Focus on Physical and Cyber Linkages

Focus on Physical and Cyber Linkages

All the discussions in recent years about the “convergence” of physical and cyber security have fallen short in one crucial area. The arguments about how best to organize the departments, set the budgets, and who should report to whom have not succeeded in making organizations more secure. Network penetrations are still happening, doors are still being propped open, and ransomware attacks are still succeeding.

As recently as December 2020, the federal government confirmed perhaps the largest and most damaging cybersecurity breach in history, and the most sobering thing about that breach is that we still do not know the intentions of the attackers. Instead of organizational debates, leadership at every organization should be squarely focused on preventing security breaches of all kinds, and engaging the entire team with processes and actions to work toward that result.

Physical Security Vulnerabilities Are Cyber Vulnerabilities
We now know that physical security devices – including not only cameras but also every networked device that is part of these systems – is a potential entry point for cyber attackers and breaches. Physical security devices are themselves IoT devices (Internet of Things) and designed to access networks. But while most IT departments have specific processes for protecting networked PCs and similar organizational devices, the same is often not the case for physical security IoT equipment.

For example, unlike with traditional computers or mobile devices, there are no built-in mechanisms to address new vulnerabilities that are discovered after physical security devices are placed in service. Often the devices are installed with out-of-date firmware that is vulnerable to known attack methods. This is one reason why physical security systems are the #2 most successful attack surface used by cyber criminals to breach an organization.

Even worse, the problem is quickly becoming bigger – the number of connected devices that could compromise network security is increasing at a phenomenal rate. The consensus of a number of market analysts is that the number of network-connected devices will exceed 25 billion within the coming year – and that more than half of those devices will be unmanaged and/or IoT devices. Examples of the devices in this category include not only security cameras, but also VoIP terminals, printers, point-of-sale terminals, medical devices, and many more. These devices will greatly outnumber the traditional enterprise devices such as PCs and servers, as well as managed BYOD devices such as tablets, smartphones, and laptops.

Protecting Physical Security and IoT Devices
Taking action to protect these devices from unauthorized access also helps to protect your entire network. Protecting an IoT device involves reducing the device’s attack surface by eliminating or hardening points of attack, especially for these three areas of vulnerability:

  • Logon credentials
  • Firmware vulnerabilities
  • Digital certificates used for device ID and data encryption

Let’s look at proactive strategies for each of these areas.

Logon Credentials
Logon credentials, such as for security video cameras, are especially vulnerable in high device count deployments because it is hard to conform to good password practices using a manual management process. Typical risky practices include the use of default, repeated, or shared passwords across groups of devices, and delegation of password management to service firm technicians.

A good strategy would be to use automated tools to ensure that default passwords and easily-guessed passwords are not allowed, while requiring secure (i.e. HTTPS) network connections to ensure that passwords are not transmitted over the network in plain text.

An even better strategy would be to use an automated password management application to harden all connected IoT device logons. In this way, unique names and passwords can be assigned to each individual device, while also providing a single sign-on capability so that human users require just one set of logon credentials to access any device, which could be enabled as-needed for short periods of time and be cancelled when user authorization ends.

Firmware Vulnerabilities
Experts have predicted that by 2022, 70% of organizations that have not implemented a firmware upgrade process will be breached due to firmware vulnerabilities. Recent studies of ransomware distribution methods also implicated compromised firmware as a common infection vector.

It is critical for an effective network security program to incorporate sound firmware management. A strong program would include, for example, automation to track current device firmware versions with a cross-reference matrix documenting compatibility with each application that uses the devices. It would incorporate the ability to quickly update device firmware as new firmware versions are released, and it would maintain a log of when firmware updates were performed and by whom for verification of compliance to security policies and practices.

Digital Certificates
Public key encryption based on digital certificates is the strongest known form of encryption, and increasingly used in IoT systems. In a network-based IoT system, such as a security video surveillance system, digital certificates are used for:

  • Identification of each specific device
  • Authenticating that the device is not an impostor
  • Allowing the secure exchange of encryption keys

For a strong protection strategy, digital certificates should be set to expire at intervals that make sense based on their use. If a certificate has been compromised without discovery, expiration shortens the length of time that the compromise can be used to advantage by an attacker. Many organizations with strong security postures rotate their certificates frequently to minimize their risks – and again, automating certificate management is a protective strategy for the effective management of large scale intelligent device deployments with hundreds or thousands of devices.

Moving Forward
We encourage every business, and every security provider, to review their security stance and move forward to improve their processes to make use of available security and management automation. Automation can be used to efficiently and effectively manage firmware, certificates, and passwords at scale – these are the critical linkages between physical and cyber security that can either deny hackers access, or provide an easy entry point. Increasing your attention and proactive prevention efforts on these linkages will not only improve your safety and security, but also provide a path for easily showing that these devices are in compliance to cyber security protocols.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3