On The Network

Brian Sims BA (Hons) Hon FSyI: Editor of Risk UK

Brian Sims BA (Hons) Hon FSyI: Editor of Risk UK

Members of the British Security Industry Association’s (BSIA) dedicated CCTV Section have issued a stark warning that end users of IP-connected CCTV systems should be taking cyber security very seriously indeed.

In an article recently published by The Times, Nigel Inkster (former director of operations and intelligence at MI6) raised concerns about the potential threat posed to national security through vulnerabilities in IP (Internet Protocol)-connected CCTV solutions (including components manufactured in those nations harbouring a reputation for state-sponsored espionage).

While the integration of video surveillance solutions with IP networks carries significant benefits – among them the offer of potentially cheaper and easier installation, an ability to distribute video images more widely and the ease with which additional cameras may be added to the network at a later date – the end result is also potentially vulnerable to cyber attack.

Unsecured cameras can become the weak link that provides hackers with an entry point to the corporate network. From that juncture, the risks to businesses may include sabotage (ie disruption of operations, potentially leading to lost productivity and revenue), stolen personal data (eg financial or health information, potentially resulting in loss of customer trust, the denigration of a brand and weakened profits) and intellectual property or trade secrets falling into the wrong hands.

On top of that, marketing plans or R&D data appropriated by criminal types could result in a loss of competitive advantage.

There’s also the potential for extortion, whereby the company or individuals involved have to pay a ransom to regain access to their systems or data, or perhaps regulatory action or negligence claims (such as penalties issued by a Government body).

Mitigating these risks must be a key priority for each party involved in the supply chain. Manufacturers should ensure accidental design or implementation errors are kept to an absolute minimum and that systems are regularly scanned for vulnerabilities. They should be proficient in secure coding and testing procedures, and also make certain their products are capable of supporting the stringent controls necessary for secure network communication in today’s business landscape.

This may include end-to-end encryption with SHA-2 and TLS, encrypted database communication, system auditing, alerting and management, DDoS protection, the restriction of ports, protocols and services, highly ‘customisable’ user access and permissions and archive, failover and high availability.

Simon Adcock, chairman of the BSIA’s CCTV Section, told Risk UK: “Ultimately, end users must take responsibility for the security of their networks. When procuring an IP-connected surveillance solution, they must use the services of a reputable installer or integrator that’s fully committed to Best Practice. They should also guarantee that they have comprehensive cyber security and information security policies in place.”

For their part, responsible installers need to ensure that the system they’ve put in place is protected from cyber attacks by dint of changing the manufacturer’s default system credentials.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts