Showing posts with label IoT. Show all posts
Showing posts with label IoT. Show all posts

Wednesday, January 1, 2020

Security Industry Predictions for 2020

Security Industry Predictions for 2020

Wishing you a very Happy New Year.

Some trends observed by the security and surveillance sector are Artificial Intelligence, Cloud Computing, Cybersecurity, Sensor, integration.


According to annual reports from the Ministry of Electronics and Information Technology. In 2016-17, while the reported incidents stood at 35,418, in 2017-18 there were 69,539 incidents, rising to 274,465 in 2018-19. India reported slightly more than 313,000 cybersecurity incidents in the ten months to October.  The country is plagued with weak e-infrastructure and is not capable of meeting the needs of a growing economy and its population. Corporate growth and investments can be hampered if the government fails to close the e-infrastructure deficit. E-Infrastructure. E-Infrastructure comprises tools, facilities and resources that are needed for advanced collaboration and includes the integration of various technologies such as the Internet, computing power, bandwidth provisioning, data storage etc.
Some trends observed in the security and surveillance sector are Artificial Intelligence, Cloud Computing, Cybersecurity and integration. Intellectual property (IP)-based surveillance technology, touted as the future of surveillance systems, has replaced closed-circuit analogue systems. Some trends like sensors, biometrics, real-time connectivity, advanced processing software and analytics have also propelled the industry growth. Some of these trends have enhanced the efficacy of security systems, whereas others have the potential of having adverse impacts.

Common prediction themes across vendors include the 2020 elections in the U.S., more targeted ransomware, more ways to attack the cloud, and an explosion of problems with deepfake technology.

Cybersecurity
There’s disagreement on the most important cyber threats to focus on as we head into 2020, even though everyone agrees that cybersecurity is more important than ever before. Cyber-attacks of all kinds have become, and will continue to be, a major threat, making this one of the most important initiatives that today’s businesses embrace. From a manufacturer’s perspective, building cybersecurity into the product from its inception is critical, with integrators beginning to demand this level of consideration from the products they sell. As a result of a rise in the convergence of IT applications alongside security investments, end users are now seeking out solutions designed with data security top-of-mind. As HikVision, Dahua named Chinese product already ban in various sector globally including under umbrella brand. All network connected devices such as DVRs/NVRs, servers, IP cameras, access controllers, intrusion alarms, smart sensors, are vulnerable, which is why this added step in developing cybersecurity protocols and applying them across the organization is critical.

Internet of Things (IoT)
The Internet of Things (IoT) has been a major trend for the past few years in many industries, and this will continue as we integrate sensors of all kinds into the network. The collection and analysis of the data collected by these sensors is giving rise to a plethora of applications such as industrial applications, intelligent building management, event management, and much more. The physical security industry benefits by having additional intelligence for situational awareness and emergency management, as well as opportunities to provide additional value-added services and business insights. Being deployed in an increasing number of scenarios and with continued improvements in computing capabilities, video has the opportunity to become the eye of IoT.

AI-Enabled Devices
For 2020, AI does show up again in a number of new ways — with several specific warnings for those who fail to use AI to counter bad actors who will be using it. Software manufacturers are looking toward artificial intelligence to help propel advanced analytics in an effort to deliver more situational awareness to operators, and an increased ability to proactively assess threats or anomalies. While video and data analytic capabilities have been around for quite some time, some would argue they were rudimentary in comparison to software that uses AI to make existing applications such as facial recognition much more accurate, and to create new ways to detect anomalies. In addition, AI continues to be used to make sense of the large amounts of data that are being generated by intelligent sensors and by analyzing the growing amount of video.
Businesses and other organisations could face multimillion-pound fines if they are unable to explain decisions made by artificial intelligence, under plans put forward by the UK’s data watchdog in Nov 2019. The Information Commissioner’s Office (ICO) said its new guidance was vital because the UK is at a tipping point. where many firms are using AI to inform decisions for the first time. This could include human resources departments using machine learning to shortlist job applicants based on analysis of their CVs. The regulator says it is the first in the world to put forward rules on explaining choices taken by AI.

Are we still talking about robots as a threat to jobs? According to Google Trends data, automation remains a controversial topic. “Are robots taking over jobs” is peaking at a similar search volume as ten years ago — but a new concept is changing the role of automation in the workplace.  Augmented intelligence is one of the few technologies named on the Gartner Hype Cycle for Emerging Technologies, 2019 that are predicted to reach expectations, over the next two-to-five years. In contrast to artificial intelligence (AI), augmented intelligence emphasises collaborations between AI and human workers. It’s designed to enhance human skills and allow them to work faster and more efficiently, rather than replace them.
In contrast to artificial intelligence (AI), augmented intelligence emphasises collaborations between AI and human workers. It’s designed to enhance human skills and allow them to work faster and more efficiently, rather than replace them. That said, while advanced AI can fix some issues automatically, the process is not always devoid of human intervention. Other issues, such as emergency maintenance of a machine, will always require human involvement at some stage. AI can provide the alert, but it can’t always do the work.


Cloud and Mobile Capabilities

Mobility is critical for physical security and is emerging through the development and use of cloud-based services, as well as the ability to access security devices through a smart phone or Web-based browser. That’s why there’s been such an influx of mobile apps created to manage cameras, receive automatic alerts for the most diverse event, and giving users the ability to grant or restrict access to a facility. All of this demonstrates the world’s demand for mobility, connectivity and ease-of-use.
I believe there will be a data breach to end all data breaches, and it will happen in the cloud and affect billions of users. Chances are it will happen to a hybrid cloud that will lead the hackers down a rabbit hole that will gain them access to multiple cloud entities. This breach will cause a fundamental shift in how cloud providers handle security; look for serious changes to the authentication process of cloud providers by the end of the year.

5G Connectivity
2020 is the year 5G goes mainstream. It’s safe to say that 5G will revolutionize the way people stay connected to the internet. Extra speed, extra bandwidth are going to make our mobile devices faster, more powerful and hyperconnected, with the same thing happening to IoT connected devices such as cameras. This is going completely change the way we think about smart cities: More powerful IP devices connected to one another, powered by AI, will have a massive impact on the way we move, shop and live in urban areas. In 2020, 5G is likely to start becoming a reality in India with its spectrum allocation taking place in the coming months. This will enable telcos and equipment makers to conduct full-fledged trials. Smartphone makers such as as OnePlus and Realme have also announced their plans to bring 5G phones to the country next year to set the pitch for new networks.
2020 will be the year when we would see 5G emerging as a household network technology in many markets around the globe. Australia, Argentina, Canada, and Japan are amongst the key countries where the next-generation wireless technology is set to debut in the coming months.


Drones Open up New Pathway for Intelligence Gathering
To date, the security concern around drones has mostly been focused on the physical damage nefarious actors, including nation states, could perpetrate. In 2020, we could start seeing attackers focus more on what drones know and how that information can be exploited for intelligence gathering, corporate espionage and more.
Military usage of drones or RPAS (Remotely Piloted Aerial Systems) has become the primary use in today's world. Used as target decoys, for combat missions, research and development, and for supervision, drones have been part and parcel of military forces worldwide. 


Video — Everywhere
Video is the cornerstone of security, providing both real-time and forensic coverage for emerging threats and incidents, which is why it’s one of the fastest growing segments of the marketplace. The use of video for traditional applications in new markets, as well as for use in newer applications that are not necessary security related is poised to see the most movement. In some industries such as oil and gas, there is a trend towards extending video coverage into extremely harsh and hazardous environments, so manufacturers are challenged to develop appropriately certified equipment to meet a more stringent demand. Manufacturing facilities such as food processing plants are also increasing their use of video for training and compliance purposes to prevent incidents such as food recalls that can be extremely costly for the business. Huge number Video footage destroy without viewing what camera saw. in this 2020 video auditing will start journey. In order to mitigate occupational safety and health issues, several organizations employ various safety and security measures to address the same, one of them being CCTV/video surveillance systems. CCTV/video surveillance systems are highly effective at visually identifying several risks connected with unsafe behaviours of the workforce and the critical conditions of the working environment.
‘Auditing’ means 'seeing' what the cameras 'saw'. CCTV video footage should be audited daily; several times a day if need be. Depending on the requirements, auditing of CCTV footage of critical cameras on a daily basis must become an SOP. Auditing will help relevant stakeholders to ‘discover’ the 'unknown'. Auditing as an activity may be manual, it may be post-facto, but it is a very dedicated and systematic process, which helps address some of the challenges of live monitoring (video blindness, poor attention span, boredom, bias, fatigue etc.), as well as the challenges related to alert-based systems (how often has one faced false alerts, or what is called the ‘cry-wolf’ effect). Auditing will help discover issues as mentioned above as well as in identifying and analysing threats and hazards (THIRA/HIRA) of various kinds. Auditing CCTV video footage will also be extremely helpful in waste reduction and following the 5S philosophy, i.e. sort, set, shine, standardize and sustain (all part of Six Sigma practices). It’s an exciting time to be a part of the security market, as we’re really just beginning to see that, when it comes to technology advancements, the sky is the limit. I would argue at the core of these innovations is the video data being collected, and as we work to build technologies that can harness the power of these applications, we will continue to be at the forefront of this movement toward greater intelligence and business insights.

The Indian security market is experiencing unprecedented boom due to huge demand. The growing awareness in the retail and enterprise segment is giving security solutions a cult status. A new phase of the consolidation process is on in the Indian security market.

Tuesday, August 13, 2019

Cyber threat into Video Surveillance

Cyber threat into Video Surveillance
Yes we all are known US ban HikVision, Dahua and IPVM media cover full story time by time. Security systems are changing at an ever-increasing pace and are making more use of standard Information Technology (IT) products running over a Local Area Network (LAN) or Wide Area Network (WAN) e.g. across the Internet, where they can be remotely monitored and controlled. As a result of using Internet Protocol (IP), the opportunity has arisen for manufacturers to develop new generations of equipment from control panels, cameras, and door controllers, to fully integrated systems combining fire, access control, CCTV, intruder and building control systems. These “integrated” systems are often called security management systems as they bring together the management of all aspects of an organization’s security.
Closed-circuit television (CCTV) is a TV system in which signals are not publicly distributed, but are monitored, primarily for surveillance and security purposes. CCTV systems rely on strategic placement of cameras and observation of the camera’s input on monitors. As the cameras communicate with monitors and/or video recorders across private coaxial cable runs, or wireless communication links, they gain the designation “closed-circuit” to indicate that access to their content is limited to only those with authorisation to see it. First we need to understand below few things:

What is a network?

In simple terms, a network provides a means of communicating data between two or more computer-like devices. A network can be a LAN and can incorporate a Wireless element of networking (WLAN). Where the network has the need to communicate outside of a single LAN, a WAN is used. A WAN can connect LANs together to communicate with users and computers in other locations. The most well-known example of a WAN is the Internet.
Why use an IP network?
Traditionally, many security systems have been linked to remote monitoring centres using modem type devices connected to a telephone line to exchange information. Using a network introduces many benefits, for example a substantial financial saving compared to dial up solutions. Additionally, the use of a network can improve quality of information and the time required to connect and exchange information.

Digital formats are being chosen by many industries such as music, telephone (voice over IP networks), TV, photography etc. With so many industries making use of IP technology, networks have become extremely robust. As a result, the use of a network can make the exchange of information between a security system and a remote monitoring centre more efficient.
Internet Service Provider (ISP)
The connection between your premises and the monitoring location may use an ISP to provide the service. When choosing an ISP, you should endeavour to establish the level of service being offered. Additionally, it may be prudent to have a second ISP link. The connection between your premises and the ISP is perhaps the weaker link so if you do have concerns, you should investigate an alternate means of communication from your premises into the ISP, i.e. GPRS, GSM (mobile service providers).

Bandwidth
Bandwidth requirements (space on your network to operate) should be discussed with your IT manager. The bandwidth required to operate a CCTV system may be considerable. Your security system provider will be able to advise you on the bandwidth requirements. As a general guide, CCTV systems require considerable bandwidth to send video images over a network whereas access control, intruder alarm systems and visitor management systems that only send small amounts of data, do not require much bandwidth.

Company usage policies
You will also need to consider company policies relating to “what is allowed” to use an existing network. If the nature of your business dictates that the network shall only be used for specific applications, then this may immediately determine that a separate network must be installed for the security system.

Now SSA Integrate company Integrating existing security with IP security solutions. As now common backbone are under TCP/IP. The network of connected sensors, devices, and appliances commonly referred to as the Internet of Things (IoT) has completely changed the way business works. This is as
true of the heavy hauling and freight industry as any other. At any moment, various players in the industry can get a sense of vehicle health, cargo safety, and whether or not any infrastructure is in need of repair.
Some products allow a mixture of analogue and digital security equipment to be combined, and this means that there is not always a need to move completely to an IP based system if an existing security system is in place.
The ‘hybrid’ approach is more common where two or more security sub systems are combined to create an integrated solution. The data in a hybrid system will usually come together at one or more PC’s. Non-IP systems are often connected to a PC using a serial port, whereas IP systems will be connected over the network.

A cyber-attack at targeted points in a country or region’s network could leave it crippled, preventing people from receiving much-needed goods and services. Fortunately, it doesn’t have to be that way.
Now cyberattacks on CCTV systems making news headlines on a weekly basis of late, there is a good deal of concern and uncertainty about how at risk these systems are, as well as why they are being attacked.
In October 2016, 600,000 internet connected cameras, DVR’s, routers and other IoT devices were compromised and used to for a massive Bot Net to launch what was the largest Denial Of Service (DOS) attack the internet had experienced to date.
In 2014, a US ally observed a malicious actor attacking the US State Department computer systems. In response the NSA traced the attacker’s source and infiltrated their computer systems gaining access to their CCTV cameras from where they were able to observe the hackers’ comings and goings.

In the lead up to the 2017 US Presidential inauguration, 65 per cent of the recording servers for the city of Washington CCTV system were infected with ransomware. How did the attack take place? Whilst unknown, it most likely occurred by the same means as other common PC hacks such as infected USB keys, malicious web sites, or phishing attacks.
What was the impact? The system administrators had to wipe the infected systems and reinstall the video management system so it’s entirely possible a good deal of footage was lost, and the system was rendered inoperable for a time.
May, 2018, over 60 Canon cameras in Japan were hacked with “I’m Hacked. bye2” appearing in the camera display text. How did the attack take place? Simple. IP cameras were connected to the internet and were left on default credentials. It appears that the hackers logged into the cameras and changed the on-screen display. What was the impact? Other the defacement of the camera displays and some reputational damage, there doesn’t seem to have been much impact from these attacks.

How did the attack take place? Yet again, devices were left connected to the internet and were left on default credentials. In this case, the attackers developed software that scoured the internet searching for vulnerable devices, which they then took control using their own malicious software.

What lessons can we learn from these attacks?
Don’t connect your devices directly to the Internet. If you need to have a camera or CCTV system be remotely accessible, port forwarding all inbound traffic to your system is just asking to be attacked. Use a VPN, use non-standard network ports, enable 2 factor authentications, or use a remote access service. While these measures won’t guarantee your security, they will certainly make you less of a target for attackers that are scouring the internet for vulnerable systems.
Just because it connects to a bunch of cameras, doesn’t mean that your NVR isn’t a computer. All the cyber security advice that is applicable to traditional IT is just as applicable when said computer is used as part of a CCTV system.

On Aug 13, 2018, The US President has signed the 2019 NDAA into law, banning the use of Dahua and HikVision (and their OEMs) for the US government, for US government-funded contracts and possibly for 'critical infrastructure' and 'national Security’ usage.
US government is effectively blacklisting Dahua and HikVision products, this will have a severe branding and consequentially purchasing impact. Many buyers will be concerned about:
·         What security risks those products pose for them
·         What problems might occur if they want to integrate with public / government systems
·         What future legislation at the state or local level might ban usage of such systems

On Jun 06, 2019 Hanwha Techwin is dropping Huawei Hisilicon from all of their products. Its belongs to China’s origin. Backdoor entry are open on product.

