ONVIF, as a security industry forum, has helped shape the way technology is created and deployed today. Founded almost 10 years ago by Bosch, Axis Communications and Sony, it has since grown into an organization of almost 500 members at various levels of participation. SP&T News recently spoke with Stuart Rawling, director of global business development, Pelco by Schneider Electric, and a member of ONVIF’s steering committee to get an update on the organization’s mandate, position in the industry and role in issues of growing importance like cybersecurity.
By Neil Sutton
SP&T: How do ONVIF members work together as a group?
SR: Almost every major manufacturer is a player. We just had a meeting in Verona, Italy.
It’s so interesting how most of the attendees are engineers and technologists. The benefit is they have an interest in solving technical issues. They have been working extremely well together in advancing interoperability. That’s what their goal is.
That has a knock-on effect with the rest of the companies’ mentality. I know 10 years ago in this industry, going around a tradeshow you’d take off your [company] badge and hide a little bit… Now it’s completely different, because we all kind of work together now. It’s a very positive influence, I think, on the industry as a whole.
We have four committee meetings a year. Additionally we have two “Plugfests,” which is basically where people can bring devices and try them out.
We learn from every Plugfest whether we’ve got any issues. It’s a good chance for the vendors to test things out and figure out what they’ve got right and what they’ve got wrong. More importantly, they get to walk away having some degree of confidence about what’s been happening and learning what they need to do to take the standard further. Things have changed since we released Profile S and we need to do another iteration on that. We’re working on a new Profile that’s going to address new technologies like H.265, smart compression, 4K, 8K… whatever we’re talking about in a few years.
SP&T: Given the current pace of development, do you have to devote more resources to the process? How do you stay on top of it?
SR: There’s a desire not to return to the state where we started, which was a lot of protocols and interoperability challenges. To a degree, an organization like ONVIF is always going to lag the bleeding edge, but ONVIF has been trying to follow it as closely as possible and embed in the industry that this is the standard — that’s why I’ve been working with ISO-type organizations, like IEC (International Electrotechnical Commission), ISO (International Organization for Standardization), to get those governing bodies to accept our standard as an internationally recognized standard. When we release something it’s really a “small” standard. Everybody uses it, but it’s not indoctrinated in the global technology ecospace until we get the big “S” Standard. That’s one of the things that we’ve been doing as well.
SP&T: Do you every get any pushback on standards from the vendors?
SR: Vendors? No. From the vendors’ perspective, if you’re a new company coming in and you walk around a trade show floor and there wasn’t a standard… you’d be panicking if you’re a VMS vendor, because you’ve got how many camera vendors to work with? For the pre-existing companies like us, like Pelco, it’s helpful.
If we’ve written an ONVIF driver and a new camera company pops up, we can work with that camera if they’re compliant with ONVIF too. Sometimes you have to have a conversation if there’s an issue, but, for the most part, the vendors have completely bought in. There are some aspects that we’re pushing for, like on the access control side, but that’s a different type of industry, so it’s adjusting a little bit differently, but from the video side, it’s very well accepted. I think end users see the benefit too, because they don’t necessarily have to pay a VMS vendor to develop a custom driver for their really cool one-off camera that they’ve bought.
SP&T: What is ONVIF’s role in helping physical security devices like cameras become more cyber-secure?
SR: As part of the work we’ve done with Profile Q, we made some recommendations about technologies to adopt within the standard… ONVIF can provide interfaces and interoperability, but ultimately it’s up to the manufacturers to provide the CVE (common vulnerabilities and exposures) response process. You can implement good security badly. You can have a password system that checks whether the password is the world’s most [secure password] … but if you store the password in the database in plain text, it doesn’t matter how complex the password is. That type of thing is really up to the manufacturers. That’s something that we’re looking at. Do we need to make sure that we have industry standards or recommendations for doing this type of thing? ONVIF does have a role in providing the interfaces and the technology recommendations along those lines, but you’ve got to remember, cybersecurity is about two things: it’s about the technology and it’s about the policy.
I think the cybersecurity piece is critical for the industry as a whole. ONVIF has a role to play in that [but] ONVIF isn’t the solution. I think there’s a huge awareness that the industry is going through.
I think we’ll be going through a lot of awakening over the next two years in this market.