Securing the Security Camera
Protecting your critical infrastructure against physical and cyber attacks
- By Kristof Maddelein
- Mar 01, 2017
Today, protecting critical infrastructures is almost unthinkable
without the deployment of security cameras.
24/7 camera monitoring enables security professionals
to react and respond in time to possible incidents, but
what if those same security cameras become a liability
in your company’s security efforts? What is the role of your camera
network in view of the ever increasing concern of cyber-terrorism?
Our country’s critical infrastructures provide the services that are
vital to our society - the essential backbone of our nation’s economy,
security and health. We experience it daily via the water and power we
use, our transportation systems, the stores we shop in, and communication
systems that allow us to stay connected with friends and family.
Today, terrorism has become a fact of life. Terrorists are becoming
bolder every year and are now also targeting our countries’ critical infrastructures
and industries. For example, recent attacks on the United
States Power Grid have convinced security specialists that terrorist attacks
to these targets must be addressed with the highest priority.
Roughly speaking, there are two types of security threats that
industrial and utility facilities are facing every day: physical threats
and cyberattacks. The former type refers to physical intrusions by
people, animals or vehicles into the protected area of your facility.
The latter refers to the threat of viruses and other malicious software
attacking the IP network. These latter threats are diverse, evolving,
and capable of any attack a programmer can dream up. The impact
of malware can be very serious, ranging from infecting the organization’s
computer systems and networks to destabilizing the entire
utility infrastructure.
Protecting Against Physical Threats
Video surveillance is probably the hardest intrusion detection technology
for adversaries to defeat. For critical infrastructure projects,
it is even better to go for thermal security cameras, because these devices
offer true 24/7 video surveillance and see intruders better during
the day and at night without requiring any form of lighting. Thermal
imaging cameras give security forces time to locate, contain, and neutralize
adversaries before they can access or cause damage.
The entire product spectrum of security cameras is very wide
and integrators have a vast array of functionality at their disposal
to protect critical facility perimeters or even vast areas inside or
outside the facility.
- Thermal imaging cameras enabling to monitor and protect
a site perimeter 24/7, day and night and in the most difficult
weather conditions.
- Video analytics, in combination with visual or thermal cameras,
creating a fully integrated perimeter security solution and
enable accurate intrusion detection of people, animals or vehicles,
and instant visual alarm assessment while minimizing
false alarms.
- Cameras with precision pan/tilt control and fully programmable
scan patterns and radar slew-to-cue and slew-to-alarm
functionality.
- Cameras with a wider field-of-view, providing excellent situational
awareness, and long-range cameras that can detect intruders
from kilometers away.
From Analog to IP-based
Digital Infrastructure
The predominant camera technology today is IP. This is definitely
the case for new installations and with companies that already have
an analog camera network in place, an increasing number of them
are seeking ways to switch from analog to IP security cameras in a
cost-effective way.
It’s not difficult to see why IP cameras are the preferred technology.
First of all, the image quality of a digital camera is much better
than an analog one. Additionally, IP cameras are able to capture a
much wider field of view than comparable analog cameras, meaning a single IP camera is able to do the job of several analog cameras.
And then there’s the flexibility and scalability, probably to greatest
driver for IP camera technology. In a traditional analog set-up,
each camera must be connected directly to a DVR. IP cameras on
the other hand handle this more economically through the use of
switches, which allow cameras in close proximity to each other to
be connected to a single switch, which then runs a single wire to the
NVR (Network Video Recorder). This reduces the amount of cabling
runs, which makes it ultimately less labor intensive, and also allows
you to connect more cameras because you’re no longer limited by the
number of ports on your DVR.
Total security system replacements (from analog to IP-based)
can be expensive and time-consuming. To meet this concern, some
companies are offering hybrid solutions in order to connect older
analog systems to the flexibility, performance, and value of IP-based
surveillance infrastructure. They also offer camera technology that
operates simultaneously on both analog and digital networks. This
advanced capability works across the exceptionally long cable runs
that are common in industrial facilities. This way, companies have
the advantage of HD surveillance without the expense and complication
of replacing existing coax networks. Replacement with IP-based
cabling can be done in phases, allowing for graduated, cost-effective
upgrades to IP-based backbones over time.
The Vulnerable IP Network
With the growing number of IP camera security networks, the need
for cyber-security becomes ever more critical. The practice of cyberdefense
and protecting against viruses, worms and malware has been
a non-stop challenge within the IT community for the past 20 years.
Conversely, with the transition from analog to IP in video surveillance
just really beginning to pick up momentum around the mid-
2000s, protecting devices like cameras from cyber intrusions is something
that physical security practitioners are only beginning to wrap
their head around.
However, the IP camera network is only a small part of the story.
Today, entire infrastructures are communicating with each other over
the network through what is commonly referred as the Internet of
Things (IoT). A wide variety of sectors use connectivity and computing
into devices, such as gas pipelines, cars, airline engines and robots.
Connected devices are estimated to be in the billions by 2020. As the
IoT begins altering entire industries, threats are quickly evolving to
target this extremely vulnerable new landscape. Particularly in the industrial
IoT the magnitude of harm now includes physical harm to
people, prolonged downtime and loss of wages.
Cyber-defense for Video Surveillance
The numerous, large-scale data breaches that have impacted organizations
across multiple vertical markets in recent years have not only
highlighted the importance of safeguarding sensitive customer information,
but they have also raised awareness about the vulnerability
of video surveillance networks as an ever-increasing number of end
users make the switch to IP.
Future-proof video surveillance systems have to take these cyberattacks
into account and build in additional functionality to withstand
the constant threat. Technologies like IP-mmune from FLIR
Systems for example help protect cameras against the threat of viruses
and other malicious software. Specifically, IP-mmune incorporates
cyber defense mechanisms within the company’s video software
and hardware products to help seal them off from outside attacks or
to isolate them from the corporate network in the off chance they do
become infected.
Defense Affects Performance
Still, the vast majority of camera manufacturers have not yet built in
protection against cyber threats. The problem is that when IT safeguards
are added after the actual installation of the video surveillance
system, then the performance of the network could be irreparably
damaged. What’s more, if defense in the IP video world is not
going to be constructed right, it will affect performance.
IT departments have become very much aware of the vulnerability
of the IP network, especially with the increasing number of devices
connecting to it. IP networks are can be very inviting for hackers and
producers of malware, especially if the focus of the IP applications
lies on performance, speed and reliability, and not on security. More
often than not, video streams get full priority in penetrating firewalls
because there is not enough time to hold back that data to make sure
that it’s not affected. If you stop video for even a split second, you
create latency and you cannot view it in real time.
Future Challenges
The transition from analog to IP has exposed the security industry to
the risks that IT departments have faced for years. As more customers
deploy comprehensive IP security solutions that incorporate multiple
edge devices and platforms, it becomes more critical to ensure
end-to-end IT security throughout the physical security network.
The key challenge for the industry and utilities sectors will be
not only to ensure reliable perimeter protection through the use of
security cameras, but even more to deploy a cyber-defense strategy
that protects critical customer data and assets
from unauthorized or malicious IT threats,
proactively identifies potential IT threats at
any point of vulnerability and prevents them
from creating damage.
This article originally appeared in the March 2017 issue of Security Today.