Smart surveillance and cyber resilience

December 2024 Surveillance, Information Security, Government and Parastatal (Industry), Facilities & Building Management


Marcel Bruyns

South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Cyberattacks can cause businesses and public entities to suffer from a loss of data integrity and availability, and they can also trigger events that pose a real-life threat to people and physical infrastructure. From there, the consequences can cascade, as critical infrastructure blackouts are reported to be the number one risk for local businesses.

Cyber resilience is not achieved by relying on a simple software package installed on endpoint devices; nowhere is truer than with network security and surveillance systems. The current trend of cybercrime and the potential for an incident demands a thorough response and strategy from operators. That response must encompass all technologies and solutions available, purpose-built and with an eye towards long-term ownership and a full view of the system’s supply chain and lifecycle. By taking this approach, operators can mitigate the possibility of an incident taking place.

Cybersecurity in smart surveillance

Digital transformation and the growing use of IoT (Internet of Things) technology means operators’ security systems are very different from what they were two decades ago. Today’s surveillance solutions can communicate with each other, process and store information at the edge, and form part of a network ecosystem dedicated to monitoring and protecting people, equipment, and sites. However, because of this transformation, that network is now a target for cybercriminals and must be made resilient against attacks.

Security and network surveillance product manufacturers have responded to this need by reshaping their product development strategies. Cybersecurity now serves as the foundation and is considered at the most fundamental level: the microprocessor and operating system (OS). Businesses cannot afford for cybersecurity to be an afterthought, as a lack of secure development processes can lead to software releases with exploitable vulnerabilities.

Using a security development model to guide software development, one that includes risk assessment, threat modelling, code analysis, and vulnerability scanning, manufacturers can meet the increasing awareness of security considerations across all industries, reduce the potential for security-related business risks, and create the potential for cost reduction through early threat detection and resolution.

Overseeing the supply chain

For infrastructure that is essential for everyday consumer and business life, supply chain oversight and management is a critical component of modern security and surveillance. A lack of transparency when it comes to information, equipment, facilities, software, and devices can lead to a compromised product, thus compromising the cyber posture and integrity of the business.

The answer is for operators to look beyond the operational benefits they unlock with new technology and focus on the cyber maturity of the businesses within their supply chain. Some areas to consider throughout the evaluation process include the processes and policies in place (for example, ISO27001, which is recognised worldwide), and features and tools that are used to mitigate the risk of products being the root cause of an attack. These features include signed firmware and secure boot, which ensure the product has not been compromised before it is even deployed, as well as the ability to proactively manage firmware updates efficiently.

It is important to note that what is secure today may not be secure tomorrow. Considering the expected usage duration of products and the risks posed by outdated firmware, oil and gas operators need to take a long-term view towards their hardware, effectively overseeing both ends of the lifecycle of devices.

Managing devices and adhering to best practices

Critical infrastructure can be large and expansive, covering significant portions of land and geographically spread across multiple regions. As a result, it can be a challenge for operators to effectively manage their entire surveillance network ecosystem.

The answer to this lies with device management software, which enables operators to keep a full, real-time inventory of all devices – cameras, encoders, access control points, audio speakers, and others – and their key information, including model number, IP and MAC address, certificate status, and versions of the software each one is running. This way, operators can implement consistent management policies and practices and ensure all devices remain up-to-date and secure against known vulnerabilities.

The use of device management software also ties into the greater practices of cybersecurity due diligence and best practices. Operators should always verify that all connected devices are running the latest software version, configure user privilege levels across the network to prevent unauthorised access and improper use, and promote cyber hygiene and awareness among personnel.

Given the current state of critical infrastructure in South Africa and efforts to rebuild the sector, operators have an opportunity to embed cybersecurity into all of their systems from the group up and, thus, build an optimal level of resilience across all their digital networks and systems. By prioritising cybersecurity during the procurement process, working with trusted vendors, and taking a proactive stance towards risks, operators can best secure themselves and set a national and industry-wide standard.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Hytera supports communication upgrade for Joburg
News & Events Infrastructure Government and Parastatal (Industry)
By equipping Johannesburg’s metro police and emergency services with multimode radios which integrate TETRA and LTE networks, Hytera is bridging coverage gaps and improving response times across the city.

Read more...
Your Wi-Fi router is about to start watching you
News & Events Surveillance Security Services & Risk Management
Advanced algorithms are able to analyse your Wi-Fi signals and create a representation of your movements, turning your home's Wi-Fi into a motion detection and personal identification system.

Read more...
Secure, modernise and optimise CCTV
Surveillance Products & Solutions
Industrial and commercial organisations are navigating complex digital transformation processes. With SecuVue, companies can bridge the gap between operational technology and information technology for safer, smarter operations.

Read more...
The crucial role of fire, smoke, and gas detectors
Fire & Safety Facilities & Building Management
From wireless detectors to integrated building management systems, the industry is seeing a significant shift towards more intelligent, more responsive solutions. ASP Fire CEO Michael van Niekerk shares insights into these innovations.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
LidarVision for substation security
Fire & Safety Government and Parastatal (Industry) Editor's Choice
EG.D supplies electricity to 2,7 million people in the southern regions of the Czech Republic, on the borders of Austria and Germany. The company operates and maintains infrastructure, including power lines and high-voltage transformer substations.

Read more...
A whole-site solution to crack the data centre market
Fire & Safety Infrastructure Facilities & Building Management
Fire safety consultants and contractors who can offer a comprehensive fire safety solution to the data centre market can establish themselves as a supplier of a key safety features that help guarantee the smooth operation of critical infrastructure.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.