July 6, 2018 - securitylinkindia

International

Drone Forensics Gets a Boost with New Data on NIST Website

MassMediaLink India LLP SecurityLink IndiaJuly 6, 2018November 14, 202406 mins

Aerial drones might someday deliver online purchases to homes. But in some prisons, drone delivery is already a thing. Drones have been spotted flying drugs, cell phones and other contraband over prison walls, and in several cases, drug traffickers have used drones to ferry narcotics across the border. If those drones are captured, investigators will try to extract data from them that might point to a suspect. But there are many types of drones, each with its own quirks, and that can make data extraction tricky. It would help if investigators could instantly conjure another drone of the same type to practice on first, and while that may not be possible, they can now do the next best thing – download a ‘forensic image’ of that type of drone. A forensic image is a complete data extraction from a digital device, and NIST maintains a repository of images made from personal computers, mobile phones, tablets, hard drives and other storage media. The images in NIST’s computer forensic reference datasets, or CFReDS, contain simulated digital evidence and are available to download for free. Recently, NIST opened a new section of CFReDS dedicated to drones, where forensic experts can find images of 14 popular makes and models, a number that is expected to grow to 30 by December 2018. “The drone images will allow investigators to do a dry run before working on high-profile cases,” said Barbara Guttman, Manager of Digital Forensic Research at NIST, “You don’t want to practice on evidence.” The drone images were created by VTO Labs, a Colorado-based digital forensics and cybersecurity firm. NIST added the images to CFReDS because that website is well-known within the digital forensics community. “Listing the drone images there is the fastest way to get them out to experts in the field,” Guttman said. Work on the drone images began in May of last year when VTO Labs received a contract from the Department of Homeland Security’s (DHS) Science and Technology Directorate. “When we proposed this project, there was little existing research in this space,” said Steve Watson, Chief Technology Officer at VTO. The drone research was needed not only to combat drug smuggling, but also to allow officials to respond more quickly should a drone ever be used as a weapon inside the United States. For each make and model of drone he studied for this DHS-funded project, Watson purchased three and flew them until they accumulated a baseline of data. He then extracted data from one while leaving it intact. He disassembled a second and extracted data from its circuit board and onboard cameras. With the third, he removed all the chips and extracted data from them directly. He also disassembled and extracted data from the pilot controls and other remotely connected devices. “The forensic images contain all the 1s and 0s we recovered from each model,” Watson said. The images were created using industry standard data formats so that investigators can connect to them using forensic software tools and inspect their contents. The images for each model also come with step-by-step, photo-illustrated teardown instructions. Watson was able to retrieve serial numbers, flight paths, launch and landing locations, photos and videos. On one model, he found a database that stores a user’s credit card information. Investigators can use the images to practice recovering data including deleted files. Universities and forensic labs can use them for training, proficiency testing and research, and application developers can use the images to test their software. “If you’re writing tools for drone forensics, you need a lot of drones to test them on,” Guttman said.

