Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Physical Security

8/24/2020
11:00 AM
50%
50%

New Cybersecurity Code of Practice for Installers Unveiled by BSIA

The British Security Industry Association's (BSIA) cybersecurity group has released a new code of practice for installers responsible for safety and security systems.

Installation of safety and security systems – cybersecurity code of practice, developed by the BSIA's Cybersecurity Product Assurance Group (CySPAG), will assist in providing confidence throughout the supply chain promoting secure connection of products and services and delivering client assurance regarding connected solutions. The code of practice will assist the supply chain in its duty of care to other network users, particularly with respect to protecting the integrity of existing cyber security countermeasures already in place, or the implementation of such countermeasures in new solutions.

Steve Lampett, Technical Manager, BSIA, said: "We have long been concerned with the ever-increasing use of internet connected devices and systems in electronic security and how the growing links to home and business networks can leave individuals and companies vulnerable to cyberattacks.

"It is also significantly important to acknowledge that there is a combined stakeholder effort in providing a cyber secure solution, i.e. manufacturers, designers and installers working in collaboration to provide a credible cyber secure solution.

"Our new code of practice for installers takes a practical approach to address cybersecurity risks, takes the sector forward in terms of managing that risk and has the potential to become a real game changer for the industry. This will not be the end goal but should steer industry practitioners into thinking differently about how we utilise new technology in security and equip the professional security industry for the future."

Glenn Foot, Chairman, CySPAG, said: "Unlike many cyber security schemes where the product is the main focus, CySPAG has taken a much broader view of and recognised that not only manufacturers of products, but the installer and client are key links to a cyber secure system. This code of practice is an industry first and leads the way in ensuring professionals with the security industry are taking all reasonable precautions when installing security equipment that has a cyber exposure.

"CySPAG has strong representation from various roles across the industry and has focused on what is practicable for installers to do and what can be expected of clients. The code of practice is the first step in a journey for this industry, and CySPAG is committed to continue to support the industry with firstly comprehensive training modules for installation companies and also a linked code of practice for manufacturers.

"The overall aim is to ensure products are produced and installed securely."

The recommendations of this code of practice apply in addition to other standards and codes of practice relating to systems and equipment to be installed. Any documentation or checklists mentioned in this code of practice may be combined with those required by the other standards or codes of practice, applying to safety and security systems and their components, but can be applied to other devices and systems.

This story first appeared on IFSEC Global, part of the Informa Network, and a leading provider of news, features, videos and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies – like video surveillance, access control, intruder/fire alarms and guarding – and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things and more.

 

 

 

 

IFSEC Global, part of the Informa Network, is a leading provider of news, features, videos and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies – like video surveillance, access control, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RichardM23501
50%
50%
RichardM23501,
User Rank: Apprentice
9/1/2020 | 2:22:45 PM
Great!
The CCoP will strengthen the industry. good move!
Visit the Web's Most Authoritative Resource on Physical Security

To get the latest news and analysis on threats, vulnerabilities, and best practices for enterprise physical security, please visit IFSEC Global. IFSEC Global offers expert insight on critical issues and challenges in physical security, and hosts one of the world's most widely-attended conferences for physical security professionals.

Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We are really excited about our new two tone authentication system!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4126
PUBLISHED: 2020-12-01
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.
CVE-2020-4129
PUBLISHED: 2020-12-01
HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.
CVE-2020-9115
PUBLISHED: 2020-12-01
ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of ...
CVE-2020-9116
PUBLISHED: 2020-12-01
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.
CVE-2020-14193
PUBLISHED: 2020-11-30
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The ...