FOCUS: cyber security & IP video surveillance It is impossible to completely protect oneself against hackers. But you may limit the risk by carrying out a risk analysis and reflect on what is most important to protect. “To be able to feel secure with your security solution, suppliers and manufacturers must also have expertise and communication strategies for IT security. Unfortunately this is not always the case”, says Jimmy Ek, Nordic Sales Manager, Axis Communications By Henrik Söderlund Jimmy Ek, Axis Communications: Jimmy Ek, Nordic Sales Manager, Axis Communications. How to safeguard the IP camera system The number of online gadgets is reaching new records by the minute and this increases vulnerability. How can you minimize the risk of data breach in security applications and protect security cameras from hackers? Jimmy Ek stresses that threats must be handled at a system level, and the responsibility for securing the network with its online devices and services lies with the whole chain, from suppliers to installation engineers, administrators and system users. Protect what is most important According to Jimmy Ek, at a basic level, IT security is about risk management, and it is impossible to eliminate all risks. Therefore, it is wise to start by identifying what is most important to the end customer. “Identify your crown jewels and protect them thoroughly. Estimate the acceptable level of risk for your company. Also consider how you can mitigate the effects of certain risks and transfer other risks via different types of insurance”, says Jimmy Ek. IP cameras can not only be hacked, they can also be stolen and tampered with, or physically damaged. Jimmy Ek says that both the camera’s physical security and their cyber vulnerabilities demand a strategy and you can apply the same principles on both. First, assets and resources must be identified. According to Jimmy Ek, when it comes to security cameras on your network, apart from the physical camera, the most important assets are the video stream and the video material that is stored locally in the camera or on an external server. “This video is, in most cases, very valuable to your company but of little use to anybody else. However, you should carefully consider why an intruder might be interested in access to your video material”, he says. Review passwords Another important action is to identify the most likely threats. Jimmy Ek elaborates: ”Are there are any potential threats to your IP camera system: physical sabotage (of the cameras themselves or the location the cameras monitor); access to the video material; or using a device (camera) as a point of intrusion in order to gain access to other parts of your network.” It is also important to identify vulnerability: no system in the world is completely invulnerable. “In order to be effective, devices and networks have to be exposed to the outside world. But some vulnerability can be prevented. The physical exposure of a camera can make it vulnerable to sabotage and therefore the quality of the camera is of utmost importance – to ensure that the camera should withstand extreme physical conditions. Secondly, it is about revealing passwords and allowing access to video management systems, as well as unsatisfactory practices in the operation and maintenance of the network”, says Jimmy Ek. The cost of an attack The end customer must identify “Identify your crown jewels and protect them thoroughly. Estimate the acceptable level of risk for your company. Also consider how you can mitigate the effects of certain risks and transfer other risks via different types of insurance.” the anticipated cost of an attack in order to know how much to invest to safeguard the system. “If the cameras are used in an everyday environment and there is no chance of them being used as a gateway to the rest of the network, you can expect the cost of an intrusion in the camera to be quite low. But if your situation is more sensitive and an intrusion in your network could expose your company to financial losses or loss of confidence then the costs will be much higher, and you will probably want to invest more time and energy in safeguarding your security system”, Jimmy Ek concludes. Axis’ top 10 recommendations for securing a security application: 1. Conduct a risk analysis in accordance with the strategies above (identify assets and resources, identify the most likely threats, identify vulnerability and identify the anticipated cost of an attack) 2. Compile all available knowledge on how you can protect your system and work closely with your dealer, installation engineer and supplier. 3. Secure your network. If the network is hacked then it increases the risk of access to sensitive information and attacks on individual servers and network devices 4. Use strong, unique passwords and change them at regular intervals 5. Don’t rely on a network device’s “factory default setting” a. Change default passwords b. Activate and configure a device’s cyber security functions c. Deactivate functions that are not used 6. Use an encrypted connection when possible, even on a local network 7. The user should not be allowed access to a camera if not required by the design of the system. The user should only have access to video via a VMS or via a media proxy 8. Check the access log on a regular basis to detect any attempts to hack the system 9. Check your network devices on a regular basis. Activate system notification whenever possible 10. Always upgrade to the latest firmware because the manufacturer may have closed security gaps. Security News Every Day – www. securityworldhotel.com 16 • d etektor internati onal