In a world where devices of all types are connected to networks, the need to maintain strong cybersecurity is greater than ever. For organizations, particularly those that retain financial and other sensitive company and customer data, cybersecurity is critical, as the results of a network breach could be catastrophic.
Like any IP-based technology, physical security devices and systems can also be vulnerable to breaches, but there are a number of actions you can take to reduce that likelihood. One of the first steps is to develop a written cybersecurity strategy that can be used to ensure that all devices comply with company policy. With regard to the specifics of this policy, there are a number of factors that will come into play, such as compliance with industry and government regulations and standards, such as GDPR, ISO 27001, PCI and others. It is also important to ensure that physical security devices are aligned with standard risk-management tools and practices like the NIST Cybersecurity Framework.
When developing the cybersecurity strategy, the following five factors are key to ensuring that physical security and other devices provide strong protection to prevent network breaches.
Patching and Updating
Ensuring that device software patches and updates are applied consistently on an ongoing basis is one of the most effective strategies for maintaining cybersecurity. These updates address known and emerging vulnerabilities, but they often go uninstalled because it’s not clear who has responsibility for that function.
In creating a cybersecurity strategy, ownership of those actions must be clearly spelled out. The task may fall to a specific individual or department within your organization (physical security or IT, for example), or the integrator may take responsibility as part of an ongoing maintenance or warranty agreement. Without clearly defining roles, these vital tasks can easily fall through the cracks.
Regardless of who bears responsibility for patching and updating, having a test lab that is separated from the production network is key, provided that ownership of the lab and the testing process is clear.
It’s likely that your IT department routinely scans devices connected to the network, which could number in the hundreds of thousands or millions, depending on the size of the organization. However, taking physical security devices at face value without context for what they do, why they do it and what security controls they employ, the settings and features of these solutions may appear to be at odds with general IT best practices and organizational cybersecurity policies.
For example, the UK recently passed “secure by default” legislation, which requires manufacturers to connect their devices via HTTPS. As a result, devices often ship with self-signed certificates, which will show up as red flags in IT scans. Therefore, it’s important to explain the necessity - and security - of these certificates to the IT department to avoid problems.
Another consideration is that device manufacturers’ firmware often uses other vendors’ code for network services, such as OpenSSL and Apache Web Server. Organizations need to understand that when they buy a product, they are dependent on those code vendors as well as the manufacturer. As a result, even though vulnerabilities identified by IT scans will be reported immediately, devices can’t be updated immediately because vendors have to work with those other providers to develop a patch and QA/test it. This requires discussions with your IT department to come up with short-term mitigations like limiting traffic (whitelisting) until a patch is available.
In the past, it may have been reasonable to expect to get seven to 10 years of use out of a surveillance camera, particularly analog models. While this may still be feasible, there can be a lot of liability around older models, which may no longer be supported by the manufacturer. Without the ability to take advantage of the latest cybersecurity patches or firmware updates, these cameras can be vulnerable to attack.
As a result, five to seven years at most is a more realistic timeframe for replacing IP cameras, but swapping out an entire surveillance ecosystem at once can be time-consuming, labor intensive and expensive, often prohibitively so. So rather than plan a full technology refresh, it’s best to plan to replace about one-fifth of cameras each year on an ongoing basis. This allows you to constantly cycle through to ensure cameras are protected by newer, more effective cybersecurity features with the added bonus of shifting costs from capital to operating expenses.
The Importance of Documentation
Many manufacturers publish a hardening guide to help support security professionals in securing devices against cyber threats. These documents provide a baseline configuration for dealing with the ever-evolving threat landscape, and the installer’s job is to match what’s contained in that documentation with an organization’s cybersecurity policy. Therefore, a solid, written cybersecurity policy is essential to ensuring physical security equipment and systems deliver the level of protection your organization requires.
Integrators who have this information at hand when deploying systems are also able to provide peace of mind in the form of written documentation that all devices and systems they’ve deployed are in compliance with policies.
Ensure Supply Chain Security
From a cybersecurity perspective, it’s important to know exactly where products are coming from and how vendors are securing their devices prior to shipping them to resellers and security professionals.
Many device manufacturers have taken steps to ensure that no one can use the supply chain as an attack vector. These include TPM (trusted platform module), signed firmware and secure boot features, preferably a combination of all three. A TPM chip stores encryption keys and certificates specific to the host system for hardware authentication. This encryption key is maintained within the chip and cannot be extracted. Secure boot takes the signed firmware checks the signed hash downloaded from the manufacturer. Once decrypted, there are signed hashes also in the boot sector of the firmware that are also checked.
Using a product that offers secure boot ensures that no one has tampered with the code between manufacturing and deployment. In the unlikely event that someone alters the device firmware with malware the device simply won’t start up, because overall signed firmware hash and the hashes in the firmware are altered. In addition to protecting devices along the supply chain, this also helps mitigate potential insider threat once the device has been installed.
These five factors provide a strong framework for ensuring that hackers and others will not be able to use physical security devices as an entry point into overall networks and systems. Therefore, when developing a cybersecurity strategy, these considerations, combined with a written policy, should play a key role in maintaining overall protection, which is vital given the number and types of devices that are attached to the network.