Layered Approach
IoT is used to create smart homes, buildings and numerous other end points
By Jeff Whitney
The security department has long held responsibility for the physical protection of assets, infrastructure and people. The operation and protection of electronic data systems has been the responsibility of the IT de- partment. Today, we increasingly see the blurring of these lines with the movement of surveillance, access control, life safety and other physical security systems onto IP-based network technology.
The IT approach to layered security for systems, infrastructure and data is increasingly impacting the security department, and with good reason. Recent cyberattacks have revealed vulnerabilities be- yond traditional IT systems and infrastructure, uncovering the po- tential threat of attack on and through a wider range of network connected devices. The Internet of Things (IoT) is rapidly growing as network connectivity blurs the line between computing devices, appliances, vehicles and industrial equipment. IoT is used to create smart homes and buildings, network enabled appliances, aircraft, automobiles, ships and trains. It is found across every market seg- ment. While consumers and industry professionals are excited about the benefits, cybersecurity experts increasingly warn about the vul- nerabilities that IoT introduces to traditionally secure infrastructure.
Many manufacturers of surveillance cameras, access control and other security systems have considered their products to be edge de- vices, relying on the IT department to provide network protection in limiting access only to those authorized to do so. This view is chang-
ing as more manufacturers and their customers understand that any device connected to the network requires basic cybersecurity protec- tion in the current threat environment.
Akamai, a vendor of content delivery network services, detailed in its Q3 2015 State of the Internet Security Report a 180 percent year- over-year increase from 2014 to 2015 in Distributed Denial of Service (DDoS) attacks. Other sources agree that attacks are dramatically increasing. Verisign, a Virginia-based infrastructure and security com- pany, reported in the Verisign Distributed Denial of Service Trends Report for the 2nd quarter of 2016 that that the frequency of DDoS cyberattacks increased by 75 percent from the same period a year be- fore. Industry analyst Gartner estimated in a 2014 press release that by 2020 more than 25 percent of identified attacks on enterprises will involve IoT network devices.
Security systems are not immune. The September 2016 attack on Krebsecurity.com and France-based Internet hosting firm OHV was executed using over 140,000 network cameras and DVRs. The devices were transformed into robotic attackers or “bots” by an infection of the Mirai malware.
The Washington Post reported that 70 percent of the video cam- eras across the U.S. capital were infected with ransomware. 123 of 187 NVRs had their data encrypted by the infection in the days prior to the Trump Presidential Inauguration in January 2017. Other net- work-enabled cameras and DVRs have been reported in the media to secretly connect to sites in China. Data, video and images have
20
0517 | SECURITY TODAY
NETWORK CAMERA SOLUTIONS
chombosan/Shutterstock.com