The tightening noose around Chinese technology firms is driven by the Trump administration’s view that China poses an economic, technological and political threat, a stance that country is likely to retaliate against. The two companies prompted concern that they could be employed in espionage, according to people familiar with the matter. Last week, the administration banned Huawei Technologies Co. from purchasing American technology amid similar suspicions of spying capabilities and Chinese laws that could require home-grown firms to hand over information if asked.

Hikvision, which is controlled by the Chinese government and Dahua are leaders in the market for surveillance technology, with cameras that can produce sharp, full-color images in fog and near-total darkness. They also use artificial intelligence to power 3D people-counting cameras and facial recognition systems on a vast scale.

A Chinese firm whose subsidiary has been shortlisted to supply security cameras for the national capital is on a US watch list, with an advisory on threats, including remote hacking and potential backdoor access. 


Concerns have also been raised on the firm being owned by the Chinese government, adding a twist to the controversy over a Delhi government project to install 1.5 lakh CCTV cameras across the city.  Now question is how you Prevent Malware Attacks:
1.   Manage your router: Earlier this year, the FBI recommended that everyone reboot all home routers and small office routers. In a previous blog on the subject, Davis stated that “rebooting will disable the active malware called “VPN Filter" which has infected hundreds of thousands of routers across the Internet, and it will help the FBI assess the extent of the infection.” While this was an isolated incident in time,
2.   Disable UPNP: UPNP will automatically try to forward ports in your router or modem. Normally this would be a good thing. However, if your system automatically forwards the ports, and you leave the credentials defaulted, you may end up with unwanted visitors.
3.   Disable P2P: P2P is used to remotely access a system via a serial number. The possibility of someone hacking into your system using P2P is highly unlikely because the system’s user name, password, and serial number are also required.
4.   Disable SNMP if you are not using it. If you are using SNMP, you should do so temporarily, for tracing and testing purposes only.
5.   Disable Multicast: Multicast is used to share video streams between two recorders. Currently there are no known issues involving Multicast, but if you are not using this feature, you should disable it.
6.   Cameras connected to the POE ports on the back of an NVR are isolated from the outside world and cannot be accessed directly.
7.   Only forward the HTTP and TCP ports that you need to use. Do not forward a huge range of numbers to the device. Do not DMZ the device's IP address.
8.   Protect your computer from vulnerabilities: Clean up your computer by removing old software programs no longer in use, and make sure to install patches regularly. Updating firmware safeguards equipment by patching known vulnerabilities often adds features and sometimes will improve system performance.
9.   Use firewalls and firebreaks (network segmentation): Place devices behind firewalls to protect them from untrusted networks, such as the Internet. And, use network segmentation—splitting a network into separate networks that are isolated, not connected—so a compromise in one part of the network won’t compromise the other (i.e. human resources and finance). This works much like a firebreak, which is a strip of land in a wooded area or forest where the trees have been removed to prevent a fire from spreading.
10. The network your NVR and IP camera resides on should not be the same network as your public computer network. This will prevent any visitors or unwanted guests from getting access to the same network the security system needs in order to function properly.


Some Protection Protocols:

Cyber security procedures for video surveillance devices across the threat spectrum require certain protection protocols.

Weaponizing IP Cameras (Threat High)

Most IP cameras today are manufactured with an open operating system, or basic kernel, that gives no real consideration to data or cybersecurity. For years, people have asked about the security of the video that their system produces; now, people are asking if their IP camera system can be used against them.
Think of an IT administrator who has worked diligently to secure a network, servers and mobile devices who then finds out that the 200 recently installed IP cameras on the edge of that network that are vulnerable to root kits, can be weaponized and used as attack platforms against their own network – and there is no way to monitor them.

This may seem far-fetched, but in Sept. 2016, 1.5 million IP cameras, DVRs and L3 network devices were highjacked in the largest DDOS attack ever seen. So what are the current fundamental considerations that an organization needs to take into consideration before placing an IP camera on their network? 

Protection Protocol:

·         The operating system (OS) on a video device should be a closed OS that runs in limited memory space.
·         Nothing should be able to be written to the device itself with the exception of digitally signed firmware. If the device has the ability to run third-party apps, it can be weaponized.
·         Common ports should be disabled by default. From a vulnerability and pen testing perspective, the more ports that are open, the more opportunity there is to leverage a device or the services on that device.
·         Video devices should utilize HSTS/ HTTP Strict Transport Security if you are going to implement end-to-end security. This protocol helps protect against protocol downgrade attacks, cookie high jacking, as well as forces an HTTPS connection to the device.
·         Consider devices with a built-in “firewall” to prevent dictionary attacks from Botnets.
·         Monitor user accounts and access to the video devices. Most IP cameras are installed with the default user name and password, and if installed on an accessible network, a connection can be established from anywhere in the world. Devices should have a force password feature that also adheres to password policies, such as length and complexity.
·         Monitor a device’s chain of custody. The vendor should have a secure chain of custody during a manufacturing process all the way through to the final sale. If they are not manufactured in a controlled environment, video devices can be tampered with at any time prior to being sold to the customer

Attacking Servers and NVRs (Threat High)

Most VMS servers and NVRs reside on either a Windows operating system or some flavor of Linux. There is an illusion of security that most of us have with regards to OS security, but just take a look at an OS vulnerability chart and that illusion will quickly disappear.
A base unpatched Windows Server 2012 OS has 36 vulnerabilities; a standard Linux distribution has 119. Most vulnerability that machines are subject to are a result of “add-ons” – such as Internet Explorer (242) and Chrome (124). While Windows Server is a more secure platform, it is also a bigger target due to its market share and utilization.

Protection Protocol:

·         As with any machine on a network, it is imperative that the most current updates and patches are applied to video system devices.
·         Ensure a VMS can work within your network policies and environment while a network firewall and anti-virus software are operational.
·         Use hardened password policies, restricted physical and network access, and disable USB ports.

Recorded Video (Data at Rest-Threat Medium)

The two primary purposes of any video system are to act as a deterrent and to be used as admissible evidence in a court of law, if needed. Technically, digital video falls under the scrutiny of the Federal Rules of Evidence (FRE) as it pertains to digital evidence, and authenticity affects admissibility.

Most NVR systems write video in a base file format such as *.AVI,*.G64, *.MKV. If the video drives are accessible via network share, they are subject to tampering.

Protection Protocol:
·         Video, if written in a readable format, should be encrypted to reduce accessibility and the possibility of tampering.
·         Video devices should use some form of hashing as a form of authenticity. Hashing provides the “Data Fixity” of a file and is a form of admissible evidence. Older forms of authenticity, such as water marking can be considered video tampering.
·         The VMS should also provide a way to protect original incident video for any undefined time beyond the system’s retention time in case of prolonged court cases.  

Playback and Export (Data in Use-Threat Medium)
The current biggest threat to recorded video is internal employees posting incident video footage to social media or leaking it to the press. The need to keep recorded video secure is paramount for many reasons. Unrestricted access to recorded video can cause several different types of issues, including legal and HR incidents. 

Protection Protocol:
·         Be sure your VMS provides granular privileges concerning the export, deletion and protection of recorded video.

Streaming Video (Data in Motion-Threat Low)
While the actual threat of streaming video being intercepted and used in some way is low, the knowledge that the data from a specific IP address is video can be used against you. From the aspect of network enumeration, an attacker now knows he has non-PC target(s) that he can try to leverage.

Protection Protocol:
·         Video devices should be able to utilize HTTPS communications, with certificates. This ensures secure end-to-end communications including control channels and video payload.
·         Video devices should be equipped with a Trusted Platform Module (TPM) to securely store certificates utilized in different secure network scenarios such as 802.1x  and Public Key Infrastructure (PKI).
·         Your video devices should have features that provide the ability to disable certain protocols such as ICMP, Telnet, and FTP.

Few Current Development:





3. IPVM Report