Video surveillance ensures safety and security for billions of people each day, yet video is used for more than just security applications.
The uses of video are applied to number plate recognition for road charging schemes as well as to powerful visual inspection systems able to detect faults in machines to allow proactive maintenance.
However, these same systems are increasingly becoming the target of cyber-attacks by perpetrators ranging from criminals, sponsored actors or agents engaged in business espionage.
In addition to attacks that aim to disable or intercept, video surveillance devices can also be taken over and held to ransom or even used as weapons – called botnets – to generate huge amounts of junk traffic that can overload legitimate websites.
In the past, attacks against video surveillance networks were rare due to the closed nature of systems that would often link by private directly cabled networks to on-site control rooms. However, times have changed, and modern video cameras are effectively computers running software connected to a video camera. With the rise of the internet and lower cost cameras, video surveillance systems are increasingly accessible over any IP network.
The disablement of video surveillance and access control technologies can lead to loss of life
Where modern video surveillance and access control technologies have helped to protect people, places and property, the disablement of these systems can lead to potential loss of life and other significant damage through targeted and more successful criminal attacks. Video surveillance systems are increasingly a mandated requirement for certain licensed premises or as part of an insurance coverage.
However, if a video surveillance system is rendered inoperable due to a preventable cyber-attack and a crime is committed but not captured on camera – insurance providers could refuse to honour any claim that fails to meet the terms of coverage.
In terms of privacy, the theft of sensitive video images could well breach laws such as GDPR and across all these areas, if negligence can be proven, there is the potential for significant reputational damage, regulatory action, fines and even criminal prosecutions.
Video surveillance and access control devices are part of a category of technologies called the Internet-of-Things (IoT). Technology firms and analysts such as Gartner, Cisco and others estimate up to 50 billion IoT devices will be in use by 2020.
Unlike radio transmitters, TV stations or motor vehicles, there is almost no legislation around what can be attached to the internet.
MOBOTIX believes in the ‘Cactus Concept’: protecting every element of the design, manufacturer and operation of each device along with end-to-end encryption across the entire usage and management cycle
There are no mandated standards around how secure an item must be and as technology becomes more autonomous, there is a risk that unsecured devices will attract virus like epidemics that used to plague desktop PC users could start to re-appear on devices like video surveillance camera networks for which there is few ways to either detect or quickly defeat the problem.
This lack of regulatory standards means that many video surveillance and access control manufacturers have tended to cut corners leading to unsecured devices and few on-going software patches to ensure technology remains protected against newly discovered threats.
How is the industry responding to cyber threats?
As an industry leader within digital video surveillance, MOBOTIX believes in the ‘Cactus Concept’ that protects every element of the design, manufacturer and operation of each device along with end-to-end encryption across the entire usage and management cycle.
MOBOTIX is unusual within the industry as it develops all its own software. This innovative approach offers significant benefit when it comes to security. By controlling the entire chain of software development, MOBOTIX is less vulnerable to third party weaknesses that have impacted other brands where a vulnerability within a third-party software component or hardware leads to a security problem.
The security by design ethos has been within the company from day one and this is evident across several areas including secure software and development where All MOBOTIX devices are built on top of a modified and secured Linux OS that removes standard services and modules.
MOBOTIX has built a secure file system that means if a camera is physically hacked or stolen, recorded video still in the camera cannot be retrieved without gaining administrator rights protected through secure configuration processes
This extends to security and secure communication which ensures that all the recordings generated by the camera are encrypted internally and this starts with the ring buffer that uses the built in SD card in each camera. MOBOTIX has built a secure file system that means if a camera is physically hacked or stolen, previously recorded video still in the camera cannot be retrieved without first gaining administrator rights that are protected through the secure configuration processes as described previously.
The next step is secure device and network communication that ensures all data exchanged between every MOBOTIX camera and other hosts in the network can be encrypted to ensure confidentiality and integrity of data in transit. HTTPS (SSL/TLS) and certificates are all supported as standard to meet the best practice guidance that resides within the major security frameworks from experts such as the SANS institute.
MOBOTIX also includes built in support to manage unique X.509 certificates on each camera and Root Certificate Authorities to allow organisations to extend device security to include cameras and Doorstation devices authenticated via systems like OpenVPN. This means that if a camera is physically stolen or hacked, an attacker can’t use the credentials within a compromised camera to attack the rest of the network of cameras. All these steps must be continually tested and audited as the cyber security threat landscape is constantly evolving.
Leading by example
Although MOBOTIX is a leader in this area, others within the industry are starting to wake up to the issues. By providing the tools to help our customers build more secure environments along with a commitment to making security a fundamental part of the MOBOTIX value proposition, we believe that our peers in the industry, customers and government agencies will be in a better position to protect the very technologies and systems that help make society safer for all.
See MOBOTIX at IFSEC International 2018 on Stand Number C310 at ExCel London 19-21 June 2018. Register here to discuss your cyber security needs before it’s too late.
IFSEC International 2018
Join IFSEC Global live at Europe’s only dedicated integrated security event. Register for free.
Meet over 600 exhibitors, test more than 10,000 of the latest security products, and discover best practice and future trends in an unrivaled seminar programme.
- Frank Gardner to chair the Keynote Arena
- Former US Secretary of Homeland Security to take Keynote stage
- Live attack testing in the LPCB/BRE Global Attack Zone
- Your chance to get hands on with the latest security innovations thanks to the brand new Show Me How feature
The following content is provided by IFSec Global, you can view the original article by visiting the IFSec Global Website