popular

According to multiple research agencies, the fire safety market could see steady growth in the coming years, as authorities worldwide seek to tighten rules and improve safety. But unlike many other industries, fire safety has always had demand due to its life-saving nature. What’s now changing is that the buildings that they need to protect are also evolving. The  smart buildings market will grow at a CAGR of 12.6 percent from 2019 to 2026, according to Fortune Business Insights. Efforts to reduce carbon footprint and make more energy-efficient buildings could be the main driver behind this growth. As smart buildings grow, so do the need to protect them from fire-related incidents. For this, the fire safety industry should embrace smart technology. In this article, we explore the new technologies entering fire safety and how building operators can future-proof themselves.

These new technologies are making fire safety systems smarter

For a prolonged time, developments in the fire safety sector have not been as fast as those seen in video surveillance or other security sectors. Several reasons contribute to this, from customers being satisfied with what they have to low interest in investing in this segment. However, significant changes are now seen in fire safety, with digitalization making inroads into the segment.

The faster adoption of IP

Over the last decade, fire protection has been transformed by the rise of addressable, IP-based devices embedded in networked fire alarm system infrastructure, according to Andreas Kahl, Head of Software Engineering and Fire Alarm Systems at Bosch Building Technologies. “The scalability and modular architecture of digital fire alarm systems have unlocked a new level of fire safety, for instance, by pinpointing the exact location of a triggered smoke detector in an alarm, or by interfacing with public address systems for phased building evacuations,” Kahl explained. “For system integrators, installation and maintenance of alarm systems have reached new levels of efficiency – including automated service alerts and far fewer false alarms – with unprecedented cost savings.”

Moving to IoT

With that said, all elements are in place for the second, even more fundamental transformation in fire protection. Kahl added that soon, a growing amount of networked fire alarm systems would be connected to the Internet of Things (IoT). This is part of a larger trend across industries, including smart homes and smart buildings automated by a mixture of sensor data and artificial intelligence (AI). The number of IoT-connected devices worldwide is expected to exceed 14 billion by 2022, more than half of the world’s 28.5 billion connected devices.

Addressable notification

One of the most significant advances in life safety systems is addressable notification. According to Rodger Reiswig, Fellow and VP of Industry Relations at Johnson Controls, although the industry has had addressable initiating devices for several decades now, the move to change notification appliances to follow suit had not occurred until a few years ago. “Since appliances, including, horns, strobes and speakers are now addressable the ability for them to be selectively activated by software and not by how they are physically wired offers greater flexibility to the building owner/ manager,” Reiswig said. “Also, with selective control is the ability for these appliances to perform an automated test. Essentially, if a device can functionally test itself, mimic a functional test, and report if the device passed or failed and perform this at the same interval as the table in NFPA 72, then it is deemed equivalent to sending a person around to test each device. This ability offers an owner/ manager the ability to test their system much faster than ever and with much less disruption to the occupants.”

New communication systems

Communication is critical to fire safety. A significant change that the industry is seeing at the moment is that the use of telephone lines for central station monitoring is going away as the traditional POTS (Plain Old Telephone Service) is being phased out. Cellular and IP communicators are the technology being used most at present. “Another system that is not specifically a fire alarm system but often falls under the responsibility of the fire alarm contractors are ERRCS, Emergency Responder Radio Coverage Systems,” said Ray Dotts, Project Manager at Telgian Engineering and Consulting. “These systems requirements are being enforced more and more each day. First responders depend on radio communications, and if the communications in a building do not work, lives are at stake.”

Cloud-based solutions

Cloud-based solutions are making inroads into every segment now, and the fire industry is no exception. According to Thomas Dols, Global Software Product Manager at Siemens Smart Infrastructure, when protecting a building against fire incidents, the ultimate level of protection is to make the communication, between the fire protection system and the interfaces that collect data, quick, reliable, and smart. “It starts with ensuring that all data is continuously available remotely so that system performance can be monitored and managed using any computer, laptop, or mobile device – anytime and anywhere,” Dols said.

The rising role of IoT in fire detection and safety

There is no doubt that IoT is slowly revolutionizing most of the traditional industries. According to Thomas Dols, Global Software Product Manager at Siemens Smart Infrastructure, the way we work, protect against fire, and conduct fire safety services have changed over the past years.

Digitalization has been driving this change, transforming traditional fire safety services into a modern and more productive business,” Dols said. “With this new offering, we are in the heart of IoT, with the clear goal to safely connect as many of our fire safety hardware products as possible. For customers, this will mean better use of fire engineering experts, better maintenance services, and even new business model opportunities.”

