Cybersecurity: Bridging the Gap Between Physical Security and IT / IoT
December 11, 2017
On Monday, Dec. 11, as part of the SIA Webinar series, a webinar titled Cybersecurity: Bridging the Gap between Physical Security and IT/IoT covered best practices from edge to core hardening, bridging cyberprotection techniques, and technologies that help unify disparate technologies into a common cybersecurity framework. Speakers Vince Ricco (Axis Communications) and Ken Mills (Dell EMC) discussed how successful practitioners are hardening the physical security edge, enabling the authentication of devices systemwide and utilizing IT and IoT methodology to secure the enterprise.
The webinar covered the following topics:
- Trends driving surveillance and security to the datacenter
- How surveillance and security equipment can be used to exploit networks
- Surveillance edge to core to cloud for surveillance and security theory
- Benefits of the role of cybersecurity in surveillance and enterprise security
Trends driving surveillance and security to the datacenter
Mills discussed how the needs of organizations have shifted toward what the IT network, data centers and application look like. Customers in the surveillance world are asking for solutions that are more scalable than previous solutions. These solutions include open platform-based designs that work well with other technology with low cost and ease of deployment.
Ricco added that two of the biggest challenges seen in cyber and physical security and the convergence over IT are embracing open platforms and ease of deployment.
Organizational surveillance data needs are changing to require architectures that are open, scalable and enterprise-ready for management of their current and future disparate data sources.
Surveillance technologies are driving significant increases in data to include emergence of new devices, high pixel resolution, increase in device count and retention times, and expanding needs to integrate surveillance and IT data.
Mills explained the emergence of new devices such as drones, body worn-cameras and high-resolution cameras drive these new trends. The need to integrate surveillance with IoT data drive the macro trend around moving surveillance to the data center and starting to treat surveillance as an enterprise application.
How surveillance and security equipment can be used to exploit networks
Surveillance and IoT devices are vulnerable because attackers are leveraging household devices that people are putting in their homes. When manufacturers don’t lock these devices down, it makes it easy for attackers to take advantage of these vulnerabilities:
- Open ports
- Devices are at the edge
- Original manufacturer can be difficult to determine
- Designed to communicate with other devices
Mills explained that the original manufacturer can be difficult to determine. With so many OEM solutions being developed by many companies from various parts of the world, it’s difficult to know who is the owner of the technology you purchased. This raises several questions: Is the manufacturer able to secure it? Is the manufacturer implementing best practices? Is the manufacturer providing firmware updates? Are the manufacturers patching holes in their devices?
When a device is designed to communicate with other devices, this connectivity requirement creates an opportunity for devices to become vulnerable and be attacked, Mills said.
Top 10 causes for cybersecurity failures:
- Inadequate security policy and process governance
- Reliance on “Security through obscurity”—assuming nobody will ever test security
- Inadequate software and firmware patching; inadequate testing of patches before installation
- Unencrypted, unauthenticated and uncontrolled wireless communications within systems
- Unencrypted, unauthenticated and uncontrolled communications between systems
- Poor password hygiene and insufficient segmentation of control system networks
- Lack of auditing and audit monitoring on networks
- Control system networks shared with other traffic
- Poor coding of control system software causes failures
- Lack of configuration management and tracking for hardware and software
Resources:
Center for Internet Security (CIS)
Surveillance edge to core to cloud for surveillance and security theory
Mills explained that because of the shift to move to enterprise and the demand from customers to treat surveillance as an IT application, the industry has seen a move to three key architectures: edge, core and cloud.
Validated Surveillance Solutions:
- Video/surveillance management software
- Analytics
- IoT management software
Ensuring highly secure surveillance solutions to address both cyber and physical threats:
- Highly secure two-way video access
- Protect against DDOS attacks
- Certificate management for video endpoints
- Data at rest encryption
Layered security for surveillance
Ricco discussed the importance of layered security for surveillance and the importance for auditing the assets and the progress.
Secure Every Device
Harden devices through regular patching and configuration management:
- Asset management
- Automate configuration
- Patch management
- Prevent malware
- MFG hardening guides
Protect Devices
Protect data wherever it goes:
- Encryption at rest and in transit
- Certificate management
- Automated password management
Identity and Access Solutions
Ensure that the right people have access to the right systems:
- Authentication
- Least privileged access
- Auditing and compliance
Network Security
Provide the deepest level of network protection available:
- Scan every packet of data, including SSL-encrypted traffic
- Provide secure connections to apps
Global Threat Intelligence
Transition to active security through advance threat analytics:
- Collection
- Correlation
- Analytics
Dell EMC Surveillance Validation Labs
Dell EMC has made a multi-year investment to form the industry’s largest, most advanced Test and Certification Surveillance Labs. The labs contain leading technology from all major surveillance vendors to validate best-in-breed physical security applications with Dell EMC’s portfolio of products. Dell EMC’s Surveillance Labs provide organizations with:
- Reduced deployment risk
- Reduced support requirements
- A proven, repeatable architecture
- A known performance baseline for production environments
Resources:
Benefits of the role of cybersecurity in surveillance and enterprise security
Recommendations for initiating an enterprise cybersecurity strategy:
- Decide who oversees information security.
- Determine organization risk following a prescribed order; an organization must first identify critical assets, threats to those assets and vulnerabilities, and then quantify risk.
- Implement a comprehensive security framework based on a combination of the probability of cyber-risk realization, asset value and resources available for mitigation efforts.
- Promote security as a culture.
- Obtain legal and financial assurances.
Mills noted that is important to ask for the hardening guide. The manufacturers taking cybersecurity seriously from an implementation standpoint and looking to provide best practices for their partners and customers are providing hardening guides.
From a SIA standpoint, we look at how we can help guide customers and partners find and look for the technology manufacturers that are taking cybersecurity seriously.
SIA constantly looks for ways to promote how member companies of the manufacturers and integrators are doing things that help cyber-resilience throughout the industry. The items that distinguish companies who are taking these steps seriously include: what steps they are taking, what frameworks they use, hardening guides, the ease of reporting vulnerabilities and the steps taken when vulnerabilities are reported.
Resources:
Security Industry Association’s Knowledge Center