IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
The BSIA CCTV section has urged operators of IP-connected surveillance systems to do more to safeguard their systems against cyber attack, including changing the manufacturer’s default credentials.
The advice has been issued in the wake of a Times article that reported concerns from MI6 about the threat to national security from IP-connected CCTV systems.
Unsecured cameras can serve as a weak link through which hackers can gain access to an organisation’s wider compute network, warns the BSIA.
The consequences of a successful attack include the disruption of operations through sabotage, the theft of personal data and resultant brand damage, stolen intellectual property or trade secrets, ransom demands, and regulatory action or negligence claims.
But the association also said cyber security was the responsibility of other parts of the supply chain. Manufacturers, it advises, should ensure that accidental design or implementation errors are minimised and regularly scan systems for vulnerabilities. Secure coding and testing procedures should be the norm, while products should support the following:
End to End Encryption with SHA-2 & TLS
Encrypted database communication
System auditing, alerting and management
Denial of service protection
Restriction of ports, protocols and services
Highly customisable user access and permissions
Archive, failover and high availability
“Responsible installers and integrators will conduct a risk-based approach to any system design, taking into account the origin of the hardware in the design and whether this presents potential risk to the customer,” said Simon Adcock, chairman of the BSIA’s CCTV section.
“Anyone who is designing a system or making decisions on behalf of an end user should be considering the security of the hardware they are installing, ensuring that it is robust and manufactured responsibly. Responsible installers will also ensure that the system they have installed is protected from cyber attacks by changing manufacturer’s default system credentials.
“Ultimately, an end user must take responsibility for the security of their network. When procuring an IP connected surveillance system, end users must use the services of a reputable installer /integrator that is fully committed to best practice. They should also ensure that they have comprehensive cyber security and information security policies in place.”
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
IP CCTV managers warned: neglect cyber security at your perilThe BSIA CCTV section has urged operators of IP-connected surveillance systems to do more to safeguard their systems against cyber attack, including changing the manufacturer’s default credentials.
Adam Bannister
IFSEC Insider | Security and Fire News and Resources
Related Topics
Paxton employees raise over £9k for Teenage Cancer Trust
Security benefits of installing mesh networks
The Body Shop boosts operational efficiency with locker solution
How do i haek my swann cameras