Condortech seeks hackers' perspective
SPRINGFIELD, Va.—Watching hackers demonstrate how easy it is to take over security cameras, SCADA and access control systems at the Black Hat hackers conference last year prompted Jorge Lozano, president and CEO of Condortech Services, to take action.
What did he do? He hired a couple of professional hackers to work with his company.
“We are doing this instead of sticking our head in the sand,” Lozano told Security Systems News. “We want to be proactive.”
Condortech has always had a lab for testing equipment. For this initiative, Condortech set up a different environment “to test three access control systems and some video systems.”
Condortech, a PSA Security company, was founded in 1988 when Lozano bought the DC operations of the former Rusco business. Rusco merged with Casi and is now part of UTC. It has another office in Pittsburgh and plans to expand into Illinois and Georgia within the next five years.
With 35 employees, many of whom have specialized certifications and training, Condortech specializes in high-end systems for the federal government. It’s an IT-centric business, but Lozano said the more he researched cybersecurity, the more certain he became that he needed outside expertise.
After the Black Hat conference, he didn’t want to wait any longer. The hackers that Condortech contracted with are “White Hat” hackers who do penetration testing for companies to help protect against malicious cyber breaches.
The hackers are exploring potential “vulnerabilities not only of the software applications of the access and CCTV systems, but also the operating systems and the [components themselves],” Lozano said.
Condortech is working with manufacturers on the project, relaying information to them and getting best practices in place for issues such as firmware updates, particularly with manufacturers who OEM products.
Lozano expects to continue to work with the hackers regularly in the future.
Interestingly, one of the things that makes cyberhacks of physical security systems difficult is the fact that there are often so many disparate systems, according to Lozano. The plug-and-play system is easier to hack, he said.
Getting cybersecurity best practices in place with its manufacturers and internally at Condortech with the installation and technical staff is a big project, but the larger project, Lozano said, is the end user.
“Patching and updating is very important, but policy is more important,” Lozano said. “It’s a challenge, you have to go out and educate the end user."
While there is no way to protect 100 percent against a cyberbreach, Lozano believes that all physical security companies have an obligation to research the issue and institute best practices. “We’ve got to be more responsible,” he said. “We’re an important part of our national security.”
He also believes that this particular challenge as an opportunity for his company to be a leader in the industry and to differentiate itself.