The cyber elephant in the room

 - 
11/11/2015

SAN ANTONIO—I've spent several days recently with two major camera companies, Hikvision and Axis Communications. The last week in October I was on a Hikvision trip to China where I met with executives from the company, toured the headquarters and one of their factories, and also went to China's version of ISC West. This week I'm in San Antonio at the Axis partner event.

There are more than 400 integrators and technology partners here this year. Yesterday's agenda included information on the company's technology road map, a panel discussion on school security, an IT director for Westgate Resorts, and a forensics expert talking about camera evidence and how integrators' careful design and installation of video surveillance can help in law enforcement, rescue efforts, and criminal prosecution. There were also break-out sessions and there's a full agenda for today as well.

I'll have more stories on both the Hikvision trip and the Axis event, but I took note that both companies made a point to talk about cybersecurity, both internal efforts to ensure that their products are safe and external efforts to educate their integrator partners on best practices.

This is good news. It's about time the physical security industry starts talking about the cyber elephant in the room.

When I was at Hikvision, the president of the company, Yangzhong Hu and Hikvision international marketing director, Keen Yao fielded questions about cyber breaches the company has suffered. They also talked about their efforts to correct problems and instill cybersecurity best practices internally.  Hu said the company has partnered with international cybersecurity companies and professional hackers to proactivley test products, protocols and processes associated with cybersecurity.

Hikvision has a Security Center section on its website, which includes information about any current problems with its products, a location to report security issues, advice and best practices for end users and integrators on cybersecurity. Hikvision has also spoken about cybersecurity at ISC West, PSA-TEC and it will speak at ISC East next week as well. The goal, according to Hikvision North Amercian marketing director Alex Asnovich, is to share cybersecurity knowledge and best practices with the entire industry.

Yesterday at the Axis event, Sal D'Agostino, CEO of IDmachines, who has been working with Axis on cybersecurity, and John Bartolac, who heads up cyber strategy for Axis in North America,  led a break-out session about cybersecurity and the threat landscape. They introduced Axis's new "hardening guide", a 25-page document of cybersecurity best practices and protocols. Bartolac said Axis has been working on the cybersecurity issue for six years (most notably with its government customers). It is now expanding its efforts to educate its integrators and other partners about cybersecurity.

I've heard lots of cybersecurity statistics, and they're always chilling, but D'Agostino showed a live map of cyberattacks yesterday. Check it out here.

D'Agostino said the guide includes many "easily actionable items" for systems integrators.

“We’re supposed to be installing a security solution, not introducing a vulnerability,” D’Agostino said. “We want to help our [end users] meet their corporate goals. … It’s not acceptable anymore to say, ‘I didn’t know [about potential cyberthreats],’” he added.

The threat continues to evolve, he said. Not only do integrators have to worry about safeguarding the video that comes out of the camera, they need to be concerned about cameras being “taken over and used as a weapon.”

D'Agostino pointed out that using cybersecurity best practices and helping end users understand protocol is a great way for systems integrators to  "have a conversation with the IT side of the shop."

“As cameras are used not just as a security device, but as a business-enablement tool, you’re going to find yourself in a situation where you’ll be talking to the chief marketing officer or the IT department itself,” D’Agostino said.

Integrators who have cybersecurity knowhow can help IT department understand the value of their video data to the corporation, he said.

Bartolac said that Axis has a roadmap of cybersecurity tools that it will be offering to integrators. The hardening guide is just the beginning, he said. Axis also has plans to share cybersecurity best practices with the industry at large.

At TechSec, we've been talking about cybersecurity for a few years. Here's a link to a story about a TechSec educational session led by Diebold's Jeremy Brecher that we did in 2014 about cyber attacks and the potential problems for physical security devices. We'll be talking about cybersecurity in the cloud at our Cloud+ conference Dec. 7-8. Rodney Thayer, who's an expert in designing network security systems and hacking, is doing a not-to-be-missed educational session at Cloud+. Check out the educational program here.

PSA Security is also taking the lead on educating the industry about cybersecurity. PSA has a wealth of information on its web site. Click here.

Topic: