SecurityWorldMarket

16/04/2022

Security camera producers should demonstrate cyber responsibility

Chertsey, Surrey (UK)

Uri Guterman, Head of Product & Marketing for Hanwha Techwin Europe, talks about the security camera manufacturers' responsibilities when it comes to cyber security.

With IP cameras now the norm, Uri Guterman, Head of Product & Marketing for Hanwha Techwin Europe, believes that the video surveillance industry must do more to combat cyber-threats through technology, skills and certifications. Here he explains the measures that Hanwha Techwin are already taking and the so-called "trust marks" to look out for when selecting surveillance products.

The increased use of connected devices including IP cameras and Internet of Things (IoT) sensors, is creating more opportunities for hackers to cause damage. Today’s cameras are extremely advanced and carry the latest firmware. However, legacy devices must be kept up to date if they are to not provide a route in for hackers

The unfortunate truth remains that although many organisations invest in their physical security systems, they don’t always realise that their video surveillance and IoT devices can be back doors exploited by malicious actors. Compromised cameras and other connected devices can become a foothold to launch an attack on a network, a technique known as pivoting. Malicious actors can also look at confidential information through footage, using this to blackmail an individual or organisation or steal trade secrets.

Responsible camera manufacturers are tackling these concerns head-on through their technology (software and hardware), training, collaboration with customers, and formal accreditations that highlight the security of their processes and solutions.

NDAA compliance

The National Defense Authorization Act 2019 (NDAA) is a good starting point. This U.S federal law prohibits federal agencies and their contractors from using video surveillance equipment from a number of named companies. A vendor that is NDAA compliant, therefore, shows the requisite standards for federal agencies — an extremely high level of security and due diligence that should put all other organisations and government entities at ease. Hanwha Techwin supports NDAA compliance across its product line and is committed to complying with all government and international trade regulations. There are also signs that European governments are thinking of adopting similar legislation.

Core to product design

A supplier who designs their products with cyber security in mind will have certifications like the UL Cybersecurity Assurance Program (UL CAP). They will have more stable and secure systems, with regular maintenance and patches to ensure vulnerabilities are proactively mitigated. Hanwha Techwin is among only a handful of manufacturers within the video surveillance industry that has achieved the UL CAP certification for its products. Secure by Default is another certification mark that shows a product is cyber and network-secure by default, without needing to apply network hardening to it.

Buyers should also look for ISO 27001 certification — which is tough for vendors to achieve and maintain, with its requirement for continual improvement. It gives a guarantee that the vendor handles information security with the utmost importance. Hanwha Techwin’s information security system has been ISO 27001 certified.

Emergency response to cyber security threats

The number of resources and research that a vendor dedicates to staying ahead of the latest threats will tell you exactly how secure their camera systems are — and how secure they’ll be in the future. If a vulnerability is discovered, reacting with speed is business-critical. Those with dedicated resources will be faster in responding to cybersecurity threats.

Hanwha Techwin’s S-CERT team (Security Vulnerability Response Center), a unique function in the sector, is dedicated to designing proactive safeguards against unauthorised device access and intrusion, as well as promptly addressing any security vulnerabilities.

Cyber security education

The most secure vendors educate their extended network, such as their users and installers to ensure software and hardware are constantly upgraded to combat emerging threats. All hardware needs to remain up-to-date with the latest firmware and security patches.

The human element can also be exploited and responsible suppliers will provide training and practical guidance on how to keep a system secure and avoid social engineering attacks like phishing.

The consequences of getting it wrong

The stakes are high for all organisations dealing with data, particularly the kind of sensitive, personally identifiable data that cameras and other sensors can capture. The financial costs of a data breach are significant ($4.24 million on average, per breach, in 2021 — the highest in 17 years). There’s also the damage to reputation, operations, and trust to consider. As Stephane Nappo, the Chief Information Security Officer of Société Générale once said “It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”

A true cyber security partner

Guterman concludes,"That’s why it’s imperative to work with a supplier that has a singular dedication to cyber security (with the credentials to prove it), earmarked resources to remain on top of threats, and that works with its users and installers to improve their cybersecurity knowledge as well.

Although no system can be 100% secured against cyber security threats, with Hanwha Techwin as your partner, you can rest assured that we will do whatever we can to detect and mitigate threats and vulnerabilities."


Tags

Product Suppliers
Back to top