The advantage IoT brings

IoT (Internet of Things) has offered the ability of life safety systems to connect to the world. An owner/manager can now connect to their life safety systems from anywhere in the world with a phone, tablet, or any connected device. “Although systems can be connected to the world, safety concerns do come into play,” said Rodger Reiswig, Fellow and VP of Industrial Relations at Johnson Controls. “Can the system be compromised by hostile activity from hackers? There now needs to be safeguards implemented to prevent such takeovers or malicious activity to life safety systems. This has become such an issue of concern that both UL and NFPA are taking action to implement listing Standards for products as well as installation practices for cybersecurity.”

For owners/managers, there is now the ability to integrate their life safety systems without having to be on site. This saves valuable time and resources. A customer can also have their installer and maintainer, with the owner’s permission, integrate the system, and help diagnose any issues before ever arriving on the scene.

The possibilities of IoT

Most major companies are exploring what more they can do to leverage the power of IoT. Bosch, for instance, has set a strategic target for all of our electronic product categories is to be IoT-enabled by 2020. This vision is supported by the “3S” in Bosch’s connectivity business: sensors, software, and services. In developing and implementing services and solutions for the connected world, Bosch customers benefit from its expertise in software and sensor technology as well as in its broad business portfolio. “When it comes to bringing the IoT into the fire safety segment, Bosch envisions a future in which connected devices –and their data – open up new kinds of services that offer significant benefits to end customers and system integrators,” said Andreas Kahl, Head of Software Engineering and Fire Alarm Systems at Bosch Building Technologies. “This digital transformation journey is already well underway, as IoT-based applications are already enhancing the fire safety service offering on several levels. As a prerequisite, networked system architecture such as fire panels and sensors need to connect to the internet via nodes, hubs, and gateways in a secure manner. With this connection in place, the system can communicate with a cloud application server via IP protocol to send real-time data such as device health, battery status, and event history.” While IoT-based Remote Services already provides major efficiency gains for system integrators, we’re only just scratching the surface of what is possible, Kahl added.

The foundation for next-generation IoT-connected services is already created today, as the integration between sensors, software, and services increases. It will not only be crucial for devices to work together within the same network. In the process of building end-to-end fire safety systems that are ready to connect with the IoT, seamless interfaces with third-party apps and platforms via APIs (Application Programming Interfaces) will be a competitive advantage for the system technology providers. It will be even more important that systems can communicate with apps or building management software. On the same note, the ability to provide integrated, IoT-connected services on a secure backbone – safe from hackers and malicious attacks – will be indispensable, because system data is the most valuable resource moving forward. This data holds the key to what comes next.

Slow adoption

IoT is still in the early stages in the fire safety industry, despite their benefits. Cristina Aragon Vandenbent, Fire Protection Consultant at Telgian Engineering and Consulting, said that most of their customers have not yet taken advantage of any IoT-related developments for fire alarm systems but are researching, testing and evaluating them. “IP networking of control panels and mass notification systems are among some of our newly awarded contracts,” Vandenbent said. “The advantage of networking the Fire Alarm Control Panels is enhanced supervision, flexibility in code-compliant wiring schemes, and ground isolation.” Some of the enhanced features can include notification to personal phones, computers, and other notification type devices. These features can act as a supplemental reporting network. These features are just some of the things that make this new technology exciting.

How important is video surveillance camera-based verification for fire safety?

When video verification is implemented, a central monitoring station can “see” the fire. When they notify the first responders, they will relay relevant information such as the fact that it is a real fire, how big the fire is at the time, and the exact location of the fire, so the responders know where to enter and can prepare to fight the fire.

From a life-safety standpoint, video verification can be implemented to monitor a fire event,” said Cristina Aragon Vandenbent, Fire Protection Consultant at Telgian Engineering and Consulting. “The personnel at the monitoring station can “see” the fire and be able to relay information to the first responders so they can respond accordingly.”

How does video verification help?

The most obvious benefit of using surveillance cameras to verify fire is reducing false alarms. However, the use of this solution offers more to the customer. For instance, traditional fire detection systems work only when smoke or heat reaches the sensors, which are often on the ceiling. Cameras, on the other hand, can detect a fire almost as soon as it breaks out and provide first responders with at least a few seconds of additional time to deal with it. “Video-based fire detection delivers a huge time benefit compared to standard fire detection solutions because the fire can be detected directly at the source, allowing alarms to be triggered much earlier,” Theresa Grunewald, Global Business Development AVIOTEC at Bosch Building Technologies. “In addition, video-based fire detection can be installed in locations in which conventional systems cannot be used effectively, like in dusty and humid environments or in building with high ceilings or in open areas. Video images provide an easy way of verifying the alarm. It also allows combining fire detection with video surveillance in one system.” Rodger Reiswig, Fellow and VP of Industrial Relations at Johnson Controls, pointed out that video verification has traditionally been used more in the security world but has started to be utilized in fire safety systems.

What about regulatory approval for this?

