Honeywell Cyber Security & IP Video Surveillance 2017
Analog video solutions rely on outdated technology. These systems have made way for more secure, IP-based video surveillance systems to provide reliable and cost-efficient solutions in today’s information-rich, digital world. Modern IP technology can enable effective and manageable video surveillance to protect people, their information and their properties, and help ensure continuous operation. It can also create the potential for enhanced safety and security benefits for our society to prevent costly security incidents. However, the cyber security of IP technology has been challenged by the pace of technology transition and development, creating potential safety and economic risks. Cyber-attacks at the local and global scale are on the rise, and according to a 2016 report published by Grant Thornton, the total estimated global financial loss associated with cyber security attacks is estimated to be U.S. $315 billion each year. One example of a major cyber-attack occurred in the U.S. in October of 2016 where Internet access was denied to many major websites including Twitter, The Guardian, and CNN. This attack, which was the largest of its kind at that time, was conducted by a botnet virus called ‘Mirai’ from infected Internet Protocol (IP) video devices on the internet. Threat and vulnerability The importance of cyber security in the IP environment is widely recognized. It requires protecting devices, networks, programs, and data from being copied, changed, or destroyed by unintended or unauthorized access. Since video surveillance products such as IP cameras, network video recorders (NVRs), and video management software (VMS) are IP-enabled, they can be accessed from a remote location using internet connectivity, which means they have the same vulnerabilities as other devices and systems in the open IP world. The U.S. National Strategy to Secure Cyberspace is a report that outlines a five-level threat and vulnerability model, including home/ small business, large enterprise, sector/ infrastructure, national, and global categories. In the report, the U.S. government expresses concerns about: The network devices used to attack critical infrastructures; Large-scale enterprises being increasingly targeted by malicious cyber actors, both for the data and the power they possess; and The fact that cyber vulnerabilities could directly affect the operations of a whole sector or infrastructure. Not only has cybercrime caused significant interruptions for businesses and negatively impacted infrastructure in recent years, but it has also led to large-scale data breaches. According to PwC’s Global Economic Crime Survey 2016, the risk of cybercrime was the second most reported type of economic crime affecting 32% of organizations in 2016. Furthermore, the average cost of a data breach to organizations is $4 million, up from $3.8 million in 2015. Many countries and international organizations have been working on data-protection legislation, national standards, and regulations in most sectors. These regulatory initiatives will help reduce vulnerabilities and clarify questions of liability. Business interruption Business interruption is a type of cybercrime that is usually launched by inserting malicious code on a company or infrastructure network, which limits the network’s ability to provide service and inhibits a company’s ability to conduct business. Malicious code, or ‘malware,’ comprised of viruses, worms, botnets etc., which can be injected into IP devices with weak points, propagate itself to seek more victims on the network and steal sensitive information for the purpose of economic benefit. A botnet, short for ‘robot network,’ is an aggregation of computers compromised by bots (automated machines or robots). These bots are controlled by malicious cyber actors by launching Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks to targeted critical infrastructures or enterprises. DoS and DDoS pose a serious threat to business service. In June 2015, hackers grounded ten planes belonging to a Polish airline and blocked flight plans sent to planes by launching a DoS attack. The Mirai attack mentioned earlier is also an example of a DDoS attack. Data breach The video system is the core of a security system and contains critical information including system data, deployment, event and alarm information. When this data is compromised it’s called a data breach and this crime can cause significant security and safety risks Video surveillance in private and public applications may capture and record video images of people not relevant to security and safety incidents. Many countries are working toward privacy-protection legislation to prevent privacy breaches by intruders and inside employees. For example, in the U.S., 47 states have breach-notification laws in effect and in Ireland, it is illegal to post video surveillance footage on the internet. Compliance and liability With cyber legislation, national standards and sector regulations in place, regulatory compliance becomes a rigid entrance requirement for IP systems including video surveillance. It impacts the framework for product design, sales, industry entrance, system integration, and user operation. Meanwhile, there is also a market trend of increased cyber insurance sales spurred by the awareness of broader cyber risks. A vulnerable system will be forced to upgrade or be replaced for regulatory compliance, or the customer will have to pay a much higher premium to cover the liability every year. This is why Honeywell is committed to providing a forward-looking, cyber-secure video solution for its partners and customers. Honeywell cyber security solution any businesses haven’t conducted a cyber-threat analysis and don’t know how vulnerable they are to cyber threats. Honeywell can help by analyzing customers’ problems, then implementing best practices to execute optimal product and system design. Honeywell has also developed cyber-security management processes and released vulnerability reporting policies to help its customers face a growing cyber-security challenge. Rigorous system hardening At the product and system design and development phases, Honeywell uses in-house and third-party testing tools to evaluate product vulnerabilities and fix issues to harden the system. To mitigate the risks associated with malicious code, data privacy breaches and system mis-configuration, Honeywell employs the Information Communication Technology (ICT) industry’s security guidelines, which addresses specific video surveillance requirements. Since IP video surveillance can be installed in both private and public networks the exposed cyber threat can vary accordingly. It is necessary to target system hardening according to…
