Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Cyber security warning to CCTV users

British Security Industry Association (BSIA) : 23 September, 2016  (Technical Article)
The BSIA is warning IP based surveillance system operators to be aware of the cyber security risks and ensure their systems are secure
Cyber security warning to CCTV users

Members of the British Security Industry Association’s CCTV section have today warned that end users of IP connected CCTV systems should be taking cyber security seriously.

In an article published by The Times, Nigel Inkster, former Director of Operations and Intelligence at MI6, raised concerns about the threat to national security through vulnerabilities in IP (Internet Protocol) connected CCTV systems including components manufactured in countries that have a reputation for state-sponsored espionage.

Whilst the integration of video surveillance with IP networks carries significant benefits – including offering potentially cheaper and easier installation, the ability to distribute video images more widely and the ease at which additional cameras can be added to the network at a later date – they are also potentially vulnerable to cyber attacks.

Unsecured cameras can become the weak link that provides hackers with an entry point to a network. From here, the risks to businesses may include: sabotage, such as disrupting operations, potentially leading to lost productivity and revenue; stolen personal data, such as financial or health information, potentially resulting in loss of customer trust, denigration of brand, and ultimately lost profits; stolen intellectual property or trade secrets, such as marketing plans or research and development data that could result in a loss of competitive advantage; extortion, where the company or individuals pay ransom to regain access to their system or data; regulatory action or negligence claims, such as penalties from a government agency or civil lawsuits.[1]

Mitigating these risks must be a priority for each party involved in the supply chain. Manufacturers should ensure that accidental design or implementation errors are kept to a minimum and that systems are regularly scanned for vulnerabilities. They should be proficient in secure coding and testing procedures and should ensure that their products are capable of supporting the stringent controls necessary for secure network communication.

This may include:

* End to End Encryption with SHA-2 & TLS
* Encrypted database communication
* System auditing, alerting and management
* Denial of service protection
* Restriction of ports, protocols and services
* Highly customisable user access and permissions
* Archive, failover and high availability

Chairman of the BSIA’s CCTV section, Simon Adcock, comments: “Responsible installers and integrators will conduct a risk-based approach to any system design, taking into account the origin of the hardware in the design and whether this presents potential risk to the customer. Anyone who is designing a system or making decisions on behalf of an end user should be considering the security of the hardware they are installing, ensuring that it is robust and manufactured responsibly. Responsible installers will also ensure that the system they have installed is protected from cyber attacks by changing manufacturer’s default system credentials.

“Ultimately, an end user must take responsibility for the security of their network. When procuring an IP connected surveillance system, end users must use the services of a reputable installer / integrator that is fully committed to best practice. They should also ensure that they have comprehensive cyber security and information security policies in place” concludes Adcock.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo