Security Standards - Filling the Void
The editors of CSE recently asked me about the general lack of security standards in the United States and what was being done to fill the void. I replied that until recently this has indeed been the case, but that is about to change so rapidly that quite a thunder will result. At a recent standards committee meeting hosted by the Security Industry Assn.
The editors of CSE recently asked me about the general lack of security standards in the United States and what was being done to fill the void. I replied that until recently this has indeed been the case, but that is about to change so rapidly that quite a thunder will result.
At a recent standards committee meeting hosted by the Security Industry Assn. (SIA), a speaker noted that Tom Ridge, Secretary of the Dept. of Homeland Security (DHS), in pursuit of his charter to provide a cohesive infrastructure, had declared that our industry must provide standards for interoperable systems.
Fortunately, SIA has stepped up and taken responsibility, adding standards-making professionals to its staff.
Under the direction of Mark A. Visbal, senior associate director of standards and technology, and Monica M. Vago, associate director of technical standards programs, SIA has implemented the processes and procedures to efficiently bring forth standards suitable for international adoption. In response to the DHS mandate, they have launched an ad-hoc committee for data modeling and are using this methodology to drive the development efforts of the access control and digital video server interoperability standards.
Other standards organizations are cooperating with SIA in this effort. The BACnet Life Safety and Security Working Group, under the leadership of Dave Ritter, has added SIA members to its working group and has begun attending SIA meetings for data modeling, access control and digital video. This relationship is invaluable, because BACnet members have "been there and done that" with respect to creating ANSI and ISO standards for the HVAC and fire-alarm industries.
Also aiding the cause is the Open Security Exchange (OSE), which has been working to develop standards for integrating the logical access control of the IT industry with the physical access control of the security industry. OSE members bring skills in the use of UML (Unified Modeling Language) data modeling techniques to develop standards.
Like OSE, the Open Building Information Exchange (oBIX), which is a technical committee of OASIS (Organization for the Advancement of Structured Information Standards), embraces the use of XML (eXtensible Markup Language) for data exchange and a close cooperation with the IT community. oBIX contributes a focus on bringing the business and building systems together at an enterprise level. Representatives of OPC Foundation, an organization that creates specifications for automation interoperability, bring a strong industrial constituency and also focus on promoting interoperability and using XML and web services in the enterprise.
With all these organizations cooperating, it is not inconceivable that a standard will emerge within the next 12 to 18 months. This standard will define the next-generation access-control panel and digital video server and will define interoperability using an open architecture. Will the outcome be a single box? One thing is for certain: The next-generation controller will be an appliance that communicates downstream to devices, at a peer level to other appliances and controllers, and upstream to the enterprise.
Yes, Tom Ridge, we will have an interoperable infrastructure for homeland security. Get ready for the thunderclap of interoperability standards that will change the rules of engagement in the industry. The void is gone—just like when the sky comes back together to fill the gap left by a lighting bolt.
For more codes and standards news, see our Management Report (p. 49) covering a new law that will affect standards writing in the U.S.