Accessing cyber security

Access & Identity Management Handbook 2017 Editor's Choice, Access Control & Identity Management, Cyber Security, Security Services & Risk Management

As if the job of specifying, installing and maintaining physical security products is not hard enough, recent news reports have shown that many of these devices – mainly cameras and DVRs at the moment – are being used in botnets. These are networks of devices, which can be anything from computers to cameras (or any electronic devices) that have not been properly secured and as a result are infected with malware.

This malware normally sits on the device and doesn’t cause any trouble until the owner, or those renting the botnet from the owner, decide to target a company or person. Then, all the devices work together to carry out their attack plans. A recent example can be seen at

While access and identity devices are not known to be involved in already identified botnets in any number, it stands to reason that network connected devices, especially Internet-connected devices, form part of the global Internet of Things (IoT) network. As such, they can be used for cyber attacks either on the company using them, or on third parties. Access control has been a slow learner when it comes to moving to IP, but the move has started and there is no stopping it.

The traditional physical security approach to cyber security is to ignore it as the whole cyber issue is seen as an IT problem and left to the people who manage servers and data centres. As everything in the access world moves to IP and being connected, this is no longer an acceptable approach.

Of course, security of any sort is never one person or department’s responsibility (although many try to make it so). It takes collaboration across the board, from manufacturers to installers and end users to make security work.

Tyco Security Products is taking a proactive role in securing its range of physical security products by developing its Cyber Protection Programme. Jeffrey Barkely, product manager at Tyco Security Products, spoke to Hi-Tech Security Solutions and explained that the multifaceted programme is focused on delivering a holistic approach to cyber security awareness, covering all the bases from the manufacturer to the end-user.

The idea is to reduce the risk of cyber crime happening to end-users by minimising the potential for the introduction of vulnerabilities into products, as well as resolving issues as fast as possible when they do arise. To date, Barkley says Software House access control solutions, American Dynamics video management systems and Illustra IP cameras are all on board, with further products from the group in the pipeline.

Six-step programme

The Cyber Security Programme has been divided into six parts. This is to ensure that the programme covers all the aspects of security, not simply covering certain components of the solution while ignoring others.

1. Secure product development practices

Tyco trains its developers and engineers to code and test their products securely throughout the development cycle. It has also launched a Cyber Protection Team, an independent branch of the development team with the authority and responsibility to manage the development process and final product release. This team is tasked with monitoring compliance according to the company’s ‘secure development best practices’.

2. Inclusive protection of components and systems

This step is to ensure that all components of a solution are tested and verified before reaching the customer. Some of the steps in the process include end-to-end encryption, encrypted database communications, system auditing, alerting and management, and denial of service attack protection.

3. Configuration guidelines for compliance

Taking the process beyond the development stage, the team also provides integrators and installers with documentation to assist them in installing systems securely, and to comply with various standards and regulations. For example, Tyco uses the Risk Management Framework from NIST 800-53 – ‘Security and Privacy Controls for Federal Information Systems and Organizations’ – to help users configure access control and video systems that require a high level of compliance.

4. Ongoing rigorous testing

The Cyber Protection team continues testing products against known and new vulnerabilities to ensure properly installed solutions remain as secure as possible. This testing also applies to software updates and new configurations. Moreover, third parties are also employed to conduct independent tests on the products to verify their security status and compliance.

5. Rapid response to vulnerabilities

Since vulnerabilities are being discovered every day – or so it seems – the Cyber Security team is continually on the lookout for new threats. The team consists of engineers from product security, development, quality and tech support. They evaluate each threat and decide if it can be dealt with in the next upgrade process or if they need to send out a hotfix as soon as possible.

Barkley notes that recently the team was able to develop, test and release patches for critical vulnerabilities such as Heartbleed ( and Shellshock ( in just two weeks.

6. Advocate and educate

The sixth step of the programme is the education of partners and customers regarding the necessity of securing their infrastructure. This includes training and development certifications, and the team also travels globally advocating for the rigorous protection of all security systems.

As noted above, security requires buy-in from all parties and the Cyber

Security Programme from Tyco covers all the bases, from the product manufacturers through to the end-users. As many integrators will testify, the end-users are probably the most important link in this chain as they are often the ones who opt for the cheapest solution that is almost guaranteed to be insecure – although no company would say that publically. Hopefully, the training and advocacy Tyco is involved with will be echoed throughout the physical security industry and both users and integrators will come to understand the importance of effective security, even if it’s only in the interest of self-preservation.

For more on the programme, please see (short URL:*tyco1)

For more information contact Tyco Security Products, +27 (0)82 566 5274,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Accenture Technology Vision 2023
Editor's Choice News
New report states that generative AI is expected to usher in a ‘bold new future’ for business, merging physical and digital worlds, transforming the way people work and live.

Economists divided on global economic recovery
Editor's Choice News
Growth outlook has strengthened in all regions, but chief economists are divided on the likelihood of a global recession in 2023; experts are concerned about trade-off between managing inflation and maintaining financial stability, with 76% anticipating central banks to struggle to bring down inflation.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Addressing the SCADA in the room
Industrial (Industry) Cyber Security
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.

Integrated guarding services
XtraVision Integrated Solutions Access Control & Identity Management Industrial (Industry)
XtraVision offers a few tips on how to go about planning and setting up an integrated approach to sustainable and successful security services, from the initial risk assessment to the technology and people required.

Paxton secures multi-tenant office in Cape Town
Paxton Integrated Solutions Access Control & Identity Management Products
Cecilia Square in Paarl, Cape Town is an office building from where several businesses operate. The multi-tenant site has recently undergone a full refurbishment, including a complete upgrade of its security system for access control.

AI face recognition OEM module
Suprema News Access Control & Identity Management Products
Suprema AI, a company specialized in artificial intelligence–based integrated security solutions, recently launched its high-performance face recognition OEM module called ‘Q-Face Pro’ in response to the growing need for contactless security solutions.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.