IP CCTV surveillance system end users “must consider network security” warn BSIA member companies

Simon Adcock: chairman of the BSIA's CCTV Section

Simon Adcock: chairman of the BSIA’s CCTV Section

Members of the British Security Industry Association’s (BSIA) CCTV Section have issued a stark warning that end users of IP-connected CCTV systems should be taking cyber security very seriously indeed.

In an article published by The Times, Nigel Inkster (former director of operations and intelligence at MI6) raises concerns about the threat to national security through vulnerabilities in IP (Internet Protocol)-connected CCTV systems including components manufactured in countries that have a reputation for State-sponsored espionage.

While the integration of video surveillance solutions with IP networks carries significant benefits – among them the offer of potentially cheaper and easier installation, the ability to distribute video images more widely and the ease with which additional cameras can be added to the network at a later date – they’re also potentially vulnerable to cyber attacks.

Unsecured cameras can become the weak link that provides hackers with an entry point to a network. From here, the risks to businesses may include sabotage (such as disrupting operations, potentially leading to lost productivity and revenue), stolen personal data (eg financial or health information, potentially resulting in loss of customer trust, the denigration of a brand and, ultimately, lost profits) and stolen intellectual property or trade secrets. Marketing plans or R&D data that fall into the wrong hands could result in a loss of competitive advantage.

There’s also the potential for extortion, whereby the company or individuals involved have to pay a ransom to regain access to their system or data, or perhaps regulatory action or negligence claims (such as penalties from a Government agency or civil lawsuits).

Mitigating the risks

Mitigating these risks must be a priority for each party involved in the supply chain. Manufacturers should ensure that accidental design or implementation errors are kept to a minimum and that systems are regularly scanned for vulnerabilities. They should be proficient in secure coding and testing procedures and also ensure that their products are capable of supporting the stringent controls necessary for secure network communication.

This may include end-to-end encryption with SHA-2 and TLS, encrypted database communication, system auditing, alerting and management, Distributed Denial of Service protection, the restriction of ports, protocols and services, highly ‘customisable’ user access and permissions and archive, failover and high availability.

Simon Adcock, chairman of the BSIA’s CCTV Section, explained: “Responsible installers and integrators will conduct a risk-based approach towards any system design, taking into account the origin of the hardware in the design and whether this presents a potential risk to the customer. Anyone who’s designing a system or making decisions on behalf of an end user should be considering the security of the hardware they’re installing, ensuring that it’s robust and manufactured responsibly. Responsible installers will also ensure that the system they’ve installed is protected from cyber attacks by changing the manufacturer’s default system credentials.”

Adcock went on to state: “Ultimately, an end user must take responsibility for the security of their network. When procuring an IP-connected surveillance system, end users must use the services of a reputable installer or integrator that’s fully committed to Best Practice. They should also ensure that they have comprehensive cyber security and information security policies in place.”

*Members of the BSIA’s CCTV Section are fully committed to Best Practice and comply with all relevant security standards. To locate a reputable CCTV supplier for your surveillance project visit www.bsia.co.uk

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts