Over the past decade, video surveillance and security systems have come a long way, thanks to the increasing ubiquity of the Internet Protocol (IP) and the Internet of Things (IoT). Sending and receiving data directly over the Internet and offering advanced features like motion sensors, cloud storage, video analytics, and automatic notifications, these systems provide reliable protection for industrial and manufacturing facilities, government offices, and more.
But despite their benefits, IP video systems also come with significant security risks if they use public infrastructure because they give cybercriminals easy attack pathways. They also have diverse topologies and technologies that make them more complex and increase their « attack surface. » Ultimately, they make users vulnerable to Distributed Denial of Service (DDoS) and Man in the Middle (MitM) attacks, privacy violations, malware installations, and data leaks.
Considering the amount and scale of information that government bodies collect on citizens, threat actors are always looking to steal or expose data-rich records – as six US government departments (including energy, commerce, treasury, and state), found to their shock in mid-December 2020. In 2019, 54% of manufacturing companies also experienced data breaches or cyber-attacks, indicating that they are also not safe from these risks*.
Since IP video surveillance systems are not 100% secure, what can manufacturing facilities and government agencies do to minimize their risks and protect their premises, data, and users? There is no single ideal strategy, so a program to safeguard these systems should include multiple strategies, like the five discussed below.
Leverage Intrusion Detection and Prevention Systems
As part of a robust cyber-defense strategy, antivirus software should be installed on user terminals and Digital Video Recorders (DVRs) to detect and prevent the spread of malware infections. In non-distributed Physically Open Circuit (POC) topologies – where network hosts like cameras and DVRs have public IP addresses – a Network Intrusion Detection System (NIDS) can detect malicious or anomalous traffic patterns that may indicate the presence of a hacker. VPN firewalls like the next-gen UTM firewall from Allied Telesis can be an easy way to implement a NIDS to blocks threats and encrypt critical network traffic.
Encrypt Data for Secure Transmission
All video feeds, plus information like usernames and passwords should be encrypted to protect the data-in-transit, particularly if it traverses the Internet. There are many encryption options available, but the most common are SSL/TLS for user information and IPsec or MACsec for data. Proper encryption helps prevent eavesdropping and packet manipulation that can happen during a MitM attack.
Data provenance (proving the source of the data) and using digital watermarks to ensure the video content’s integrity can also mitigate data tampering. Another approach is to proactively detect and deter eavesdroppers’ presence using a feature such as Active Fiber Monitoring from Allied Telesis.
Implement Strong Passwords and Multi-Level Access
Strong passwords should be a critical element of the system’s security framework. Length, complexity, and regular changes are critical to a password’s strength. This is especially important if the device uses port forwarding for access.
For additional security on administrator accounts, multi-factor authentication is an excellent choice. The password is more robust because the user must provide additional unique information, like an SMS code, and they receive a notification on every access attempt.
If several users access the video feeds, the system must provide different levels of password-protected access. Some authorized users may have device-specific access, so they can only view images from those devices, while others may have operator-level access. A few may have access to administrator or control all settings like new account creation, changing camera direction, adding new cameras to the network, etc.
Keep Software Up to Date
Every IP video surveillance system needs occasional software updates to maintain its security. Firmware updates may be released regularly or occasionally as part of a device’s patch release for a specific vulnerability. It is essential to register the device on the manufacturer’s website to get reminders for all these updates, which should be downloaded and executed immediately.
The process of updating firmware can be disruptive to the network’s operation because device reboots stop the video stream, and updating many devices can be time-consuming and risky on large networks. Therefore, it is important to consider features that help minimize disruption and automate the update process.
Allied Telesis has created Continuous PoE, which maintains the power supply to a connected device, like a camera, during a switch reboot. This minimizes the outage duration and gets the video stream flowing again without waiting for the camera to restart.
Autonomous Management Framework Plus (AMF Plus) is an automation solution from Allied Telesis that simplifies the installation and management of large-scale networks. Amongst its many capabilities are automated firmware upgrades, which can roll out updates with minimal disruption and no manual intervention. So, the network will update while the administrator sleeps!
Train Users on Security Practices
As with any other network or device, people are the weakest link in an IP surveillance system’s security profile. Therefore, it is crucial to develop and document cybersecurity guidelines and policies and provide cybersecurity training to all users who will access the system. Users should be educated on the potential attack vectors and what they need to do to stay safe from potential attackers’ requests under false pretexts. They should also be aware of the risks of accessing the system—say via a mobile app—on an unencrypted public Wi-Fi system.
It is vital to stay current with the latest cybersecurity standards and best practices at an organizational level and ensure they are followed at every level. We have partnered with NUARI to offer the latest cyber threat defense education customized to your organization’s specific requirements.
Wrap Up
Due to low ownership cost, easy deployment, and numerous advanced features, many manufacturing organizations and government agencies migrate from analog-based CCTV systems to IP video surveillance systems for extra security and peace of mind. Nonetheless, as the cyberthreat landscape grows increasingly sophisticated and cyber attackers increasingly relentless, organizations must be aware of such systems’ risks, especially if they reside on the same network as business-critical data and applications. Ignoring them can be dangerous and potentially devastating, so closing the network security loop must be the highest priority.
Protect your network and mission-critical systems at low operating costs and without device faults or breakdown. Explore the diverse suite of IP security and surveillance solutions from Allied Telesis. Download the guide here.
Footnote: *Sikich 2019 M&D Report
