Three questions to Thomas Urban
Particularly the accessibility of nearly all the networked electronic or electromechanical components of security technology solutions via their IP addresses constitutes a challenge here. Without corresponding countermeasures, every intruder alarm control centre, every modern IP video surveillance camera or every networked door terminal, possibly even every networked smoke alarm, thus becomes directly responsive via the Internet. Here, you do not necessarily have to think of hackers who want to carry out targeted sabotage. Even relatively simple, untargeted attacks, network malfunctions and operating or installation errors in other places in the network might, if they are not combatted, disturb or block the alarm transmissions from burglar or fire alarm installations. Concepts such as smart homes or smart buildings (i.e. solutions in which security, comfort and other wishes with regard to building technology merge) are therefore a great challenge for everybody who puts security right at the top of their list of priorities. However, a solvable one because, in the meantime, secure solutions provided with VdS test seals can also be set up, for example, for the KNX installations customary in building automation today, formerly EIB.
How does VdS Schadenverhütung test the IT security of classic security products at present?
Since 2014, we have successively supplemented all the relevant guidelines relating to danger alarm installations in such a way that at least those for sophisticated protection objectives withstand IT attacks which are known or may be expected. In the case of newly certified products and solutions according to the VdS 2252 guidelines (alarm control centres), we are therefore assuming that the user is well-protected. As far as security aspects are concerned, it is primarily the older models which might have problems. In view of the long utilisation durations of the systems, this will still relate to the majority of the installations for years to come.
From our viewpoint, the best way at the moment is to toughen up the transmission facilities, i.e. the interfaces to the Internet, in such a way that they can fight off attacks and malfunctions from external networks. Here, we have, together with interested manufacturers, developed new guidelines which are currently being agreed upon. We hope that we will be able to conclude this process in the next few months and to publish the new VdS 2465 in the autumn. Here, it is important to us, above all, to take precautions which prevent unauthorised people from acquiring the access authorisation via IT attacks.