When you build a closed circuit television (CCTV) network, and it is modern solution and based upon TCP/IP connections, you need to have a robust security solution to protect it. But, the old ways of simply wrapping a large scale firewall around the centralized data centre are over.
You need to exactly map the IT security to overlay to the physical security solution.
The next generation of networks used for CCTV surveillance are no longer linear, they are composed of wired, wireless, and optical fibre elements. They are logically divided into manageable segments and with the wireless aspects, they could be highly susceptible to unwanted intrusion. To complicate matters, they are becoming integrated with other disparate systems like IoT sensor networks that work in collaboration with the video surveillance systems to make more sense of the data that is telling the story of the security of the facilities being surveilled.
An IoT door sensor might alarm that a secured doorway has just been opened. With thousands of cameras at large facilities, this undesired intrusion might otherwise go unnoticed on the wall of images. But, the IoT sensor can fix this ‘visual noise’ problem. In an instant, it can throttle the cameras from a lower two frames per second recording rate upwards automatically to 15 or 30 frames per second. As well, the low resolution CIF frame (352×240) may be dynamically changed to an HDTV frame (1920×1080) resolution to better capture pictures of the perpetrator. The Pan/Tilt/Zoom cameras may be automatically directed to the incursion area and begin automatically tracking the subject and hunting for suitable facial recognition captures. The security guards monitor wall may be modified to bring the intrusion area and the alarmed zone to ‘front and centre’ of the display wall to ensure that the guard is aware of the event. All of this is done in milliseconds.
Understanding the frame rate the resolution is important to cyber security. The quality of the images and the volume of data transiting these networks is huge compared to even classic IT networks. So, it is vital to isolate this proverbial 800 lb gorilla off of the core IT networks and to separate this traffic to its own network. Now, due to the standards surrounding these image formats, there is an inherent risk for attack. These attacks have been front-page news during the past years. So, it is essential to understand these issues and to address them from a cyber security perspective.
CIF stands for Common Intermediate Format and is used to represent the size of an image based on the number of horizontal and vertical pixels. The more pixels, the sharper the image, especially recognizable when you enlarge an image to fit your monitor or digitally zoom in. Some network video recorders or NVRs can only display and record at one specific level of resolution. Some NVRs will display at one level (i.e.: 4CIF) and record at a different level (i.e.: CIF) based on the hardware, software, and processing power. Better quality NVRs are built with higher grade components and functionality, and can display at D1, 1080P or UHD4K, with the ability to set recordings for each camera.
Now this collaboration between systems is clearly powerful. But, by interconnecting these systems, you create new cyber risks that we did not have in the past. The answer is to adapt the cyber security to map effectively to the CCTV systems and to protect all of the new potential points of entry.
If the CCTV system has a federated network, then the cyber security system must be mapped in a federated manner too.
With edge computing and extended cloudlets now living on the network fabric, the cyber security solution must be able to protect these new compute, storage, and analytic resources on the network too.
Wherever edge computing and cloudlets exist, so must firewalls, intrusion detection systems (IDS), intrusion protection systems (IPS), and user authentication systems (AAA). With a distributed and federated architecture of security touch-points, the management and administration of these touch-points becomes difficult. There is a need for a centralized security operation centre (SOC) to command and control these distributed assets spread-out over the network fabric.
Developing the right security solution is about understanding the products and technologies involved and how they can drive innovation, create efficiencies and transform applications. From stand-alone products to fully integrated IP solutions, you need to have the right offering to cover your security needs regardless of the scope of work.
- Video surveillance
- Intrusion detection
- Fire and life safety
- Access control
- Door locking and architectural hardware
- Network cabling
- Electronic and electrical wire and cable
- Data communications
- Sound and mass notification
- Facilities automation
- Hardware, tools and accessories
- IP solutions
- Emergency telephones
- Integrated two-way radios
- Industrial Communications and Control
For example, using data encryption to adequately scramble the video, metadata, and command and control stream running over the cable or in the wireless network is essential to cyber security. Yet, this aspect is often the most overlooked or left to remain at the factory default settings from out of the box. Using the right cable to shield from intrusion is critical too. Optical fibre is less likely to be intercepted compared to wired and wireless connections. Poorly installed connections leaking signal to the ether is a major concern, so craft skills are paramount to a trustworthy installation.
There has been a flood of low cost CCTV products available on the market, many manufactured by budget brands in China. In many cases, CCTV is being installed by non-specialist companies with no professional industry background or qualifications. These companies are unlikely to understand or give due consideration to cyber security.
Cheap options without sufficient protection leave you vulnerable to cyber crime and introduce the risk of incurring far larger costs down the line.
The cost of a professional and secure installation is negligible compared to the cost of a significant breach or loss of data.
