Making your surveillance system cyber secure

Eagle Eye Networks Cloud VMS is helping small and medium sized businesses to boost the cybersecurity of their surveillance systems.

Today’s networked video surveillance systems are vulnerable in many ways and their cameras have been weaponised by hackers to create massive Distributed Denial of Service (DDoS) attacks on targeted systems.

Securing today’s networked video systems can be a complex and difficult technical challenge. However, especially for small and medium sized businesses, it doesn’t have to be that way. Video systems and equipment can be purpose-built to constitute a pre-hardened and more easily securable system.

In September of 2016, a large French web-hosting provider reported a record-breaking 1-terabit-per-second DDoS attack against its web servers, unleashed by a collection of more than 145,000 hacked internet-connected video cameras and digital video recorders.

The same goes for on-premise equipment, which can be just as vulnerable as the security system itself. Most of the camera and DVR owners are unaware that their devices are infected.

In January 2017, in a ransomware cyberattack, cyber criminals infected 70% of the 187 video storage devices that record data from federal surveillance cameras in Washington D.C., taking video recording offline for about four days.

Heading to the cloud

Make sure your security system is a cyber-secure, preferably cloud-based solution that replaces traditional DVRs (digital video recorders) and NVRs (network video recorders).

For example, the Eagle Eye Cloud VMS system is completely based on a modern redundant cloud architecture that provides a web browser-based interface and comprehensive mobile applications. Recording is typically performed off-premises in the Eagle Eye Cloud Data Centre, though at the user’s request can also be performed on-premises. For both on- and off-premises recording, cameras are never directly connected to the internet, ensuring a high level of confidentiality.

Computer and network security focus on protecting the confidentiality, integrity and availability (CIA) of the networked systems and the data they contain.

Today’s video systems have become operationally important to many types of businesses, both for the instant oversight capability they provide and for the business insights enabled by a wide variety of video analytics. Anywhere, anytime availability of video via mobile devices is a basic business expectation these days.

However, for most video systems, internet connectivity puts confidentiality, integrity and availability at risk because most systems don’t have built-in protection against cyberattacks.

The infrastructure from Eagle Eye Networks’ Cloud VMS provides high assurance of confidentiality, integrity and availability for surveillance video using a variety of standards-based cybersecurity best practices.

One of those best practices is data encryption. Eagle Eye Networks uses a technique called public key encryption, which works because of a mathematical fact that a pair of very large numbers can have a special relationship to each other, whereby what you encrypt with one number (using special methods) you can decrypt only with the other number and vice versa.

Traditionally, networked video management systems were built from general-purpose computers, network switches, routers and firewalls that require a significant amount of highly technical configuration to operate as a cyber-secure system. Leading manufacturers provide system or device hardening guides about how to set up appropriate cybersecurity controls. Even then, security hardening remains an ongoing project that requires continuing attention and updating, as products are constantly improved.

Configuring a secure VMS from general-purpose equipment is a lot to ask of video system installers and customers, especially because it is not always necessary. Manufacturers of purpose-built video surveillance products, can and should provide security pre-configured systems, because they designed and built the equipment and wrote the software that needs to be hardened. Furthermore, a cloud-based video surveillance system, provided as a service, can and should include the continuing attention and updating that effective cybersecurity protection requires.

www.een.com

This article was published in the July 2020 edition of International Security Journal. Pick up your FREE digital copy on the link here