Guest Commentary: Technology trends in paradise

Andrew Lanning provides an integrator’s perspective on the recent HICTA show
Monday, March 28, 2016

HONOLULU—A group of 100 technology folks brought some serious security thought-leadership on topics such as identity management, cybersecurity, privacy and big data during the Hawaii Information Communication & Technology Association’s (HICTA’s) “Trends in Technology” trade show, which took place in Honolulu in March.

Of course, it’s reasonable that smart people like to travel to Hawaii, too, but what really struck me was how relevant both physical security and cybersecurity have become to the three industry segments represented in this one local organization.

HICTA helps develop the information, communications and technology (ICT) professionals in the State of Hawaii and helps advance the progression of HICTA members across industries.

As a physical security guy, I’ve been researching the failings of our manufacturers to embrace the requisite cyber-hardening techniques that are the fabric of the information security network environment. It was truly refreshing to see a blend of physical- and cybersecurity manufacturers and practitioners in the same rooms engaged in a meaningful dialogue aimed at making our people, processes and products more secure.

Keynote speaker Tuan Nguyen, asst. special agent in charge of the FBI Honolulu Field Office, took on the topic of encryption and explored how investigators could gain access to encrypted evidence without impinging on the privacy concerns of the U.S. citizenry.

Nguyen suggested that more transparency on the government’s part could lead to a better dialogue with the community at large, and, in turn, open dialogue would translate into progress.

It was a provocative presentation that left me hopeful for a solution that would allow our law enforcement community to hunt and prosecute terrorist activities as thoroughly as possible. From a personal perspective, I am more of a trust-but-verify guy, and I don’t have any illegal details to hide. I think this lowers my guard to many of the privacy concerns that have arisen in the wake of the Snowden revelations. I do see value in the pursuit of evidence against terrorists, and if that potential evidence is encrypted, law enforcement needs a way to investigate its evidentiary value. I do hope we find a dialogue that increases safety for all communities.

In a breakout session, Alert Enterprise CEO Jasvir Gill, an enlightened, entertaining speaker, made a great case for the expansion of analytics engines throughout the enterprise.

Gill demonstrated how gathering, normalizing, and then analyzing the large amounts of data generated within enterprise operations, patterns of behavior, operation and environment can be graded for risk and then monitored dynamically.

Gill’s presentation truly excited the possibilities in my integrator’s mind. I believe that by monitoring and measuring the relationships between objects [people and things], time, and space we can offer new solutions for problems that have escaped the scrutiny of existing siloed physical security systems.

Enterprise security management requires analysis of relational data to truly understand the changing nature of risk throughout the enterprise operational ecosystem.

A second breakout session featured a presentation on identity by Sal D’Agostino.  D’Agostino brings a thinktank-level perspective to this topic, but he made it digestible for all of us in the room. Essentially, we haven’t yet answered the call for a unique identity in the United States. It’s clear to me that Social Security numbers have failed. And we have different drivers licenses for every state: fail.

How do we begin to constitute a reliable identity is not a question I ask myself very often; I’ve grown too used to living with many. Attributes that could uniquely define, and differentiate people (maybe an IPv6 address?) resist deployment, leaving gaps in the trust-and-security of our transactions with others and the world.

It occurs to me that identity (and privacy by association) may be the single slice of pie preventing us from normalizing trusted identities and transactions.

Ongoing work in this area is being conducted by the Identity Ecosystem Steering Group (IDESG), in a mission to evolve an Identity Ecosystem Framework (IDEF). This framework effort stems from the National Strategy for Trusted Identities in Cyberspace (NSTIC) that will encourage and enable online communities to share “technologies, processes and policies with a strong baseline commitment to privacy, ease of use, interoperability and security.”

I was previously unaware of the depth of work in this area and I do believe that a national ID of some type would make everyday transactions with my bank, my medical provider, my business, and even my grocery store simpler and more secure. Let’s hope we get there soon.

The day’s final panel discussion was focused on finding efficiencies in business while keeping up with “Trends in Technology.” Christine Lanning, president of Integrated Security Technologies, represented the small business owner on the panel, and said that cloud-based services had truly freed her team to spend more time on client-based tasking vs. spending time working on internal IT systems.

