Misplaced Pages

Security Industry Association: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 20:25, 10 August 2023 editNealmcb (talk | contribs)Extended confirmed users, Pending changes reviewers7,065 edits The article relies excessively on references to SIA's own website. Needs more citations to reliable, independent, third-party sourcesTag: Visual edit← Previous edit Revision as of 05:32, 28 August 2023 edit undoMandarax (talk | contribs)Autopatrolled, Extended confirmed users, Pending changes reviewers, Rollbackers388,268 editsm Standards and technology: It's "its", not "it's"Next edit →
Line 79: Line 79:
SIA's Open Supervised Device Protocol (OSDP) standard is an access control communication standard developed by SIA to improve interoperability among access control and security products. OSDP was approved as an international standard by the International Electrotechnical Commission in May 2020 and has been published as IEC 60839-11-5. SIA OSDP v2.2, which is based on the IEC 60839-11-5 standard, was released in December 2020. SIA's Open Supervised Device Protocol (OSDP) standard is an access control communication standard developed by SIA to improve interoperability among access control and security products. OSDP was approved as an international standard by the International Electrotechnical Commission in May 2020 and has been published as IEC 60839-11-5. SIA OSDP v2.2, which is based on the IEC 60839-11-5 standard, was released in December 2020.


In 2023, researchers disclosed a suite of vulnerabilities that allow a ] to largely break OSDP even with it's "Secure Channel" extension.<ref>{{Cite web |last=Goodin |first=Dan |date=2023-08-09 |title=Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed. |url=https://arstechnica.com/security/2023/08/next-gen-osdp-was-supposed-to-make-it-harder-to-break-in-to-secure-facilities-it-failed/ |access-date=2023-08-10 |website=Ars Technica |language=en-us}}</ref> For example the Secure Channel Base Key (SCBK), which encrypts the connection between each reader-controller pair, is itself sent in the clear from the controller to the reader when the reader first joins the network. The protocol is also vulnerable to a ]. They demonstrated splicing a covert attack device named Mellon into the network in about 60 seconds, so only a brief period of physical access to the devices may be needed. A variety of other flaws in the protocol make it difficult to secure.<ref>{{Cite web |last=Petro |first=Dan |last2=Vargas |first2=David |date=2023-08-09 |title=Badge of Shame: Breaking into Secure Facilities with OSDP |url=https://www.blackhat.com/us-23/briefings/schedule/#badge-of-shame-breaking-into-secure-facilities-with-osdp-32762 |access-date=2023-08-10 |website=www.blackhat.com}}</ref> In 2023, researchers disclosed a suite of vulnerabilities that allow a ] to largely break OSDP even with its "Secure Channel" extension.<ref>{{Cite web |last=Goodin |first=Dan |date=2023-08-09 |title=Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed. |url=https://arstechnica.com/security/2023/08/next-gen-osdp-was-supposed-to-make-it-harder-to-break-in-to-secure-facilities-it-failed/ |access-date=2023-08-10 |website=Ars Technica |language=en-us}}</ref> For example the Secure Channel Base Key (SCBK), which encrypts the connection between each reader-controller pair, is itself sent in the clear from the controller to the reader when the reader first joins the network. The protocol is also vulnerable to a ]. They demonstrated splicing a covert attack device named Mellon into the network in about 60 seconds, so only a brief period of physical access to the devices may be needed. A variety of other flaws in the protocol make it difficult to secure.<ref>{{Cite web |last=Petro |first=Dan |last2=Vargas |first2=David |date=2023-08-09 |title=Badge of Shame: Breaking into Secure Facilities with OSDP |url=https://www.blackhat.com/us-23/briefings/schedule/#badge-of-shame-breaking-into-secure-facilities-with-osdp-32762 |access-date=2023-08-10 |website=www.blackhat.com}}</ref>


SIA Standards developed and maintains the ANSI/SIA CP-01–False Alarm Reduction Standard. The standard generally specifies the design for controls of security alarm systems at the control panel. The specification focuses chiefly on the arming and disarming process. SIA Standards developed and maintains the ANSI/SIA CP-01–False Alarm Reduction Standard. The standard generally specifies the design for controls of security alarm systems at the control panel. The specification focuses chiefly on the arming and disarming process.

Revision as of 05:32, 28 August 2023

U.S. trade association This article is about the trade association based in the United states. For the former body representing the financial securities industry, see Securities Industry Association. For the statutory body in the United Kingdom, see Security Industry Authority.
This article may rely excessively on sources too closely associated with the subject, potentially preventing the article from being verifiable and neutral. Please help improve it by replacing them with more appropriate citations to reliable, independent, third-party sources. (August 2023) (Learn how and when to remove this message)

Security Industry Association
AbbreviationSIA
Type501(c)(6)
Legal statusAssociation
PurposeTrade
HeadquartersSilver Spring, Maryland
Location
Region served  United States
Official language English
Chief Executive OfficerDon Erickson
Main organBoard of Directors
Websitehttps://www.securityindustry.org/

The Security Industry Association (SIA), based in Silver Spring, Maryland, is a U.S. trade association, founded in 1969, representing global security solutions providers. The organization today represents nearly 1,400 firms and organizations in the security industry, and in 2017 the association expanded membership to include an academic category.

