CCTV: security about more than cameras

CCTV security about more than cameras

When installing CCTV security at your business, the most important first step is to find the highest quality cameras with the appropriate specifications for your environment, at the best price. Right?
Unfortunately, the answer to that is not a simple yes or no.
While your choice of camera is obviously important, it’s also important to bear in mind that today’s CCTV security usually involves two or more digitally networked video systems that utilise some kind of connectivity – a LAN (local area network) or WAN (Wide Area Network), or – increasingly – IP (Internet Protocol).

In addition, according to the IFSEC Global 2017 Video Surveillance Report, nearly half (48%) of security professionals who participated in the IFSEC survey on which the report was based, were “integrating – or plan to integrate – CCTV with other systems to generate collective business intelligence from data from numerous systems including IoT sensors etc”.
Respondents with plug-and-play systems were marginally more likely to have such integration plans: 50% against 47% of those with other types of systems.

This clearly indicates that the once clear demarcation between the disciplines of physical security and cybersecurity no longer exists. This means that the installation of a CCTV security system must be handled by someone with both physical security and IT network security skills.
Failure to do so could open a business to a whole new gamut of threats with potentially far more serious long-term consequences than a break-in or theft of physical assets. That’s because surveillance systems are now increasingly being used for what is essentially a relatively low risk, high reward class of crime carried out by high-tech network hackers.

One of the most dramatic and potentially disastrous examples of this was the hijacking of network cameras that were supposed to provide surveillance protection to the President of the United States and the public in the build-up to and during Donald Trump’s January 2017 presidential inauguration. Around 70% of the 187 network video recorders each controlling up to four CCTV cameras used in public spaces throughout Washington DC were unable to record any data for three full days following a Ransomware attack.
Ransomware is a piece of malware that has locks up computer files and then demands a ransom – often in untraceable Bitcoins – to allow victims to access their files again.
A few months before – in October 2016 – more than a million security cameras were hijacked and used as a bridgehead to bring down security website KrebsOnSecurity.com with a distributed denial of service (DDoS) attack.

According to the IFSEC Report, both traditional DVR-based systems and cloud-based systems were vulnerable to malicious breaches. During tests conducted by cloud-based surveillance company Cloudview, five routers, DVRs and IP cameras running the latest software were connected to the Internet. One device was breached within minutes, while another two fell under the control of an unknown attacker within 24 hours. A fourth became unstable and completely inoperable.
And yet, 41% of IFSEC survey respondents with IP systems said they were not at all concerned about their CCTV system’s potential vulnerabilities.

AT Itec, however, we have to agree with the physical security information management (PSIM) technical advisor quoted in the IFSEC Report that “the lack of technical knowledge of physical security service providers on IP-based systems and IT platforms provides an ideal opportunity for cyber-attacks.”
It’s important that businesses implement security solutions that make hacking much more difficult by ensuring their security providers fully understand the technicalities involved in both physical and cyber security.