Accessing cyber security

Access & Identity Management Handbook 2017 Editor's Choice, Access Control & Identity Management, Information Security, Security Services & Risk Management

As if the job of specifying, installing and maintaining physical security products is not hard enough, recent news reports have shown that many of these devices – mainly cameras and DVRs at the moment – are being used in botnets. These are networks of devices, which can be anything from computers to cameras (or any electronic devices) that have not been properly secured and as a result are infected with malware.

This malware normally sits on the device and doesn’t cause any trouble until the owner, or those renting the botnet from the owner, decide to target a company or person. Then, all the devices work together to carry out their attack plans. A recent example can be seen at www.krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos.

While access and identity devices are not known to be involved in already identified botnets in any number, it stands to reason that network connected devices, especially Internet-connected devices, form part of the global Internet of Things (IoT) network. As such, they can be used for cyber attacks either on the company using them, or on third parties. Access control has been a slow learner when it comes to moving to IP, but the move has started and there is no stopping it.

The traditional physical security approach to cyber security is to ignore it as the whole cyber issue is seen as an IT problem and left to the people who manage servers and data centres. As everything in the access world moves to IP and being connected, this is no longer an acceptable approach.

Of course, security of any sort is never one person or department’s responsibility (although many try to make it so). It takes collaboration across the board, from manufacturers to installers and end users to make security work.

Tyco Security Products is taking a proactive role in securing its range of physical security products by developing its Cyber Protection Programme. Jeffrey Barkely, product manager at Tyco Security Products, spoke to Hi-Tech Security Solutions and explained that the multifaceted programme is focused on delivering a holistic approach to cyber security awareness, covering all the bases from the manufacturer to the end-user.

The idea is to reduce the risk of cyber crime happening to end-users by minimising the potential for the introduction of vulnerabilities into products, as well as resolving issues as fast as possible when they do arise. To date, Barkley says Software House access control solutions, American Dynamics video management systems and Illustra IP cameras are all on board, with further products from the group in the pipeline.

Six-step programme

The Cyber Security Programme has been divided into six parts. This is to ensure that the programme covers all the aspects of security, not simply covering certain components of the solution while ignoring others.

1. Secure product development practices

Tyco trains its developers and engineers to code and test their products securely throughout the development cycle. It has also launched a Cyber Protection Team, an independent branch of the development team with the authority and responsibility to manage the development process and final product release. This team is tasked with monitoring compliance according to the company’s ‘secure development best practices’.

2. Inclusive protection of components and systems

This step is to ensure that all components of a solution are tested and verified before reaching the customer. Some of the steps in the process include end-to-end encryption, encrypted database communications, system auditing, alerting and management, and denial of service attack protection.

3. Configuration guidelines for compliance

Taking the process beyond the development stage, the team also provides integrators and installers with documentation to assist them in installing systems securely, and to comply with various standards and regulations. For example, Tyco uses the Risk Management Framework from NIST 800-53 – ‘Security and Privacy Controls for Federal Information Systems and Organizations’ – to help users configure access control and video systems that require a high level of compliance.

4. Ongoing rigorous testing

The Cyber Protection team continues testing products against known and new vulnerabilities to ensure properly installed solutions remain as secure as possible. This testing also applies to software updates and new configurations. Moreover, third parties are also employed to conduct independent tests on the products to verify their security status and compliance.

5. Rapid response to vulnerabilities

Since vulnerabilities are being discovered every day – or so it seems – the Cyber Security team is continually on the lookout for new threats. The team consists of engineers from product security, development, quality and tech support. They evaluate each threat and decide if it can be dealt with in the next upgrade process or if they need to send out a hotfix as soon as possible.

Barkley notes that recently the team was able to develop, test and release patches for critical vulnerabilities such as Heartbleed (en.wikipedia.org/wiki/Heartbleed) and Shellshock (en.wikipedia.org/wiki/Shellshock_(software_bug)) in just two weeks.

6. Advocate and educate

The sixth step of the programme is the education of partners and customers regarding the necessity of securing their infrastructure. This includes training and development certifications, and the team also travels globally advocating for the rigorous protection of all security systems.

As noted above, security requires buy-in from all parties and the Cyber

Security Programme from Tyco covers all the bases, from the product manufacturers through to the end-users. As many integrators will testify, the end-users are probably the most important link in this chain as they are often the ones who opt for the cheapest solution that is almost guaranteed to be insecure – although no company would say that publically. Hopefully, the training and advocacy Tyco is involved with will be echoed throughout the physical security industry and both users and integrators will come to understand the importance of effective security, even if it’s only in the interest of self-preservation.

For more on the programme, please see http://www.tycosecurityproducts.com/pdf/cyber_protection/Cyber_Protection_Program_eBook_REVE.pdf (short URL: securitysa.com/*tyco1)

For more information contact Tyco Security Products, +27 (0)82 566 5274, [email protected], www.tycosecurityproducts.com.



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Biometric security key for phishing-resistant MFA
Products & Solutions Access Control & Identity Management
New FIDO-compliant USB, Bluetooth, and NFC BioKeys with biometric login and centralised management for phishing-resistant, passwordless multifactor authentication (MFA) for enterprise users.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Winners of the 2025 Southern Africa OSPAs
Editor's Choice
The winners of the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs) were revealed on Wednesday, 4th June, at Securex South Africa. Winners from all categories (except the Lifetime Achievement) will be featured in the second Global OSPAs set to take place in 2026.

Read more...
Gallagher Security releases OneLink
Gallagher Animal Management Products & Solutions Access Control & Identity Management
Gallagher Security has announced OneLink, a cloud-based solution that makes it faster, easier and more cost-effective to deploy security anywhere in the world, transforming how security can be delivered to remote sites and distributed infrastructure.

Read more...
Deepfakes and digital trust
Editor's Choice
By securing the video right from the specific camera that captured it, there is no need to prove the chain of custody for the video, you can verify the authenticity at every step.

Read more...
IQ Panels now supported by PowerManage
Johnson Controls - (Tyco Security Products) Products & Solutions
IQ Panels, now supported by PowerManage, simplify installation and data management. The PowerManage interactive platform allows for localised data storage, so customer information is not stored in the cloud or exposed to a third party.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.