Security Industry Association

Last updated

Security Industry Association
AbbreviationSIA
Type 501(c)(6)
Legal statusAssociation
Purpose Trade
Headquarters Silver Spring, Maryland
Location
Region served
Flag of the United States.svg  United States
Official language
English
Chief Executive Officer
Don Erickson
Main organ
Board of Directors
Website https://www.securityindustry.org/

The Security Industry Association (SIA), based in Silver Spring, Maryland, is a U.S. trade association, founded in 1969, representing global security solutions providers. The organization today represents nearly 1,400 firms and organizations in the security industry, [1] and in 2017 the association expanded membership to include an academic category. Longtime CEO R. Walden Chace resigned under pressure in 2010 due to excessive spending and collaborations with Reed Exhibitions. [2] [3]

Contents

Since 2010, SIA has presented Securing New Ground (SNG), an annual conference for executives in the security industry. The organization also produces the annual government security conference SIA GovSummit, which has addressed federal and state security topics, as well as national issues such a school security, and AcceleRISE, an annual conference for young security industry professionals presented by SIA's RISE community.

SIA's industry activities generally fall under one of the following divisions of the association: Government Relations, Industry Relations, Learning & Development and Standards & Technology. [4]

Learning and development

SIA's learning and development team creates and presents training classes at various trade shows and conferences, including ISC West and ISC East. SIA develops professional development and industry training conference programs at ISC East and West each year under the brand of SIA Education@ISC.

SIA's learning and development offerings also include the Security Project Management (SPM) training program, the Certified Security Project Manager (CSPM) credential program and the Security Industry Cybersecurity Certification (SICC) program.

The SICC, developed by SIA with support from PSA Security Network and Security Specifiers, is the security industry's first credential focused specifically on cybersecurity for physical security systems. Becoming a designated SICC helps validate the skills required to support technical security installations according to industry best practices for electronic security and cybersecurity and aligning with clients’ organizational priorities and business objectives.

Government relations

SIA Government Relations lobbies federal and state governments on measures that would affect the security industry while tracking and reporting on the progress of various legislative initiatives. Through its government relations initiatives, SIA has accomplished legislative and administrative advances. SIA lobbied for the enactment of legislation creating the GSA Schedule 84 Cooperative Purchasing Program. The Local Preparedness Acquisition Act (Public Law 110-248), signed June 26, 2008, authorizes state and local governments to purchase from GSA alarm and signal systems, facility management systems, firefighting and rescue equipment, law enforcement and security equipment, marine craft and related equipment, special purpose clothing and related services, according to GSA. [5]

SIA also lobbied for legislation (Public Law 111-360), signed by President Barack Obama in January 2011, that exempts external power supplies for security and life safety products from federal energy efficiency standards that apply to devices in no-load model. A SIA-led coalition that included both industry and environmental groups argued that, since security and life safety equipment must always be in active mode, an efficiency standard for no-load mode would make no sense. [6]

In July 2024, SIA signed a letter to members of both the House Committee on Armed Services and the Senate Committee on Armed Services opposing Section 828 of S. 4628, the National Defense Authorization Act for Fiscal Year 2025, entitled "Requirement for Contractors to Provide Reasonable Access to Repair Materials," which would require contractors doing business with the US military to agree "to provide the Department of Defense fair and reasonable access to all the repair materials, including parts, tools, and information, used by the manufacturer or provider or their authorized partners to diagnose, maintain, or repair the good or service." [7]

The annual SIA GovSummit, hosted by SIA and organized by its government relations team, is a public policy and government security conference.

Standards and technology

SIA's standards and technology team produces, maintains and advocates for technical standards that enable interoperability between security devices. SIA develops American National Standards Institute (ANSI)-accredited standards that promote interoperability and information sharing in the industry.

SIA's Open Supervised Device Protocol (OSDP) standard is an access control communication standard developed by SIA to improve interoperability among access control and security products. OSDP was approved as an international standard by the International Electrotechnical Commission in May 2020 and has been published as IEC 60839-11-5. SIA OSDP v2.2, which is based on the IEC 60839-11-5 standard, was released in December 2020.

In 2023, researchers disclosed a suite of vulnerabilities that allow a man-in-the-middle attack to largely break OSDP even with its "Secure Channel" extension. [8] For example the Secure Channel Base Key (SCBK), which encrypts the connection between each reader-controller pair, is itself sent in the clear from the controller to the reader when the reader first joins the network. The protocol is also vulnerable to a downgrade attack. They demonstrated splicing a covert attack device named Mellon into the network in about 60 seconds, so only a brief period of physical access to the devices may be needed. A variety of other flaws in the protocol make it difficult to secure. [9]

SIA Standards developed and maintains the ANSI/SIA CP-01–False Alarm Reduction Standard. The standard generally specifies the design for controls of security alarm systems at the control panel. The specification focuses chiefly on the arming and disarming process.

SIA also manages AG-01, the Architectural Graphics for Security Standard, which is a collection of architectural graphics for security intended for use by architects, building contractors, system integrators, electrical contractors and security managers who use CAD to produce construction drawings, shop drawings and installation/as-built drawings, and physical security system layouts.

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Access control</span> Selective restriction of access to a place or other resource, allowing only authorized users

In physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

SCADA is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors and other devices, such as programmable logic controllers, which interface with process plant or machinery.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

CISSP is an independent information security certification granted by the International Information System Security Certification Consortium, also known as ISC2.

BACnet is a communication protocol for building automation and control (BAC) networks that use the ASHRAE, ANSI, and ISO 16484-5 standards protocol.

<span class="mw-page-title-main">Project 25</span> Set of Telecommunications Standards

Project 25 is a suite of standards for interoperable digital two-way radio products. P25 was developed by public safety professionals in North America and has gained acceptance for public safety, security, public service, and commercial applications worldwide. P25 radios are a direct replacement for analog UHF radios, adding the ability to transfer data as well as voice for more natural implementations of encryption and text messaging. P25 radios are commonly implemented by dispatch organizations, such as police, fire, ambulance and emergency rescue service, using vehicle-mounted radios combined with repeaters and handheld walkie-talkie use.

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Aeronautical Radio, Incorporated (ARINC), established in 1929, was a major provider of transport communications and systems engineering solutions for eight industries: aviation, airports, defense, government, healthcare, networks, security, and transportation. ARINC had installed computer data networks in police cars and railroad cars and also maintains the standards for line-replaceable units.

SEMI is an industry association comprising companies involved in the electronics design and manufacturing supply chain. They provide equipment, materials and services for the manufacture of semiconductors, photovoltaic panels, LED and flat panel displays, micro-electromechanical systems (MEMS), printed and flexible electronics, and related micro and nano-technologies.

A red team is a group that pretends to be an enemy, attempts a physical or digital intrusion against an organization at the direction of that organization, then reports back so that the organization can improve their defenses. Red teams work for the organization or are hired by the organization. Their work is legal, but can surprise some employees who may not know that red teaming is occurring, or who may be deceived by the red team. Some definitions of red team are broader, and include any group within an organization that is directed to think outside the box and look at alternative scenarios that are considered less plausible. This can be an important defense against false assumptions and groupthink. The term red teaming originated in the 1960s in the United States.

A unidirectional network is a network appliance or device that allows data to travel in only one direction. Data diodes can be found most commonly in high security environments, such as defense, where they serve as connections between two or more networks of differing security classifications. Given the rise of industrial IoT and digitization, this technology can now be found at the industrial control level for such facilities as nuclear power plants, power generation and safety critical systems like railway networks.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

Physical security information management (PSIM) is a category of software that provides a platform and applications created by middleware developers, designed to integrate multiple unconnected security applications and devices and control them through one comprehensive user interface. It collects and correlates events from existing disparate security devices and information systems to empower personnel to identify and proactively resolve situations. PSIM integration enables numerous organizational benefits, including increased control, improved situation awareness and management reporting. Ultimately, these solutions allow organizations to reduce costs through improved efficiency and to improve security through increased intelligence.

The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a US government initiative announced in April 2011 to improve the privacy, security and convenience of sensitive online transactions through collaborative efforts with the private sector, advocacy groups, government agencies, and other organizations.

<span class="mw-page-title-main">Kantara Initiative</span> Digital identity organization

Kantara Initiative, Inc. is a non-profit trade association that works to develop standards for identity and personal data management. It focuses on improving the trustworthy use of identity and personal data in digital identity management and data privacy.

Secure Data Recovery Services provides data recovery and digital forensics services for a range of storage media, including laptop and desktop computer hard drives, HDD, SSD, RAID arrays, mobile devices, legacy storage systems, digital cameras, flash USB drives, and flash memory cards.

ISC2 Non-profit IT cybersecurity organization

The International Information System Security Certification Consortium, or ISC2, is a non-profit organization which specializes in training and certifications for cybersecurity professionals. It has been described as the "world's largest IT security organization". The most widely known certification offered by ISC2 is the Certified Information Systems Security Professional (CISSP) certification.

The Physical Security Interoperability Alliance (PSIA) is a global consortium of more than 65 physical security manufacturers and systems integrators focused on promoting interoperability of IP-enabled security devices and systems across the physical security ecosystem as well as enterprise and building automation systems.

References

  1. "About SIA | Security Industry Association". Security Industry Association. Retrieved July 31, 2018.
  2. "Academic Membership | Security Industry Association". Security Industry Association. Retrieved July 31, 2018.
  3. Security Industry Association, Retrieved Sept. 3, 2013.
  4. Security Industry Association, Retrieved Sept. 3, 2013.
  5. GSA Schedule 84 Summary, Retrieved Sept. 3, 2013.
  6. "SIA Files Comments with DOE on Energy Efficiency Rule". May 30, 2012. Retrieved Sept. 3, 2013.
  7. Koebler, Jason (August 28, 2024). "Appliance and Tractor Companies Lobby Against Giving the Military the Right to Repair". 404 Media . Archived from the original on August 29, 2024. Retrieved August 29, 2024.
  8. Goodin, Dan (August 9, 2023). "Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed". Ars Technica. Retrieved August 10, 2023.
  9. Petro, Dan; Vargas, David (August 9, 2023). "Badge of Shame: Breaking into Secure Facilities with OSDP". www.blackhat.com. Retrieved August 10, 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.