Absence of security solution standardisation and certification
Practitioners highlighted the lack of commonly accepted and used technology standards for the security solutions deployed. Currently the security solutions are standardised as stand-alone systems. Most of the security solutions are vendor specific and not standardised / certified for deployment and interworking with existing deployed security systems. This is described with 2.CGF.11.
In the military domain MIL-STD-XXX series may be based or make reference to existing, well established standards maintained by standardisation bodies. Typically, there is a handbook that outlines the standard procedural, technical, engineering, or design information about the solutions, processes, practices the products should satisfy. There are also “specifications” that describe either the essential technical requirements for the product or the substantially modified commercial standards. Performance specifications are also used. They described solution requirements in terms of the required results with criteria for verifying compliance but without stating the methods for achieving the required results. Likewise, the standards that will be enforced for security solutions will utilise existing ones.
It should be acknowledged that dual use of technology in both military and civilian domains refers to developed solutions and products which can serve both military and civilian entities at any given time. Notably only the military products are standardised. The use of defence standards, often called a military standard, is used to help achieve standardisation objectives. The standardisation of defence solutions is beneficial in achieving interoperability, ensuring products meet certain requirements, commonality, reliability, reduces total cost of ownership, are a few benefits. On the opposite side, security products and solutions available to border guard practitioners are not standardised, interfaces and products are proprietary to manufacturers, commercial standards are used for a subset of their characteristics, interoperability between systems is not straightforward.