The ioXt Alliance Member Snapshot: Vivint Smart Home Greg Hansen
In this issue, we’re excited to welcome new ioXt Alliance Contributor member Greg Hansen of Vivint Smart Home. Contributor members help define and lead Alliance security standards by working with all Alliance members and by participating in Alliance working groups. They also exhibit at ioXt Alliance trade shows (when there’s no global pandemic going on) and certify devices.
Greg made time to answer some questions for us about what he does and why for Vivint, and why he values being part of the ioXt Alliance. The following is what he shared.
Q: What is Vivint?
Vivint Smart Home is a leading smart home company in North America. Vivint delivers an integrated smart home system with in-home consultation, professional installation and support, as well as 24/7 customer care and remote monitoring.
Q: What do you do for Vivint?
My role as Regulatory Compliance Manager is to proactively work with the innovation center project teams to design, test and certify smart home, life safety and security products. I also manage the Technical Documentation team that is responsible for our installation and user documents.
Q: Why are you involved with the ioXt Alliance?
Collaboration with other industry experts is invaluable. Cybersecurity risks are far too great for each manufacturer to have to “reinvent the wheel.” As an IoT industry, we can collaboratively work together much faster, more thoroughly and with a stronger likelihood of success than if we all work independently. Collectively, we can work together to ensure that relevant measures have been adequately developed and tested, and that certification plans are implemented properly to address cyberthreats for specific types of IoT products.
Q: What’s your favorite talking point around cybersecurity/IoT, and why?
Protecting all assets! Cybersecurity is no longer about just protecting the perimeter through firewalls or other network barriers. A holistic approach is now required to effectively ensure that every single device connected to a digital communications network has been designed and tested to adequately address constantly evolving cyberthreats. Consumers certainly need to do their part in choosing and protecting their passwords as well as enabling basic network security. Manufacturer’s hardware and software designs need to protect everything else within their control.
Q: Is there another security-related topic or challenge you’d like to highlight?
Designing innovative electronic products is a constantly-moving target. New product features often involve new opportunities for updating cybersecurity risk assessment plans to ensure that adequate controls measures and mitigations are in place. As an example, smart photo frames provide a convenient way for family and friends to provide each other with current photos or videos. Smart photo frames are WiFi connected, which makes it very convenient for anyone to share photos using a specific e-mails address or personal login credentials. Unfortunately, the ease of accessibility can also introduce some undesired vulnerabilities, such as unwanted photos or videos being sent or stolen, or even ransomware being sent claiming photos or videos have been hijacked and will be used maliciously.
Most end-product owners do not consider these scenarios when purchasing innovative products, so it is very important that the manufacturer takes security features and any foreseeable misuse into consideration when designing, testing, and certifying their products.
Q: What do you want members to know about you?
I am very passionate about being a changemaker. Working for leading-edge companies requires a significant amount of time and effort to stay ahead of the competition. Participation on eight industry and national standards committees helps me personally and professionally to not only be knowledgeable of current standards and regulations, but also to help define impending requirements that directly affect our products. Having worked in a compliance role for over 30 years, I have often been tasked with complying with requirements that were far more meaningful in theory than in practical application.
Committees can get caught up in group think or tunnel vision and fail to achieve the intended result with the final published requirements. As a committee member, I strive to keep requirements industry relevant and focused on “what” the intent of the requirement is without being restrictive on “how” a particular requirement must be fulfilled.