Secure communication is FIPS140-2 level 1 compliant, therefore you can be assured to obtain reliable communication between devices through authentication and be safe through data and communication encryption. Vendors like Panasonic, Axis, and Bosch, along with others, combines the third party’s highly reliable certificates and technology for detecting and analyzing cyber attacks with its own in-house embedded cryptography technology, to provide a highly secure and robust protection layer for embedded surveillance products. These products provide three information protecting blocks: data encryption, communication encryption, and verification plus key.
There are several steps to ensure the security of your system.
First step: Start by choosing equipment manufacturers that take network security seriously. Do not be bound to any specific manufacturers or distribution agreements, and be selective in the equipment that you buy. Try to provide multiple options so you can weigh the costs and benefits. Do not allow vendors to push specific products or manufacturers for ulterior motives.
Second step: Whenever possible, you need to install surveillance systems with a separate dedicated network and only one Wide Area Network (WAN) point. Systems need to be designed to minimize the impact on your network. Bandwidth and the number of devices actually on your network are kept to a minimum by creating a physically separate network for your cameras. Separate the IT networks from the CCTV networks. Do not interconnect these mission critical networks. Integrate a single device into the existing network to serve as a central management point for the other devices.
Third step: Remove all default usernames and passwords from all cameras and recording systems to prevent unauthorized access. Coordinate your installation with your IT staff to ensure everyone follows your specific security protocols. As simple as this sounds, default usernames and passwords are a key cause for most cyber security issues when it comes to “Internet of Things” (IoT) devices.
Fourth step: Turn off telnet access to individual devices and create a separate administrator account so you can have full access to your system, while allowing your trusted vendor partners to provide remote support, but only under your control and supervision
Fifth step: Create a Service Agreement with the vendor / partners that will provide firmware updates and system maintenance, ensuring it is always up to date and quickly fixing any uncovered security flaws. This not only ensures a current and protected network environment, it also saves money on post-attack problem solving.
Concern about cyber crime via IP camera networks is real. And there’s no magic bullet – no single solution for staying safe.
Effective cyber security is about assessing risks and consequences and taking appropriate steps. It’s about products, people, technology and ongoing processes. And about partnering with a supplier that’s prepared to support you at every level.
You must have a 100% focus on cyber security, and do everything in your power to mitigate its risks. You need to have strict requirements for all of the products in the end to end ecosystem to fight this threat. Superior governance to guide your process, people, and technology is mandatory. So, be aware. Be ever diligent.
Anixter. (2018). Security Systems. Retrieved on April 17, 2018 from, https://www.anixter.com/applications/security
First Alliance Protection Systems. (2018). Understanding DVRs and Resolution – From CIF to Full HD 1080P to Ultra HD 4K. Retrieved on April 17, 2018 from, http://www.faps.com/CIF%20to%20HD.pdf
Hoosier Security. (2016). Cyber Security and CCTV – Your Surveillance System. Retrieved on April 17, 2018 from, https://www.hoosiersecurity.com/cctv-surveillance-systems/cyber-security-and-your-surveillance-system/
Reflex. (2017. The Hidden Cybersecurity Risks in CCTV Installations. Retrieved on April 17, 2018 from, http://www.reflexsystems.co.uk/news/hidden-cybersecurity-risks-cctv-installations/
About the Author:
Michael Martin has more than 35 years of experience in systems design for broadband networks, optical fibre, wireless and digital communications technologies.
He is a Senior Executive with IBM Canada’s GTS Network Services Group. Over the past 13 years with IBM, he has worked in the GBS Global Center of Competency for Energy and Utilities and the GTS Global Center of Excellence for Energy and Utilities. He was previously a founding partner and President of MICAN Communications and before that was President of Comlink Systems Limited and Ensat Broadcast Services, Inc., both divisions of Cygnal Technologies Corporation (CYN: TSX).
Martin currently serves on the Board of Directors for TeraGo Inc (TGO: TSX) and previously served on the Board of Directors for Avante Logixx Inc. (XX: TSX.V).
He serves as a Member, SCC ISO-IEC JTC 1/SC-41 – Internet of Things and related technologies, ISO – International Organization for Standardization, and as a member of the NIST SP 500-325 Fog Computing Conceptual Model, National Institute of Standards and Technology.
He served on the Board of Governors of the University of Ontario Institute of Technology (UOIT) and on the Board of Advisers of five different Colleges in Ontario. For 16 years he served on the Board of the Society of Motion Picture and Television Engineers (SMPTE), Toronto Section.
He holds three master’s degrees, in business (MBA), communication (MA), and education (MEd). As well, he has diplomas and certifications in business, computer programming, internetworking, project management, media, photography, and communication technology.