Case Study

Romania Opens State-of-the-Art Football Arena

MassMediaLink India LLP SecurityLink IndiaJuly 6, 2018November 14, 202405 mins

Officially inaugurated in October 2017, Ion Oblemenco Stadium in the Romanian city of Craiova is the country’s most modern football arena at a capacity of over 30,000 seats. The futuristic stadium, inspired by the art of Romanian sculptor Constantin Brâncuși, was built from the ground up over the course of two-anda-half years at a total cost of EUR 51 million. It is home to football club CS Universitatea Craiova and was ranked fourth on the Stadium DB website’s list for Stadium of the Year 2017. The high-profile project was built with a clear goal – hosting international and premium league matches not only in the Romanian capital of Bucharest, but also in the city on the river Jiu. For this reason, the municipality of Craiova required a stadium security solution at par with stringent guidelines – according to the year 2020 European football championship standards – to guarantee safety during mass events. Looking for a trusted vendor with sports stadium experience, plus the ability to deliver the majority of necessary equipment as a single point of contact, Craiova officials opted for Bosch. Working closely with the on-site team, Bosch experts installed a fire and safety solution composed of four fire panels and 1,500 detectors. The stadium also received a quality sound system with elec tro-voice pro sound speakers for music and commentary, Dynacord Promatrix for evacuation, and Bosch loudspeakers for interior sound, as well as a conference and interpretation system for the pressroom. However, the real ‘kicker’ of the football stadium installation is the comprehensive video security solution: Ion Oblemenco Stadium boasts a fully integrated Bosch video security system including 211 cameras, centrally managed on a single platform through an enterprise edition of the Bosch Video Management System (BVMS). The networked cameras serve a wide range of functions at entry and exit points, and areas surrounding the stadium. On the perimeter, 115 robust DINION IP bullet 5000 cameras watch central avenues leading to the stadium, while 86 discrete FLEXIDOME IP 5000 cameras monitor visitors. For added security, eight AUTODOME IP 7000 cameras – two on the stadium outside, six inside – safeguard the surroundings with on-board intelligent video analytics (IVA) which allows for ‘smart’ video surveillance functions. For instance, intelligent tracking automatically tracks moving objects based on predefined alarm rules. Besides automatic tracking of objects of interest once certain predefine rules, like loitering, security operators in Craiova can also manually track groups of football fans or follow specific individuals. Video streams of all 211 cameras are monitored in a central security room, manned by operator personnel and members of Romania’s police during matches. Video data is safely stored on two Bosch DIVAR IP 7000 network video recording units with a total of 256 Terabyte storage capacity. The recorders feature video recording manager (VRM) software to increase reliability and reduce storage volumes and costs by automatically balancing the video stream load to the free available storage devices. Also the recording units support forensic search enabling security operators to quickly retrieve the relevant video data from hours of stored video to deliver irrefutable evidence. Craiova officials are satisfied with the easy-to-use and cost-efficient solution. Because Bosch products fulfilled international guidelines, the stadium is now fully certified to host matches of the First Romanian Football League, European league matches, Champions League and national team matches.

Product

Dahua Technology Thermal Cameras

MassMediaLink India LLP SecurityLink IndiaJuly 6, 2018November 14, 202406 mins

Conventional surveillance cameras are capable of capturing video in daytime and well-lit areas. They are not capable enough for poorly lit areas or at night. If at all a picture is produced, it is noisy as sensors compensate for the lack of light by increasing sensitivity. Since clear day and night monitoring is an important benchmark in assessing a surveillance system’s effectiveness, thermal imaging devices present a clear advantage in their ability to convert heat energy into an image visible to the human eye. Leveraging its experience in camera image analysis and intelligent algorithms, Dahua Technology has developed a new generation of thermal imaging devices with innovative functions that balance visible light with infrared, enabling users to effectively monitor an area under all lighting conditions. These functions include advanced capabilities such as intelligent temperature measurement and behavior analysis, further extending the scope of surveillance applications such as perimeter protection or equipment predictive maintenance in substations. The new products adopt advanced uncooled infrared detectors with 400×300 effective pixels, realizing a 40% increase over the previous infrared detector with 336×256 effective pixels. The benefit is that the field of view is increased, for example, TPC-BF5400 with 13mm thermal lens, has a 29.7°x22.3° field of view, and the older model TPCBF5300 has 25°x19° with the same lens. Meanwhile, newer models have received improvements in detailed information, contrast and other upgrades. The Dahua IVS (Intelligent Video System) is a built-in video analytics algorithm that delivers intelligent functions to mon itor a scene for tripwire violations, intrusion detection, and abandoned or missing objects. It requires a certain number of pixels on the target to function properly. The DH-TPC-BF5400-B13 model can be utilized to form a perimeter intruder detection system performing as an invisible wall. When installed at the recommended height of 5 meters, one camera can cover a 100 meters long fence. Whether it is day or night, as long as someone enters into a targeted area, a warning will be sent to the control center. A thermal camera is not just for video surveillance, it is also suitable for remote temperature monitoring to prevent accidents. Calculating the corresponding relationship between received radiation energy and temperature, it shows the surface temperature of the target through different gray values. Currently, the temperature measurement tolerance is within a certain range- ±2°C, ±2%. It provides users with real-time information about substation equipment much more efficiently, saving time and labor. If the temperature of equipment or part of the station exceeds a preset threshold, the system will automatically trigger an alarm and alert management. For a thermal camera, the radiation does not only depend on the temperature, the surrounding environment also emits radiation, especially high temperature objects at close distance, which will be reflected by the target surface. The emitted radiation of the object and the reflected radiation are also affected by atmospheric absorption. Therefore, to measure temperature precisely, it’s necessary to consider the effect of different radiant sources. A precise temperature measurement should include these three steps: Excluding external temperature interference by placing a baffle or coat of high emissivity materials on the surface of the target to make the result as accurate as possible. Keeping appropriate distance to ensure the target occupies at least 10×10 pixels in the image. Considering energy transmission losses, especially in high temperature and humidity environments, the atmospheric transmission coefficient is obviously to be reduced.

