By Gavin Daly, Axis Communications
The fusion of cybersecurity and surveillance when it comes to mitigating riskEngineering
Sponsored by Axis Communications
It’s essential that all your physical assets are managed effectively to threats, because every device is a potential breach point.
Over the last year we have seen surveillance solutions evolve and converge. Not only can these solutions contribute to businesses through innovation, process optimization, improved security and safety but they also help overall business performance through offering insightful data. The core of this rich eco-system are the millions of IP-based connected devices and sensors that are leading positive change in the business setting but at the risk of being the victim of cyberattacks.
We are hearing of some unfortunate cases, where hackers have breached thousands of cameras and gained access to internal business and critical infrastructure operations. There is an overwhelming amount of evidence that these bad actors are revolutionizing their game and using artificial intelligence (AI), machine learning (ML) and deep learning (DL) to improve the sophistication of their attacks.
If you have an Internet Protocol (IP) end point, like an IP surveillance camera, speaker/audio system, radar or access control unit, and you’re running on an unsecured network, then you could also be susceptible to cyberattacks.
Cybersecurity for IP-based systems, like a surveillance camera, speaker/audio system, radar or access control unit while running on an unsecured network, should be an ongoing concern for companies in every sector – within their own organizations, amongst their stakeholders and partners and throughout supply chains. Every protective measure implemented (or not implemented), can impact everything else on a network.
Cyber protection: a collaborative mitigation effort
More often, video surveillance cameras and a video management system (VMS) are chosen for a specific intended use as well as the capabilities of the vendor to fulfill that use. Another consideration for thought is ensuring that the camera manufacturer can support the same security protocols as the VMS manufacturer and if these protocols integrate well into the current methodologies for cyber risk mitigation to strengthen the defence against escalated risks. How will the hardware and software work together?
Another question that should be considered is one of responsibility. Does IT manage the physical security network-attached systems and devices? Or is it the responsibility of physical security department team to direct IT to support the cybersecurity integrated into the physical security solution? The ultimate powerhouse here will be working as a team. Physical security management needs to work with integrators and organizations to devise solutions that are inherently supportive of IT.
Effective lifecycle management
It’s essential that all your physical assets are managed effectively to threats, because every device is a potential breach point. An often not considered way of doing this is lifecycle management, which in this case, entails managing a device’s two types of lifetimes. Functional lifetime is the first, meaning how long you can expect your surveillance solutions to operate and function optimally. The second is the technology’s economic lifecycle, which means how long before the period of time when the devices start costing more to upkeep, than acquiring new, more efficient technology.
Keep systems running with ongoing maintenance
Once you’ve taken into account lifecycle management and knowing where the risks are and keeping abreast of how they may be exploited, know that all software-based technology like IP cameras will need to be patched at some point. For this reason, accountable manufacturers will periodically release firmware updates and security patches. Once you have a lifecycle management program in place, you can also avoid unwelcomed events, like having to spend a big budget to replace a major system component because you can anticipate according to your schedule and yearly budget. Download our whitepaper for more information.
Device management software solutions
Many organizations and critical infrastructure sites, have hundreds of network surveillance devices, so automating lifecycle management through device management software solutions can save on time and money. This type of software can collect a full real-time inventory of all your network surveillance devices, simplifying the task of implementing strong policies and practices throughout and across all your devices. It also helps to securely manage vital installation, deployment, configuration, security, and maintenance duties. A real-world example of this is, when you receive a notification of expiring security certificates, the device management software will impel new certificates to all appropriate devices.
With firmware upgrades, the software, by its own nature, verifies that the devices are running the latest and more secure version. Wherever there may be a vulnerability, device management software pinpoints exactly where you stand on the cybersecurity front and what measures need to be implemented to protect your technology.
Cyber protection requires the implementation and ongoing maintenance of strong cyber security policies and technologies. These range from the most simplistic approach such as not allowing devices to run at factory defaulted settings, to more complex strategies such as fully encrypting traffic between the edge devices and the rest of the network. Having tools to implement cyber security policies is key to being able to implement policies quickly and easily. Being able to patch firmware, change passwords, push out https certificates, historically, took a lot of time and manual configuration. New tools have allowed us to implement these important changes quickly and easily with less human effort while minimizing any potential downtime. It starts with having surveillance products that have built in protection by design and not as an afterthought.
Gavin Daly is the architect and engineering manager at Axis Communications. He provides technical expertise and personalized advice for both internal and external customers.