Cybersecurity is a trending topic in the video surveillance market. As a result of international regulations, companies are assessing the potential security risks of video surveillance systems, deploying crisis management policies and developing mitigation plans for events related to a data breach. Customers desire trustworthy products and vendors are rushing to fill this gap to satisfy the market demand. Multiple vendors are offering a large number of solutions, and customers have trouble to identify the best solution for their needs.
In this article, Videotec, a company specialized in the design and creation of video surveillance products for outdoor environments, puts forward its vision with regard to developing safe products and describes its strategy for cybersecurity.
Why does cybersecurity matter in video security applications?
Whenever people working in the surveillance business think about cybersecurity, they mainly think about privacy.
Although this is a crucial topic, it is not the only one. Information may indeed be stolen from the cameras, but cameras can be exploited to gather additional information.
Let’s take an example of an industrial installation site where different sets of devices can be found:
• Computers for office work
• VoIP phones for telephony
• Cameras for surveillance
• Scada devices for process control
In theory, network segregation requires a LAN for each set of devices. However, in practice, there is only one physical Ethernet segment to save money, and virtual LANs are deployed to try to keep things separated.
A compromised device on the network can be the vector to send malicious packets to other VLANs, to make servers unreachable or interrupt services and processes.
To achieve this result, an attacker can use techniques based on:
• ARP poisoning
• Switch spoofing
• IEEE802.1Q tunnelling, also known in Q-IN-Q
Under normal conditions, the PLCs exchange data with the server to guarantee business continuity and also people safety. Any compromised IoT sensors could be exploited to inject malformed data into the network. When this happens, the flow of information between the PLCs and the monitoring server can be disrupted and the monitoring can be halted. If this happens, both plant safety and business continuity are at risk.
Modern surveillance cameras have millions of lines of code. Therefore, the probability of being exposed to cyberthreats is almost 100 percent!
That is the reason why, when choosing surveillance and IoT equipment, the surveillance manager should evaluate one main issue besides the video performance: the software maintenance from the vendor.
What are Videotec’s policy and features to make outdoor products cyber-safe?
Thanks to Videotec’s proprietary know-how, their internal R&D team regularly releases new firmware several times a year, with updates shared and distributed across the entire product range. Each update adds innovative enhancements and features and renews the level of cybersecurity, ensuring all pre-existing compatibility with third-party systems.
Videotec helps integrators and customers keep their systems protected and bases the development of its IP products on the following ten pillars of cyber-sustainability.
- Long term support for firmware: All Videotec products share the same encoding platform. Therefore, every new firmware release is valid for the whole product catalogue. Thanks to this choice, Videotec can push updates and new features even on products that were released years before.
- Resilient software architecture: Protocols are separated from the core part of the FW. Therefore, they are exported in processes that cannot be exploited to take over the device and spread an attack over the network.
- Implementation of IEEE 802.1x: This protocol enables a restriction on the devices that can be connected on the network and helps system administrators to make sure that only authorized devices can access the network.
- Digitally signed firmware files: If the uploaded firmware is not digitally signed with the Videotec keys, the video encoder and video analytics will refuse to install it. For this reason, it is not possible to upload rogue code to Videotec units.
- Support for the newest TLS standard with self-signed certificates and regular certificates. HTTPS is achieved with TLS. SSL has been dropped because all versions are not secure anymore.
- GDPR (General Data Protection Regulation) conformance for streaming: Starting with the 2.0.0 FW release, Videotec devices can stream encrypted video. Keys and certificates management makes units GDPR-compliant in any installation scenario. We have an encrypted video streaming stack based on RTSP over HTTPS, and this works both on IPV4 and IPV6.
- Keys and certificates management: With self-signed certificates, traffic can be encrypted. With the same technology, cameras and clients can validate their identity and make sure that nobody replaced a camera or software with a malicious one.
- Videotec video encoder implements most modern and robust algorithm for encryption: We can support RSA keys up to 4096 bits and AES keys up to 256 bits. We also support several algorithms for hashing: from the old MD5 and the newer version of SHA. It is important to note that long keys for RSA, supporting AES and the most modern version of SHA algorithms, are qualified by NSA for TOP secret information management.
- Selectable protocols
- Certificate-based client authentication: Videotec products can be configured to accept commands only from clients having a proven identity stored in a secure element. There are no more passwords to steal, and no time is wasted defining policies for password complexity.
Videotec has a strong presence in several vertical markets with prestigious references, such as transportation and traffic, marine, industrial, offshore and onshore oil & gas and energy industry. Videotec strengthens its commitment to global partners, providing them with IP-based high-performing products that are resistant, cyber-secure, and meet the stringent specifications of these markets.
All products offered are developed and made by Videotec, complying with the ONVIF standard protocol. The company maintains complete expertise for all of its products, with total control over mechanics, electronics, positioning, networking, software and firmware. It is a significant competitive advantage in meeting the needs of personalized solutions or integrations with third-party systems.