IST has outsourced all of its HR, IT, and CRM systems, realizing gains in workforce mobility, workflow management, and workflow consistency. She said IST will continue to leverage cloud-based services for even greater gains in the future.

I have seen the results at IST firsthand. In my opinion, efficiency gains are out there for small businesses of every kind. We just have to take the time to sift through and test the cloud offerings. Oh yeah, and don’t forget about strong daily backup measures.

Rich Lyman, regional sales manager for Lenel/UTC believes his enterprise clients—a virtual who’s who of Silicon Valley—are absorbing technology and replacing technology at a rapid pace. He sees the integration of the access control platform with other systems in the enterprise as a key component for operational savings, with enhanced security along the way, of course.

My experience is that the Hawaii enterprise-space has been decidedly slower-paced. Municipal government, health care, and our critical infrastructure sectors are well behind the deployment curve, and thus the efficiencies-gained-curve, when it comes to leveraging integration across their operating units. I’m looking forward to exploring ways to help these entities capture some of the value that is being realized by our mainland counterparts, unfortunately it looks like it’ll be happening on “Hawaii time.”

Alert Enterprise’s Gill said that the regulated industries—utilities, refineries, finance, and critical infrastructure—were taking advantage of integration and analytics technology trends to save large sums of money, which could be repurposed toward training or growth.

Gill believes small businesses would begin to see the trickle-down of these technologies and be able to leverage them on a smaller scale to gain similar advantages.

I think most of us in the room are aware of analytics. Hawaii retailers may be leading the way in Hawaii with their marketing analytics in this space. I didn’t encounter too many folks at the show with hands-on analytics experience. That tips up the ears of the integrator in me, and I’ll be exploring a few presentation opportunities with the folks at Hawaiian Electric Company to show them where, when and how analytics can bring value to their organization.

The final panelist was Rodney Thayer, principal at Smithee, Spelvin, Agnew, & Plinge Inc. Owing to Thayer’s background in network protocols and cryptography, the panel’s moderator had asked him to offer a perspective on the speed-of-adoption vs. the security of the technologies being adopted.

Thayer said that most of the work he was doing for manufacturers was of the catch-up type. Many manufacturers have simply been doing their hardware and software development without a thought to cybersecurity for too long, and that practice has finally caught up with them.

Thayer is hopeful that the industry will turn itself around in the near future and begin to generate more “cyber-hardened” products, but in the meantime his advice is that businesses should verify these things for themselves; vendors aren’t knowledgeable enough about what they’re doing wrong to be trusted.

His comments definitely reflect my experience to date as the chair of the PSA Networks cybersecurity committee. I’ve been reaching out to manufacturers for product cyber-hardening guidebooks, and third-party product bug-tracking audit information, with little response or success. The physical security industry is below Tier 1 (of 4) in its cybersecurity practices across the spectrum of manufacturers, integrators, and best practices. We have great examples to draw upon, and I believe it’s high time we head down that road.

An interesting thing occurred during the panel discussion. There was a short break in the discussion, during which the event’s media sponsor, HibachiTalk presented the audience with 50 free beers. I’m not sure how many beers were consumed, but I do think this livened up the ensuing Q&A portion of the panel discussion.

The evening mixer concluded with the introduction of The University of Hawaii’s Information Technology Management Association (ITMA) students who were there to mingle with the minds of Hawaii’s IT elite. They were an enthusiastic group of 20 or so, eager to share their vision of the workforce they wish to enter, and the types of projects they hope to take on.

Based on my discussions with some of these students, I’d say Hawaii’s technology future has opportunities for innovative growth. I’ll have to check back in on the HICTA event next year and if you’re planning to travel to the islands, you might want to spend a little time with this group.


Andrew Lanning is co-founder of Integrated Security Technologies (IST), a Honolulu-based low-voltage electrical contracting firm specializing in physical security system design, implementation, and maintenance since 1998. Lanning began his electronics career in 1982 studying COBOL, Fortran, and ASSEMBLER. He earned a combat-action ribbon for duties performed in the Persian Gulf while serving the United States Navy from 1985-1993. Lanning majored in Psychology and Anthropology at the University of Hawaii, and earned a Master’s degree in Communication from Hawaii Pacific University in 2011.