Automation Can Close the Gap on Cyber Exposures

Automation Can Close the Gap on Cyber Exposures

Security pros can protect their systems without being cybersecurity experts

See no evil, hear no evil, speak no evil: It is tempting for physical security professionals to take this passive approach to cybersecurity. End users can be blind to threats and vulnerabilities from their security system and other IoT devices. Many integrators and installers don’t feel comfortable discussing the topic with their customers.

While IT departments may have the responsibility for cybersecurity, they often don’t have good visibility into the physical security system and other IoT assets. Even as security systems become increasingly interconnected and IT-oriented, physical security pros and IT often don’t want to hear from or talk to each other. Speaking different languages, many just don’t know how to communicate.

Physical security pros must take responsibility for cybersecurity now. By using automation technologies, installers can apply cyber practices without being cybersecurity experts. Monitoring for cyber and other system health issues sustains a secure and reliable system for end users and differentiates the service provided by the system installer.

Physical Security Cyber Vulnerabilities

Technologies connected to the physical realm are yielding incredible applications, from predicting maintenance problems in oil field equipment to recognizing the signature walk of employees for identity management. Yet these applications create threats to organizations and opportunities for criminals. Hackers can use unsecured IoT devices to infiltrate corporate networks, launch attacks on the public internet or disrupt the video surveillance system.

A growing list of elements provide attack surfaces that IT organizations cannot see, such as network cameras, sensors, cloud-based video and mobile devices, Windows-based video management systems, and Ethernet networks that extend to hallways and parking lots.

Neither IT nor their access layer switches typically monitor site-specific endpoints such as cameras and access control. Unfortunately, this means that security managers don’t know when these units are compromised, go off-line, stop streaming video or audio, reboot, or are just missing.

In general, many organizations don’t know just how many devices they have. For instance, business units are deploying many IoT devices with some help from IT but few consultations with physical security experts. According to a survey by the Ponemon Institute and Shared Assessments, just 15 percent of organizations have an inventory of most of their IoT devices and less than half have a policy to disable those that present a risk.

IT and Physical Security Systems Increasingly Linked

While organizations across the globe are gravely concerned about cybersecurity, the relationship between IT and physical security can be blurry. It’s challenging to safeguard all physical and digital assets when there’s little communication, collaboration, or shared understanding between these teams. IT managers often “solve” the problems by asking the physical security team to create separate networks for cameras and other physical security devices.

While such arrangements may give IT managers a sense of security, rarely is there a complete, clean break between the enterprise network and the physical security network. For example, even well-protected and isolated “camera only” networks can have both intentional and unintended connections that link to the main corporate network. Deploying just one IP-based camera or other IoT device at a remote site can open an organization’s corporate network to a cyber threat.

Lack of Expertise on Both Sides

IT is struggling to secure the elements in its traditional domain, and expertise is a scarce commodity on both sides. The (ISC)2 Cybersecurity Workforce Study cites a global shortage of three million cybersecurity professionals, with 500,000 of those in North America. Nearly two-thirds of those surveyed said their organizations lack enough cybersecurity staff, and this puts them at risk of attack.

In Kasperky Lab’s 2018 “The State of the Industrial Cybersecurity” report, survey respondents listed their top challenges as hiring employees with the right skills, securing new IoT systems, finding dependable partners and service providers for implementing cybersecurity solutions, and increasing interconnectedness with corporate/enterprise IT.

Many physical security pros do not have the time, budget, or knowledge to properly harden cameras and other IoT devices. Securing these endpoints often requires a detailed understanding of network operations and a labor-intensive process. Then there’s the challenge of monitoring and maintaining hundreds or thousands of installed devices against evolving risks.

Automation to the Rescue

Even if the industry had enough professionals in the right positions—or could find the right partners—humans alone cannot handle the myriad tasks required to secure, monitor, and maintain these systems. CSOs know well the challenges of identifying credible threats hidden among billions of daily security events. They’ve been investing in automation technologies to do things such as threat hunting, alert triage, event management, incident response, and user management.

