This month, the website IoT Evolution noted that Internet of Things (IoT) systems are “one of the most challenging areas to secure” in its examination of the most recent list of top 10 IoT security threats as compiled by the Open Web Application Security Project.
While, at first glance, the threats listed may not lead one immediately to think of physical security systems, the connected nature of today’s solutions makes many, if not all, of them as critical for video surveillance cameras and access control equipment as for any computer. Many of today’s security devices, after all, really are just different kinds of computers.
For example, the top threat is “weak, guessable or hardcoded passwords.” IP cameras and other security equipment on which default passwords are not changed to something secure can allow online intruders access not only to the camera but to everything that is on the same network.
At number three is “lack of secure update mechanism.” Just as a computer needs to be regularly updated to address newly discovered risks, so too must networked security devices be kept current with the latest firmware and security updates.
Number six on the list is “insufficient privacy protection.” Security devices gather a massive amount of video and personal information, and integrators and users must put in place mechanisms and policies to ensure that the systems that protect personnel and property also protect data.
Next is “insecure data transfer and storage.” Data from connected security devices must be encrypted through its entire life cycle, from the point of collection through transit and during storage, whether in the cloud or on premises.
The last item on the list further underlines the growing interdependence of cybersecurity and physical security: “lack of physical hardening.” Remote online attacks, after all, are not the only threats to networked equipment.
“To be successful in an increasingly sophisticated digital-physical world,” a cybersecurity expert said in the article, “it’s important to ensure hardware, firmware, software and networking security is addressed at every level, without slowing down performance, or creating too much complexity.”