Adam Bannister

Editor, IFSEC Global

Author Bio ▼

Adam Bannister is editor of IFSEC Global. A former managing editor at Dynamis Online Media Group, he has been at the helm of the UK's leading fire and security publication since 2014.
September 19, 2016

Sign up to free email newsletters

Download

Mobile access series #1: What you need to know

IP CCTV managers warned: neglect cyber security at your peril

The BSIA CCTV section has urged operators of IP-connected surveillance systems to do more to safeguard their systems against cyber attack, including changing the manufacturer’s default credentials.

The advice has been issued in the wake of a Times article that reported concerns from MI6 about the threat to national security from IP-connected CCTV systems.

Unsecured cameras can serve as a weak link through which hackers can gain access to an organisation’s wider compute network, warns the BSIA.

The consequences of a successful attack include the disruption of operations through sabotage, the theft of personal data and resultant brand damage, stolen intellectual property or trade secrets, ransom demands, and regulatory action or negligence claims.

But the association also said cyber security was the responsibility of other parts of the supply chain. Manufacturers, it advises, should ensure that accidental design or implementation errors are minimised and regularly scan systems  for vulnerabilities. Secure coding and testing procedures should be the norm, while products should support the following:

  • End to End Encryption with SHA-2 & TLS
  • Encrypted database communication
  • System auditing, alerting and management
  • Denial of service protection
  • Restriction of ports, protocols and services
  • Highly customisable user access and permissions
  • Archive, failover and high availability

“Responsible installers and integrators will conduct a risk-based approach to any system design, taking into account the origin of the hardware in the design and whether this presents potential risk to the customer,” said Simon Adcock, chairman of the BSIA’s CCTV section.

“Anyone who is designing a system or making decisions on behalf of an end user should be considering the security of the hardware they are installing, ensuring that it is robust and manufactured responsibly. Responsible installers will also ensure that the system they have installed is protected from cyber attacks by changing manufacturer’s default system credentials.

“Ultimately, an end user must take responsibility for the security of their network. When procuring an IP connected surveillance system, end users must use the services of a reputable installer /integrator that is fully committed to best practice. They should also ensure that they have comprehensive cyber security and information security policies in place.”

Free Download: Cybersecurity and physical security systems: how to implement best practices

If you are involved in the operation or maintenance of physical security systems, this resource from Vanderbilt will help you choose the right equipment for staying diligent. It provides a five step process for strengthening the resilience of those systems against cyber-attack, as well as explaining what cyber-attacks mean in an interconnected world.

Discover the five step process now by clicking here.

Related Topics

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Wayne Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Wayne
Guest
Wayne

How do i haek my swann cameras

Sign up to free email newsletters