Fire safety regulations differ from country to country, and when using any new technology, there is some confusion on its legal validity for compliance purposes. Reiswig explained that as such, NFPA 72 has first started to address this with supervising station verification as an allowance. If the Authority Having Jurisdiction (AHJ) approves, there is now an option for a fire-alarm system monitoring company to contact the property first. If the property representative states there is a need, then the supervising station can call the first responders for them to take action. Of course, fire safety is mostly a traditional industry in which solutions like cameras are still in nascent stages. To Reiswig, this is a good start, but the journey has just begun, “There is much more that needs to take place, but this is the basic idea of verified alarms,” Reiswig said. “Video verification is the next step towards this for life safety. It is important to remember that fire alarm systems have become more of a life safety system as they are monitoring gas detection, elevator integration, mass notification, etc.”

What are the major fire safety solution requirements in smart buildings?

The term “smart buildings” means different things to different people. Rodger Reiswig, Fellow and VP of Industrial Relations at Johnson Controls, explained that for some, it’s all about the Green Initiative. Is the building able to sustain itself or reduce its carbon footprint? Can they reuse some of their water or generate electricity from onsite solar cells or wind turbines?

Another definition of “smart buildings” is based on sensors,” Reiswig continued. “Is the building smart enough to know that, if I’m the first person there in the morning and I swipe my card, it should switch the HVAC system into occupied mode? Can it start to turn the lights on? Can it adjust the window shades to allow the sun to come in? Can it call the elevator down for me because it knows that I’m in the lobby, and I’m going to the tenth floor? It’s all about how the systems integrate with one another, not simply providing information to each other, but also interacting with one another, causing things to happen from one system to another.

Where does the smartness factor into fire safety?

IP-based fire alarm systems are emerging as the way forward. Networked on digital infrastructure, addressable systems of panels and detectors provide fire detection at an early stage, plus exact localization of the fire source. They integrate with other vital systems such as sprinklers, video surveillance, and access control. They can be combined with voice evacuation to direct people out of dangerous areas as quickly and precisely as possible. “Most of all, IP-based fire alarm systems are easily scalable and adjustable to changing customer demands, for instance, in mixed-use buildings,” said Andreas Kahl, Head of Software Engineering and Fire Alarm Systems at Bosch Building Technologies. “For maximum reliability, IP-based systems support fully redundant networking via an IP and/or CAN connection between the panels, thus keeping the system operational in the event of an error. As a common operational backbone, IP-based fire alarm systems integrate within building management systems architecture such as the Bosch-developed Building Integration System (BIS) or a third-party solution to provide operators with a single view and real-time intelligence.” For centralized building management, the fire system in a smart building needs to interface with other systems such as video surveillance, access control, and voice address for evacuation, Kahl added. The combination of fire alarm and voice evacuation systems has emerged as the status quo over the past few years across a wide range of sites, from hotels to shopping centers and airports. Legislation, such as 2013’s full enactment of the Construction Products Regulation, has been a significant driver of this trend, placing high demands on both systems with the EN54 product standard. Studies have demonstrated that voice alarm with clear instructions significantly improves fire evacuation time compared to mere noise alarms and presents a significant time gain of up to 30 percent for emergency response teams.

How popular is smart building fire safety now?

Reiswig said that his company has already been doing integration with things like HVAC and lighting for a few years now. Now they see tighter integration where, for example, they can use the position of the sun to get the best impact of sunlight to start to heat the building in the winter. “One of the biggest challenges that we see in the smart building environment is protocols or topologies for how one system talks to another,” Reiswig added. “The fire alarm system uses a certain protocol or language. The HVAC system uses another protocol or language. Creating an environment where systems can talk to one another and not just send, but also receive information – that is the difficult part. Everybody can send information out. It’s easy for me to tell you what is happening in a system. But for you to tell me what is happening in your system and then expect me to do something with that information, that’s when it gets a little bit harder.”

How should building operators prepare for the future?

Before investing in new fire safety systems, building operators are well-advised to consider the futureproofing of their systems. Again, IT-based architectures emerge as the only way forward. “Current legislature such as the 2015 edition of the International Fire Code already mandates addressable systems in which connected devices can signal their device type, location, and alert status; which is a built-in feature for IP-based networks,” Kahl said. “And on the subject of future-proofing, IT-based fire security systems can also seamlessly integrate the next generation of video-based fire detection devices that rely on machine learning algorithms to detect fire and smoke in less than 30 seconds. ”At the same time, operators may want to integrate and customize their solutions into their Building Management Systems, which can be facilitated via software development kits (SDKs) such as the Bosch Fire System Interface (FSI) or open IT standards like OPC. Next to this level of future-proof integration, IP-based solutions scale up easily to accommodate for expansions within the same building or multi-building installations to allow customers to grow their fire safety applications alongside their business.

