Cybersecurity: Bridging the Gap Between Physical Security and IT / IoT

December 11, 2017

On Monday, Dec. 11, as part of the SIA Webinar series, a webinar titled Cybersecurity: Bridging the Gap between Physical Security and IT/IoT covered best practices from edge to core hardening, bridging cyberprotection techniques, and technologies that help unify disparate technologies into a common cybersecurity framework. Speakers Vince Ricco (Axis Communications) and Ken Mills (Dell EMC) discussed how successful practitioners are hardening the physical security edge, enabling the authentication of devices systemwide and utilizing IT and IoT methodology to secure the enterprise.

The webinar covered the following topics:

Trends driving surveillance and security to the datacenter
How surveillance and security equipment can be used to exploit networks
Surveillance edge to core to cloud for surveillance and security theory
Benefits of the role of cybersecurity in surveillance and enterprise security

Trends driving surveillance and security to the datacenter

Mills discussed how the needs of organizations have shifted toward what the IT network, data centers and application look like. Customers in the surveillance world are asking for solutions that are more scalable than previous solutions. These solutions include open platform-based designs that work well with other technology with low cost and ease of deployment.

Ricco added that two of the biggest challenges seen in cyber and physical security and the convergence over IT are embracing open platforms and ease of deployment.

Organizational surveillance data needs are changing to require architectures that are open, scalable and enterprise-ready for management of their current and future disparate data sources.

Surveillance technologies are driving significant increases in data to include emergence of new devices, high pixel resolution, increase in device count and retention times, and expanding needs to integrate surveillance and IT data.

Mills explained the emergence of new devices such as drones, body worn-cameras and high-resolution cameras drive these new trends. The need to integrate surveillance with IoT data drive the macro trend around moving surveillance to the data center and starting to treat surveillance as an enterprise application.

How surveillance and security equipment can be used to exploit networks

Surveillance and IoT devices are vulnerable because attackers are leveraging household devices that people are putting in their homes. When manufacturers don’t lock these devices down, it makes it easy for attackers to take advantage of these vulnerabilities:

Open ports
Devices are at the edge
Original manufacturer can be difficult to determine
Designed to communicate with other devices

Mills explained that the original manufacturer can be difficult to determine. With so many OEM solutions being developed by many companies from various parts of the world, it’s difficult to know who is the owner of the technology you purchased. This raises several questions: Is the manufacturer able to secure it? Is the manufacturer implementing best practices? Is the manufacturer providing firmware updates? Are the manufacturers patching holes in their devices?

When a device is designed to communicate with other devices, this connectivity requirement creates an opportunity for devices to become vulnerable and be attacked, Mills said.

Top 10 causes for cybersecurity failures:

Inadequate security policy and process governance
Reliance on “Security through obscurity”—assuming nobody will ever test security
Inadequate software and firmware patching; inadequate testing of patches before installation
Unencrypted, unauthenticated and uncontrolled wireless communications within systems
Unencrypted, unauthenticated and uncontrolled communications between systems
Poor password hygiene and insufficient segmentation of control system networks
Lack of auditing and audit monitoring on networks
Control system networks shared with other traffic
Poor coding of control system software causes failures
Lack of configuration management and tracking for hardware and software

Resources:

Center for Internet Security (CIS)

Surveillance edge to core to cloud for surveillance and security theory

Mills explained that because of the shift to move to enterprise and the demand from customers to treat surveillance as an IT application, the industry has seen a move to three key architectures: edge, core and cloud.

Validated Surveillance Solutions:

Video/surveillance management software
Analytics
IoT management software

Ensuring highly secure surveillance solutions to address both cyber and physical threats:

Highly secure two-way video access
Protect against DDOS attacks
Certificate management for video endpoints
Data at rest encryption

Layered security for surveillance

Ricco discussed the importance of layered security for surveillance and the importance for auditing the assets and the progress.

Secure Every Device

Harden devices through regular patching and configuration management:

Asset management
Automate configuration
Patch management
Prevent malware
MFG hardening guides

Protect Devices

Protect data wherever it goes:

Encryption at rest and in transit
Certificate management
Automated password management

Identity and Access Solutions

Ensure that the right people have access to the right systems:

Authentication
Least privileged access
Auditing and compliance

Network Security

Provide the deepest level of network protection available:

Scan every packet of data, including SSL-encrypted traffic
Provide secure connections to apps

Global Threat Intelligence

Transition to active security through advance threat analytics:

Collection
Correlation
Analytics

Dell EMC Surveillance Validation Labs

Dell EMC has made a multi-year investment to form the industry’s largest, most advanced Test and Certification Surveillance Labs. The labs contain leading technology from all major surveillance vendors to validate best-in-breed physical security applications with Dell EMC’s portfolio of products. Dell EMC’s Surveillance Labs provide organizations with:

Reduced deployment risk
Reduced support requirements
A proven, repeatable architecture
A known performance baseline for production environments

Resources:

Dell EMC Executive Brief

Benefits of the role of cybersecurity in surveillance and enterprise security

Recommendations for initiating an enterprise cybersecurity strategy:

Decide who oversees information security.
Determine organization risk following a prescribed order; an organization must first identify critical assets, threats to those assets and vulnerabilities, and then quantify risk.
Implement a comprehensive security framework based on a combination of the probability of cyber-risk realization, asset value and resources available for mitigation efforts.
Promote security as a culture.
Obtain legal and financial assurances.

Mills noted that is important to ask for the hardening guide. The manufacturers taking cybersecurity seriously from an implementation standpoint and looking to provide best practices for their partners and customers are providing hardening guides.

From a SIA standpoint, we look at how we can help guide customers and partners find and look for the technology manufacturers that are taking cybersecurity seriously.

SIA constantly looks for ways to promote how member companies of the manufacturers and integrators are doing things that help cyber-resilience throughout the industry. The items that distinguish companies who are taking these steps seriously include: what steps they are taking, what frameworks they use, hardening guides, the ease of reporting vulnerabilities and the steps taken when vulnerabilities are reported.