A Balancing Act

A Balancing Act

Cybersecurity takes a look at availability and protection

Energy security, access to the electrical grid and police and fire safety are just a handful of the networked services that we take for granted and rely upon on a daily basis. Every second of every day, sensors are digitizing the real world, creating information and transporting it across multiple networks and interfaces to a broadening audience.

While there is obvious utility being gleaned from this process, from our vantage point here in the physical security space, information sharing and transmission raises issues we have to consider: what happens to this information inside those organizations, and what risks are presented by increasing the communication in and out of these organizations in the name of utility?

In a world where convenience and anytime availability can make or break a business, information availability and always-on connectivity are here to stay. Much as the Industrial Revolution brought key innovations and new challenges, this new Information Revolution is shaking up the accepted paradigms. The explosion of demand for mobile access to information and increased opportunities for interconnectivity are a fact of life, both at home and for business. We can use security information to answer questions such as: How efficient are your delivery routes? What cameras saw the guy with the red shirt? Is that the UPS delivery man at the door?

High-risk Organization

Interconnectivity and high data availability also represent high risk for organizations that are concerned about threats to their information security. A hunger for more information upon which to base decisions and actions is driving the proliferation of big data, video analytics, cloud storage and Internet of Things deployments, while ratcheting up our risk profiles and the potential for cyber-attack.

ONVIF’s mission is to establish a common communication interface for all security devices and clients, across security disciplines, systems and vendors. While ONVIF does not set security policy, what many people don’t realize is that industry proven cybersecurity measures can be included in the common interface established by ONVIF. Among these are Certificate Based Client Authentication, Keystores and TLS Servers. There are also best practices that can be encouraged, such as forcing a default password change or out of the box hardening. ONVIF and other standards groups can help ensure and deploy real-time security by including these established cyber security measures in their Profiles and standards.

The establishment of a common interface by ONVIF and other standards organizations helps to bring awareness about the capabilities of standards in this area and enables manufacturing companies to invest once in this approach rather than continually developing proprietary products and unique interfaces to integrate with other devices. Safe/smart city deployments and Internet of Things systems are helping to accelerate acceptance of interoperability over proprietary systems.

In fact, it’s estimated that as many as 50 billion IoT devices will be connected to a network over the next three years, all requiring some measure of interoperability. If you’re concerned about the security of information, that number can seem alarmingly high. The good news is that IoT security budgets are also expected to increase substantially over the next three years and there some changes that we, as an industry, can proactively make in the meantime.

Be Cyber Secure

Remember that a single device or product alone cannot be cybersecure if it’s connected to an unsecured network or to a network with other vulnerable devices. People, products and processes — these three elements together can provide security, but if you don’t have sound cybersecurity practices in place for all three, you won’t have complete security.

Manufacturers of physical security products can use encryption technology to help harden IoT devices. They can ship products with default settings that require end users to change the default password on install and that also require password changes periodically. It’s also worth exploring whether some settings on devices should be locked down to protect our customers, for example making encryption part of the factory settings, increasing the likelihood that encryption is left enabled on the device.

End users and system integrators also have some responsibility to bear. Approximately 95 percent of the security breaches that occur today are due to some sort of simple password error or lack of organizational policies with respect to password management. It takes only a matter of seconds to very quickly choose a simple, easy to remember password. However, relying on the most convenient solution — often the default password — can most definitely increase the potential for compromised access to our most private information.

As is the case with many things, a balancing act is required when it comes to information availability and securing access to that information. Each end user and system integrator has to find the right balance between availability of data and protection of that data, taking cost into consideration as well.

Strong user authentication, event monitoring, activity logging, encryption of data and other controls that are built into our IT networks go a long way in increasing cyber security. Using standards like those offered by ONVIF may actually be the key to having the best of both worlds: the ability to share information with other devices using standardized, encrypted communications.

This article originally appeared in the February 2018 issue of Security Today.

Featured

  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West
  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

  • Cyber Overconfidence Is Leaving Your Organization Vulnerable

    The increased sophistication of cyber threats pumped by the relentless use of AI and machine learning brings forth record-breaking statistics. Cyberattacks grew 44% YoY in 2024, with a weekly average of 1,673 cyberattacks per organization. While organizations up their security game to help thwart these attacks, a critical question remains: Can employees identify a threat when they come across one? A Confidence Gap survey reveals that 86% of employees feel confident in their ability to identify phishing attempts. But things are not as rosy as they appear; the more significant part of the report finds this confidence misplaced. Read Now

  • Mission 500 Debuts Refreshed Identity Ahead of Security 5K/2K at ISC West

    Mission 500, the security industry’s nonprofit charity dedicated to supporting children in need across the US, Canada, and Puerto Rico, has unveiled a refreshed brand identity ahead of ISC West. The charity’s new look includes a modernized logo with refined messaging to reinforce Mission 500’s nearly decade-long commitment to serving the needs of children and families in crisis. Read Now

    • Industry Events

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.