Eagle Eye Networks, the global front-runner in smart cloud video security, has appointed David Barr as Enterprise Sales Manager for Europe to build the Enterprise Market Segment throughout the region.
David has 30 years of experience in the security industry, joining Eagle Eye Networks after 17 years with Xtralis ADPRO, which in recent years was acquired by Honeywell.
In his new role, David will work with Eagle Eye Networks global and EMEA end users and partners to develop their strategy, as the security market transitions from an on-premise recorder market to a true cloud market for video surveillance.
Hybrid on-premise and cloud solution
“This change isn’t happening overnight, but the great thing about Eagle Eye Networks is the possibility to start with a hybrid on-premise and cloud solution where clients can immediately see benefits of the cloud without investing in new hardware,” said David.
“Eagle Eye Networks works with more than 3,500 existing analog or IP cameras, and even DVRs can be directly connected to the cloud."
"This is a gamechanger for companies that want to upgrade their video surveillance, migrate to the cloud for additional cybersecurity, and better manage their operations in a multi-site environment.”
API integrations and open platform capabilities
Rishi Lodhia, Managing Director for the region, added, "The creation of this new role and the experience David brings to Eagle Eye Networks illustrates the company’s continued commitment and growth to support Enterprise customers within the region.”
“Enterprise customers are transitioning rapidly to the cloud due to our easy API integrations and open platform capabilities."
Gigaclear, the renowned rural broadband services provider, has officially launched its Community Hub Scheme, which aims to provide free broadband to critical community services. 137 of Gigaclear’s Community Hubs are already connected to its ultrafast network, but all areas in which Gigaclear is building are encouraged to apply for the initiative.
Ultrafast, full-fiber network
The company, which has continued to expand its ultrafast, full-fiber network to reach more people across rural Britain throughout 2020, has been providing one free connection in each of its community projects, with many using it to great effect during lockdown.
Services that particularly benefit local people, such as community halls, libraries, shops and schools, tend to be those chosen to receive the connection. The latest service to benefit is Chadlington Memorial Hall in Oxfordshire.
Community Hub Scheme
As part of its Community Hub Scheme, Gigaclear was kind enough to provide the hall with WiFi for free"
Susan Cox, Chairman, Chadlington Memorial Hall Trustees, commented “When Chadlington Primary School was set to re-open in September, government guidelines meant that it would be hard-pressed to accommodate all pupils onsite while following the special measures that needed to be implemented to safeguard against the spread of COVID-19.”
Susan adds, “The school wanted to hire the hall as an overflow teaching space, but the provision of WiFi, which the hall lacked at the time, was something that first needed to be addressed. Fortunately, as part of its Community Hub Scheme, Gigaclear was kind enough to provide the hall with WiFi for free. This has been a welcome measure for Chadlington Primary School and, once the pandemic eases, will be a great help in returning the hall to full use by the local community.”
Free WiFi connectivity to underserved communities
Gareth Williams, the Chief Executive Officer at Gigaclear, commented “We are passionate about digital inclusion and our mission is to connect the most underserved communities that are so often underserviced by the industry’s biggest players when it comes to broadband so that no one is left behind. As part of that commitment, we’ve launched a Community Hub Scheme to provide critical community services with free, 12-month, 900Mbps internet connections.”
Gareth adds, “We know how transformative it can be to connect community hotspots to ultrafast full-fiber broadband, whether it’s the village hall, local pub, school, community center, shop, library or sports center. Our scheme is intent on enabling communities to do more and enjoy the benefits that come with world-renowned connectivity, whether that is helping schools to stay open, enabling pubs to operate safely with online ordering, or something else, the possibilities are endless.”
To say that the security industry draws people in and demonstrates its value in terms of relationship building with the caliber of people who comprise the industry is an understatement, as Bart Williams, President of Security Solutions and Communications, Inc. (Security Solutions) found out.
Founder of Security Solutions
Williams chose to become an engineer as his profession, but he began dabbling in the security industry part time, soon to discover it would lead him on the path to becoming State Senator in the US State of Mississippi.
“I started Security Solutions in 1993. I was an engineer at the time and just started [it as a] part time business,” explains Bart Williams, adding “And, for five years, it was part time, but in 1998, I made the jump to do it full time.”
Value of ESA membership
Bart Williams describes the value of ESA membership in one word, ‘networking’
Since then, for the last 22 years, Williams has grown his company, currently employing approximately 22 people, and successfully serving the folks of Northern Mississippi.
As a member of Electronic Security Association (ESA), he describes the value of ESA membership in one word, ‘networking’. “I mean, there are 20 things, but in a word, if I had to pick one thing, its networking. I’ve gotten to meet professionals from all across this country. We interact; we share horror stories; we help each other. ESA is a melting pot of that,” said Bart Williams.
In fact, it was the power of networking or as he puts it, “looking people in the eye” that Williams believes empowered him to come out on top of the Mississippi State Senator election.
Entry into MAA and US Politics
It was in 2009 that Williams was elected secretary of the Mississippi Alarm Association (MAA). “That was my entree into associations and started the path that brought me to running for Senate,” he says.
From secretary, Williams was appointed the Legislative Chair of the MMA in 2012 and a year later, they produced a bill that would require licensure in the State of Mississippi to install security systems.
Law requiring license to install security systems
“Most states had it, we didn’t, so we thought the need was there,” Williams said enthusiastically, adding “And the bill was killed in about 30 minutes from one of the big corporate telecom companies.”
First we met with AT&T and we found out where there heartburn was"
Having the pleasure to speak with Williams, becoming more and more intrigued by the minute with his story, he said, “Yeah, we thought we really had this great thing going!” With determination and perseverance to do what was right for his home state and the people of Mississippi, Williams and the legislative committee did not give up. Instead, they acted.
“The next year, our legislative committee, there’s about four or five of us, we went around meeting,” said Williams, adding “First we met with AT&T and we found out where there heartburn was. It wasn’t anything important to us, so we were able to work out a deal with them on the bill and they became a proponent of it. We also met with other people we thought might be in opposition, legislators, attorneys, everyone we could think of to ‘sell our bill,’ so to speak and make sure we were all aligned.”
Senate passes Mississippi State bill
Talk about some serious hustle and it was not for naught. In 2014, the Senate passed the bill unanimously, while the House of Representatives only had one person who did not vote for it. So, Williams and his team were successful in getting that bill created and turned into law for the State of Mississippi. This process grew Williams’ appetite for politics even more, because for him, it is all about the good of the people.
“It [passing the bill] was good for the citizens of the state of Mississippi,” Williams stated, adding “That whole process intrigued me and that is where the desire first came about to run for office.”
Path to becoming Mississippi State Senator
In June 2020, running for the Mississippi State Senate became real when Jerry Jackson, the current State Senator, retired out of term due to health reasons. (Jackson was the legislator who helped Williams and his team gets their bill passed in 2014.)