The bottom line

Smart Building is all about connectivity, to let the building “talk,” according to Thomas Dols, Global Software Product Manager at Siemens Smart Infrastructure. We live in a digital age full of continuous information where performance is constantly improved with the help of data and interactions with smart interfaces enable us to make intelligent decisions. Our Cloud offering allows this interaction to take place and performance to improve. This drive for constant optimization lies at the heart of smart buildings whose very purpose is to enhance the user experience. The requirements when selecting a fire safety equipment is, therefore, to have a connected software product offering within the portfolio.

Yoann Klein, Senior Cyber Security Advisor, Huawei

Mr. Klein, could you please present yourself to our readers: your educational and professional background, and your role at Huawei?

I am the holder of a master’s degree specialized in Telecommunications and Computing,            awarded by IMT Lille Douai, a civil engineering school located in north of Paris.

Prior to joining Huawei, I have been working almost 15 years for major European cyber companies such as Airbus and Thales. All along my career, I had the opportunity to take technical authority roles and to lead cyber engineering teams operating in various critical environments such as defense, public safety, aeronautics, space and transportation.

I am now senior cyber security advisor based in the Huawei Cyber Security and Transparency Center in Brussels. I am part of the Huawei Global Cyber Security Privacy Office (GSPO). This global entity oversees the enhancement and implementation of Huawei’s end-to-end global cyber security assurance system, which includes monitoring and improving all aspects of information security across the company’s global supply chain, in addition to the management of the trusted delivery process.

You are based at the Huawei Cyber Security Transparency Centre in Brussels, and focusing on 5G and IoT security areas. What scope of activities does that include?

Established in Brussels, the Huawei Cyber Security and Transparency Centre opened its doors on March 2019. It provides a platform to enhance communication and joint innovation with all stakeholders, public and private. It also provides a technical verification and evaluation platform for our customers.

Openness, Collaboration and Transparency are really the three words driving this initiative.

“Openness” as we showcase our end-to-end cyber security practices, from strategies and supply chain to R&D through presentations, videos, demos involving Huawei’s products and solutions in areas such as 5G, IoT, cloud, etc.

“Collaboration” as we organize dedicated expert workshops and conferences with key stakeholders (standard organizations, regulators, national authorities, etc.) on cyber security practices, to explore and promote the development of security standards, verification mechanisms, and technological innovation in cyber security across the industry.

And eventually “Transparency” as we provide a product security testing and verification platform to Huawei customers and 3rd party laboratories. It includes black box and white box (with access to source code) environments. We can simultaneously carry out 5 projects of products and platform in Brussels.

During 2018, the 3rd Generation Partnership Project (3GPP) SA3 held seven meetings. 74 companies sent technical experts to attend the meetings, with the key objective of formulating 5G security standards. The 3GPP SA3 has comprehensively analyzed 5G threats and risks in 17 security areas. Can you name those areas and what are the biggest security threats and risks related to them?

Within the 3GPP Technical Specification Group Service and System Aspects (TSG SA), the main objectives of 3GPP TSG SA WG3 (SA3) includes defining the requirements and specifying the architectures and protocols for security and privacy in 3GPP systems.

In order to better serve these objectives, several security areas have been indeed defined and investigated, respectively: Security architecture (1), authentication (2), security context and key management (3), radio access network (RAN) security (4), Security within NG-UE(5), authorization (6), subscription privacy (7), network slicing security (8), relay security (9), network domain security (10), security visibility and configurability (11), credential provisioning (12), interworking and migration (13), small data (14), broadcast/multicast security (15), management security (16), and cryptographic algorithms (17).

Out of these 17 domains, it is very difficult to define one specific security area more risky than others. They can (and should) not be perceived as independent areas when assessing cyber risks. A potential threat or a failing protection in one area might directly or indirectly impact others.  But if I have to pick one specifically, I would highlight, just as I am promoting it for many years in various industries, the importance to balance protection and detection. As a consequence the security area “security visibility and configurability” is, according to me, of paramount importance for the necessary detection capabilities of end-to-end systems.

Why is 5G secure? How do experts from industry and standards organizations ensure that 5G security risks can be effectively managed in terms of security protocols and standards as well as security assurance mechanisms?

Just like mentioned, many stakeholders (regulators, vendors, operators, academics, etc.) with high expertise have been involved in 5G standard definition and they are continuing to work together on the coming 3GPP releases. They contributed to reach a high level of security for the definition of 5G specifications. This collaborative approach has also been promoted when creating the Network Equipment Security Assurance Scheme (NESAS).

NESAS is a security assurance framework highly recognized within the mobile industry. It is globally used as a security baseline and includes common requirements for security evaluations of network equipment and an assessment of telco equipment vendors. NESAS provides the necessary tools for ensuring effective assurance testing.

The NESAS framework is a joint effort between 3GPP SA3 and GSMA, and also includes standard-based assessments for 5G security, which are part of the Security Assurance Specifications (SCAS). The product evaluation is performed by competent, security test laboratories accredited according to ISO 17025.

That’s why at Huawei, we are very proud to have been able announce in December 2020 to have successfully completed the world’s first SCAS audit on 5G & LTE base station (audit performed by 3rd party DEKRA), following also the world’s first NESAS audit on 5G base station passed in May 2020 performed by @sec.

As stated in your whitepaper, most threats and challenges faced by 5G security are the same as those faced by 4G security. However, the security challenges brought by new services, architectures, and technologies to 5G networks need to be considered. For example, access authentication for third-party slicing service providers, network slicing, Service Based Architecture (SBA), the secure use of computing resource assets, especially as cloud architecture in 5G is widely adopted, and the impact of new technologies, such as quantum computing development, on traditional cryptographic algorithms. Can you explain these new challenges in the common tongue?

On the one hand, it is indeed true that 5G network inherits the 4G network security architecture: like the previous telco generation, 5G access and core networks have clear boundaries, interconnect through standard protocols, support intervendor interoperability, and have standards-based security protection mechanisms.

However on the other hand, it is also indisputable that new services and use cases will bring new challenges and that is why extra security measures have been defined and specified in the 3GPP standard.

If I have to summarize some key enhancements to address these new challenges, I would highlight the following four improvements: (1) a stronger air interface security, offering user data integrity protection to prevent it from being tampered on top of the existing user data encryption present in 2G, 3G, and 4G networks, (2) an enhanced user privacy protection by transmitting user’s IDs (IMSIs) in cipher text compared to 2G, 3G, and 4G networks which is transmitting this information in plain text over the air interface, (3) a better roaming security between operators avoiding attackers to be able to exploit SS7 weaknesses and tamper sensitive data (e.g. key, user ID, and SMS) exchanged between core networks from different operators, and eventually (4) enhance cryptographic algorithms by supporting 256-bit cryptographic algorithms, being sufficiently resistant to future attacks with quantum computers.

There was a lot of talk and discussion in the media the last couple of years about the security of your companies’ 5G network. Why is Huawei 5G secure? What technical approaches have Huawei adopted to ensure cyber security of its equipment?

First of all, I would like to emphasize that it is clear that the allegations we might have read or seen against Huawei in the media are not linked our technical approach or the way Huawei is addressing cyber security when designing and developing our products. These assertions are just a consequence of a broader geopolitical and economical struggle where an existing leading technological country is fighting to keep its dominating position.

Huawei has not had any major cybersecurity incidents while working with more than 500 telecom providers, including most of the top 50 telecom operators, for nearly 20 years in 170 countries to connect more than 3 billion people. No other vendor can claim this level of cybersecurity success.

We can fairly say that Huawei is the most scrutinized company in the world today.

That’s why we deal almost obsessively with the strict rules that we have drawn up for our employees, our suppliers and development processes. Because we realize like no other party that if there was even one security incident involving Huawei, then we are done.

Concretely, Huawei R&D focuses heavily on security throughout product development, adhering to the principle of security by design and security in process. Cyber security activities built into the process are performed in strict compliance throughout the entire product lifecycle, so that security requirements can be implemented in each phase. Huawei R&D provides the Integrated Product Development (IPD) process to guide E2E product development, according to industry security practices and standards such as OWASP’s Software Assurance Maturity Model (OpenSAMM), Building Security In Maturity Model (BSIMM), Microsoft Security Development Lifecycle (SDL), and National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) as well as cyber security requirements of customers and governments.

At Huawei we have adopted a “many eyes and many hands” security verification mechanism. In addition to security tests of product lines, we established the Independent Cyber Security Lab (ICSL), which is independent of the R&D system, to be responsible for the final verification of products. Test results are directly reported to the Global Cyber Security & Privacy Officer (GSPO), who has veto power over product launch. Third-party testing and verification schemas are also supported with the cooperation of customers and industry regulators. That is why, for even more transparency, we have implemented testing centers in the UK, Germany, Brussels and Canada to allow for independent testing of Huawei’s equipment, up to the source code.

We believe in cyber security standards and objective evaluation based on facts and evidence.

How to ensure 5G cyber security, including Huawei’s support for cyber resilience and recommendations on how to deploy and operate 5G networks in a secure manner?

Huawei is committed to not only building confidentiality, integrity, availability, traceability and user privacy protection in 5G equipment based on the 3GPP security standards, but also collaborating with operators to build high cyber resilience in networks from the O&M perspective.

For instance, to speed up service recovery if a security incident occurs, the design must realize continuous monitoring and response to security incidents so that their impact scope and resulting service loss can be minimized. Huawei, as a vendor, uses the Identify, Protect, Detect, Respond and Recover (IPDRR) methodology of the NIST CSF to identify and control key risks in live-network services and build cyber resilience with operators. By using IPDRR, Huawei can help operators that provide critical information infrastructure to better meet the regulatory requirements for cyber resilience.

