In the past, physical surveillance systems were most at risk of being damaged by natural causes, such as the weather or intentional tampering, such as vandalism. However, now surveillance has been digitised with the invention of the IP camera, they are now at risk from an unseen threat: cyber-attacks. Furthermore, the intention of the attacker is not always to simply disrupt the surveillance feed, it could also be that they are interested in collecting the system’s data, harvesting its resources, or even bringing down the organisation’s network infrastructure.

In particular, the whitepaper looks at some exciting solutions Axis has developed to counter cyber threats in security systems. The first is firmware signing for supply-chain tamper prevention. This is needed because, in theory, any “middle men” coming into contact with a device, for example during transit, could alter the device’s boot partition to allow firmware integrity checks to be bypassed. This means that during a firmware update, compromised firmware could also be installed onto the system. However, by using Axis secure boot process, a device can boot only with authorised firmware. The technology behind the secure boot process consists of an unbroken chain of cryptographically validated software, starting in immutable memory (boot ROM). Being based on the use of signed firmware, secure boot ensures that a device can boot only with authorised firmware.

The second is a trusted platform module (TPM), which provides a set of cryptographic features suitable for protecting information from unauthorised access. The private key is stored in the TPM and never leaves the TPM. Once access to the key has been requested, it is sent to the TPM to be processed before being released, ensuring the secret part of the certificate never leaves the secure environment, even in the event of a security breach.

Although these measures are above and beyond current regulation, Axis believes it is worth familiarising yourself with the cyber threats your organisation may face.