The campaign lasted three and a half months and was very intense
“I sat there and spent about a day and a half,” reminisces Williams, stating “I talked to my wife, of course, and my family, my business and the good Lord and I didn’t get any opposition so we threw our name in the hat and went through with our campaign.”
The campaign lasted three and a half months and was very intense. Williams said, “I worked harder than I have in a long time for something, maybe ever [he chuckles] but we got there.”
Hard and well-thought-out campaigning
When the race started, there were four people, and the Williams’ campaign was not frontrunner. There was a lady who was well-known and political, and Williams felt she would probably be the one to come out ahead. This motivated him.
“I thought, ‘well, if we’re not going to win, it’s not going to be because we’re not going to try,” Williams stated.
Power of Networking
This is where the power of networking came into play. Williams did all the ‘typical’ campaign practices, advertising and using the advice of a consultant, but he believes going door to door pushed his campaign over the edge in favor of the eyes of the people.
“The ‘ground game,’ we call it looking people in their eyes, going door-to-door, and seeing people and meeting people,” he said, adding “We knocked on thousands of doors; this district has a population of 55,000 people. I think that’s what did it for us. We worked extremely hard; had a village; and we came out victorious.”
I want to truly represent the people of District 15, which is the district I won in and to be their voice in the legislature"
When asked what he hopes to accomplish in office as Senator, Williams didn’t answer with his laid-out agenda. Instead, he is all about serving the people by allowing their voice to be heard.
“I want to truly represent the people of District 15, which is the district I won in and to be their voice in the legislature,” explains Williams, further stating “A lot of people feel like their voice is lost, when someone gets elected, they just kind of become a part of the ‘machine.’ I don’t want to become part of the machine.”
Being the voice of the people
Williams’ goal in Senate is profoundly simple, he adds “They [the people] want to be heard on the issues that are important to them, and that’s what I plan on doing.” To others, Williams offers an important piece of advice, “Get involved and stay involved.”
Williams sets the example of involvement by not only being a member of ESA, but serving on ESA’s Financial Committee as well, now in addition to being Mississippi State Senator. Williams concludes, “Angela White asked me to serve and I said, ‘yes ma’am!’ I’m a numbers guy; I like numbers, quite simply.”
Williams’ journey teaches that even the largest of industries are a lot smaller than initially perceived, so vital to Williams’ success has been networking and serving, getting involved and staying involved.
Abloy UK has released a white paper to explore how the critical infrastructure sector can unlock the potential of smartphones in the workplace to improve employee mobility, job satisfaction and productivity.
Despite consumer usage of smartphones increasing significantly over the last decade, many organizations haven’t been as quick to tap into the uses and benefits that smartphones can provide.
Smartphones, an extension of IT infrastructure
Abloy recognizes that smartphones should be an extension of IT infrastructure, and users can benefit from the device far greater than just a phone on a network. Integrating a device is more cost effective, functional and secure.
The paper looks at how the cloud, integration, 5G and advances in battery life all mean that smartphones are now essential pieces of IT equipment, which should be used when they’re the most efficient tool for the job.
Importance of mobile access in critical infrastructure
The white paper also outlines the solution available to achieve this ‘keyvolution’, such as the CLIQ system
It explores how critical infrastructure organizations can particularly benefit from this transition, as widespread roll out can deliver financial savings, environmental benefits and improve operational efficiencies.
The white paper also outlines the solution available to achieve this ‘keyvolution’, such as the CLIQ system, PROTEC2 CLIQ technology and the new BEAT digital padlock. BEAT is a keyless solution that combines a digital key, a mobile app and a heavy-duty, Bluetooth padlock, ideal for critical infrastructure sites.
Future of smartphones in access control systems
Pip Courcoux, Sales and Product Manager at Abloy UK, said “We believe that smartphones will become a much more integral part of the next generation of access control systems. They are capable of so many functions that have become a central part of businesses network infrastructure.”
Pip adds, “We have probably only realized a fraction of the value that smartphones can bring, and how they can provide the edge computing and connectivity necessary for true digital transformation. This will only be increased further by the introduction of 5G, offering faster connection speeds and a faster transfer of data.”
Revolutionising remote access control
He further stated, “Ultimately smartphones will revolutionize remote access control by bringing it into the digital era. The overall benefits of flexibility, time and financial savings, improved security and ease of use are too good to ignore. Their role in helping to effectively secure and manage sites allows critical infrastructure organizations to provide service continuity while building resilience.”
The threat landscape we operate in today is changing all the time. Around the world, pressures on law enforcement bodies remain incredibly high as they face the challenge of rising international threat levels and a backdrop of intense political, social and economic uncertainty.
It is a challenge that demands a considered, proactive and dynamic response. It’s clear that new technologies, such as Artificial Intelligence (AI), can dramatically improve the effectiveness of today’s physical and cyber security systems and help us to better defend against a wide-spectrum of threats.
Finding the balance
Specifically speaking, for physical security systems to be effective, they must have the full support of the public. Airport-style environments where security checkpoint processes are implemented are both time consuming and obstructive, and feels, at times, they are in no one’s best interest. Oppressive, fortress-like environments are likely to quickly lose the backing of the public, who want to be able to go about their daily lives without being delayed or obstructed by cumbersome security checkpoints and procedures.
For physical security systems to be effective, they must have the full support of the public
However, after a large-scale security threat or attack occurs, it is often these more overt systems that we gravitate towards, often fueled by a proven track record of both deterrence and detection. It’s the antithesis of ‘out of site, out of mind’ security. Having these large, bulky overt security systems offer reassurance to people and create a greater sense of security.
But what if we could instill this sense of security without monstrous overt systems? What if today’s physical security systems could allow for seamless people flow while creating safe environments, all done in a covert manner without interrupting peoples’ way of life? This is exactly what can be achieved with the some of the new physical security applications that incorporate AI.
Security solutions with AI: how, what, where?
Today, security solutions driven by AI technologies are being developed and can be covertly deployed across a range of physical environments to protect our global citizenry. These new AI-driven technologies are taking multiple different forms, depending on the locations they are designed to protect.
Video management surveillance systems (commonly referred to as VMS systems) are being enhanced by AI/computer vision technology to identify objects. These enhanced VMS systems can be deployed both inside and outside of buildings to identify and flag forbidden objects, such as visible guns, knives or aggressive people, in a wide range of public spaces, such as schools, hospitals, sport stadiums, event venues and transportation hubs. Recognized threat objects in hand or suspicious behaviours can be identified and flagged instantaneously for onsite security to further investigate.
