Genetec Q&A

“The ‘security of security’ is our top priority in the IoT era”

Avatar photo

Contributor

Author Bio ▼

Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
April 24, 2017

Sign up to free email newsletters

Download

Whitepaper: Multi-residential access management – The move to digital

With data protection laws being tightened and internet of things hacks proliferating, physical security vendors are talking a lot more about cybersecurity than they used to.

For Genetec, whose systems are popular in the enterprise space and installed in 70% of airports in the Middle East, safeguarding systems against cyberattack is a particularly urgent priority.

We spoke to Simon Cook, sales engineering manager EMEA and APAC, about the company’s defining mantra: the security of security.

Genetec has just been confirmed as sponsor for Borders & Infastructure Expo, which debuts at IFSEC 2017 in June.

IFSEC Global: Why is cybersecurity such a big priority for Genetec right now?

Simon Cook: The ‘security of security’ should be high on every physical security professional’s priority list. A large part of this is the recent growth in DoS, or denial-of-service, attacks that took place last year, targeting internet of things devices from cameras to campus vending machines.

But these things aren’t new; DoS attacks have been happening since the start of the internet and cybercrime.

The 21st Century has been characterised by a large growth in the IoT. This is great for business efficiency and personal communication, but the more devices that come online, the more vulnerabilities there are for cybercriminals to exploit, especially seeing as pretty much everything can be connected to the internet these days – even fridges!

“What we want to do is be sure that whatever is connected to our solutions via our customers’ networks is ‘pure’, or safe”

It’s pretty terrifying when you think about the potential of DoS attacks, which is only growing with the number of connected devices. Think about it: when you get 1.5 million devices generating over 600-odd gig of traffic, aimed at a handful of organisations, the result is going to be quite a serious attack.

The world that Genetec operates in seems, on the surface, to be largely physical as we deal with CCTV, access control and automatic number plate recognition (ANPR) to name a few. But, it’s important to recognise, which we do, that crime is moving away from the physical world and into the cyber.

This is why the surveillance market should be thinking more carefully about security from a cyber threat angle, rather than purely from the physical.

(Check out the latest solutions from Genetec at IFSEC International, 20-22 June 2017, London ExCeL. You can find Genetec on stand F500. Get your free badge now.)

This issue is also now consumer as well as commercial. More and more we see people with cameras at home that can be turned into a node and hacked, which in a way is even more worrying as they will lack the awareness and training to ensure their devices are protected that professionals in the security industry have.

What we want to do is be sure that whatever is connected to our solutions via our customers’ networks is ‘pure’, or safe. The vital thing is to work to continuously build up that level of security in response to the rapid development of cyber-crime. We call this the ‘security of security’.

We have a lot of high level enterprise customers – so a lot of banks, airports, big businesses etcetera – so access into their networks could open up some critical issues for customers. We need to make sure that whatever connects to our system does not open a door for potential attacks.

IG:  So what measures do you take to ensure connected systems are as robust against cyber-attacks as Genetec solutions?

When we develop our software we ask ourselves the important questions from the outset to ensure our tech is secured against anything which may try to attack it. Penetration testing, regression testing, adding devices and having them tested is all part of the development of the software – rather than relying on just reacting to cyber-crime by retrofitting after an attack.

We’ve done a number of regression tests on our software so we know our platforms are as secure as they can be. But, the cleverer you make the tech, the more sophisticated the attackers become – so it is a constant battle.

Another problem for us is that we want to be more open platform, so we don’t just connect cameras but access control, body-worn cameras, other third-party systems. So, in the unified space, when we try to build up one holistic platform, we have to do a lot of testing to ensure we can still call ourselves secure.

The way we counter this is through authorisation, authentication and encryption.

We start by using certificate-based authentication. This may sound complex, but if you use online banking, you have a certificate between yourself and the third-party so the browsers share certificates to verify you are who you say you are, and the banks are who they say they are.

“Some hardware we work with has a good level of security built in; some of the more traditional stuff is more legacy, and we have to compensate for these devices”

In terms of encryption, we used to use SSL. But, a quick google will now tell you that SSL can be hacked quite easily. There are even wiki pages about how to hack SSL within 20 minutes!

So we had to evolve and now use TLS, or transport layer security, which is a cryptographic protocol that provides communications security over a computer network, which is much more advanced.

The thing with hacking, it is company to company, person to person, government to government, and it can be used in many ways. It’s not always just the case that cybercriminals want to break in and steal your information or credit card.

Sometimes DoS attacks aim to bring websites or companies down for a period of time.

In the 50s, 60s and 70s we wanted to protect against bank robberies and attacks on people and property. But these days you can bring a company down without leaving your house.

So, we have to get smarter. Some hardware we work with has a good level of security built in; some of the more traditional stuff is more legacy, and we have to compensate for these devices. I’m sure you can see now why the security of security is something that always has to be top of mind for Genetec!

The industry already has to collaborate to make sure these devices connect to each other – presumably collaboration is just as important where cyber is concerned…

Absolutely. And it’s not just between manufacturers.

Whether it’s end users, integrators or consultants, to a lot of our customers we are trusted advisors. We don’t just sell kit and software and then move on to the next customer, and there is a gap of knowledge in the industry for this level and kind of security.

So we are trying to work with other manufacturers to collaborate with our systems integrators, consultants and end users so that best practice is followed.

Genetec has always been very IT-focused and we work with IT departments too. We want everyone that works with us to know that they can trust our solutions to be secure, and that we can offer them advice on security if they ever feel any confusion or worry about the security of their technology.

“Many of our customers are more enterprise level, so you can see how a breach could not only put company data at risk, but even people’s lives in some instances”

Is there any trade-off with convenience and the user experience when you tighten up cybersecurity?

We try and make the system as user-friendly as possible. When we talk about certificates and TLS, it’s all done at installation level. So the customer will work with one of our certified installers, who will be familiar with our product, and the operator shouldn’t notice any difference [to their user experience].

They just type the username and password on their client machine and the security is all done on set up. Once they are logged in, what they do and don’t have access to has already been set up according to company policy. All the clever stuff happens under the hood.

Cybersecurity is presumably a particularly high priority in critical national infrastructure?

Of course, many of our customers are more enterprise level, so airports, train stations, cities, high end retail, mid-tier retail – you can see how a breach could not only put company data at risk, but even people’s lives in some instances.

Airports, for example, are one of our largest sectors: at last count, 85 of the world’s largest airports use Genetec systems, and 70% of all airports in the Middle East – one of our fastest growing markets – are protected by Genetec Security Center systems.

As well as this, when it comes to urban security, we have worked with a lot of blue light services in city centres and they want us to do a lot of regression testing.

This is not something we’re doing just because it’s a buzzword or because of the DOS coverage last year. It’s to keep up to speed with developments to make sure we are in line with best practice. It goes back to building this into the core rather than being a retrofit after an event or attack.

And it’s equally important to encourage our partners and customers to be vigilant.

Now we’re starting to look at cybercrime insurance. As more devices come online, there are more data points and we need to be more cautious about what we are adding to the system.

We also need to continue our core precautions of regression and security testing to make sure that security devices don’t expose holes into our customers’ networks.

Presumably cybersecurity will be a big talking point on your stand at IFSEC 2017?

This will all be very much a focus when our customers – end users, integrators and consultants – visit the booth. See you at stand F500!

Check out the latest solutions from Genetec at IFSEC International, 20-22 June 2017, London ExCeL. You can find Genetec on stand F500. Get your free badge now.

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

VideoSurveillanceReport-FrontCover-23

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments