Recently an alarm industry expert sent a letter to the Consumer Product Safety Commission (CPSC), accompanied by a 43-page report, urging a full recall of a specific type of alarm control panel that fails testing for several of the UL and NFPA requirements that apply to that class of panel. In the report materials, the alarm control panel technical vulnerabilities are characterized as a “clear and present danger” to hundreds of millions of home and business occupants. The report asserts that the situation warrants immediate product recalls – yet the risks were seriously mischaracterized.
The History Channel’s website tells us that the deadliest earthquake ever recorded happened in China on January 23 in 1556 A.D. It killed 830,000 people. I couldn’t see the alarm panel vulnerability as having a potential human fatality impact many times greater than any previous disaster in recorded history. What impact would this scare have on alarm panel providers and monitoring centers whose businesses depend upon the RMR from such alarm system installations, and on their customers who have such control panels installed?
I wrote an article providing a realistic risk characterization of the situation for SecurityInfoWatch.com (access it at www.securityinfowatch.com/21109973) that presents risk evaluation details and provides some recommendations for mitigating actual risk situations posed by the panel vulnerabilities – which stem from a four-decade-old system design. There are several million such legacy-technology alarm panels installed.
Read a full analysis of the reported alarm panel vulnerability from Mr. Bernard at www.securityinfowatch.com/21109973
Most importantly, this situation presents an opportunity for integrators to upgrade such systems – not just because of their vulnerabilities – but for the significant advantages that new technologies provide over outdated technology designs.
Alarm Technology’s Progression
Before tackling the business opportunity, let’s understand how alarm panel technology is progressing. As I wrote about a couple of years ago (see www.securityinfowatch.com/12296876), industry technology evolves in stages – from infancy as standalone devices and systems, to eventually enterprise capability, interoperable solutions and evolvable intelligent infrastructure (see the accompanying graphic).
Advancement to the “Enterprise Capabilities” stage generally signals the start of the transition away from the rip-and-replace model to the upgrade-in-place model. Interoperability standards enhance that by enabling the technology infrastructure to be upgraded without negatively impacting other parts; thus also enabling new devices to run alongside earlier generations of technology – the “evolvable” part of Evolvable Intelligent Infrastructure.
Alarm systems have followed this path – moving from standalone devices and systems to networked systems, some with enterprise capabilities such as regional multi-site reporting of armed and disarmed statuses, as well as device and alarm condition status. Another important aspect of enterprise capabilities are cybersecurity protection for networked technology; in fact, the information security triad – confidentiality, availability and integrity (CIA) – define the scope of cybersecurity characteristics that all networked electronic security and fire safety systems are now required to have.
The Technology Evolution Takes Hold
Kirk MacDowell, president of MacGuard Security Advisors Inc., provides consulting services to the electronic and physical security industry companies for the latest picture of what’s happening with alarm panel products. He points out the following examples of alarm panel technology advancement relating to those cybersecurity characteristics.
The latest alarm systems use Frequency Hopping Spread Spectrum (FHSS) technology (http://bit.ly/spread-spectrum-fhss) in the 900 MHz radio band to overcome jamming and interference. Wireless systems that operate between 902 and 928 MHz – an unlicensed radio wave or spectrum band that is relatively uncluttered – no longer conflict with cordless phones operating in this band as was common 10 to 15 years ago.
Modern systems apply 128-bit AES encryption to 900 MHz systems to protect message integrity, such as systems offered by a variety of alarm panel manufacturers. In such systems, wireless sensors can be placed up to 1,200 feet from the receiver – nearly 1,000 feet of greater distance than for wireless sensors operating in the 300 to 433 MHz range.
Wireless two-way communication technology ensures the sensor and panel are in constant communication by hopping to a new frequency at sub-second intervals. The receivers supervise the transmissions so they know when a sensor has gone offline, and most of these sensors and products are backwards-compatible with legacy systems.
Wireless commercial security systems with enterprise capabilities who use FHSS often incorporate the patented PowerG adaptive transmission power technology originally developed by Israel-based Visonic, which was acquired by Johnson Controls. PowerG extends device battery life up to eight years by automatically setting a device’s transmission power to the minimum level required to reach its receiver.
LTE stands for Long Term Evolution, the standard for cell phones and other high-speed wireless communication. Many modern alarm control panels combine Wi-Fi and LTE for intelligent redundancy, flexibility and a high-speed channel for communication and software updates to and from the cloud. When the panel communicates, it intelligently looks at both LTE and Wi-Fi connections, analyzing them for speed and reliability. This process takes milliseconds for the panel to determine the most appropriate path. Depending on the result, signals will be sent over Wi-Fi, LTE and in some cases both.
The Upgrade Opportunity
Obviously, all of this wireless and advanced technology that the industry has enjoyed over the course of this evolution is something that integrators can take advantage of when it comes to upgrades. Since legacy alarm panels have gained notoriety in the news thanks to this widely reported vulnerability, why not approach these long-time customers with the prospect of upgrading such systems to the much-superior current generation of enterprise-capable wireless alarm systems?
Ron Lander, CEO of Ultrasafe (www.ultra-safe.com), a California-based security integrator, has done just that. Lander has more than 30 years of experience in fire and security alarm system design and installation and is an active and highly-recognized member of several alarm and security industry associations – being honored with the “George A. Weinstock Lifetime Achievement Award” in 2014 by the California Alarm Association (CAA).
Lander is a strong advocate of wireless security systems; in fact, he says that for more than a year, Ultrasafe has been methodically replacing legacy alarm panels with modern wireless sensor alarm systems.
Ultrasafe was the initial security integrator for the Santa Monica Municipal Airport in 2003, where they deployed Brivo’s wireless access control panels. Lander explains that the labor cost for such installations is significantly lower because no trenching and cable pulling is required for readers and sensors.
“We are systematically making the upgrades because of the value the new technologies offer, but also because of the high security for the data communications of the wireless systems,” Lander says. “This is the direction the industry is heading – it is a win-win for us and for the customer.”
Ray Bernard, PSP, CHS-III is the principal consultant for Ray Bernard Consulting Services (www.go-rbcs.com), a firm that provides security consulting services. Mr. Bernard has also provided pivotal strategic and technical advice in the security and building automation industries for more than 23 years. He is an active member of ASIS International and its IT Security, Physical Security and Security Applied Sciences member councils.
