Beware of Cyber Threats to Electronic Security Systems
Campus administrators should pay close attention to potential cyber threats affecting electronic security systems.
For many years, security industry practitioners have been designing and installing systems inside their own IT networks in order to communicate to peripherals via network architecture. These networks have long been composed of complex data control and power-cable infrastructure. Historically, there were not many outside threats, other than threats coming from landline telephone systems in the era of dial-up modems.
With the advent of network communications and with more data demands from electronic security systems (ESS), there came a push toward connecting these systems to existing networks, typically controlled by an IT department. Yet most ESS are not designed with network security in mind.
The continuing tsunami of cyber-attacks to almost all types of networked systems is compelling integrators and manufacturers to come up with solutions. That is becoming a major task because attacks can come from many angles within any type of system. Consider that USB devices can be infected with malware, as are other microchips being used in many computers. Even firmware updates are now a concern. All of this adds to the massive confusion of the cybersecurity industry and multiplies the threats and vulnerabilities of a system.
Big Data is also extremely troublesome, given that ESS must collect larger data from video and audio sources. This creates a big problem for campuses. Malware attacks can easily wipe out important evidence that may have been captured via recording devices, such as a DVR or NVR. Some security professionals don’t change default passwords or shut the communication ports of system peripherals. Some of those devices are also poorly designed, with weak access control.
ESS are similar to IT systems with the composition of hardware, software and data; however, an additional component to ESS is that of the control system. The security industry uses several methods of wireless communication devices to connect access control systems, cameras, etc., and we have learned that Wi-Fi or other wireless technologies are not trustworthy. And by encrypting that communication, it impacts the video communication speed.
Black Hat conferences are touching upon these issues in a high level manner and also are providing live demonstrations of how vulnerable some ESS peripherals actually are. Security professionals should pay close attention to what these information security professionals are saying.
Many new incumbent technologies are coming up as part of integration with ESS. One type, for example, is the use of cellular technology using smart-phones as a way to access a facility. We should make sure that these technologies are well protected! At a recent Black Hat conference, experts in the field of cellular technologies have been able to demonstrate how simple it is to take over a cellphone by intercepting information transfers through their wireless communication devices.
The vulnerabilities that affect ESS are the same as IT systems. While an IT manager is mainly protecting databases, which may have bank account or other sensitive information, campus security and public safety practioners are concerned with protecting against breaches with the intent to gain control of devices. This could be a major problem for a facility or its infrastructure.
To summarize and fully understand the problem, we must first conceive that security begins with security access control and identification systems, and this applies to physical, logical and cybersecurity. Intrusion detection is also as important to protect the perimeter of a facility as it is to the perimeter of virtual walls.
Thus, we need to protect the internal areas of the facility, just as we need to be mindful of protection of datacenters and network communication hubs. We need to understand how to protect access to that database or those documents that are residing in our datacenters or on our servers.
Jorge Lozano is president and CEO of Annandale, Va.-based systems integrator Condortech Services.