Physical security teams should do the same. Instead of see no evil, hear no evil, speak no evil, operators should explore automation tools that enable them to see all assets, secure all assets and monitor all assets.

See all assets. The fundamental first step to securing the security network is knowing what is connected to it. An effective system automatically detects what devices are connected to the network. This “device” scan should be continuous, discovering when new devices are placed on the network.

For instance, have new network cameras been added or broken cameras replaced? Have other devices been added to the network ports either unintentionally or maliciously? Newly detected devices should not be allowed to communicate with the network until they are acknowledged and bound to the network port with MAC binding or with a certificate.

A complete, real-time inventory of connected devices can help identify potential threats and weaknesses. In addition to identifying devices by type such as camera, access control device, IP phone, and laptop, the inventory should include manufacturer, model, and firmware version.

Secure all assets. Once devices are detected, automation should protect or “harden” legitimate ones with best practices. Rogue or unnecessary devices should be automatically blocked or locked out.

IoT hardening is usually unique to the IoT device type. For example, camera hardening is different from IP phone hardening. Automation can correctly identify the device type and guide the installer through the hardening process that is appropriate for that device.

Automation tools can also configure best practices such as enabling a protected VLAN for the security system, changing a camera’s default login credentials, and binding a camera’s MAC-ID to the network. This ensures that rogue devices are not plugged into exposed Ethernet ports on the perimeter of the network.

Other key hardening practices that can be automated include closing unused ports, removing unneeded network services, whitelisting to restrict traffic to known networks, locking down exposed network connections, and enforcing password complexity to stop default and common password usage.

Monitor all assets. Once detected, automation can passively monitor all assets 24/7. Yet monitoring to the server or switch is insufficient. Visibility is needed down to the IoT device to provide notifications when devices have vulnerabilities or performance problems.

Automated cyber protections can monitor network flows, detect abnormalities, and respond immediately to suspected attacks. These tools can be configured to look for events such as cable changes, device disconnections, changes in data flow and direction, abnormal bandwidth and power consumption, and camera image quality changes.

When abnormal behavior is detected, automation technologies can generate alerts and take proactive interventions such as disabling a device’s data or power port. For example, is that camera that just went offline for a second a momentary glitch, or a hacker plugging in a laptop?

Cyber monitoring is most effective if it is integrated with the existing dashboards used to monitor physical security systems. For many systems, the video management software or central station alarm software is the primary health dashboard. Other physical security systems are integrated with IT-oriented tools such as network monitoring systems.

Automation Today

Physical security pros can take the same approach as CSOs who are investing in automation technologies to evolve their security programs. CSOs recognize that innovations in AI, machine learning, and automation can bridge their gaps in expertise and the sheer manual labor required to properly secure their IT assets. According to Accenture’s 2018 “State of Cyber Resilience” report, 40 percent of CSOs are investing in automation and more than half are investing in IoT security.

The physical security industry does not have enough of these automated tools, but some early models have emerged. For example, Axis’ Device Manager has evolved to facilitate device discovery and device hardening functions for Axis branded cameras, access control, and audio devices. Razberi’s CameraDefense cybersecurity solution automatically discovers, hardens, and monitors cameras and IoT devices.

Integrating these types of tools with existing security management tools can help provide comprehensive coverage of the physical security ecosystem. A single management and operational dashboard creates a more efficient workflow to address cyber threats within the surveillance system infrastructure. For instance, alerts from Razberi CameraDefense are supported by video management systems such as Milestone XProtect or IT network tools such as SolarWinds.

It is time for the physical security industry to take control of its own destiny. See no evil, hear no evil, speak no evil is not a security strategy. Working more closely with IT to secure the burgeoning number of IoT devices is imperative. Applying automation to physical security can ensure that best practices are done correctly and at scale, saving staff hours, preventing cyber attacks, and avoiding adverse impacts to bottom lines and reputations.

This article originally appeared in the April 2019 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3