While it is both humbling and exciting to be selected as the Best New Hardware Product of 2017 by the CEDIA judges, their selection of a pure cyber-security product signifies something new in our industry. Yes, cyber-security is the new sexy in the CEDIA market place.
When both of our cyber-security best product entrants were named finalists, we were really pleasently surprised. When the Network Guardian won top honors, we were totally blown away. This recognition clearly points to a problem that is plaguing a great majority of CEDIA market dealers. While there are some that have access to competent IT staffers for network design, deployment, proper security implementation, and maintenance; the majority of dealers do not. And while the basic recommended "network security best practices" sheet from the last few years is helpful, most of us know that merely updating firmware, changing default passwords, upgrading anti-virus, and hiding behind a typical Pro AV firewall no longer offers sufficient protection.
Cyber-security is a multi layered problem that requires a multi layered solution. As a NETOPS Chief in the US Army Cyber Command, I have seen successful Red-Cell attacks on our tactical network infrastructure. Things like brute force attacks, DNS rebind attacks, password hash cracking with rainbow tables, pass-the-hash attacks, phishing and malware attacks, social engineering, sql injection attacks, man-in-the middle attacks, and cross-site scripting attacks.
And by the way, if you don't know what half of these things are, then you are in good company. The the typical dealer has so much other technology to master in addition to running a successful business, it is no wonder that they are forced to become jack-of-all-trades leaving little chance to become networking or cyber-security experts.
Back to the multi-layered solution. In the Army we layer everything, creating gateways to detect, record, block, and slow any hacking activity. We call this process Information Assurance or IA. We start at each device with host based anti-malware, anti-virus, firewall, and intrusion detection software. We add operating system policy control and place the devices on a domain for added security. Any wireless devices require additional 802.11 enterprise RADIUS certificate based authentication. Our networks are subdivided logically into many VLANs and physically into enclaves based on the mission requirements. Each VLAN and enclave is continually monitored by an active network based IDPS (Intrusion Detection & Prevention System) and our mail servers are aggressively scanned for viruses and malware. Any new device must have a CoN (Certificate of Networthiness) before they connect hardware/software to our networks.
Obviously we can't implement this level of security in our market place, but we must do more than we have in the past. Over the last few years, our industry has made a successful transition from the old proprietary communications technologies to a standards based Everything Over IP (EOIP) model, building robust TCP/IP networks that will support all of the controls and devices in the home and business automation environment. Our next task will be to create a stable and secure environment for our automation while adding all of the TCP/IP based Bring Your Own Devices (BYOD) to the network. Once you build the network and leave, the customer will add BYOD products to your network which will have varying levels of security depending on the manufacturer. Since we cannot control the devices added by a user, the next best thing is to provide them with a safe "sandbox" environment to add them to, thus protecting our automation and control network.
In the past I have often heard people in our industry refer to the four pillars of automation. These pillars being Lighting, Security, Environmental, and Entertainment. I believe now that we must consider the fifth element of this picture to be a solid foundation on which to build the four pillars. That foundation is cyber-security.