In addition, targeted magnetic and radar sensor technologies, concealed in everyday objects like planter boxes or inside walls, can now scan individuals and bags entering a building for concealed threat objects. Using AI/machine learning, these two sensor solutions combined can identify metal content on body and bag and match the item to a catalog of threat items, such as guns, rifles, knives and bombs with metal shrapnel. Without this advanced multi-sensor solution, it becomes nearly impossible to discover a weapon on a person's body before it appears in an assailant’s hands. This multi-sensor solution allows for a touchless, unobtrusive access to a building, but allows for immediate notification to onsite security when a concealed threat is detected. The hidden technology thus empowers security staff to intercept threats before they evolve into a wider scale attack, while also maintaining the privacy and civil liberties of the public, unless, of course, they are carrying a concealed weapon or pose a physical threat.
AI-powered solutions proactively help onsite security to effectively safeguard the public
Unlike many large, fixed detection security systems, AI-powered solutions proactively help onsite security to effectively safeguard the public without causing mass obstruction and disruption.
Soft target hardening
Hardening a facility against physical attacks and threats can be expensive, as well as maintaining and running large fixed detection equipment. It may also result in the threat shifting to ‘softer’, less secure targets, for example schools, music venues and places of worship, all locations we’ve see active attacks in the past decade.
Around the world, we have seen the devastation to communities and the aftermath impact of these attacks. In the USA, for example, in February 2018, a 19-year-old gunman walked into Marjory Stoneman Douglas High School in Florida, and opened fire, killing 17 students and faculty members. And in the UK in May 2017, a suicide bomber attacked a concert venue in Manchester, tragically killed 22 people.
It is a global priority to make these soft target public gathering places more secure. But in doing so we cannot turn them into fortresses. The security industry, public sector and national and local government must collaborate to deploy intelligent systems with technology at their core to not only protect lives, but also preserve a way of life.
Integrated systems and behavioral detection
One of the biggest advantages of using AI technology is that it’s possible to integrate this intelligent software into building smarter, safer communities and cities. Essentially, this means developing a layered system that connects multiple sensors for the detection of visible and invisible threats.
Integrated systems mean that threats can be detected and tracked, with onsite and law enforcement notified faster, and possibly before an assault begins to take place. In many ways, it’s the equivalent of a neighborhood watch program made far more intelligent through the use of AI. Using technology in this way means that thousands of people can be screened seamlessly and quickly, without invading their civil liberties or privacy.
It’s not only knives, guns and explosives that intelligent systems can detect. They can also be trained to detect behavior and potential invisible biological threats, such as viral threats currently facing our world today. This does not mean profiling individuals. Instead, using AI that is deployed on existing CCTV or thermal camera systems, it looks for indicators that may identify a physical altercation and disturbance, an elevated body temperature, indicative of viral fever, or lack of a face mask for health safety compliance.
When integrated, these solutions can provide onsite security with up-to-the-minute information to allow greater protection of the properties they serve. By using these intelligent, non-intrusive technologies, today’s security personnel are now more capable of detecting a wide range of threats.
This is the future of public safety and security, and we should expect to see these new technologies becoming more common over the coming years, as cities around the world strive to create smart, safer communities.
The human element
While technology can make a significant impact to existing security systems, it would be wrong to position it as the end-all, be all to preventing future attacks. Technology is only part of the solution. Well trained security personnel are also required; individuals who know how to use new technologies and the data they provide, and then make informed decisions about how to engage a potential bad actor or threat.
Not only will a properly trained security staff member help to prevent an attack from happening, but the extra insight provides by these intelligent systems can potentially interrupt an attacker in planning and walk through stages, or even before a weapon is drawn. This alone has many benefits beyond just preventing an attack. It means that authorities can help these individuals, some of whom may be suffering from mental health issues, to get the help they need from professional healthcare workers. By security personnel working with local authorities and healthcare professionals, potential attackers can get the support they need, from de-radicalisation programmes to specialized counseling, helping them return to being a healthy, productive member of society.
These intelligent systems can potentially interrupt an attacker in planning
AI for safer communities
AI’s ability to detect visible or invisible threats or behavioral anomalies will prove enormously valuable to many sectors across our global economy. Perhaps none more so, though, than to institutes of education, where we have seen many violent attacks over the course of the last few years. Specifically, the application of AI for detecting odd behavioral activity could be used to identify potential active shooter attacks, or even students who may be depressed and prone to committing suicide. Both tragedies we see weekly around the world.
One thing is clear, cross-sector collaboration and the application of integrated, intelligent AI technology that puts data and ultimate control into a human’s hands can be key to making our communities safer places to live.
As the media often reports, the world of cybersecurity can be seen like the ‘Wild West’. There’s now a wide range of Internet of Things (IoT) devices connected to the web, making this a hot topic. Among these devices are security cameras. IoT devices are computers that use software that makes them vulnerable. As the famous cybersecurity evangelist Mikko Hypponen says, "If a device is smart, it's vulnerable!"
Hypponen is right. On a daily basis, new vulnerabilities are found in software, regardless of the manufacturer. In 2019, more than 12,000 vulnerabilities worldwide were made public and reported as a CVE (Common Vulnerability and Exposure) in the National Vulnerability Database (NVD). Unfortunately, vulnerabilities are a given. What really matters is how a company deals with and resolves vulnerabilities.
Awareness of cybersecurity vulnerabilities is vitally important
Awareness of cybersecurity vulnerabilities is vitally important to protect you, your business and the Internet, but it’s also important to understand that a vulnerability is not synonymous with “backdoor”, and is not necessarily indicative of “cheap quality.”
But there are companies out there that are embedding safeguards into their development processes to reduce the risks. You could see them as ‘Sheriffs’, taking steps to make this Wild West a little safer.
Why Hikvision chooses ‘Secure-by-Design’
Security cameras, like all other IoT devices, are vulnerable to cyberattacks. Fortunately, manufacturers of IoT devices can significantly reduce these vulnerabilities during the production of devices, using a process called ‘Secure-by-Design’. Implementation of Secure-by-Design requires a commitment on the part of the manufacturer’s management team and a serious investment in resources and technology, which can result in a longer production process and a higher cost of the IoT device. Cost is often the reason why some IoT device manufacturers do not use Secure-by-Design (and are indeed cheaper).
Hikvision is a producer of IoT devices that takes security and privacy very seriously and has implemented Secure-by-Design in its production process. Management supports this process and has even set up a dedicated internal cybersecurity structure charged with product cybersecurity. This group is also the central point of contact for all other cybersecurity matters. The Hikvision Security Development Life Cycle (HSDLC) is an essential part of Hikvision's cybersecurity program. Cybersecurity checks take place at every stage of product development — from concept to delivery.
Cybersecurity checks take place at every stage of product development
For example, product testing takes place during the verification phase, the company also regularly invites well-known security companies and public testing platforms to conduct penetrating testing. Does this mean that all Hikvision products are immune to hacking? No, that guarantee cannot be given, but the HSDLC is a testament to a manufacturer that makes every effort to produce products that are as cyber secure as possible.
Source code transparcency center
In addition to the Secure-by-Design process, Hikvision opened a Source Code Transparency Center (SCTC) lab in California in 2018, being the industry’s first-of-its-kind lab to open such a center. At this center, U.S., Canadian government and law enforcement agencies can view and evaluate the source code of Hikvision IoT devices (IP cameras and network video recorders). It’s important to emphasize that no product is 100 percent secure. Hikvision has a Vulnerability Management Program in place when a vulnerability is discovered in a product.
To date, vulnerabilities that have been reported to Hikvision and/or made publicly known, have been patched in the latest Hikvision firmware, and are readily available on the Hikvision website. In addition, Hikvision is a CVE CNA, and has committed to continuing to work with third-party white-hat hackers and security researchers, to find, patch and publicly release updates to products in a timely manner. These vulnerabilities are collected in the National Vulnerability Database (NVD) and are public. Hikvision recommends that customers who are interested in purchasing security cameras inquire about a manufacturer’s cybersecurity practices and if they have an established Vulnerability Management Program.
Cybersecurity questions to consider
The cybersecurity of IoT devices is a topic that needs to be addressed in a serious way and it should play an essential role in the product development process, beginning at the concept phase of an IoT product. This requires time, investment and knowledge. Consider the following questions:
Do I trust the manufacturer of a low-cost security camera?
Does this manufacturer have a dedicated cybersecurity organization?
How does this manufacturer handle vulnerabilities?
These are the questions that everyone should ask themselves when making a purchase, be it a camera or any other IoT product. There is no absolute 100% guarantee of security, but Hikvision has industry-leading practices to ensure the cybersecurity for its cameras. Cooperation, with its customers, installers, distributers and partners, and full transparency are key elements to successfully secure IoT devices. When you read cybersecurity news, we invite you to look beyond the headlines, and really get to know the companies that produce the IoT devices. Before you buy a security camera or any IoT device, check out the manufacturer’s cybersecurity practices, look for a company with a robust vulnerability management program, a company that aligns itself with Secure-by-Design and Privacy-by-Design and a company that employs cybersecurity professionals who are ready and eager to answer your questions. Remember, there are Sheriffs out there, as well as bandits.
IP cameras for video surveillance has been a trending topic amongst enterprises across the world due to rising concerns for security and safety. IP CCTV cameras are revolutionizing security measures, and technology has evolved to allow for a more diverse security monitoring system through high resolution, larger digital storage options and compatibility for integrated analytical software.
According to Global CCTV Market Forecast 2022, analysts expect the market for global CCTV to grow at a CAGR of around 11% during 2018-2022.
Clearly, a successful hack of an enterprise security camera system could lead to a range of implications. Amongst the main ones is unauthorized access to video and audio streams of data, as well as to the archive, violation of confidentiality, HIPPA, PII and potential leaks of personal and corporate information, possible copying, unauthorized distribution and duplication of such data.
“Most Enterprise video surveillance systems are vulnerable to hackers. According to our studies, more than half of companies and organizations, both large and small, do not take sufficient precautions when it comes to preventing their security cameras from being hacked. Be it ignorance or just careless approach to security of their network in general, the results of hacking can be disastrous,” says Chris Ciabarra, the CTO and co-founder of Athena Security.
With the increasing number of surveillance cameras installed in homes, offices and public places, hacking incidents related to these devices happen more and more often.
The ease of hacking surveillance cameras
It’s not a secret that surveillance cameras, like many other Internet of things (IoT) devices, are full of vulnerabilities that can be exploited by hackers.
A hacker can find hundreds of potentially vulnerable IoT devices to hack into
Cameras, just like all other devices connected to the Internet, have IP addresses that are easy to find using Shodan, a search engine for Internet-connected devices. With this simple tool, a hacker can find hundreds of potentially vulnerable IoT devices to hack into, including cameras, especially when most companies use default passwords.
Below are basic recommendations on how to protect your camera network, and what actions you should take to minimize the chance of hacking.
Change the default username and password
You should start by changing the default password and username of your camera network. Even though this may seem obvious, not everyone does it, practically leaving the door for hackers wide open.
Use a strong password that is hard to guess. When setting up the password use numbers, symbols, both uppercase and lowercase letters. Do not use simple and commonly used passwords, such as the ones in SplashData's list of 100 worst passwords of the year.
Do not use the same password you are already using for other online accounts. According to a recent survey on data privacy conducted in May 2019, 13% of respondents with at least one online account say they use the same password for all their accounts. Using a password manager to generate a strong random password may be a good idea.
Update your camera firmware regularly
Keeping cameras firmware up-to-date is very important as it allows you to prevent hackers from exploiting vulnerabilities and bugs that are already patched by manufacturers in a new firmware update.
Despite the fact that most modern cameras will automatically download and install firmware updates, some require the user to check for updates and install them.
Set up two-factor authentication
Set up the two-factor authentication if your cameras support it. With two-factor authentication on, the camera manufacturer will send you a randomly generated passcode via text message or phone call, as an addition to username and password, during each log in to the account. Two-factor authentication prevents hackers from accessing the camera system even if they were able to crack username and password.
Not all surveillance camera systems support two-factor authentication, though.
Prevent cameras from sending information to third parties
Companies that use surveillance cameras very often do not put enough effort into protecting their cameras and the data they transmit, despite the fact that this footage is of great importance to many people.
The firmware of most cameras from different manufacturers is programmed in a way to keep a connection with the manufacturer’s server without knowledge of the end-user. Most users, both private and corporate, are not aware of this and therefore do not take any steps to protect themselves from this potential vulnerability, which could result in footage leak to a third party or a successful hacker attack.
To prevent your camera network from transmitting, the following steps should be taken.
Step 1: Statically assign an IP address
Statically assign IP address for each camera, subnet mask and leave gateway blank or 127.0.0.1, if this is allowed in gateway fields to be entered. If the firmware does not allow blank or 127 subnets, just point gateway to an unused dedicated IP address.
This way, cameras will not be able to send the information off the local company network.
Step 2: Assign DNS servers
Assign DNS servers that are local to cameras and force only your domain to be present with zero forwarding DNS servers.
This way, if a camera tries to do name resolution, it will come up blank. Not being able to find the IP address of the main server (mother ship), cameras won’t be able to connect to it.
To stay safe you can order your own DNS servers, locked down to your addresses only.
Block your camera network’s access to the Internet
Blocking your camera network’s access to the Internet is a good way to make sure hackers won’t be able to get access to the footage and other confidential data. Any dual-homed system touching your camera network should be blocked from Internet access. This way all systems in the same subnet won’t have access to the Internet from that box.
