Like it? Share it!
05 July 2022
Panel discussion participants:
- James Moore, Editor, IFSEC Global (Chair)
- Aston Bowles, Managing Director, BLE Smoke & Fire Curtains
- David Mudd, Global Digital and Connected Product, British Standards Institution (BSI)
- Sarb Sembhi, CISO, AirEye & Virtually Informed
- Andy Speake, National Technical Manager, Aico
The IoT “tidal wave”
David Mudd began the session with a rundown of just how widespread the Internet of Things has become “from smart hospitals to smart hair straighteners” riding a “tidal wave of adoption across every single industry”.
The increased adoption of tech has received a boost from more flexible working patterns and offers businesses a path to more efficiency, more cost-effective solutions and better outcomes for customers. With that, there is now an expectation that IoT will be adopted across all settings.
“When you’re looking at domestic and residential products now, there’s a total expectation that fire detection could now be available, it’s relatively low cost, easy to use, easy to set up remote control and fully integrate into your smart home ecosystem. And for providers, there’s now an expectation this will provide new markets, new opportunities, new business models, and new opportunities for getting data back from clients on how products are used.”
The move towards smart buildings is attractive because IoT is a flexible network that can be integrated into building management systems, improving traceability and so important for regulatory compliance, such as the ‘Golden Thread’. However, as Mudd points out, barely a week goes by without a story about vulnerable IoT devices being hacked.
“Most of the manufacturers of IoT products are the T not the I. They are manufacturers of things but buying in technology to enable those ‘things’ to be connected.”
Mudd identifies the slippery slope of IoT vulnerability in three potentially catastrophic stages, loss of control, loss of data and denial of service.
Taking the panel and audience through the processes that the BSI applies to product testing, Mudd notes that the team is “looking at digital transformation and trust in these technologies from software, AI, and cyber security, all the way through to certifying IoT.”
The products that manufacturers are handing over for testing are ones they believe are ready and just need independent verification. However, the pass rate, first time around, is “very close to zero.” Mudd says that the UK is leading the way on regulation and the EU is also bringing forward legislation. The BSI Kitemark, meanwhile, remains a crucial way of guarding against hacks and attacks.
“There is a huge opportunity here to transform the service we provide in the fire industry,” Mudd says, “but there are some very, very serious risks to be addressed collectively in the industry and really deliver on the expectation.”
IoT codes of practice
The session was then opened up to the panel. After each member had introduced themselves, Andy Speake and Aston Bowles paid tribute to the work of the Fire Industry Association’s (FIA) Internet of Things Forum, noting the feedback and demand for further information from its members and the width of its task groups.
Indeed, the BSI and FIA launched an official partnership in the IoT field during FIREX, providing members of the FIA with discounts on certification to the BSI Kitemark for IoT devices and to provide more organisations with support in training for the sector.
Sarb Sembhi, whose background is in cyber security and is part of the IoT Security Foundation’s Executive Steering Board, noted that he was amazed by the multiple vulnerabilities across devices when he first started in the sector. The big revelation for him was that installers didn’t need any network training to put in video security products – and it’s the same for fire security products. Sembhi noted the work that he had carried out with the British Security Industry Association (BSIA) on cyber security best practice, including a code of practice for installers and a security equipment manufacturer’s registration scheme. The work from the security industry in this field could be valuable for the fire sector going forwards, Sembhi pointed out.
Mudd underlined there was a lot of free advice already available on best practice, for example from the security and lighting industries and from the IOT Security Foundation (IOTSF).
“Global best practice is totally free and available,” says Mudd, “and it’s written in relatively simple, plain English to understand.”
Information, legislation and collaboration
Aston Bowles told the audience that 10 years ago, at the first FIREX he attended, there was only one company selling an IoT solution “now people are talking about IoT on every stand”. He urged people not to be left behind, despite the risks, adding how important it will be to fire safety principles such as the golden thread.
Andy Speake made the point that IoT products evolve at a quicker rate than many products in the fire industry sphere, so keeping up with best practice will be crucial for professionals.
On the imminent Product Security and Telecommunications Infrastructure (PSTI) Bill, David Mudd explained: “Legislation isn’t the news story it’s the reason why it’s coming that is the story, the clear and present danger. Stakeholders (manufacturers, supply chain, providers and users) should all be taking a look at what best practice looks like.”
Sarb Sembhi remarked that legislation is often “20 years behind” and that it has come from standards and codes of practice. Crucial examples include the European Standards Organisation ETSI’s checklist of 13 recommendations, as well as the BS 8418 code of practice for CCTV being a useful template to apply to fire products too.
He also added that he doesn’t believe that everyone should have to be a cyber security ‘expert’ to do their job. He indicated that there are documents on smart buildings and smart cities that would be helpful for people in the fire sector to read and understand more about what is going on.
Meanwhile, Mudd suggested that government legislation wants to put the onus on the manufacturers to make their products easy to install and maintain, rather than the onus for this being on the installer and the user. So, while installers should have a code of practice and the relevant training, they are entitled to push back on the manufacturer and ask the necessary questions to get this crucial baseline in place.
Bowles pointed out that the push by the FIA for third-party accreditation of system installers would help move the agenda on.
IoT’s role in integration
On the integration between security and fire and building management systems, Bowles mentioned the areas of assisted living and social housing where fire systems could be tied in with CO2 and CO alarms and examples of where, without access to the property, a provider can tell if a resident has tested an alarm, or that alarm has come to the end of its life. All this gives the landlord a “digital, traceable record” and so, of course, ties in with the golden thread.
In terms of having confidence in the technology to deliver the non-intrusive maintenance and support results, Mudd highlighted that despite the huge benefits there are still conversations to be had about using IoT as a decision-making tool in a life-or-death situation. He acknowledges that the FIA are there to try and drive the decisions around this.
Rounding up on the principle of integration, Bowles added: “It’s increasingly much more about what the right partnerships are, how do you access them, how do you do it with credibility, which is where things like cyber standards come in. It’s evermore collaborative and that sounds easy, but we all know that’s kind of the hardest thing to do in a really regulated small sector like ours.”
10 August 2022
09 April 2021
04 March 2021
24 October 2019