Cyber Security: CCTV Integrators Must Step Up
Mobotix cameras have more than usually capable cyber security credentials.
Cyber security has become a key element of CCTV installation, with most camera manufacturers having enhanced their devices to ensure they conform with the latest cyber security functionalities. But with many cameras installed more or less default, installers and integrators need to pay more attention to configuring cyber security settings to eliminate vulnerabilities.
Todd Dunning of Pelco says most CCTV camera makers have upped the cyber security capability of their devices and he argues it’s important for security integrators to enhance their ability to apply these features.
“Over the last decade, the emergence of the internet of things (IoT) and a demand for more video data has changed the way businesses operate,” says Dunning. “But as the rise in connectivity increases, so too does the need for increased security for physical assets, networks, and valuable corporate data.
“Camera manufacturers have absolutely stepped up their game when implementing cybersecurity-centric design into not only surveillance camera technology, but also VMS solutions. Some manufacturers have gone so far as to establish teams dedicated to meeting current standards set forth by federal and state governments, as well as ensuring best practices are being followed to help foster greater network security and protection.
“As a vendor in the video surveillance market, we are entrusted to provide secure products and guidelines to safeguard solutions from various types of risks, including cyber vulnerabilities,” Dunning explains.
“We think it’s crucial for manufacturers to work with integrators who understand how to speak the language increasingly being used by IT departments working alongside physical security leaders to implement solutions on a network.
“We need to formulate a plan that protects all aspects of a network, and keeps up with ongoing recommendations for establishing updates when vulnerabilities are detected. A dialogue between cyber, IT, and physical security is necessary to help leaders gain a greater knowledge of how to best collaborate to ensure complete protection, which includes the integrator partnership.”
With modern systems cyber security stretches off-site, too. According to Dunning remote management of VMS platforms can pose a threat to the information being shared if protocols are not in place to protect organizations from outside threats.
“Reviewing VPN capacity when in use by remote workers and teams is critical to ensuring data protection, as well as establishing basic methods of device protection (namely, 2-factor authentication that can include a mixture of passwords and biometrics),” he says. “It’s essential that remote management best practices are put in place by an organization aimed at providing regular security checks and updates to manage device configurations and ensure that data is protected.”
Meanwhile, Tony Luce of Network Optix says cyber security threats are a growing and continuous concern for all software vendors.
“As a system gets more complex there are more opportunities for bad actors to find vulnerabilities which can be taken advantage of in said system,” Luce says.
“Nx addresses these threats by deprecating older technology, utilizing industry-standard approaches to mitigate cyberattacks, and undergoing regular cyber security audits to address any known vulnerabilities prior to every major release.
“It’s our job to make sure our software is as secure as we can make it and every company in the IP video industry needs to be vigilant as video surveillance becomes more ubiquitous and integrators and end-users should also keep their systems up-to-date.”
According to Mark Shannon of BGWT, the Tier 1 camera vendors BGWT represents have long had excellent cyber security credentials.
“This is why government and enterprise customers select these brands and typically not the lower cost volume brands,” he says. “This philosophy applies to both devices and VMS. It is not just up to the security integrators though, but to the whole surveillance industry. The end user needs to have cybersecurity and should ask for it, the consultant should have cybersecurity specified and the system integrator should implement cybersecurity.
“There are a whole lot of ‘shoulds’ in that statement and the ideal position is to make them all happen. Talking about it is the first place to start but taking the next step is all about <I>wanting<I> cybersecurity to happen. Awareness is the key, and explaining to customers what can happen if a system is breached always goes a long way to getting engagement. We all know cyber protection comes at a cost but what is the cost if something is hacked?”
Milestone Brett Hansen says cyber security is always being enhanced and further developed with camera manufacturers, as individuals will continue their attempts to exploit vulnerabilities and breach network security.
“It’s also crucial that security integrators are proficient in their knowledge of system hardening and seek camera products with the highest levels of hardening,” Hansen says. “It’s prudent that integrators don’t just rely on the camera manufacturer holistically but adopt measures and utilise tools to ensure network security for their customers.”
Andrew Cho of EOS believes camera developers have upped the ante around cyber security and the whole industry must work together on cyber security.
“As a software developer integrating cameras every day, we see a broad spectrum of quality of cameras in terms of drivers, and security level,” he says. “We work with all of them, so the end-user always has complete choice. Moving forward, as a security solution, we must do everything we can to ensure the security is maximized using the latest technologies. This is very important to Digifort and should be important to everyone in the security industry.”