Since 2010, SIA has presented Securing New Ground (SNG), an annual conference for executives in the security industry. The organization also produces the annual government security conference SIA GovSummit, which has addressed federal and state security topics, as well as national issues such a school security, and AcceleRISE, an annual conference for young security industry professionals presented by SIA's RISE community.

SIA's industry activities generally fall under one of the following divisions of the association: Government Relations, Industry Relations, Learning & Development and Standards & Technology.

Learning and development

SIA's learning and development team creates and presents training classes at various trade shows and conferences, including ISC West and ISC East. SIA develops professional development and industry training conference programs at ISC East and West each year under the brand of SIA Education@ISC.

SIA's learning and development offerings also include the Security Project Management (SPM) training program, the Certified Security Project Manager (CSPM) credential program and the Security Industry Cybersecurity Certification (SICC) program.

The SICC, developed by SIA with support from PSA Security Network and Security Specifiers, is the security industry's first credential focused specifically on cybersecurity for physical security systems. Becoming a designated SICC helps validate the skills required to support technical security installations according to industry best practices for electronic security and cybersecurity and aligning with clients’ organizational priorities and business objectives.

Government relations

SIA Government Relations lobbies federal and state governments on measures that would affect the security industry while tracking and reporting on the progress of various legislative initiatives. Through its government relations initiatives, SIA has accomplished legislative and administrative advances. SIA lobbied for the enactment of legislation creating the GSA Schedule 84 Cooperative Purchasing Program. The Local Preparedness Acquisition Act (Public Law 110-248), signed June 26, 2008, authorizes state and local governments to purchase from GSA alarm and signal systems, facility management systems, firefighting and rescue equipment, law enforcement and security equipment, marine craft and related equipment, special purpose clothing and related services, according to GSA.

SIA also lobbied for legislation (Public Law 111-360), signed by President Barack Obama in January 2011, that exempts external power supplies for security and life safety products from federal energy efficiency standards that apply to devices in no-load model. A SIA-led coalition that included both industry and environmental groups argued that, since security and life safety equipment must always be in active mode, an efficiency standard for no-load mode would make no sense.

The annual SIA GovSummit, hosted by SIA and organized by its government relations team, is a public policy and government security conference.

Standards and technology

SIA's standards and technology team produces, maintains and advocates for technical standards that enable interoperability between security devices. SIA develops American National Standards Institute (ANSI)-accredited standards that promote interoperability and information sharing in the industry.

SIA's Open Supervised Device Protocol (OSDP) standard is an access control communication standard developed by SIA to improve interoperability among access control and security products. OSDP was approved as an international standard by the International Electrotechnical Commission in May 2020 and has been published as IEC 60839-11-5. SIA OSDP v2.2, which is based on the IEC 60839-11-5 standard, was released in December 2020.

In 2023, researchers disclosed a suite of vulnerabilities that allow a man-in-the-middle attack to largely break OSDP even with its "Secure Channel" extension. For example the Secure Channel Base Key (SCBK), which encrypts the connection between each reader-controller pair, is itself sent in the clear from the controller to the reader when the reader first joins the network. The protocol is also vulnerable to a downgrade attack. They demonstrated splicing a covert attack device named Mellon into the network in about 60 seconds, so only a brief period of physical access to the devices may be needed. A variety of other flaws in the protocol make it difficult to secure.

SIA Standards developed and maintains the ANSI/SIA CP-01–False Alarm Reduction Standard. The standard generally specifies the design for controls of security alarm systems at the control panel. The specification focuses chiefly on the arming and disarming process.

SIA also manages AG-01, the Architectural Graphics for Security Standard, which is a collection of architectural graphics for security intended for use by architects, building contractors, system integrators, electrical contractors and security managers who use CAD to produce construction drawings, shop drawings and installation/as-built drawings, and physical security system layouts.

References

  1. "About SIA | Security Industry Association". Security Industry Association. Retrieved July 31, 2018.
  2. "Academic Membership | Security Industry Association". Security Industry Association. Retrieved July 31, 2018.
  3. Security Industry Association, Retrieved Sept. 3, 2013.
  4. Security Industry Association, Retrieved Sept. 3, 2013.
  5. GSA Schedule 84 Summary, Retrieved Sept. 3, 2013.
  6. "SIA Files Comments with DOE on Energy Efficiency Rule". May 30, 2012. Retrieved Sept. 3, 2013.
  7. Goodin, Dan (August 9, 2023). "Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed". Ars Technica. Retrieved August 10, 2023.
  8. Petro, Dan; Vargas, David (August 9, 2023). "Badge of Shame: Breaking into Secure Facilities with OSDP". www.blackhat.com. Retrieved August 10, 2023.

External links

Categories: