Cyber Defense for Physical Security

June 12, 2017
Best practices for both integrators and end-users

The demand for IP-based, physical security solutions and specifically remote access to video surveillance is growing with each passing year; however, with each additional IP security device that is deployed and connected online, the risk for network penetration increases.

Cyber criminals are getting more sophisticated at exploiting network vulnerabilities, and physical security equipment has become just as vulnerable to intrusion as any other smart device linked to the Internet. As such, it is important for security manufacturers, dealers and integrators to understand the cyber risk and common attacks on physical security equipment.

Both vendors and their channel partners have their own unique responsibilities to fulfill when it comes to increasing cyber safety. Vendors should provide up-to-date, safe and hardened products, while educating their suppliers; and suppliers must work with the end-user’s IT department to develop and apply best practices.

There was a time when budget for cybersecurity measures was rather low on the list of important items for many end-users. With limited funds, those in charge of purchasing security systems became accustomed to spending a certain amount on equipment. The continued demand for cost-effective products moved the vendor community to train to sell lower-cost options. All of these actions led to a lack of investment in cyber defense mechanisms, which in turn affected the development of technologies that were sold for many years.

Today, the industry has turned 180 degrees, with customers asking for their security equipment to implement cybersecurity controls of the same caliber as those installed in mission-critical applications in the IT sector, regardless of the vertical. Consequently, the physical security industry is lagging; in fact, when it comes to cyber protection, security devices, attack protocols and overall defenses may be to 10-15 years outdated.

Leveraging a VMS for Cybersecurity

Misconceptions about effective defense strategies have additionally hindered cybersecurity advances in physical security equipment. Prior to the increased demand for system integration and transition of devices from analog to IP, security controls were predominantly viewed as disconnected – CCTV cameras ran on exclusive analog signals, access control mechanisms operated on an isolated network, and people generally believed that anything held inside a physical building was safe. This became known as “hard shell” security, which refers to the assumption that the outside physical wall protects everything.

Unfortunately, this technique is simply no longer relevant in an era where infected USB drives can be directly plugged into a server, cameras can be hacked via web server attacks, and users can accidently infect an entire network with malware in seconds by using an internet browser.

To adequately address both the cyber and physical security issues of today, integrators and their customers must implement a solution that incorporates a structural approach that covers all the system’s end-points.

As cyberattacks become increasingly sophisticated, having the capacity to effectively manage and protect a large population of devices on one system through a VMS is essential. As part of an enterprise security system, the VMS acts as a centralized data hub located at the solution’s core. It is capable of providing an excellent view into the entire infrastructure, with regular assessments of device behavior, operations, general system health and more. However, this ability to access every part of the network is a double-edged sword, as it also makes the VMS a primary target for attacks.

Both end-users and integrators are looking to vendors for direction on how to combat this challenge. In terms of cyber, both the physical security devices and VMS itself are being attacked; thus, an organization can only truly be defended by securing both ends.

Multi-Layered Defense

While ensuring a VMS is developed from the beginning with cybersecurity at top of mind is a crucial, it is just as important for integrators to create a system in which regularly scheduled malware defense and software updates can be automatically applied. This preventative measure minimizes the amount of time a system is vulnerable and helps protect against the extensive, diverse and unpredictable repertoire of today’s cyber attackers.

There have been some cases where an individual has actually pulled a camera from a wall and unplugged it to utilize the network connection for a laptop computer. Occurrences like these and others make setting up network security systems updates and features like firewalls a strategic must. Deploying a multi-layer solution that maintains a secure connection end-to-end, and conducts constant monitoring and enforcement of elements such as encryption keys, security certificates, and admin credentials is imperative.

“In short, a complete cybersecurity solution needs a VMS that can be self-sufficient,” explains Rodney Thayer, renown network infrastructure security researcher and product evaluator for consultant Smithee, Spelvin, Agnew and Plinge, Inc.  “(The VMS) is then put on top of a Microsoft server that is capable of taking care of itself, and then plugged into a network with the right type of cyber defenses to take care of itself.”

Together, Thayer says, these sophisticated systems provide excellent situational awareness, early detection and rapid response for cyber intrusion.

Security professionals – both end-users and integrators – should follow the cyber controls laid out in standards, such as the “CIS Critical Security Controls” from the SANS institute. “The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks,” SANS explains on its website.

Created by the people who know how attacks work – NSA Red and Blue teams, the U.S. Department of Energy nuclear energy labs, law enforcement organizations and some of the nation's top forensics and incident response organizations – the Controls prioritize and focus a smaller number of actions with high pay-off results. They are derived from the most common attack patterns highlighted in the leading threat reports and vetted across a very broad community of government and industry practitioners.

“Too often in cybersecurity, it seems the bad guys are better organized and collaborate more closely than the good guys. The Controls provide a means to turn that around,” SANS says. Learn more at www.sans.org/critical-security-controls.

Cybersecurity Best Practices

Vendors’ products should be progressively evolving to address the security control requirements that are necessary today to defend against sophisticated cyberattacks. Look for the following features and best practices to help your customers deter, detect, delay and defend:  

  1. Enforced encryption between the VMS and cameras via Transport Layer Security (TLS). Cryptographic protocols such as these can secure connections between equipment and server by ensuring the connection is private – requiring the identity of communicating entities like cameras and VMS to be authenticated; or by performing continuous integrity checks through the use of message authentication codes.
  2. Endpoint security appliances. When edge devices – such as video surveillance cameras – come under attack, endpoint security will be able to detect and alert to events such as a camera going offline. This should be included as part of the VMS infrastructure during the product design process. Endpoint security solutions – such as network intrusion detection systems (NIDS) – are an important way to help increase cyber defense. Upon installation, the NIDS begins creating a baseline by observing and learning the network’s typical behavior. Once initial configuration is complete, the system can then be set to identify anomalies, send alerts, and even facilitate automatic or manual intervention tactics. Much like analytics for physical intrusion detection on cameras, the parameters on a NIDS can be set to serve as virtual barriers.
  3. Stakeholder unification. As hybrid cyber and physical attacks continue to increase, physical security managers, IT departments, customers and systems integrators all need to effectively communicate and work together. Cybersecurity awareness, education and training by all stakeholders are extremely important. In the past, there was never an expectation for security integrators to configure network systems, so many installers do not have the technical expertise regarding networking best practices. Consequently, integrators have had to work with limited resources, getting by on instinct rather than knowledge. As such, education and proper training concerning system hardening and cyber awareness is key. Customers are also looking at vendors to showcase a cyber roadmap that addresses the evolving challenges in the cyber space.

John Distelzweig is Vice President and General Manager of FLIR’s Security segment. Request more information about the company by visiting www.securityinfowatch.com/10213696.