Cyber Security and Cloud Video Surveillance
White Paper by Dean Drako, CEO of Eagle Eye Networks
The PDF version includes additional content; download for more on this subject.
This paper explains why video surveillance system security can and should be more fully addressed within the industry so that cyber security is not left as a problem for installers or customers to solve. Eagle Eye Networks is a leader in this respect, mitigating security concerns from the point of product research, development and deployment.
Today’s networked video surveillance systems are vulnerable in many ways, and their cameras have been weaponized by hackers to create massive Distributed Denial of Service (DDoS) attacks on targeted systems.
Securing today’s networked video systems can be a complex and difficult technical challenge. However, especially for small and medium size businesses, it doesn’t have to be that way. Video systems and equipment can be purpose-built to constitute a pre- hardened and more easily securable system, in contrast to the current installed base of networked video technology.
In September of 2016, a large French web-hosting provider reported a record-breaking 1-terabit-per- second DDoS attack against their web servers, unleashed by a collection of more than 145 thousand hacked Internet-connected video cameras and digital video recorders.
In October of 2016, DDoS attacks were launched from tens of millions of IP addresses against Dyn, an Internet infrastructure company headquartered in New Hampshire. The attacks bogged down or took offline dozens of major websites including AirBnB, Amazon, Etsy, GitHub, Netflix, Pinterest, Reddit, PlayStation Network, SoundCloud, Spotify, and Twitter.
Researchers have reported that over 90% of the attacking devices were compromised network security cameras and DVRs and that most of the compromised devices are in the U.S. In August 2016, researchers reported that about one million web-connected video cameras and DVRs were infected with malware. Most of the camera and DVR owners are unaware that their devices are infected.
In January 2017, in a ransomware cyber attack, cyber criminals infected 70 percent of the 187 video storage devices that record data from federal surveillance cameras in Washington D.C., taking video recording offline for about four days, just prior to the presidential inauguration.
These and other similar incidents are proof that securing video systems should be of paramount concern to security video equipment manufacturers, to installing security integrators, and to their end-user customers. However, hacker defense is just one part of ensuring that security video systems live up to their purpose – to faithfully monitor and record the activity within their cameras’ fields of view.
Video System Cyber Security
Computer and network security focus on protecting the confidentiality, integrity, and availability (CIA) of the networked systems and the data they contain. These three factors are paramount for video systems, given the potential for any camera’s recorded video to become critical legal evidence. Additionally, today’s video systems have become operationally important to many types of businesses, both for the instant oversight capability they provide and for the business insights enabled by a wide variety of video analytics. Anywhere, anytime availability of video via mobile devices is a basic business expectation these days.
However, for most video systems, Internet connectivity puts confidentiality, integrity, and availability at risk because most systems don’t have built-in protection against cyber attacks. Thus, many video systems are defenseless against cyber attacks, even though the continuing escalation of such attacks makes it more important than ever for video systems to be cyber secure.
General-Purpose vs. Purpose-Built Equipment
Traditionally, networked video management systems were built from general-purpose computers, network switches, routers and firewalls that require a significant amount of highly technical configuration to operate as a cyber-secure system. Leading manufacturers provide system or device hardening guides about how to set up appropriate cyber security controls. Even then, security hardening remains an ongoing project that requires continuing attention and updating, as products are improved and as new cyber threats emerge.
Configuring a secure VMS from general-purpose equipment is a lot to ask of video system installers and customers, especially because it’s not necessary. Manufacturers of purpose-built video surveillance products can and should provide security pre-configured systems because they designed and built the equipment and wrote the software that needs to be hardened. Furthermore, a cloud-based video surveillance system, provided as a service, can and should include the continuing attention and updating that effective cyber security protection requires.
The remainder of this paper explains how Eagle Eye Networks addresses cyber security protection and simplifies video system deployments using purpose-built design.
Please download the PDF to read more.