Research firm IHS Markit predicts that by the end of 2016, networked surveillance cameras will account for one-third of the installed base of 62 million cameras in North America. In fact, almost all new security devices are IP-based: access control panels, access control readers, door locks and fire detectors. Whether you have a handful or hundreds of these devices in your network, they are vulnerable to a growing number of security threats.
The Wall Street Journal and other media outlets recently reported on a massive denial-of-service attack launched by network cameras. According to the Journal, “Attackers used an army of hijacked security cameras and video recorders to launch several massive Internet attacks…” on French web host provider OVH and U.S. security researcher Brian Krebs. These and similar breaches are becoming more common and have been a wake-up call to the physical security industry.
Do not take for granted that your internal staff or your vendors are fully hardening your video surveillance system against security breaches. Here are the security vulnerabilities to be aware of and automation capabilities that can help.
Emerging Vulnerabilities
Many IP-based security systems have inherent vulnerabilities that can be exploited to perform cyber attacks due to the following:
- Physical Exposure: By necessity, many security devices are installed outside or near doors on the network perimeter, leaving physical network ports accessible and vulnerable to a rogue laptop or other devices. There have been instances where rogue laptops have been used as intermediaries to siphon a lot of sensitive data from an organization.
- Lack of Awareness: Fully hardening networked cameras against a security breach often requires a detailed understanding of network operations and a labor-intensive process. Indeed, the AXIS Communications Hardening Guide, an industry standard, has 24 pages of best practices for organizations large and small.
Unfortunately, many installers and physical security pros are not familiar with cybersecurity measures and do not have the expertise to address these issues. In addition, they rarely contemplate cybersecurity within the camera installation design. Even initially well-protected and isolated “camera-only” networks can suffer security weaknesses brought about by unintended connections that bridge to the main corporate network.
- Working in Silos: Physical security and IT departments need to work in coordination to follow the organization’s network security policies and clearly define responsibility for deploying updated camera firmware issued by manufacturers to address vulnerabilities.
- Device Vulnerabilities: While many security device manufacturers are better protecting their products, many network cameras and access control devices are not sufficiently hardened to protect against potential attack from emerging cyber threats.
Reducing Risk with Automation
Physical security professionals should not have to be Certified Cisco Network Associates (CCNA) to install and maintain security systems. Automated cyber protection mechanisms can reduce threats by implementing best practices for hardening IP cameras and other security devices. Automation reduces the workload and knowledge required to properly install these systems and maintains adequate protections as threats evolve.
Security managers need visibility into and control over the entire physical security ecosystem. Monitoring to the server or switch is insufficient. Visibility is needed down to the source cameras, with alerts to the security manager when cameras are damaged or settings are incorrect.
On the front end, automation tools can configure best practices such as enabling a protected VLAN for the security system, changing a camera’s default login credentials and binding the camera’s MAC-ID to switch ports to ensure that other rogue devices are not plugged into exposed Ethernet ports on the perimeter of the network.
Once the system is installed, automated cyber protections can also monitor network flows, detect abnormalities and respond immediately to suspected attacks. For example, automation tools can alert and intervene when the following threats are detected:
- Cable changes: disconnecting or changing cable lengths
- Connecting a new device or disconnecting an existing one
- Data flow/ direction changes
- Abnormal bandwidth consumption
- Abnormal power consumption
- Camera image quality changes
- Camera connecting directly to external IP addresses
When abnormal behavior is detected, automation tools can generate alerts and take proactive interventions such as disabling a device’s data or power port.
The last thing you want is to discover that your video surveillance system was not working when a potentially devastating security incident occurred. Ensure that your physical security employees and vendors – as well as your IT staff – are fully educated and prepared to secure your video surveillance system. Look for automation to help fill in the gaps and put your security firmly where it belongs: under your full control.