Moreover a comprehensive and secure set of rules is required, in addition to the network security architecture, with which operators must follow to operate the O&M management layer. O&M is crucial in controlling the risk of entire network. Strict security rules should therefore be applied for each O&M task, with zero tolerance for how O&M data flows are processed.

How to continuously improve the 5G security level from the perspectives of different stakeholders in order to address future challenges.

5G is becoming a reality and the lifecycle for 5G is going to be lasting for a while. Based on successful experience for 4G security, controlling 5G security risks is achieved through joint efforts of all industries. To control risks in the 5G lifecycle, we need to continuously enhance security solutions through technological innovation and build secure systems and networks through standards and ecosystem cooperation.

As vendor, we should continue contributing to the industry security standard work, complying with standards, and integrating security technologies to build secure equipment.

Then, operators are responsible for the secure operations and cyber resilience of their own networks. 5G networks are private networks. The boundaries between different networks are clear. Operators can prevent external attacks with firewalls and security gateways. For internal threats, operators can manage, monitor, and audit all vendors and partners to make sure their network elements are secure.

Eventually, as an industry (incl. government regulators), we all need to work together on standards. This is our shared responsibility. To build a system that we all can trust, we need aligned responsibilities, unified standards, and clear and non-discriminatory regulation.

Recently, as a speaker at our Virtual Security Summit, you mentioned several major cyber security challenges we are facing when it comes to software development, among which a need to have a standard for secure development. Did European Cybersecurity Act lay a good foundation for that, especially in preventing fragmentation or scheme proliferation?

I think indeed that we all, as ICT industry, need to work together to improve our cybersecurity and digital resilience. It is only by working together and coordinating efforts, at the European level but also broader, that we can successfully tackle the future threats. The industry lacks a unified set of technical standards for security, the landscape today is still too fragmented. It is true in various domains, and obviously particularly true in software development.

And that is why I believe indeed that the recent European Cybersecurity Act can and will bring clear added-value in this field. Europe has already shown in the past with GDPR that when a consensus among the different Member States is reached, Europe can pave the way for globally recognized security rules and guidelines.

Moreover, beyond the Cybersecurity Act, the European Union agency for cybersecurity (ENISA) has also demonstrated in the past with thorough and comprehensive publications such as “Good Practices for Security of IoT – Secure Software Development Lifecycle“ in November 2019 that it has the expertise to guide the industry when it comes to secure software development.

It should be easy for customers to evaluate the security level of the software. But how to achieve transparency from the supplier perspective? Why is that so important? And what did Huawei do to make its security level transparent?

Trust is a feeling. But when it comes to cybersecurity, both trust and distrust should be based on facts, not feelings, not speculation, and not baseless rumour.

We believe that facts must be verifiable, and verification must be based on standards. That’s why Huawei has opened its Cyber Security Transparency Centre in Brussels. This is a good and concrete example of how we raise the right level of transparency. We provide access to our customers and 3rd party laboratories to our source code and allow them to evaluate our solutions against their own tools, personnel and processes.

Transparency is essential. It is essential because it is at foundation of trustworthiness. The history of ICT industry has shown that security by obscurity was never the right choice.

At Huawei we believe that we exist to serve our customers and they have the right to require and they deserve a high level of transparency.

In your opinion, the software industry puts a strong effort in having a product certified, but not in evaluating the process itself. How can we balance between the two and why is evaluation of the process equally important?

I am not saying that software industry does not evaluate the process itself at all. I am saying that the efforts between product certification and process evaluation have been in the past unbalanced.

An obvious way to change it, is simply to strengthen in the current and future certification standards, the evaluation part of the development practices. It does not require to reinvent the wheel. There are existing guidelines such as BSIMM or SDLC from Microsoft.

Things are moving. I am actually very pleased when I see that the European Cyber Security Act includes by definition an assessment of the processes. Another good example is also NESAS which embeds natively an evaluation of some key processes (for instance, how to address vulnerabilities during the lifecycle of the product).

The challenge is how to avoid adding extra burden to the already heavy certification effort.

However, I am optimistic as I truly believe that evaluating and eventually reinforcing trustworthiness in the developing processes may actually help to reduce re-certification effort. It can also support the never-ending challenge of the certification validity during the full product lifecycle, including after deploying vulnerabilities patches and corrective releases.

Third parties have a key role to play in ensuring secure development, being a partner not just at the end, but during the process of product development. How did Huawei implement this through its Integrated Product Development (IPD)? How do you leverage feedback provided by third parties?

Collecting properly feedback is essential for a fruitful collaboration. It is actually part of Huawei’s DNA. One of our Core Value is “Growth by Reflection”, which refers to employing wisdom accumulated through experience (sharing) and thinking.

