Jump to content

Security Industry Association

From Wikipedia, the free encyclopedia

Security Industry Association
AbbreviationSIA
Type501(c)(6)
Legal statusAssociation
PurposeTrade
HeadquartersSilver Spring, Maryland
Location
Region served
 United States
Official language
English
Chief Executive Officer
Don Erickson
Main organ
Board of Directors
Websitehttps://www.securityindustry.org/

The Security Industry Association (SIA), based in Silver Spring, Maryland, is a U.S. trade association, founded in 1969, representing global security solutions providers. The organization today represents nearly 1,400 firms and organizations in the security industry,[1] and in 2017 the association expanded membership to include an academic category. Longtime CEO R. Walden Chace resigned under pressure in 2010 due to excessive spending and collaborations with Reed Exhibitions. [2][3]

Since 2010, SIA has presented Securing New Ground (SNG), an annual conference for executives in the security industry. The organization also produces the annual government security conference SIA GovSummit, which has addressed federal and state security topics, as well as national issues such a school security, and AcceleRISE, an annual conference for young security industry professionals presented by SIA's RISE community.

SIA's industry activities generally fall under one of the following divisions of the association: Government Relations, Industry Relations, Learning & Development and Standards & Technology.[4]

Learning and development

[edit]

SIA's learning and development team creates and presents training classes at various trade shows and conferences, including ISC West and ISC East. SIA develops professional development and industry training conference programs at ISC East and West each year under the brand of SIA Education@ISC.

SIA's learning and development offerings also include the Security Project Management (SPM) training program, the Certified Security Project Manager (CSPM) credential program and the Security Industry Cybersecurity Certification (SICC) program.

The SICC, developed by SIA with support from PSA Security Network and Security Specifiers, is the security industry's first credential focused specifically on cybersecurity for physical security systems. Becoming a designated SICC helps validate the skills required to support technical security installations according to industry best practices for electronic security and cybersecurity and aligning with clients’ organizational priorities and business objectives.

Government relations

[edit]

SIA Government Relations lobbies federal and state governments on measures that would affect the security industry while tracking and reporting on the progress of various legislative initiatives. Through its government relations initiatives, SIA has accomplished legislative and administrative advances. SIA lobbied for the enactment of legislation creating the GSA Schedule 84 Cooperative Purchasing Program. The Local Preparedness Acquisition Act (Public Law 110-248), signed June 26, 2008, authorizes state and local governments to purchase from GSA alarm and signal systems, facility management systems, firefighting and rescue equipment, law enforcement and security equipment, marine craft and related equipment, special purpose clothing and related services, according to GSA.[5]

SIA also lobbied for legislation (Public Law 111-360), signed by President Barack Obama in January 2011, that exempts external power supplies for security and life safety products from federal energy efficiency standards that apply to devices in no-load model. A SIA-led coalition that included both industry and environmental groups argued that, since security and life safety equipment must always be in active mode, an efficiency standard for no-load mode would make no sense.[6]

The annual SIA GovSummit, hosted by SIA and organized by its government relations team, is a public policy and government security conference.

Standards and technology

[edit]

SIA's standards and technology team produces, maintains and advocates for technical standards that enable interoperability between security devices. SIA develops American National Standards Institute (ANSI)-accredited standards that promote interoperability and information sharing in the industry.

SIA's Open Supervised Device Protocol (OSDP) standard is an access control communication standard developed by SIA to improve interoperability among access control and security products. OSDP was approved as an international standard by the International Electrotechnical Commission in May 2020 and has been published as IEC 60839-11-5. SIA OSDP v2.2, which is based on the IEC 60839-11-5 standard, was released in December 2020.

In 2023, researchers disclosed a suite of vulnerabilities that allow a man-in-the-middle attack to largely break OSDP even with its "Secure Channel" extension.[7] For example the Secure Channel Base Key (SCBK), which encrypts the connection between each reader-controller pair, is itself sent in the clear from the controller to the reader when the reader first joins the network. The protocol is also vulnerable to a downgrade attack. They demonstrated splicing a covert attack device named Mellon into the network in about 60 seconds, so only a brief period of physical access to the devices may be needed. A variety of other flaws in the protocol make it difficult to secure.[8]

SIA Standards developed and maintains the ANSI/SIA CP-01–False Alarm Reduction Standard. The standard generally specifies the design for controls of security alarm systems at the control panel. The specification focuses chiefly on the arming and disarming process.

SIA also manages AG-01, the Architectural Graphics for Security Standard, which is a collection of architectural graphics for security intended for use by architects, building contractors, system integrators, electrical contractors and security managers who use CAD to produce construction drawings, shop drawings and installation/as-built drawings, and physical security system layouts.

References

[edit]
  1. ^ "About SIA | Security Industry Association". Security Industry Association. Retrieved July 31, 2018.
  2. ^ "Academic Membership | Security Industry Association". Security Industry Association. Retrieved July 31, 2018.
  3. ^ Security Industry Association, Retrieved Sept. 3, 2013.
  4. ^ Security Industry Association, Retrieved Sept. 3, 2013.
  5. ^ GSA Schedule 84 Summary, Retrieved Sept. 3, 2013.
  6. ^ "SIA Files Comments with DOE on Energy Efficiency Rule". May 30, 2012. Retrieved Sept. 3, 2013.
  7. ^ Goodin, Dan (August 9, 2023). "Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed". Ars Technica. Retrieved August 10, 2023.
  8. ^ Petro, Dan; Vargas, David (August 9, 2023). "Badge of Shame: Breaking into Secure Facilities with OSDP". www.blackhat.com. Retrieved August 10, 2023.
[edit]