Security Industry Association

Last updated

Security Industry Association
AbbreviationSIA
Type 501(c)(6)
Legal statusAssociation
Purpose Trade
Headquarters Silver Spring, Maryland
Location
Region served
Flag of the United States.svg  United States
Official language
English
Chief Executive Officer
Don Erickson
Main organ
Board of Directors
Website https://www.securityindustry.org/

The Security Industry Association (SIA), based in Silver Spring, Maryland, is a U.S. trade association, founded in 1969, representing global security solutions providers. The organization today represents nearly 1,400 firms and organizations in the security industry, [1] and in 2017 the association expanded membership to include an academic category. [2] [3]

Contents

Since 2010, SIA has presented Securing New Ground (SNG), an annual conference for executives in the security industry. The organization also produces the annual government security conference SIA GovSummit, which has addressed federal and state security topics, as well as national issues such a school security, and AcceleRISE, an annual conference for young security industry professionals presented by SIA's RISE community.

SIA's industry activities generally fall under one of the following divisions of the association: Government Relations, Industry Relations, Learning & Development and Standards & Technology. [4]

Learning and development

SIA's learning and development team creates and presents training classes at various trade shows and conferences, including ISC West and ISC East. SIA develops professional development and industry training conference programs at ISC East and West each year under the brand of SIA Education@ISC.

SIA's learning and development offerings also include the Security Project Management (SPM) training program, the Certified Security Project Manager (CSPM) credential program and the Security Industry Cybersecurity Certification (SICC) program.

The SICC, developed by SIA with support from PSA Security Network and Security Specifiers, is the security industry's first credential focused specifically on cybersecurity for physical security systems. Becoming a designated SICC helps validate the skills required to support technical security installations according to industry best practices for electronic security and cybersecurity and aligning with clients’ organizational priorities and business objectives.

Government relations

SIA Government Relations lobbies federal and state governments on measures that would affect the security industry while tracking and reporting on the progress of various legislative initiatives. Through its government relations initiatives, SIA has accomplished legislative and administrative advances. SIA lobbied for the enactment of legislation creating the GSA Schedule 84 Cooperative Purchasing Program. The Local Preparedness Acquisition Act (Public Law 110-248), signed June 26, 2008, authorizes state and local governments to purchase from GSA alarm and signal systems, facility management systems, firefighting and rescue equipment, law enforcement and security equipment, marine craft and related equipment, special purpose clothing and related services, according to GSA. [5]

SIA also lobbied for legislation (Public Law 111-360), signed by President Barack Obama in January 2011, that exempts external power supplies for security and life safety products from federal energy efficiency standards that apply to devices in no-load model. A SIA-led coalition that included both industry and environmental groups argued that, since security and life safety equipment must always be in active mode, an efficiency standard for no-load mode would make no sense. [6]

The annual SIA GovSummit, hosted by SIA and organized by its government relations team, is a public policy and government security conference.

Standards and technology

SIA's standards and technology team produces, maintains and advocates for technical standards that enable interoperability between security devices. SIA develops American National Standards Institute (ANSI)-accredited standards that promote interoperability and information sharing in the industry.

SIA's Open Supervised Device Protocol (OSDP) standard is an access control communication standard developed by SIA to improve interoperability among access control and security products. OSDP was approved as an international standard by the International Electrotechnical Commission in May 2020 and has been published as IEC 60839-11-5. SIA OSDP v2.2, which is based on the IEC 60839-11-5 standard, was released in December 2020.

In 2023, researchers disclosed a suite of vulnerabilities that allow a man-in-the-middle attack to largely break OSDP even with it's "Secure Channel" extension. [7] For example the Secure Channel Base Key (SCBK), which encrypts the connection between each reader-controller pair, is itself sent in the clear from the controller to the reader when the reader first joins the network. The protocol is also vulnerable to a downgrade attack. They demonstrated splicing a covert attack device named Mellon into the network in about 60 seconds, so only a brief period of physical access to the devices may be needed. A variety of other flaws in the protocol make it difficult to secure. [8]

SIA Standards developed and maintains the ANSI/SIA CP-01–False Alarm Reduction Standard. The standard generally specifies the design for controls of security alarm systems at the control panel. The specification focuses chiefly on the arming and disarming process.

SIA also manages AG-01, the Architectural Graphics for Security Standard, which is a collection of architectural graphics for security intended for use by architects, building contractors, system integrators, electrical contractors and security managers who use CAD to produce construction drawings, shop drawings and installation/as-built drawings, and physical security system layouts.

Related Research Articles

Supervisory control and data acquisition (SCADA) is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors and other devices, such as programmable logic controllers, which interface with process plant or machinery.

CISSP is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)².

BACnet is a communication protocol for building automation and control (BAC) networks that use the ASHRAE, ANSI, and ISO 16484-5 standards protocol.

Project 25 is a suite of standards for interoperable digital two-way radio products. P25 was developed by public safety professionals in North America and has gained acceptance for public safety, security, public service, and commercial applications worldwide. P25 radios are a direct replacement for analog UHF radios, but add the ability to transfer data as well as voice, allowing for more natural implementations of encryption and text messaging. P25 radios are commonly implemented by dispatch organizations, such as police, fire, ambulance and emergency rescue service, using vehicle-mounted radios combined with repeaters and handheld walkie-talkie use.

