Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceIdentity ManagementPhysical SecurityVideo SurveillanceCybersecurity News

The trusted supply chain and cybersecurity

By Aaron Saks
Strong Cybersecurity: The Critical Role of Lifecycle Management - Security Magazine
October 23, 2020

There are few discussions in the physical security business that don’t at some point focus on the topic of cybersecurity. One area frequently missing from these conversations is the importance of a trusted supply chain for manufacturers. Since a product is only as good as the hardware and software inside it, examining how something is built can give us rapid insight into its potential vulnerabilities and overall cyber worthiness. The NDAA (National Defense Authorization Act) ban is particularly focused on the subject of component sourcing for security devices. What is inside that device that could be exploited? Where did it come from? What do we know about the manufacturing process? These are all important questions about the manufacturing supply chain that need to be considered by anyone who cares about cybersecurity.

 

Supply chain responsibility

The easiest way to reassure customers that your system is compliant and cybersecure is to make everything yourself. However, that’s not always practical for many companies who rely on 3rd parties to supply critical components that they themselves do not manufacture. It’s also true that not every part, (resistors, transistors, and more) has a cyber aspect that can be exploited. So, worrying or restricting products over individual piece parts is unnecessary. There are, however, many OEM and re-labeled products on the market in which companies utilize external 3rd party technology in the form of processing chips, codec modules, network interface components, and more to perform certain complex tasks that could potentially be exploited. This is where knowledge of the supply chain and manufacturing process becomes so crucial. It might be very difficult to get information about a company’s supply chain and processes since it may not be seen as an asset or selling point to disclose such data. When in doubt, try and find a manufacturer who creates and assembles as much the technology ‘in house’ as possible. An ‘end-to-end’ solution will include not just the manufacturing and sourcing of trusted parts, but also the final assembly, QC and logistics including managing the entire product lifecycle including updates and fixes. Any reputable manufacturer should be willing to divulge where they source their parts, where their products are made and how they are tested, otherwise they may not be in full compliance with things like the NDAA.

 

Testing and certification

If a company tells you its products are cybersecure, should you just believe them? It’s important to look for independent verification. White hat hackers are frequently employed by responsible manufacturers to test products for vulnerabilities. Penetration testing specifically probes devices for a way inside. And since hacking techniques are always evolving, it’s important that testing is periodically updated to expose new exploits that must be patched with firmware updates. It may seem like a no-brainer, but not every company is as diligent about continual testing and generating updates. Being able to fix weaknesses that are discovered after a product has been released to market is a critical component to cybersecurity policy best practices.

Until recently, there hasn't been any internationally recognized standard for cybersecurity for IoT products such as security cameras and supporting devices and software. The UL CAP (UL Cybersecurity Assurance Program) is a newer certification service designed to help organizations manage their cybersecurity risks and validate their cybersecurity capabilities to the marketplace. Products that achieve UL CAP certification go through rigorous testing and have had their processes vetted by an independent, respected agency. Choosing a product with UL CAP certification should provide end users with additional peace of mind.

 

Pandemic cybersecurity challenges

When you think of traditional cybersecurity defenses, IT departments try to silo their critical systems behind firewalls, sometimes choosing to have an ‘air gap’ between the most sensitive systems and the internet. With the pandemic and people working from home, IT departments may have unwittingly made their systems easy targets in the rush to get employees the access they need. Likewise, there are fewer “eyes” watching systems when no one is in the NOC (network operations center) looking for threats and noticing anomalies like before. Companies may have rushed to install additional cameras and access systems knowing their buildings would be empty for prolonged periods. In their haste, did they properly lock down their systems or did they just create new vulnerabilities?

Opening up and forwarding ports can be a quick way to get people access but can be a very risky way to solve the challenges of remote access. For security professionals, it might be a great time to investigate secure cloud access to systems. There are options that allow users to log in and gain access to their VMS and video feeds in seconds. Adding remote access to law enforcement or loss prevention teams should to be simple, but not at the expense of cybersecurity and privacy. Remember to do your homework and choose vendors with a supply chain and process you can trust. Knowing your devices are cybersecure by design greatly simplifies the task of keeping your entire network safe during these challenging and unprecedented times.

KEYWORDS: cyber security physical security risk management video management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Aaron saks
Aaron Saks is Product and Technical Manager at Hanwha Techwin America.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • critical-infrastructure-freepik

    Shoring up cybersecurity in critical infrastructure and the nation's defense supply chain

    See More
  • Locked vault

    Fortifying the software supply chain: A crucial security practice

    See More
  • supply-chain-sec-freepik1170x658v6.jpg

    Don’t break the chain: How to secure the supply chain from cyberattacks

    See More

Related Products

See More Products
  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • databasehacker

    The Database Hacker's Handboo

  • s and the law.jpg

    Surveillance and the Law: Language, Power and Privacy

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!