That is why sharing and exchanging with 3rd parties all along the product development and accepting to be challenged is vital. It nourishes our continuous improvement process. Concretely, in our IPD, we have a dedicated process called “closed loop management”.

Leveraging feedback implies also to deploy the adequate and associated governance model in order to put effectively follow-up actions in place. A combined top-down and bottom-open approach is the most effective way for successful implementation and leveraging 3rd party feedback.

As an example of result, we initiated couple of years ago our new software engineering program. We have been establishing a continuous and constructive dialogue with our stakeholders (customers, national authorities, standards organizations) to first understand how we could still improve our software development practices and now we are applying these changes in our organization.

How one French museum group transformed security with eCLIQ electronic locks and intelligent keys

London, January 2021 – Two museums, a single security environment. As a result, access management was eating up significant time and budget for the museums’ Technical and Security Manager. The solution for simpler access management was eCLIQ, an electronic locking system built around easy-to-fit cylinders and programmable, battery-powered keys.

The Thiepval Museums, in northern France, needed trusted, secure entry and exit control to reduce theft from their premises. User-friendly management of access rights was essential — for both internal and external users. They needed a system able to cope easily with changes, site extensions and two-site operation; a solution which would remove the need to change all cylinders when an employee loses a key.

Now the Historial and Thiepval Museums are equipped with 52 eCLIQ locking cylinders across the two sites. The eCLIQ key-operated solution offers them simplified access management, incorporating easy activation and deactivation of keys and simpler administration of access rights and schedules for external providers and contractors. A unified system manages access to both locations.

Every authorised key-holder carries one battery-powered key programmed with only their tailored access permissions. With eCLIQ, missing keys are quickly de-authorised, cutting risks associated with key loss or theft. At any time, facility managers can generate an audit trail to verify who has accessed which locks.

Designed for museum security
Across the two sites, the museums have 40 durable, compact and waterproof eCLIQ keys, of which 19 are already allocated to regular users. These Bluetooth-enabled keys are available to both employees and contractors, helping the latter to improve their responsiveness when they are needed on-site.

Installing an eCLIQ system has allowed security teams to better monitor service providers — and their movements around and between the two sites. It is straightforward for museum managers to limit contractors’ access rights to the duration of a task, whether recurring or one-off.

Fitting eCLIQ locking was simple and wire-free: museum staff performed the installation themselves. One training session with the admin software was sufficient to put them at ease with their new system.

Looking after eCLIQ components is also easy: an integrated lubricant reservoir ensures cylinders remain maintenance-free for up to 200,000 cycles. AES encryption, rapid processing and efficient energy management is built into the eCLIQ chip. When a key’s battery runs out, it is easily replaced without tools.

“I am very happy with the eCLIQ solution,” says M. Guyot, Technical and Security Manager at the Historial and Thiepval Museums. “Today, I promote the solution to those around me. I have also given a demonstration to the Somme General Council to show the effectiveness and simplicity of the eCLIQ solution.”

“Normally, as a user client, we try to help you improve your products, but there was nothing to say in this case!”

To download a free eCLIQ Solution Guide, visit https://campaigns.assaabloyopeningsolutions.eu/cliq-museums

Assa Abloy and LG agree “first-of-its-kind” collaboration

Assa Abloy Entrance Systems has announced a memorandum of understanding (MOU) with LG Electronics Inc. (LG), the leading consumer Electronics Company for high-end display devices, home appliances, and multimedia goods for the development of a high-quality automatic sliding door equipped with LG’s Transparent OLED digital technology.

Under the MOU agreement, Assa Abloy Entrance Systems and LG will collaborate to provide an innovative, first-of-its-kind solution – a transparent OLED automatic sliding door. Combining LG’s industry-leading OLED display technology with Assa Abloy’s best-selling automatic sliding doors.

“It will not only provide convenient, touchless, and automated access,” says Mikael Carleson, President Pedestrian Door Solutions. “It will also present new opportunities for high-end retailers, commercial buildings, and enterprises to display advertisement, communication, and greetings to customers, visitors, or employees entering a building or area.”

The new Assa Abloy automated glass sliding doors have digital signage incorporated into the glazed door and will be able to project high definition images and videos. It will combine LG’s Transparent OLED signage (model 55EW5G) and Supersign Solution for integrated content management. By being far more transparent than similar LCD displays, the door will blend in seamlessly and naturally with its surroundings by reproducing accurate colours with exceptional brightness and high contrast. The product will also offer excellent durability and improved safety due to the robust design featuring tempered glass.

ANPR market expected to see growth to 2025

The latest report on the ANPR systems market to 2025 and including Covid-19 impact analysis, from Marketsandmarkets, predicts that the sector is expected to grow from USD 2.3 billion in 2020 to USD 3.8 billion by 2025, at a CAGR of 10.0%. The researchers suggest there are several factors driving the market, such as the deployment of ANPR systems in security and surveillance, and traffic enforcement applications, infrastructure growth in emerging economies, increasing allocation of funds by various governments for ITS, and so on.

