Cybersecurity: an electronic security distributor’s view

CCTV Handbook 2017 Editor's Choice, Surveillance, Information Security

During 2014, the FBI investigated 1402 complaints of ransomware attacks (a virus that holds systems hostage until victims pay for a key to regain access) costing those targeted more than $23 Million. In 2015 FBI agents investigated 2453 complaints costing targets over $24 Million.

A recent cybersecurity article highlights that over 79% of South African internet users who have lost money at the hands of cyber criminals have only got some, or none, of their stolen funds back.

‘Cybersecurity’ refers to preventative methods used to protect information from being stolen, compromised or attacked. It requires an understanding of potential information threats, such as viruses and other malicious code. Cybersecurity strategies include identity management, risk management and incident management.

In South Africa a National Cyber Security Policy was finally approved by cabinet in March 2012. This defined a cybercrime as ‘an illegal act, the commission of which involves the use of information and communications technologies’. An updated definition was approved through the Electronic Communications and Transactions Amendment Bill of 2012 in October of that year. ‘Cyber-crime’ means ‘any criminal or other offence that is facilitated by or involves the use of electronic communications or information systems, including any device or the Internet or any one or more of them.’

According to Eyewitness News, cybercrimes cost the SA Economy R35 billion in 2015.

A cyber protection programme

Tyco Security Products launched its Cyber Protection Programme in 2016. This was after years of providing critical solutions for the US government and other large multinational customers, holding several industry firsts, including FISMA-ready access control and video solutions (Federal Information Security Management Act).

The six-part programme is designed to assist distributors and integrators with a better understanding of cybersecurity and the steps taken to combat current risks both from a hardware and software point of view.

The days of worrying only about admitting/denying access and recording video are long behind us. There is now the concern about cybersecurity and cyber attacks as there is about threats against physical properties because the two are inextricably linked. The need for security manufacturers, distributors and integrators to be cyber-savvy is more important than ever before. However, why is it that some manufacturers/distributors seem to believe that the problem lies with the integrator/installer and ignore the realities that we have mentioned above; what questions are really being asked in this area?

The details of the Tyco Cyber Protection Programme are listed in the November 2016 edition of Hi-Tech Security Solutions magazine and are available at <a href=http://securitysa.com/*tyco1 target=”_blank”> securitysa.com/*tyco1</a>. Products include Illustra cameras, exacqVision, American Dynamics including VideoEdge and Victor, Kantech, CEM and Software House.

A camera-specific view

Adding IP cameras to a network requires their own security application as per any network device. A key element of the Tyco Security Products Cyber Protection Programme is ‘inclusive protection’ – ensuring that every device has been designed with the features and capabilities it needs to be allowed on the network.

When evaluating any new video surveillance camera, we suggest that you not only consider the features you need, but also the cybersecurity considerations because most IP cameras use a web interface for setup and control of the camera, these are listed for simplicity as:

• Protocols.

• Logging and backup.

• Access and session security.

1. Communication Protection – refer to table 1 – Protocols

Communication is an obviously critical capability for surveillance cameras. You need to ensure that the camera has the necessary and appropriate protocols to meet your networks’ security requirements.

Table 1: Protocols.
Table 1: Protocols.

2. Logging and backup – refer to table 2

Log monitoring is a detective control that can be used to identify when vulnerabilities have been exploited. It records details of activity on the camera and can be used to detect incidents. Backup is a corrective control that is used to ensure that data can be restored if it is lost or corrupted. Used together, these controls help you to detect and recover from a vulnerability that has been exploited.

Table 2: Logging and backup.
Table 2: Logging and backup.

3. Access and session security – refer to table 3

It is important that the camera uses good, secure web application practices to reduce the risk of being a source of device vulnerability.

Table 3: Access and session security.
Table 3: Access and session security.

Conclusion

Vision Catcher is a Tyco Security Products specialist providing Illustra cameras, exacqVision and Kantech access control security solutions. We provide technical support and a range of services applicable to cybersecurity within our field of expertise. Please contact Niall for further information at +27 (0)11 463 9797, [email protected], www.visioncatcher.co.za

For further information on Tyco cybersecurity go to https://www.tycosecurityproducts.com/cyberprotection/cyberprotection.aspx



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Here’s to a SMART 2025
SMART Security Solutions Editor's Choice News & Events
This is the final news brief from SMART Security Solutions for 2024, and the teams would like to take this opportunity to thank our readers, advertisers and partners and wish everyone a safe and secure festive season.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
ONVIF launches new online learning initiative
Training & Education Surveillance News & Events
ONVIF has released the first course in a new online learning initiative designed to promote greater knowledge and understanding of ONVIF's workings. The first “Introduction to ONVIF” course is now available.

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...
AI-powered automation for an operational efficiency edge
Editor's Choice AI & Data Analytics IoT & Automation
In the fast-moving world of digital transformation, businesses are under immense pressure to accelerate their operations and adapt quickly to stay competitive in an era dominated by AI and technological advancements.

Read more...
2025 Southern Africa OSPAs entries now open
Technews Publishing Editor's Choice News & Events Training & Education
Entries are now open for the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs). The OSPAs are designed to be both independent and inclusive, providing an opportunity for outstanding performers, to be recognised and their success to be celebrated.

Read more...
Elvey to distribute Tiandy
Elvey Security Technologies Editor's Choice Surveillance News & Events
Tiandy’s presence in South Africa was boosted in November with the announcement that Elvey Security Technologies will distribute a broad range of Tiandy equipment through its channel partners and provide project assistance.

Read more...
Dahua achieves international cybersecurity standards
Dahua Technology South Africa Information Security Surveillance
Dahua Technology has received the Common Criteria (ISO/IEC 15048) EAL 3+ certificate, along with ISO/IEC 27001 for Information Security Management Systems, ISO/IEC 27701 for Privacy Information Management Systems, and CSA STAR certifications.

Read more...
Hikvision showcases AIoT advances
Hikvision South Africa AI & Data Analytics Surveillance IoT & Automation
Hikvision successfully hosted its 2024 Shaping Intelligence Summit in October, where the company and its global partners explored the latest innovations in AIoT and highlighted the importance of industry collaborations in building a better world through technology.

Read more...