This article originally appeared in the March 2023 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.
Wouldn’t it be ideal if you could install security devices, such as network cameras or IP door controllers, and let them run for years with only minimal maintenance? Some of those devices may continue to function, but at what cost to you and your customers?
As our world has become more connected in the Internet of Things, threats to cybersecurity have grown exponentially. Security and surveillance devices that are part of a network ecosystem can put your customers’ businesses at risk if not well managed.
Security integrators today have a responsibility for expanding their knowledge of cybersecurity. According to a 2022 ThoughtLab study on the cybersecurity strategies of 1,200 large organizations, “the pandemic has brought cybersecurity to a critical inflection point.” The “Cybersecurity Solutions for a Riskier World” also reports material breaches climbed 20.5 percent during the pandemic, while cybersecurity budgets increased 51 percent.
It is understandable that systems integrators are being asked more frequently by end-customers to participate in cybersecurity discussions, as they are often required to adhere to IT policies when deploying security systems. In fact, there is a trend of moving away from installing security and surveillance devices on a segmented network, instead installing them on the corporate network that is governed by IT. There, security policies are uniformly applied to all network devices, helping to raise the bar for security overall.
This means, however, that security and surveillance products need to be brought up to the same level of security present in other devices deployed across that network. Security and surveillance products should be configured and maintained in a consistent manner, so they do not introduce vulnerability to a system.
To ensure that the security equipment is equipped to stand up to today’s cyber threats, consider all of the technology-based tools and resources available.
Device Onboarding and Deployment
Integrators should ensure they provide consistent settings when configuring security devices. Sometimes when several technicians are configuring devices for an installation, each technician inadvertently establishes slightly different settings. The same problem can happen if a surveillance camera, for example, is deployed today and another is deployed a year later. A system could end up with the same devices but configured in different ways, which can degrade the ability for the devices to be properly protected.
A manufacturer-provided device management platform can enable integrators to manage all major installation, security, and maintenance device management tasks either one-by-one or in bulk. For example, when onboarding surveillance cameras, technicians can use it to set IP addresses, user accounts/passwords, and synchronize time for all devices. They also can use it to deploy firmware updates and certificates for encryption.
Advanced device management platforms give integrators the ability to build templates to ensure that the same settings get pushed out to devices, regardless of who configures the products or when. This could be helpful, for example, if a customer needs to enact a settings policy change – integrators can easily update settings to hundreds or thousands of devices at a time.
The platforms also protect the firmware running devices, because manufacturers can digitally sign the firmware they release. This means that if a bad actor attempts to modify the firmware in any way, it will be rejected by the device during an upgrade.
Lifecycle management is a key topic for end-customers. As technology evolves, security products become smarter and more capable, sometimes leaving older equipment behind quickly. Integrators can help support their customers’ lifecycle management strategy with tools to help maintain security and surveillance equipment in the best condition possible and determine how long it should operate in the field.
Some manufacturers offer tools which provide integrators with great visibility into their customers’ devices. Not only can they see their security and surveillance devices located across multiple different customer locations, but the most sophisticated systems give them the ability to observe the status of the device, such as whether it is online or offline or if firmware updates are available. These tools provide specific tasks that an integrator can use throughout the lifecycle of a product that can be efficiently completed in bulk.
In today’s world, IP surveillance devices are not simply installed and left in the field until they are no long operational, they need to be maintained and when necessary replaced by products with newer technologies. System owners often have a lifecycle plan in place for when they want to replace current devices, such as cameras. This is partly because of a heightened sense of cybersecurity and understanding that new products have advanced encryption and better protection mechanisms; and partly because new products offer better features and functionality. As a systems integrator, being able to provide your end customers with support throughout the lifecycle of their device with information on warranties, as well as end of life/end of support information, and suggested product replacement, is invaluable.
Cyber Threat Mitigation Best Practices
A bad actor using a surveillance camera as an entry point into a network has long been a threat to both integrators and their customers. If someone were to gain access, they could then reach other devices, such as servers, that contain much higher-valued data. Here are some best practices for integrators to mitigate cyber threats on network-connected video surveillance devices:
1. Perform regular firmware updates. These updates address vulnerabilities as they are discovered. Manufacturers often release new firmware to harden devices, and device management software can enable integrators to quickly push those updates to hundreds of customer cameras in one batch.
2. Use encryption. Encryption protects the metadata and other communications data, as well as the actual video stream itself. Many manufacturers can provide encryption technology options.
3. Turn off or disable unused services. This acts to reduce the surface area for attack. Manufacturers will often provide hardening guides which provide best practices and guidance for securing their devices.
4. Make password management a priority. Integrators must take the concept of strong passwords to heart and look to vendors for hardening guides and recommended password practices. Start with strong root passwords with a combination of numbers, letters and characters that are not easy to guess. Create an additional account for the device management platform that doesn’t use the same username and password. In addition, consider creating a backup account on the camera to allow access to the hardware in the event something happens to one of the other accounts.
5. Configure products to work in their IT environment. Manufacturer hardening guides can come in handy here as well, as the guides provide instructions or procedures for configuring IT products to a particular operational environment, and that
will enable integrators to have meaningful conversations about how these IP devices will be configured to align with a customer’s IT security policy. The controls used in the hardening guide should align with organizations such as the Center for Internet Safety (CIS) controls.