National

Hikvision Wins Best Surveillance Camera Award at NCN Awards

MassMediaLink India LLP SecurityLink IndiaJuly 6, 2018November 14, 202403 mins

Hikvision, the world’s leading supplier of innovative video surveillance products and solutions, has won the NCN Award at recently held 11th NCN Innovation Award Night at The Hotel Suryaa, New Delhi. Hikvision was voted for the Most Innovative Products of the Year 2017 in the Best Video Surveillance Camera category. The NCN Awards felicitated the achievers for the year 2017 for their outstanding performance. These awards are presented to recognize the vendors, solution provider and partners for their relentless and sincere efforts towards the growth of the Indian IT industry. “We feel honored to win the Best Surveillance Camera Award at NCN awards. This recognition comes at a time when Hikvision is introducing AI enabled advanced cameras along with Turbo HD 5.0 series cameras in the market. We will continue our onward march with innovative product offerings in the video surveillance and security categories. Hikvision will continue to offer innovative AI based applications and IoT solutions in the Indian market,” remarked Ashish P. Dhakan, MD & CEO, Prama Hikvision India Pvt. Ltd. The NCN Innovation Awards, the only of their kind at the national level, aim at recognizing ‘Excellence’ on the basis of quantitative as well as qualitative criteria which shall set a benchmark in the industry. This unique initiative is intended to acknowledge achievements of the different players in the IT industry. National Computrade News (NCN) is a leading IT news magazine and one of the most trusted sources for the critical information needs of the IT channel which includes front retailers to large vendors. For this category, the best product in each category is selected on the basis of online voting. The award ceremony has attracted a congregation of more than three hundred guests cutting across verticals of the IT industry including vendor, corporate and channel partners across the nation to celebrate the occasion.