Fixed ANPR systems account for the largest share
Based on type, the ANPR system market has been divided into fixed, mobile, and portable. Fixed ANPR systems held the highest share in 2019. The market growth can be attributed to the increasing demand for fixed ANPR systems for various applications, such as traffic management and toll collection. Mobile ANPR systems are widely used in police and law enforcement agencies to ensure proper security and surveillance.

Traffic management dominates
On the basis of applications, the market is categorised into traffic management, law enforcement, electronic toll collection, parking management, and access control. The increasing adoption of vehicles and stringent government regulations for implementing electronic toll collection systems is driving the growth of the ANPR system market.

Europe leads the way
Europe held the largest share in the ANPR system market in 2019, according to the analysts. In Europe, ANPR systems are widely used for law enforcement applications. The increasing government initiatives pertaining to the adoption of ITS and the growing population in this region are driving the need for an efficient transportation system, which, in turn, is fuelling the growth of the ANPR system market. Some of the key companies named as being actively operating in the market are Kapsch Trafficcom, Conduent, Q-Free, Siemens, and Genetec.

Allied Universal Security to buy G4S for 5.1 billion USD

The boards of directors managing Allied Universal Topco and of G4S have announced that they have reached agreement on the terms of a recommended cash offer, to be made by Atlas UK Bidco Limited, a newly incorporated entity that is indirectly controlled by Allied Universal, to acquire the entire issued and to be issued share capital of G4S. The deal reportedly worth $5.1 billion combines two of the largest security companies in the world, and comes after G4S has spent months rejecting other lower offers made by Canadian company Gardaworld.

The G4S Directors of G4S are unanimously recommending that G4S shareholders should accept the offer, and according to the statement released by the company, they have irrevocably undertaken to do so in respect of their own G4S Shares, which represent approximately 0.21 per cent of the total shareholding.

The combination of Allied Universal and G4S will create a world-leading integrated security business with revenues of approximately US$18 billion, and a workforce of over 750,000 people, a strong international platform and an extensive portfolio of blue-chip clients across the public and private sectors.

Commenting on the Offer, Ashley Almanza, Chief Executive Officer of G4S said: “G4S has been transformed into a focused global leader in security services with market-leading solutions and a blue-chip customer base that is served by a dedicated and talented team of over 530,000 employees. The combination of G4S and Allied Universal creates the global leader in security with over 750,000 employees, industry leading capabilities and unrivalled market coverage. This unique and compelling combination will offer customers exceptional service and provides employees with an exciting future.”

Commenting on the Offer, Steve Jones, President and Chief Executive of Allied Universal said: “We are delighted that our offer of 245 pence per share has been recommended by the G4S Board. Our businesses know each other well, we share a similar culture and values and I am excited about what the combination of Allied Universal and G4S can deliver. G4S has an excellent service offering, an enviable global customer portfolio and it is led by a highly experienced management team. We have been impressed by the recent transformation of G4S which alongside our successful acquisition track record, underpins our confidence of ensuring a seamless integration of the two businesses. Combined, we will have over 100 years of industry experience and a more extensive global network in terms of people, customers and capabilities.”

SICUREZZA: APPOINTMENT CONFIRMED FOR NOVEMBER 2021 POSTPONED BY ONE WEEK

Milan, 17 December 2020 – Fiera Milano, after reorganising its exhibition calendar for next year, has scheduled a new date for SICUREZZA, the reference event in Europe for security and fire-fighting, which will be postponed by just one week; it will in fact take place from 23 to 25 November 2021, again at the same time as Smart Building Expo.

The exhibition formula remains unchanged, aimed at encouraging meetings between manufacturers and buyers to monitor the evolution of a very interesting and constantly changing market. Fiera Milano’s objective is to consolidate the event as the only international appointment for its sector in Italy and to be not only a showcase for innovation, but also an essential training opportunity for all those involved.

See you from 23 to 25 November 2021 at Fiera Milano.

ISSUES

Global Security d.o.o.

Hasiba Brankovića c, 71000 Sarajevo, Bosna i Hercegovina
Tel: +387 (0)33/788-985
Fax: +387 (0)33/788-986
Web site: www.asadria.com
Marketing: marketing@asadria.com
Subscription: pretplata@asadria.com
VAT no: 201142740001
ID no: 4201142740001
ISSN 1986-5

a&s Adria – professional security magazine for providing total security solutions is a monthly circulating publication and a licenced representative of Messe Frankfurt New Era Business Media for Adriatic region, which consists of following countries: Bosnia and Herzegovina, Croatia, Kosovo, Montenegro, FYR Macedonia, Slovenia and Serbia.