Always use DNS because firewall rules tend to be easy to hack, while DNS that is internal is not expected and stops systems from resolving names you do not wish to be translated, like talking back to the mothership of a bad program.
Monitor your system for traffic spikes
One of the tricky things about hacker attacks is that there are no warnings. In most cases hackers would penetrate your system without any signs or symptoms of an attack, and it isn’t until you face consequences (like leaked footage or hackers manipulating cameras) when you realize something is wrong. It may be days or even months between the hacker attack and the time you realize the system has been compromised.
Monitoring dual-homed systems for bandwidth spikes could be a good way to spot a hack resulting in the leakage of confidential data like images or video. There are a number of traffic monitoring tools available to private and corporate users that can manage and sniff the network or just monitor them.
Facial blur in archived footage
Blurring people’s faces when archiving in surveillance camera video streams is a great tool, allowing you to comply with privacy laws and make the footage useless to hackers even if they manage to successfully hack your system.
These recommendations will allow you to lower the risk of hackers breaking into your security camera network, detect the hack if it has occurred already, and to protect yourself from possible consequences if camera footage was stolen.
Close collaboration with customers has been a hallmark of the physical security industry for decades. And yet, less ability to collaborate face-to-face to discuss customer needs has been a consequence of the COVID-19 pandemic.
“True innovation, which comes from close collaboration with customers, is more difficult to achieve remotely,” said Howard Johnson, President and COO, AMAG Technology, adding “Not being able to visit in person has not been helpful.
Kurt John, Chief Cyber Security Officer at Siemens USA, adds “We need to plan intentionally with a strategic approach for collaboration and innovation.”
Securing New Ground virtual conference
Security experts from three manufacturers reflected on the impact of COVID-19 on the physical security industry
Security experts from three manufacturers reflected on the impact of COVID-19 on the physical security industry at a ‘View from the Top’ session, during the Securing New Ground virtual conference, sponsored by the Security Industry Association. Their comments covered business practices during the pandemic and the outlook for technology innovation in response.
“We had to pivot quickly on business models and create a cross-portfolio team task force to discuss how we can leverage technologies to help customers [during the pandemic],” said John, adding “We are having outcome-based conversations with customers about their businesses and operations, and how we can combine short-term benefits with long-term growth and flexibility.”
But some of those conversations are happening from a distance.
Results-oriented approach in remote work environment
After the pandemic took hold, Siemens shifted rapidly to remote work and embraced other infrastructure changes. “We had to refocus and lead with empathy, flexibility and trust,” said John, adding “We gave our staff flexibility to set their hours and used a results-oriented approach.”
There is also a social element missing in the work-from-home model. “Virtual coffee machines do not replace being there in person,” said Pierre Racz, President and CEO, Genetec, adding “Small talk about the weather is important psychological elements.”
Positives in using multi-factor identity management
He predicts that, in the future, office hours may be reduced, but not floor space, with space needed for in-person collaboration and long-term social distancing. Employees will come to the office to do collaborative work, but can work from home to accomplish individual tasks that may be ‘deferred’ to after-hours, when the kids have been fed.
When the pandemic hit, Genetec had resumed 95% of their operations within 36 hours, thanks to their use of multi-factor identity management. They did not suffer from malware and phishing issues. “Multi-factor is really important so that well-engineered phishing campaigns are not successful,” said Pierre Racz.
Shift to ‘Zero Trust’ model
All three panelists noted a coming skills gap relating both cyber security and systems integration
Remote working technologies are shifting to a ‘zero trust’ model, in which access to systems is granted adaptively based on contextual awareness of authorized user patterns based on identity, time, and device posture.
For example, an office computer might have more leeway than a home computer and a computer at Starbucks would be even less trusted. The approach increases logical access security while providing users their choice of devices and apps.
Skills gap in cyber security and systems integration
A growing skills gap has continued throughout the pandemic. “Where we have vacancies, we have struggled to find candidates,” said Howard Johnson. All three panelists noted a coming skills gap relating both cyber security and systems integration. New technologies will clearly require new skills that may currently be rare in the workforce.
Cyber security will become even more important with growth in new technologies such as AI, machine learning, 5G and edge computing. A workforce development plan is needed to address the technologies and to enable companies to pivot to new business needs, said John.
Adoption of temperature sensing solutions
From a technology viewpoint, Johnson has seen attention shift to the reception area and portal, away from touch technologies and embracing temperature sensing as a new element. There have also been new requests for video and audio at the portal point, to create methods of access and egress that do not require security personnel to be present.
“Some customers are early adopters, and others are waiting for the market to mature before investing,” Howard Johnson said.
“Security companies have been faced with the need to respond rapidly to their customers’ needs during the pandemic, but without seeming like ‘ambulance chasers’,” said Pierre Racz. In the case of Genetec, the company offered new system capabilities, such as a 'contamination report', to existing customers for free.
Move to a hybrid and flexible work environment
In the new normal, the pendulum will swing back to the middle with more flexibility and a hybrid approach"
An immediate impact of the pandemic has been a reduction in required office space, as more employees have worked from home, raising questions about future demand for office space. “The pendulum tends to swing to the extremes,” said Kurt John, adding “In the new normal, the pendulum will swing back to the middle with more flexibility and a hybrid approach.”
“Users will be much more careful about letting people into their space, which requires more policies and procedures,” said Lorna Chandler, CEO, Security by Design, who participated in a panel at Securing New Ground about how the pandemic is changing commercial architecture and access control.
“Users should also be careful in the rush to secure premises from COVID-19 that they don’t violate HIPAA laws or create other potential liabilities,” adds Chandler.
Continuum of mechanical and electromechanical devices
Mark Duato, Executive Vice President, Aftermarket, ASSA ABLOY Opening Solutions, said a “Continuum of mechanical and electromechanical devices is needed to protect premises and ensure convenient operation of an access control operation.”
“First and foremost, the immediate reaction to the impact of COVID-19 is to rush to educate and invest in technologies to increase the ability to analyze people,” said Duato, who also participated in the access control panel.
Shift to touchless, frictionless access control
“The move to touchless, frictionless access control “is really a collaboration of people, process and technology,” said Valerie Currin, President and Managing Director, Boon Edam Inc., adding “And all three elements need to come together. Touchless and frictionless have been in our market for decades, and they’re only going to become heightened and grow. We’re seeing our business pivot to serve markets we have not served in the past."
More and more data is a feature of new systems, but is only helpful when it is analyzed. “We all live in a world of data, or IoT and sensor technology,” said ASSA ABLOY’s Mark Duato, adding “But we don’t want to be crushed by data. Data is only helpful when you can reduce it to functional benefits that will help us innovate. We have to take the time to squeeze the value out of data.”
Within days, a rule will take effect that bans from U.S. government contracts any companies that “use” video products from Chinese companies Hikvision and Dahua. The Federal Acquisition Regulation (FAR) rule implements the “blacklist” (or “Part B”) provision of the National Defense Authorization Act (NDAA), which is understood in the security industry as prohibiting dealers and integrators that do business with the federal government from selling Chinese-made video products to any of their customers (even for non-government projects).
The rule, which is officially still interim, states: “On or after August 13, 2020, [federal] agencies are prohibited from entering into a contract, or extending or renewing a contract, with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”
Within days, a rule will take effect that bans U.S. government contracts any companies that “use” video products from Chinese companies Hikvision and DahuaFederal agencies issuing the rule are the Department of Defense (DoD), the General Services Administration (GSA) and the National Aeronautics and Space Administration (NASA). GSA provides centralized procurement for the federal government.
Because the COVID-13 crisis delayed issuance of the rule, the usual 60 days will not be allowed for public comment before the rule is implemented. However, public comments are welcome and will be addressed in subsequent rulemaking.
“Telecommunications equipment” refers to equipment or services provided by Huawei Technology or ZTE Corp, both Chinese telecommunications giants. The rule also specifies that it applies to “certain video surveillance products or telecommunications equipment and services produced or provided by Hytera Communications Corp., Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of those entities).” Hytera is a Chinese manufacturer of radio systems. Hikvision and Dahua are major international manufacturers of video surveillance equipment.
Limits and prohibitions
The rule states: “This prohibition applies to the use of … equipment or services, regardless of whether that use is in performance of work under a Federal contract.” In the industry, this clause is taken to mean that integrators that “use” any of the covered equipment are prohibited from selling to the government. “Use” presumably covers an integrator deploying the equipment in their own facilities and/or selling it to other customers. The rule also prohibits “service … related to item maintenance,” which in the case of a security integrator would include providing service contracts on previously installed systems.
Security Industry Association (SIA)
The Security Industry Association (SIA) comments: “Due to applicability [of the rule] to uses by entities with federal contracts even unrelated to their federal work, this broad interpretation is expected to have widespread impact on the contracting community across many sectors, as covered video surveillance equipment is some of the most commonly used in the commercial sector in the United States.”
Security integrators that do business with the federal government have largely anticipated the new rule and already switched their Chinese camera lines for NDAA-compliant competitors. However, as SIA points out, extensive common uses of the Chinese equipment in various commercial sectors raises additional concerns.
Easing compliance burdens
The interim rule adopts a “reasonable inquiry” standard when an offeror (government contractor) represents whether it uses covered equipment. “A reasonable As SIA points out, extensive common uses of the Chinese equipment in various commercial sectors raises additional concerns. inquiry is an inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity. A reasonable inquiry need not include an internal or third-party audit.” SIA notes that this provision may be aimed at easing the compliance burden by suggesting that contractors only need to inquire based on what information they already possess.
The new rule covers Paragraph (a)(1)(B), which has informally been referred to as the “blacklist” provision of the NDAA, the John S. McCain National Defense Authorization Act for fiscal year 2019. However, the “Chinese ban” provision [Paragraph (a)(1)(A)] already went into effect a year after the law was signed by President Trump (August 13, 2018). “Part A” covers use of Chinese-made products in fulfilling government contracts.
A growing threat
Seeking to justify the new restrictions, the FAR rule states: “Foreign intelligence actors are employing innovative combinations of traditional spying, economic espionage, and supply chain and cyber operations to gain access to critical infrastructure and steal sensitive information and industrial secrets. The exploitation of “Telecommunications equipment” refers to equipment or services provided by Huawei Technology or ZTE Corp, both Chinese telecommunications giantskey supply chains by foreign adversaries represents a complex and growing threat to strategically important U.S. economic sectors and critical infrastructure.”
SIA has urged a delay in implementing the “Part B” provision, stating: “The federal government estimates that it will cost contractors well over $80 billion to fully implement this prohibition on the use of certain Chinese telecommunications and video surveillance equipment, yet endless delays in publishing the rule now mean that federal suppliers have just weeks to understand and comply with the new rule, which raises as many questions as it answers.”
SIA continues: “Federal suppliers across a wide range of industries have increasingly concluded that Part B is unworkable without clarification of the scope and meaning of key terms in the provision, which the rule does not do enough to define. For example, Part B bans agencies from contracting with a provider that “uses” any covered equipment or service. This term is not clearly defined in law or regulation, yet contractors must certify compliance beginning Aug. 13, 2020.”
The Part B rule, which only applies to prime contractors, enables agency heads to grant a one-time waiver on a case-by-case basis, expiring before Aug. 13, 2022.
The global pandemic caused by the novel coronavirus is changing work environments to an unprecedented degree. More employees than ever are being asked to work remotely from home. Along with the new work practices comes a variety of security challenges.
Without the proper precautions, working from home could become a cybersecurity nightmare, says Purdue University professor Marcus Rogers. “Criminals will use the crisis to scam people for money, account information and more,” he says. “With more people working from home, people need to make sure they are practicing good cybersecurity hygiene, just like they would at work. There is also a big risk that infrastructures will become overwhelmed, resulting in communication outages, both internet and cell.”
Concerns about the coronavirus have increased the business world’s dependence on teleworking. According to Cisco Systems, WebEx meeting traffic connecting Chinese users to global workplaces has increased by a factor of 22 since the outbreak began. Traffic in other countries is up 400% or more, and specialist video conferencing businesses have seen a near doubling in share value (as the rest of the stock market shrinks).
Basic email security has remained unchanged for 30 years
Email is a core element of business communications, yet basic email security has remained unchanged for 30 years. Many smaller businesses are likely to still be using outdated Simple Mail Transfer Protocol (SMTP) when sending and receiving email. “The default state of all email services is unencrypted, unsecure and open to attack, putting crucial information at risk,” says Paul Holland, CEO of secure email systems provider Beyond Encryption.
“With remote working a likely outcome for many of us in the coming weeks, the security and reliability of our electronic communication will be a high priority,” says Holland. The company’s Mailock system allows employees to work from any device at home or in the office without concerns about data compromise or cybersecurity issues.
Acting quickly and effectively
As the virus spreads, businesses and organizations will need to act quickly to establish relevant communication with their employees, partners and customers surrounding key coronavirus messages, says Heinan Landa, CEO and Founder of IT services firm Optimal Networks. Employers should also enact proper security training to make sure everyone is up to speed with what’s happening and can report any suspicious online activity.
Reviewing and updating telework policies to allow people to work from home will also provide flexibility for medical care for employees and their families as needed.
Scammers, phishing, and fraud
An additional factor in the confusing environment created by the coronavirus is growth in phishing emails and creation of domains for fraud. Phishing is an attempt to fraudulently obtain sensitive information such as passwords or credit card information by disguising oneself as a trusted entity. Landa says homebound workers should understand that phishing can come from a text, a phone call, or an email. “Be wary of any form of communication that requires you to click on a link, download an attachment, or provide any kind of personal information,” says Landa.
