MOBOTIX ‘Cactus Concept’ protects every element of a device from cyber attacks before it’s too late!

Regional Sales Manager, UK, Ireland & Benelux, MOBOTIX

Author Bio ▼

Frank has been with MOBOTIX for almost 6 years and in the security industry for 37 years and has been active in all aspects from engineering through to sales and management. Frank has seen the various revolutions that have taken place in our industry from tube cameras to solid state analogue as well as the digital transformation and into the IP age and now IoT and Industry 4.0
June 14, 2018

Sign up to free email newsletters

Download

Returning to the workplace: How access control plays a vital role in a safe and secure return strategy

Video surveillance ensures safety and security for billions of people each day, yet video is used for more than just security applications.

The uses of video are applied to number plate recognition for road charging schemes as well as to powerful visual inspection systems able to detect faults in machines to allow proactive maintenance.

However, these same systems are increasingly becoming the target of cyber-attacks by perpetrators ranging from criminals, sponsored actors or agents engaged in business espionage.

In addition to attacks that aim to disable or intercept, video surveillance devices can also be taken over and held to ransom or even used as weapons – called botnets – to generate huge amounts of junk traffic that can overload legitimate websites.

In the past, attacks against video surveillance networks were rare due to the closed nature of systems that would often link by private directly cabled networks to on-site control rooms. However, times have changed, and modern video cameras are effectively computers running software connected to a video camera. With the rise of the internet and lower cost cameras, video surveillance systems are increasingly accessible over any IP network.

The disablement of video surveillance and access control technologies can lead to loss of life

Where modern video surveillance and access control technologies have helped to protect people, places and property, the disablement of these systems can lead to potential loss of life and other significant damage through targeted and more successful criminal attacks. Video surveillance systems are increasingly a mandated requirement for certain licensed premises or as part of an insurance coverage. 

However, if a video surveillance system is rendered inoperable due to a preventable cyber-attack and a crime is committed but not captured on camera – insurance providers could refuse to honour any claim that fails to meet the terms of coverage.

In terms of privacy, the theft of sensitive video images could well breach laws such as GDPR and across all these areas, if negligence can be proven, there is the potential for significant reputational damage, regulatory action, fines and even criminal prosecutions.

Industry position

Video surveillance and access control devices are part of a category of technologies called the Internet-of-Things (IoT). Technology firms and analysts such as Gartner, Cisco and others estimate up to 50 billion IoT devices will be in use by 2020.

Unlike radio transmitters, TV stations or motor vehicles, there is almost no legislation around what can be attached to the internet.

MOBOTIX believes in the ‘Cactus Concept’: protecting every element of the design, manufacturer and operation of each device along with end-to-end encryption across the entire usage and management cycle

There are no mandated standards around how secure an item must be and as technology becomes more autonomous, there is a risk that unsecured devices will attract virus like epidemics that used to plague desktop PC users could start to re-appear on devices like video surveillance camera networks for which there is few ways to either detect or quickly defeat the problem.

This lack of regulatory standards means that many video surveillance and access control manufacturers have tended to cut corners leading to unsecured devices and few on-going software patches to ensure technology remains protected against newly discovered threats.

How is the industry responding to cyber threats?

As an industry leader within digital video surveillance, MOBOTIX believes in the ‘Cactus Concept’ that protects every element of the design, manufacturer and operation of each device along with end-to-end encryption across the entire usage and management cycle.

MOBOTIX is unusual within the industry as it develops all its own software. This innovative approach offers significant benefit when it comes to security. By controlling the entire chain of software development, MOBOTIX is less vulnerable to third party weaknesses that have impacted other brands where a vulnerability within a third-party software component or hardware leads to a security problem.

End-to-end security

The security by design ethos has been within the company from day one and this is evident across several areas including secure software and development where All MOBOTIX devices are built on top of a modified and secured Linux OS that removes standard services and modules.

MOBOTIX has built a secure file system that means if a camera is physically hacked or stolen, recorded video still in the camera cannot be retrieved without gaining administrator rights protected through secure configuration processes

This extends to security and secure communication which ensures that all the recordings generated by the camera are encrypted internally and this starts with the ring buffer that uses the built in SD card in each camera. MOBOTIX has built a secure file system that means if a camera is physically hacked or stolen, previously recorded video still in the camera cannot be retrieved without first gaining administrator rights that are protected through the secure configuration processes as described previously.

The next step is secure device and network communication that ensures all data exchanged between every MOBOTIX camera and other hosts in the network can be encrypted to ensure confidentiality and integrity of data in transit. HTTPS (SSL/TLS) and certificates are all supported as standard to meet the best practice guidance that resides within the major security frameworks from experts such as the SANS institute.

MOBOTIX also includes built in support to manage unique X.509 certificates on each camera and Root Certificate Authorities to allow organisations to extend device security to include cameras and Doorstation devices authenticated via systems like OpenVPN. This means that if a camera is physically stolen or hacked, an attacker can’t use the credentials within a compromised camera to attack the rest of the network of cameras.  All these steps must be continually tested and audited as the cyber security threat landscape is constantly evolving.

Leading by example

Although MOBOTIX is a leader in this area, others within the industry are starting to wake up to the issues. By providing the tools to help our customers build more secure environments along with a commitment to making security a fundamental part of the MOBOTIX value proposition, we believe that our peers in the industry, customers and government agencies will be in a better position to protect the very technologies and systems that help make society safer for all.

See MOBOTIX at IFSEC International 2018 on Stand Number C310 at ExCel London 19-21 June 2018. Register here to discuss your cyber security needs before it’s too late.

About MOBOTIX

All over the world sites are protected by using MOBOTIX IP video technology. It delivers absolute reliability even in the most challenging conditions. From Oil Rigs in the North Sea, to World Heritage Sites in remote deserts, whether it is helping scientists at an Arctic research centre or greeting climbers at the top of Mount Everest; MOBOTIX equipment is designed with no moving parts to provide the best overall return on investment. An extended operating lifetime is guaranteed and further enhanced by continual software upgrades.

 

‘Secure by Default’ in the Age of Converged Security: Insights from IFSEC 2019

From data security to the risks and opportunities of artificial intelligence, the conversations at IFSEC International shape future security strategies and best practices. This eBook brings you exclusive insights from these conversations, covering:

  • A Global Political and Security Outlook from Frank Gardner OBE
  • Surveillance Camera Day: Tony Porter launches ‘Secure by Default’ requirements for video surveillance systems
  • Using Drones to Secure the Future
  • Autonomous Cars and AI: Relocating human incompetence from drivers to security engineers?
  • The Ethical and Geopolitical Implications of AI and Machine Learning

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Topics: