Camera Ban Due to Zero Cyber Security

 Camera Ban Due to Zero Cyber Security

Since what some experts considered a password-free engineering hack was found between firmware layers in HikVision cameras around 5 years ago, CCTV cameras manufactured in China have been squeezed from Australian federal government contracts, despite the fact no Chinese-made video surveillance camera in Australia (or anywhere else in the world) has been found transmitting video streams to the Chinese Government. 

The US communications regulator singled out tech giants Huawei and ZTE and surveillance camera makers Hikvision and Dahua. Spy chiefs have warned that the US could be vulnerable to economic espionage or digital sabotage.

The UK Government departments have been told to stop installing surveillance cameras made by Chinese companies on "sensitive sites" because of security concerns.

Both the UK and Scottish governments have banned Hikvision plus other PRC providers from certain government usage for national security reasons, in a sea change for UK video surveillance.

The Governor of New Hampshire has banned products from certain PRC companies including Dahua, Hikvision, and TikTok for use on state networks or devices in an executive order.

Security threat accusation is made against the Smart City project. The Mangaluru City Corporation (MCC) has installed Hikvision brand CCTV cameras in the city. This company is of China origin.

The Indian government has restricted PRC manufacturers such as Dahua and Hikvision from bidding on Indian government projects.

At this point, it’s worth noting that almost all professional CCTV cameras are installed on secure subnets supported by dedicated switches, servers, and video management systems, or they are installed standalone on DVR and NVRs. These systems log network actions from authorised users, including camera views, saves, searches and applications of analytics functionality, where this applies.

It goes without saying that no pro-grade network intrusion detection system could fail to alert network engineers to the transmission of big band video signals from secure network ports to an external network location. It would generate an immediate alert, remedial action and public condemnation.

While IP cameras can upgrade firmware automatically over public networks and will undertake handshakes with a manufacturer’s servers, these actions are ubiquitous across network devices of all types and, in the case of CCTV cameras, can be deactivated, with devices either left using original firmware, or upgraded manually.

Typically, network-based electronic security systems are updated manually by security teams managing system maintenance. These Australian security techs are highly integrated with an end user’s security operations team and will respond at a moment’s notice to issues of camera performance, network failure, or network breach.

Further, in compact applications, such as in the suburban high street offices of MPs, 3-4 CCTV cameras are installed in a basic star configuration that revolves around a PoE NVR/DVR supported by a dedicated keyboard, mouse and monitor. They are not connected to local data networks, let alone hooked to out of country servers – unlike a significant number of other manufacturers, neither Hikvision nor Dahua offers VSaaS in Australia.

Typically, the basic turret cameras used in such applications are mid-wide angle, have modest resolutions, fixed lenses, and are installed with an outward-facing angle of view covering front and rear entrances, car spaces and foyers to allow recording of events for police investigation after an incident.

Recordings are undertaken on local hard drives and written over after 30 days. Viewing of footage and event searches can only be undertaken by a person with access control rights to the location, and who is authenticated with a password issued by a nominated system administrator – typically an admin assistant or office manager who works on-site.

These cameras are installed for safety and security, not to ‘spy’ on MPs. Nor are these cameras being ‘found’ by shocked staffers in third-tier government applications, as if the cameras crept in at night and hung themselves onto walls, as some news websites have implied.

These CCTV systems were installed in plain sight by professional Australian security technicians using products supplied and supported by professional Australian security distributors with technical support from suppliers’ local operations, after an official government tender process.

These cameras and related systems were chosen by government decision makers because they offered the best performance for the least cost. This is not an imperative that will change when government agencies next take locations with modest security requirements to tender.

Similar strictures around installation and governance apply to the 11 Hikvision cameras at the Australian War Memorial, which are likely external bullet cameras installed to view choke points and entries, and are entirely governed by local subnet rules and managed and viewed using an over-arching video management system provided by a third party.

This server-based VMS brings together all the cameras across the site onto a video wall for monitoring by a dedicated security team. It’s normal for a major site like the Australian War Memorial to have multiple camera brands and camera types installed for different reasons at different times with different priorities of budget. Expensive upgrades are undertaken in stages.

Milestone has discontinued technology partnerships with "mainland China" companies, including mega-manufacturers Dahua and Hikvision, the company confirmed to IPVM.

Ambarella, a major supplier of AI chips for IP cameras, has stopped selling to Dahua, Ambarella confirmed to IPVM.

Western Digital and Seagate are no longer selling to Dahua due to US semiconductor export controls imposed on Nov 2022, IPVM has confirmed with WD directly and from sources for Seagate.

ADI has stopped relabeling Dahua, a year after the company secretly started selling relabeled Dahua gear as an ADI house product, despite the NDAA ban, human rights sanctions, and the FCC designation of Dahua as a threat to national security.

The most cyber secure IP surveillance camera is Mobotix, however, the Australian government rarely uses this brand, despite its enormous operational flexibility and impeccable cybersecurity credentials. Bosch, Axis and iPro are also highly regarded, and tier 1 offerings from everyone else – including HikVision and Dahua, which put considerable effort into cybersecurity and transparency to correct early issues that impacted all CCTV camera makers – are close behind.

Unsurprisingly in the current geopolitical climate, Chinese CCTV cameras are by far the most examined network devices when it comes to cyber security, and their camera firmware and supporting management solutions are constantly trawled through by experts looking for issues in devices that, despite their ‘surveillance’ function, are static edge sensors, governed by the settings of the network switches and servers that manage them.

It’s impossible to believe the Australian government’s highly qualified cybersecurity experts are not perfectly aware that edge devices, like CCTV cameras, when properly commissioned and installed on well-designed and secure data networks, are impossible to access remotely, and can’t be infected by ‘spyware’ in the way a mis-managed workstation or laptop might be.

Instead, they must be acutely aware the greatest security threats to security systems are posed by errors in network application, a failure to activate camera cybersecurity settings during installation and pre-commissioning, and weaknesses in the physical security around network components. And cybersecurity experts must know such risks apply to every networked device across a department’s topology – phones, switches, wired and wireless routers, laptops, servers, apps – not just to devices offering click-worthy headlines.

In our opinion, given the highly evolved state of cybersecurity in professional CCTV cameras (and intercoms), the possibility edge devices in secure subnets from any camera manufacturer, could suddenly breach network security settings and start operating unilaterally is so vanishingly small that cybersecurity can’t be the problem.

Instead the government’s core issue seems to be one of uncertainty and misunderstanding around a technology that, when properly installed and managed, leaves virtually no room for uncertainty at all.

Ref:
IPVM Portal
Sen network
US, UK web pages

Security Cameras in Medical Collage

 Security Cameras in Medical Collage

CCTV surveillance is now an integral part of the overall security apparatus across the world. The university has a significant responsibility to take appropriate steps to protect personal privacy and civil liberties when it operates security camera systems. When successfully deployed, security camera systems enhance overall campus safety and security, deter crime, and otherwise support the protection of people and property. A security camera is defined as video surveillance technology that records people’s activities in order to detect, deter, prevent, or investigate crime or other threats to public safety.

In a bid to improve the quality of medical education in the country, regulatory body NMC has issued an advisory recommending installation of cameras in the premises of all medical colleges and institutions. This is in continuation of the digital mission mode project being run by the National Medical Commission (NMC) and the erstwhile Medical Council of India to ensure and monitor availability of adequate number of patients teaching faculty and also to monitor regular teaching programs in the medical colleges. This is a step forward towards developing a robust monitoring mechanism and providing for transparency and accountability in functioning of medical colleges, official sources said.

If utilised properly, this would also be a way forward for digitisation of the assessment process for approvals being granted to medical colleges either for enhancement of under graduate courses or starting or enhancement of postgraduate courses, they said. "Use of such technology and artificial intelligence would make assessments and instructions transparent and an ongoing process instead of the current one time process," an official source said.

The most important things they can incorporate on all IP equipment are much more tangible—Trusted Platform Module (TPM) and National Defense Authorization Act (NDAA) compliance. The primary concern should be that the vendor is providing a system that is secure and in compliance with ISO 20243, particularly when it comes to assurances regarding the supply chain. Today more than ever, it is essential that video appliances are held to an IT standard, including TPM and NDAA compliance. The importance of making these properties a top priority has become a standard for end-customer expectations.

But installing a CCTV camera doesn’t mean you’re safe; here is a list of seven things you ought to consider before securing your territory with closed-circuit television cameras:

#1) Deciding how you’ll be monitoring the system

If you decide to monitor your system using the Internet, getting an IP Address for your Digital Video Recorder (DVR) or Network Video Recorder (NVR) will equip it to survey and record easily; an Ethernet cable carries all information via the Ethernet witch.

#2) Determining the number of Closed Circuit Television Cameras required

Depending upon the nature of your requirement and the expanse of the area you want to survey, decide on the number of cameras required to ensure complete security. As per the NMC guidelines, the medical colleges have been advised to install cameras at OPDs (depending upon number of OPDs in the college). The cameras should cover the medicine, surgical, gynaecological, paediatrics and orthopaedics OPDs, the highly-visited OPDs in a medical institution.

#3) Positioning the CCTV cameras

Cameras if visible could caution the trespasser. Thus most people prefer having clandestine cameras to having exposed and evident ones! Contemporary CCTV cameras can be easily hidden from view by being in the most exquisite of crevices and clefts in the wall; these places also offer the advantage of protecting the cameras from extreme weather conditions such as hailstorms, high-speed winds, and rains. One camera needs to be installed at the main entrance of the hospital and college and two cameras at the patient registration counter. All lecture theatres in the medical college should be equipped with cameras.

The pre-anaesthesia area, recovery area in the operation theatre complex, faculty lounge and attendance marking areas, anatomy dissection hall, physiology laboratory, biochemistry UG laboratories, pharmacology laboratory, patient attendant waiting area and emergency and casualty ward need to be equipped with cameras, the NMC stated.

#4) Placing the DVR/NVR

It is paramount to secure the digital video recorder (DVR) or the network video recorder (NVR). If you lose the DVR or the NVR to the trespasser, needless to say, you lose all the money you spent on your CCTV camera along with your stolen valuables! If you place your DVR or NVR centrally, you can minimize your cabling cost and reduce the complexity of your closed-circuit television system.

#5) Deciding on power backup of CCTV Camera

The constant power supply would ensure incessant surveillance. Thus make sure you have both constant power supply and a reliable power backup in case of power cuts to ensure security at all times.

#6) Deciding how you’ll be create Secure Network system

NDAA compliance assures that the video recording appliance does not include System on Chip (SoC) or other components capable of processing software from banned Chinese companies. All servers and workstations use NDAA-compliant chipsets as a standard. Having the NDAA seal of approval guarantees that the product is fully supported under those regulations as federal agencies have banned all non-compliant equipment from RFQ’s and projects. Those companies not adhering to NDAA standards are unable to work with any federal organization via a published blacklist. Business and commercial entities are also following suit, as they have privacy concerns consistent with the federal government as well.

Trusted Platform Module enhances computer privacy and security. Consider it a hardware-level security measurement to protect your video recording device from malicious attacks. Once the TPM module is enabled, that physical chip is now permanently tied to that specific server or workstation and cannot be moved to any other system. TPM-based microchips on system boards offer another layer of hardware and intrusion security.

This software agnostic TPM module is utilized for high-level security file encryption, network security, and password management. These modules are secured by cryptographic algorithms and ensure total system security for the most sensitive data on your video recording system. As a matter of fact, TPM modules are a standard requirement from every video management software manufacturer and independent software vendor in the security marketplace.

#7) Testing the CCTV Camera system

After you’re done with the installation process, it is very important to have a test run. Any problems that you might face with your closed-circuit television system, can be best fixed before it’s too late – a stitch in time, does save nine!

#8) Maintaining the CCTV-cameras

Best practices include cleaning the cameras on a monthly basis to rid them of any dirt, cobwebs. Timely replacement of the cables used is also advised to keep the systems from any potential failures in the most crucial of hours.

#9) "Cameras never lie". But how will one know, unless one 'sees' what the camera 'saw'?

Encourages all medical collage authority of CCTV to audit their own CCTV video footage as a standard operating procedure. Regular auditing of CCTV footage by the public means that the Police/LEA have more 'eyes' working for them through crowdsourced surveillance. This enables the Police/LEA in identifying potential threats and dangerous situations before they occur. Also, in the case of a crime, if a standardized incident report is delivered to the Police/LEA by the affected party in PowerPoint carrying the entire story (what, where, when, why, who, how, and the video clip), crime will get solved faster.

The aim is to bring the colleges under the National Medical Commission’s surveillance, protect doctors from any attack during duty hours. There are a lot of brands in the market selling closed-circuit television cameras. The best brands include Infinova, Hanwha Techwin, Avigillon, Pelco, Axis, NUUO, Milestone and GVD etc Solution for reliable CCTV cameras. To get free consultation contact us.

সুষ্ঠ প্রশাসন ও রোগীস্বার্থকে সামনে রেখে মেডিক্যাল কলেজগুলির দৈনন্দিন কাজে সরাসরি নজরদারি চালাতে উদ্যোগী ন্যাশনাল মেডিক্যাল কমিশন। আর এই জন্য দেশের সব মেডিক্যাল কলেজের মূল প্রবেশদ্বার-সহ ২৫টি স্থানে সিসিটিভি বসানোর ফরমান জারি করল কমিশন। কমিশনের এই সিদ্ধান্তকে বেনজির বলেই মনে করে শিক্ষক-চিকিৎসকদের বড় অংশ। দেশের সব সরকারি ও বেসরকারি মেডিক্যাল কলেজ ও হাসপাতালে সিসিটিভি (CCTV) বসানোর নির্দেশ জারি করা হল। আর এই নির্দেশকে ঘিরে চিকিৎসকদের মধ্যে শুরু হয়েছে বিতর্ক। ন্যাশনাল মেডিক্যাল কমিশনের (The National Medical Commission) তরফে একটি অ্যাডভাইজারি করে দেশের সব রাজ্য সরকারকে মেডিক্যাল কলেজ ও হাসপাতালের মূল প্রবেশদ্বার-সহ রোগীর নাম নথিভুক্ত করার কাউন্টার, আউটডোর এমনকী প্রতিটি ফ্যাকাল্টির শিক্ষক, চিকিৎসকগণ যে জায়গায় দৈনিক উপস্থিতি স্বাক্ষর করেন সেই জায়গাতেও সিসিটিভি বসাতে প্রস্তাব দেওয়া হয়েছে। জাতীয় মেডিক্যাল কমিশনের আদেশনামায় একটি মেডিক্যাল কলেজের অন্তত ২৫টি স্থানকে নির্ধারিত করা হয়েছে যেখানে সিসিটিভি বসাতে হবে। ক্যামেরা IP সম্বলিত ও 4K মাত্রার বিশ্লেষণ যোগ্য সংরক্ষক যন্ত্র সাথে 4K  মাত্রার বিশ্লেষণ যোগ্য প্রদর্শিত  মাধ্যম ব্যবহার করা। 

যেসব স্থানকে সিসিটিভি বসানোর জন্য চিহ্নিত করা হয়েছে তার মধ্যে উল্লেখযোগ্য হল : মেডিসিন, শল্য চিকিৎসা, স্ত্রী ও শিশুরোগ এবং অস্থিরোগের আউটডোর। ২) রোগীর অ্যানাস্থেশিয়া ও জ্ঞান ফিরিয়ে আনার এলাকা। ৩) প্রতিটি বিভাগের ফ্যাকাল্টি লাউঞ্জ এবং উপস্থিতি এলাকা। ৫) লেকচার থিয়েটার। ৬) মেডিক্যাল পড়ুয়াদের অ্যানাটমি ডিসেকশন হল। ৭) ফিজিওলজি, বায়োকেমিস্ট্রি ল্যাবরেটরি। ৮) প্যাথলজি ও মাইক্রোবায়োলজি ল্যাবরেটরি। ৯) ফার্মাকোলজি ল্যাবরেটরি। ১০) রোগীর অপেক্ষার স্থান। ১১) জরুরি ও ক্যাজুয়ালটি ওয়ার্ড।

ন্যাশনাল মেডিক্যাল কমিশনের চেয়ারম্যান ডা, সুরেশচন্দ্র শর্মা তাঁর প্রস্তাবে নির্দিষ্ট করে জানিয়েছেন, সিসিটিভিগুলি যেন ডিভিআর ও উচ্চক্ষমতার নেটওয়ার্ক যুক্ত হয়। সাংসদ তথা চিকিৎসক সংগঠন আইএমএ’র তরফে শান্তনু সেন বলেন, ‘‘কিছু অসাধু রয়েছেন। তাঁদের নিয়ন্ত্রণ করতে কমিশনের এই পদক্ষেপ।’’ জাতীয় মেডিক্যাল কমিশনের এই প্রস্তাবে চিকিৎসক-অধ্যাপকদের একাংশ যেমন অসন্তোষ প্রকাশ করেছে তেমনই আরেকাংশ বলছে, এই নিয়ম আগেই ছিল। কলকাতা মেডিক্যাল কলেজের অধ্যক্ষ ডা. রঘুনাথ মিশ্র বিষয়টিকে গুরুত্ব দিতে নারাজ। তাঁর কথায়, কলেজ বা হাসপাতালের কোনও জায়গা সিসিটিভিতে দেখতে না পেলে মাঝে মধ্যে ফোন করে।

মেডিক্যাল কলেজগুলির দৈনন্দিন কাজে সরাসরি নজরদারি চালাতে উদ্যোগী ন্যাশনাল মেডিক্যাল কমিশন। দেশের সব মেডিক্যাল কলেজের মূল প্রবেশদ্বার-সহ ২৫টি স্থানে সিসিটিভি বসানোর ফরমান জারি করল কমিশন যেটা খুব ভালো প্রস্তাব, কিন্তু পাশাপাশি ক্যামেরা চলছে কিনা এবং তা ঠিকমতো সংরক্ষিত হচ্ছেকিনা তা দেখার জন্য প্রতিদিন ভিডিও চিত্র নিরিক্ষণ করা উচিত। IP ক্যামেরা বর্তনীতে যেন এই ভিডিও প্রতিলিপি সুরক্ষিত থাকে সেবিষয়ে নজর রাখতে সেই ধরণের IP ক্যামেরা DVR / NVR  বসানো উচিত। আপনাকে দেখতে হবে সেই IP দ্রব্যটি যেন NDAA অনুমোদিত হয়।  

SSA Integrate by Arindam Bhadra

SSA Integrate by Arindam Bhadra

Security Safety Automation Integration is indicate SSA Integrate. Main key person of SSA Integrate is Mr. Arindam Bhadra. Mr. Arindam has 14 years of experience in Electronic Security Safety & Automation. Managing different type of Customers when he work in G4S, Siemens, Gunnebo, Diebold. As you know my article publish by “safe secure magazine” every month.

We offer technology that best suits your needs. Our open architecture facilitates integration with multi-vendor subsystems. You have the freedom to choose working arrangements and get maximum value from your investment. This reduces life cycle and operating costs. We observe customer suffer to get after sales service from installer due to once payment has cleared integrator neither looking back nor provide warranty service. We dedicated for Services like, Rectification, Commissioning, AMCs, Security Consultancy, Training, Audit....etc. SSA Integrate is Partnership Company. MSME Registered.

Below we share details about Mr. Arindam Bhadra or SSA Integrate.

I have very good experience in Project Design, Commissioning & rectification of

•     CCTV Surveillance,
•     Fire Detection & Alarm System - FDA,
•     Access Control System / Attendance System,
•     Public Address System - PAS,
•     Intrusion Alarm System,
•     Entrance Control ( Boom barrier, Flap barrier, Tripod turnstile, Bollard, Tyre Killer..etc),
•     Building Management System - BMS / BAS
•     System Integration

Our Head Office based on Kolkata, We deliver service support from Kolkata to other place.

We now look forward for receiving your valued enquiries and your kind support towards me or my organization and hope to establish a healthy business relationship with you.