Homebound workers should understand that phishing can come from a text, a phone call, or an email
Email scammers often try to elicit a sense of fear and urgency in their victims – emotions that are more common in the climate of a global pandemic. Attackers may disseminate malicious links and PDFs that claim to contain information on how to protect oneself from the spread of the disease, says Landa.
Ron Culler, Senior Director of Technology and Solutions at ADT Cybersecurity, offers some cyber and home security tips for remote workers and their employers:
When working from home, workers should treat their home security just as they would if working from the office. This includes arming their home security system and leveraging smart home devices such as outdoor and doorbell cameras and motion detectors. More than 88% of burglaries happen in residential areas.
When possible, it’s best to use work laptops instead of personal equipment, which may not have adequate antivirus software and monitoring systems in place. Workers should adhere to corporate-approved protocols, hardware and software, from firewalls to VPNs.
Keep data on corporate systems and channels, whether it’s over email or in the cloud. The cyber-protections that employees depended on in the office might not carry over to an at-home work environment.
Schedule more video conferences to keep communication flowing in a controlled, private environment.
Avoid public WiFi networks, which are not secure and run the risk of remote eavesdropping and hacking by third parties.
In addition to work-from-home strategies, companies should consider ways to ensure business cyber-resilience and continuity, says Tim Rawlins, Director and Senior Adviser for risk mitigation firm NCC Group. “Given that cyber-resilience always relies on people, process and technology, you really need to consider these three elements,” he says. “And your plan will need to be adaptable as the situation can change very quickly.”
Employees and their employers
Self-isolation and enforced quarantine can impact both office staff and business travelers
Self-isolation and enforced quarantine can impact both office staff and business travelers, and the situation can change rapidly as the virus spreads, says Rawlins.
Employees should be cautious about being overseen or overheard outside of work environments when working on sensitive matters. The physical security of a laptop or other equipment is paramount. “It’s also important to look at how material is going to be backed up if it’s not connected to the office network while working offline,” says Rawlins.
It’s also a good time to test the internal contact plan or “call tree” to ensure messages get through to everyone at the right time, he adds.
One of the largest public train operators in the United Kingdom, Southeastern Rail Network, now relies on a smart video security solution from Bosch Security Systems to secure twelve train depots, including five unmanned locations, against theft and intrusion.
The fully digital video surveillance system presents a significant upgrade to the British train operating company, which provides train services between London, Kent and parts of East Sussex and transports 6, 40,000 passengers each weekday on its 392 trains.
built-in Intelligent Video Analytics
Powered by cameras featuring built-in Intelligent Video Analytics, the solution was installed and configured to the specific requirements at the train depots by Bosch integration partner, Taylor Technology Systems Ltd., over the course of six months.
Video security system relies on machine learning algorithms to automatically sound alarms on security threats
Fully operational at all twelve locations, the video security system relies on machine learning algorithms to automatically sound alarms on security threats, such as intruders and perimeter breaches. Beyond security applications, the system also tracks important metadata on the arrival times of trains, while also monitoring deliveries at the train depots, among other AI-assisted functions that it carries out.
IP-based cameras with Starlight technology
The cameras portfolio installed across the twelve depots replaces an analog legacy solution with IP-based security cameras from the Flexidome, Dinion, and Autodome product lines of Bosch Security Systems. These smart cameras include Bosch’s Intelligent Video Analytics capabilities as a built-in feature, ensuring that the most relevant video data can be precisely applied to the requirements of the train depots.
Because night-time security and surveillance is critical, especially at the five unmanned train depots on the network, the Bosch cameras rely on Starlight technology to provide full intelligent analytics at night and in low light levels. The Starlight technology supports color filtering down to a light level of only 0.0077 lux, so as to deliver detailed monochrome images where other cameras show no image at all, and guard against intruders and unauthorized entry around the clock.
Featuring digital ‘trip wire’ to counter false alarms
Highly resilient against false alarms, the smart cameras can detect movement at the perimeters of the train depots using a digital ‘trip wire’. In case of a security breach, the system alerts Southeastern Rail Network’s watch personnel, who can view live camera footage, as well as recordings of incidents for heightened situational awareness and total perimeter security.
Instead of relying on the pre-configured capabilities, such as vehicle tracking and more, security personnel can also use the built-in camera trainer function to ‘teach’ new functionality, such as detecting certain types of objects or situations.
Remote video recordings storage with Divar recorders
Recordings from the depots are safely stored and managed remotely with Divar recorders in encrypted format
As an integral part of this end-to-end Bosch security solution, recordings from the depots are safely stored and managed remotely, using Divar all-in-one recorders in encrypted format.
When looking at the bigger picture, the video security solution adopted by Southeastern Rail Network is part of an industry-wide evolution from cameras as mere video capturing devices to smart sensors capable of collecting rich metadata.
Insights beyond security
This metadata unlocks unique insights beyond security, including video analytics at the train depots that support applications such as monitoring deliveries to onsite buildings, providing access to personnel and logging the arrival and departure times of incoming trains.
The system thereby not only ensures that all train depots remain fully guarded and protected 24/7 against criminal access, but also provides a data-based foundation to keep efficiency gains and cost savings on track in the long run.
Doncaster Culture and Leisure Trust (DCLT), The Dome, required a new solution that would protect several areas, including one of the largest gym’s in Doncaster, The Fitness Village.
Vanderbilt ACT365 system
DCLT had a specific brief for this project that specified enhancing the staff and customer experience, while simultaneously providing access control solutions to restricted areas from the general public, members, and staff alike.
Oliver Law Security (OLS) Ltd. did not hesitate to recommend the Vanderbilt ACT365 system. ACT365 is not only a fully cloud-based solution, but also offers a flexible solution for installation and management that OLS identified as a key ingredient to meet DCLT’s project brief.
In addition to DCLT’s security requirement, OLS also realized ACT365 as an ideal solution for this task, given the product’s very focused API integration. Thanks to the ACT365 interface, OLS was able to integrate DCLT’s gym management system to enable single-source data to be used to populate the access control system, keep records up-to-date, and enhance customer experience.
For instance, previously, the older system had taken up to 3-5 seconds to validate members and open the entry turnstiles. Once the API interface had been achieved, this validation is now done instantly through ACT365 and allows members with active memberships through the entry points without any minimal delay.
Game-changer security solution
According to Oliver Law Security, using ACT365 and its API interface is a game-changer for this type of project
The scope of this project, although not significant in the number of doors, was a very technical project with integration into SQL server and a third-party membership system with the potential for thousands of would-be users.
According to Oliver Law Security, using ACT365 and its API interface is a game-changer for this type of project. With multiple updates per day, the access control system is always fully populated with the correct, validated members ensuring DCLT’s premier venue, The Dome, is protected against memberships that have lapsed.