Latest

Cybersecurity Trends 2018

MassMediaLink India LLP SecurityLink IndiaJuly 6, 2018November 14, 2024053 mins

How can businesses better protect themselves from the increasing volume and complexity of cyberattacks while preparing for the opportunities of automation and digitalization of industries – this is the burning question of the day and our goal is to raise awareness to help them address it. This article focuses where we see the most significant threats and opportunities emerging, and highlights the implications of the increasingly connected world, how global regulation is responding, the need to inject trust into cybersecurity, ways to protect ourselves from intelligent cyberattacks, and what we should do to close the skills gap in an environment starved for cybersecurity talent, yet overwhelmed by volumes of data. The leading cybersecurity experts from TÜV have forecasted eight challenges that organizations will cope with in coming times. The forcast is based on a survey of TÜV Rheinland’s leading cybersecurity experts where inputs were collected from clients in Europe, North America and Asia. Following are highlights of the 8 cybersecurity trends identified this year: Trend 1: A rising global tide of cyber-regulation increasing the price of privacy Data protection is a critical concern in an increasingly digital world and May 25, 2018 is a turning point for data protection in Europe. It marked the end of the transitional period for the EU General Data Protection Regulation (GDPR) as it becomes enforceable by law. It disrupts data governance and how information is protected for any organisation controlling or processing EU citizen personal data, and leads a growing list of emerging data protection regulations from around the globe. Data protection is a critical concern in an increasingly digital world As business undergoes digital transformation and becomes increasingly connected, cyberattacks continue to grow in both sophistication and volume. Recent highprofile cyberattacks have showed just how vulnerable organisations are. The ransomware WannaCry infected more than 300,000 computers across multiple organisations, countries, and continents in less than 48 hours. 87 million Facebook profiles harvested by political consultancy Cambridge Analytica is being dubbed one of the most consequential data breaches in history, rivalling the breach of financial records from Equifax. These attacks predict a dark future for privacy. GDPR disrupts the data governance and how information should be protected Increasingly, organisations must be able to prove that they are processing personal data in accordance with the legal requirements of this evolving regulatory environment. GDPR introduces a number of key components including extra-territorial reach over EU data, individual right, data privacy officers, notice and consent, restrictions on secondary users, privacy impact assessment, and data breach notification. These requirements are forcing organisations to rethink data governance, systems architecture, documentation and data loss prevention. Failure to comply could result in fines of up to 4% of global turnover The related business risk is material. In the event of noncompliance or contravention, the EU is envisioning sanctions amounting to four percent of the previous year’s turnover, or EUR 20m, whichever is the greater. Weaknesses in technical and organisational data security such as outdated encryption standards leave organisations vulnerable to these fines. Many organisations are underestimating the extent of such requirements Few organisations are going to be ready by the impending deadline. Most, having underestimated the extent of the requirements, are still developing their plan for GDPR compliance. Some have decided not to develop a plan, choosing instead to treat non-conformity as just another operational risk to be managed – perhaps doubting the seriousness with which the EU commission will enforce it. Others are not sure if the regulation applies. As a result, the majority of organisations are starting late with implementation. An emerging list of data protection regulations from around the globe GDPR is leading a global trend as European regulators are not alone in mandating greater accountability at the executive level. The USA, Argentina, Brazil, Switzerland, Africa, India and China – all are revising their data protection regulations. Many share similar concepts like informed user consent and data breach notification obliging organisations to notify the relevant authority and all affected data subjects when a breach occurs – an often costly exercise. Yet this also leads to fragmentation and emerging market barriers driven by territorial requirements for data protection and data flows across borders. For global organisations, this will make international operations an increasingly costly and complex challenge. Trend 2: The Internet of Things drives the convergence of safety, cybersecurity and data privacy Today, product development, time to market considerations, and technical power constraints leave IoT devices exposed by exploitation of critical vulnerabilities. The impact of data breaches now extends far beyond simple data monetization to kinetic threats to health and safety, as devices and systems are directly connected to open networks. It is widely accepted that the state of IoT security is poor and with over 500 connected devices expected to cohabit with us in our homes by 2022, these represent a major risk to safety, cybersecurity and data privacy. Mirai proved that IoT devices can be effectively weaponised as botnets On October 21, 2016 a massive Distributed Denial of Service (DDoS) attack hit DYN Inc. and temporarily disrupted much of the internet on the East Coast of the United States. It affected companies like Twitter, Spotify, Amazon, Netflix, Reddit, the Guardian, CNN, and the New York Times. Formed mainly of hacked IoT devices, the Mirai botnet was a wake-up call about the vulnerability of internet connected things to cyberattacks. Commercial and technical constraints leave IoT devices vulnerable to exploits Many IoT devices are fundamentally insecure, leaving product manufacturers and customers exposed to the inherent risk of cyberattacks. This should not come as a surprise as manufacturers are not in the business of cybersecurity. Instead, they are under increasing pressure to innovate faster than the competition, while protecting their margins. Ensuring devices are easy to produce, functional, connected and secure – while limiting power consumption to extend battery life – is a complex technical challenge leading to difficult trade-offs. Vulnerabilities often reside deep in the product software stack To save time and money, software developers use open source…