The Secure Communications Interoperability Protocol (SCIP) is a US standard for secure voice and data communication, for circuit-switched one-to-one connections, not packet-switched networks. SCIP derived from the US Government Future Narrowband Digital Terminal (FNBDT) project. SCIP supports a number of different modes, including national and multinational modes which employ different cryptography. Many nations and industries develop SCIP devices to support the multinational and national modes of SCIP.

SEMI is an industry association comprising companies involved in the electronics design and manufacturing supply chain. They provide equipment, materials and services for the manufacture of semiconductors, photovoltaic panels, LED and flat panel displays, micro-electromechanical systems (MEMS), printed and flexible electronics, and related micro and nano-technologies.

<span class="mw-page-title-main">DNP3</span> Computer network protocol

Distributed Network Protocol 3 (DNP3) is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. Usage in other industries is not common. It was developed for communications between various types of data acquisition and control equipment. It plays a crucial role in SCADA systems, where it is used by SCADA Master Stations, Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). It is primarily used for communications between a master station and RTUs or IEDs. ICCP, the Inter-Control Center Communications Protocol, is used for inter-master station communications. Competing standards include the older Modbus protocol and the newer IEC 61850 protocol.

Building automation(BAS), also known as building management system (BMS) or building energy management system (BEMS), is the automatic centralized control of a building's HVAC (heating, ventilation and air conditioning), electrical, lighting, shading, access control, security systems, and other interrelated systems. Some objectives of building automation are improved occupant comfort, efficient operation of building systems, reduction in energy consumption, reduced operating and maintaining costs and increased security.

A unidirectional network is a network appliance or device that allows data to travel in only one direction. Data diodes can be found most commonly in high security environments, such as defense, where they serve as connections between two or more networks of differing security classifications. Given the rise of industrial IoT and digitization, this technology can now be found at the industrial control level for such facilities as nuclear power plants, power generation and safety critical systems like railway networks.

The Cryptographic Modernization Program is a Department of Defense directed, NSA Information Assurance Directorate led effort to transform and modernize Information Assurance capabilities for the 21st century. It has three phases:

Physical security information management (PSIM) is a category of software that provides a platform and applications created by middleware developers, designed to integrate multiple unconnected security applications and devices and control them through one comprehensive user interface. It collects and correlates events from existing disparate security devices and information systems to empower personnel to identify and proactively resolve situations. PSIM integration enables numerous organizational benefits, including increased control, improved situation awareness and management reporting. Ultimately, these solutions allow organizations to reduce costs through improved efficiency and to improve security through increased intelligence.

Control system security, or industrial control system (ICS) cybersecurity, is the prevention of interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water, transportation, manufacturing, and communications. They rely on computers, networks, operating systems, applications, and programmable controllers, each of which could contain security vulnerabilities. The 2010 discovery of the Stuxnet worm demonstrated the vulnerability of these systems to cyber incidents. The United States and other governments have passed cyber-security regulations requiring enhanced protection for control systems operating critical infrastructure.

The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.

The term Smart Grid describes a next-generation electric power system, that is classified by the increased use of communication and information technology in the generation, delivery, and consumption of electrical energy. For individual consumers, smart grid technology offers more control over electricity consumption. Typically, the goal is overall greater energy efficiency.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a US government initiative announced in April 2011 to improve the privacy, security and convenience of sensitive online transactions through collaborative efforts with the private sector, advocacy groups, government agencies, and other organizations.

CIPURSE is an open security standard for transit fare collection systems. It makes use of smart card technologies and additional security measures.

<span class="mw-page-title-main">(ISC)²</span> Non-profit IT cybersecurity organization

The International Information System Security Certification Consortium, or (ISC)2, is a non-profit organization which specializes in training and certifications for cybersecurity professionals. It has been described as the "world's largest IT security organization". The most widely known certification offered by (ISC)2 is the Certified Information Systems Security Professional (CISSP) certification.

Medical device connectivity is the establishment and maintenance of a connection through which data is transferred between a medical device, such as a patient monitor, and an information system. The term is used interchangeably with biomedical device connectivity or biomedical device integration. By eliminating the need for manual data entry, potential benefits include faster and more frequent data updates, diminished human error, and improved workflow efficiency.

The Physical Security Interoperability Alliance (PSIA) is a global consortium of more than 65 physical security manufacturers and systems integrators focused on promoting interoperability of IP-enabled security devices and systems across the physical security ecosystem as well as enterprise and building automation systems.

References

  1. "About SIA | Security Industry Association". Security Industry Association. Retrieved July 31, 2018.
  2. "Academic Membership | Security Industry Association". Security Industry Association. Retrieved July 31, 2018.
  3. Security Industry Association, Retrieved Sept. 3, 2013.
  4. Security Industry Association, Retrieved Sept. 3, 2013.
  5. GSA Schedule 84 Summary, Retrieved Sept. 3, 2013.
  6. "SIA Files Comments with DOE on Energy Efficiency Rule". May 30, 2012. Retrieved Sept. 3, 2013.
  7. Goodin, Dan (August 9, 2023). "Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed". Ars Technica. Retrieved August 10, 2023.
  8. Petro, Dan; Vargas, David (August 9, 2023). "Badge of Shame: Breaking into Secure Facilities with OSDP". www.blackhat.com. Retrieved August 10, 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.