Cloud-based off-premise solution
The system is entirely cloud-based offers an off-premise solution with no additional new servers required or PC’s running software. Through the ACT365 app, DCLT’s site administrators can manage the system for staff. The beauty of the interface is once the schedule runs, all information is autonomously sent to the ACT365 database, meaning adding new memberships, updating memberships, or revoking access is seamless, not tying up staff verifying and administering the membership/access control systems respectively.
Commenting on the project, Oliver (Ollie) Law, Managing Director of Oliver Law Security (OLS) Ltd., stated “We didn’t hesitate to recommend the Vanderbilt ACT365 system. As a Vanderbilt Gold Integration Partner, this is our go-to product, and for Doncaster Culture and Leisure Trust, the flexibility and scalability of the product was best placed to grow with their business.”
He adds, “We are fully committed to working and growing with Vanderbilt, and we look forward to other projects of this nature in the future.”
Shift5, Inc., a cybersecurity company, has been selected by the Army's Rapid Capabilities and Critical Technologies Office (RCCTO) to deliver a prototype vehicle security system for a critical ground vehicle platform.
Under the $2.6 million OTA, awarded November 12, 2020, Shift5 will provide unified cybersecurity prototype kits designed to help protect the operational technology of the Army's Stryker combat vehicle platform.
Rapid prototyping efforts
This award is a result of Shift5's participation in RCCTO's inaugural Innovation Day event, held in September 2019. The Army's RCCTO Innovation Day resembles a commercial investor ‘pitch day’ and supports new rapid prototyping efforts designed to accelerate the transition of emerging technology to Soldiers.
As part of the process, Shift5 submitted a white paper in response to an open Broad Agency Announcement; delivered a presentation among a group of 42 companies; and was selected to quickly prototype its hardware and software to provide value to the warfighter.
Military weapon system
"Shift5 is answering the call to arms about military weapon system cybersecurity vulnerabilities. Our products are currently deployed protecting commercial rail and aircraft, and this newest engagement will integrate our products onto military ground vehicle platforms," says Josh Lospinoso, Shift5 CEO.
Over the course of a year, Shift5 will develop, test, and refine an enhanced vehicle security system prototype and deliver a transition-ready product. The Shift5 solution will increase the cyber survivability of the vehicle across the full lifecycle. The solution will also provide increased situational awareness about the cyber health of the fleet and resources in the event of a cyber-incident.
Stuart Codack, Information Security Manager and Steve Roberts, Head of IT at West Midlands Trains (WMT), gave an inside look into working with SureCloud’s cyber security team.
As an operator of essential services and part of the critical national infrastructure, West Midlands Trains (WMT) are constantly reviewing the service that they provide and the supporting processes to ensure that they are giving customers the very best service. WMT will routinely carry over 200,000 passengers over any of the 1300 services per day, operating from London to Liverpool and predominately in the West Midlands area.
Aligning to business objectives
While providing the best service possible, the business is responsible for making upgrades
While providing the best service possible, the business is responsible for making upgrades, as part of their commitment to the Department for Transport and agreed set of objectives defined within the organization’s committed obligations.
These could range from large projects to developing stations, such as Wolverhampton, upgrading and enhancing the trains’ capacity, or providing more technical solutions to allow customers to purchase tickets and view train services online.
Key cyber security challenges
Understanding the emerging and constantly evolving threats to the rail is critical to ensure that WMT provide an efficient and responsive technical solution for the services operated. They operate within a number of frameworks, most significantly the Network Information Systems (Directive) provided to Operators of Essential Services (OES), and also feed in elements of both ISO27001 and NIST.
The Department for Transport, in conjunction with the National Cyber Security Center, enctheages a mature cyber security posture, and closely monitor and assess assurance levels. This approach challenges WMT constantly and places high demands on the enterprise to deliver and maintain a strong cyber security posture.
Understanding where any actual or potential weaknesses are helps in directly applying restheces to protect systems and maintain confidentiality, integrity and availability. Often overlooked, recognizing where WMT have achieved success has also helped to justify continued and future spending to senior management, by assuring them that a proactive cyber security strategy is worth the investment.
SureCloud cloud-based platform
Chosen for their professionalism during the tender stage, SureCloud comfortably convinced the decision makers of their technical capability, flexibility and willing attitude to join the business on their jtheney, as opposed to other vendors providing the essentials with hidden costs introduced as additional extras.
The SureCloud platform provided WMT with clear visibility of testing outcomes
Another key benefit that helped SureCloud stand out from the rest was the technology-enabled services approach, which utilizes SureCloud’s platform to underpin the service delivery. The cloud-based platform has provided a forum for WMT, in which work streams can be identified and allocated to third-party vendors. The business allows remediation work to be assigned and worked on concurrently.
The SureCloud platform provided WMT with clear visibility of testing outcomes and helped to establish the evidence and patterns of work that supports the various questions across the frameworks that call for continual service improvement, while demonstrating a proactive response to aspects of ISMS has been invaluable.
Benefits of the Cyber security-as-a-Service package
Support was measured against the requirements of the organization and was provided on-demand and willingly offered up throughout all stages of the agreement, with no signs of wavering support on completion of any of the work packages.
The penetration testing has provided a great deal of insight and visibility into areas that needed improvement while assuring other areas where the business had demonstrated some good practices. The results were well presented via the platform with the context that allowed the team to define the risk, and if any action would be needed to mitigate or reduce those risks. The level of expertise was fantastic, with identified areas supported by impacts and potential solutions.
Effective cyber security program
Overall, West Midlands Trains are very satisfied with their investment in the SureCloud tech-enabled services, and have already recommended SureCloud to a number of partners based on the work conducted. West Midlands Trains are passionate about managing an effective cyber security program and the business will continue to work with SureCloud in the future.
Internet-based training has long provided a less-expensive alternative to in-person classroom time. There are even universities that provide most or all of their instruction online. However, the COVID-19 pandemic has expanded acceptance even more and increased usage of internet-based meeting and learning tools. We asked this week’s Expert Panel Roundtable: How can remote or Internet-based training benefit the physical security market?
Video storage has been a challenge since the days of VCRs and videotape. Storing images is a central need for any video systems, especially one that is focused on the forensic and investigative aspects of video. Today, digital video is stored on hard drives and even in the cloud. Increasingly, video is considered “data” that drives a variety of video analytics and even artificial intelligence (AI) applications. We asked this week’s Expert Panel Roundtable: What are the new trends and opportunities in video storage?
Protecting the oil and gas market is key to a thriving economy. The list of security challenges for oil and gas requires the best technology solutions our industry has to offer, from physical barriers to video systems to cybersecurity. We asked this week’s Expert Panel Roundtable: What are the security challenges of the oil and gas market?