A Balancing Act Cybersecurity takes a look at availability and protection
BEy Jonathan Lewit
nergy security, access to the electrical grid and police and fire safety are just a handful of the networked ser- vices that we take for granted and rely upon on a daily basis. Every second of every day, sensors are digitizing the real world, creating information and transporting
it across multiple networks and interfaces to a broadening audience. While there is obvious utility being gleaned from this process, from our vantage point here in the physical security space, informa- tion sharing and transmission raises issues we have to consider: what happens to this information inside those organizations, and what risks are presented by increasing the communication in and out of
these organizations in the name of utility?
In a world where convenience and anytime availability can make
or break a business, information availability and always-on connec- tivity are here to stay. Much as the Industrial Revolution brought key innovations and new challenges, this new Information Revolution is shaking up the accepted paradigms. The explosion of demand for mobile access to information and increased opportunities for inter- connectivity are a fact of life, both at home and for business. We can use security information to answer questions such as: How efficient are your delivery routes? What cameras saw the guy with the red shirt? Is that the UPS delivery man at the door?
WWW.SECURITYTODAY.COM 23
High-risk Organization
Interconnectivity and high data availability also represent high risk for organizations that are concerned about threats to their informa- tion security. A hunger for more information upon which to base decisions and actions is driving the proliferation of big data, video analytics, cloud storage and Internet of Things deployments, while ratcheting up our risk profiles and the potential for cyber-attack.
ONVIF’s mission is to establish a common communication in- terface for all security devices and clients, across security disciplines, systems and vendors. While ONVIF does not set security policy, what many people don’t realize is that industry proven cybersecu- rity measures can be included in the common interface established by ONVIF. Among these are Certificate Based Client Authentication, Keystores and TLS Servers. There are also best practices that can be encouraged, such as forcing a default password change or out of the box hardening. ONVIF and other standards groups can help ensure and deploy real-time security by including these established cyber se- curity measures in their Profiles and standards.
The establishment of a common interface by ONVIF and other standards organizations helps to bring awareness about the capabili- ties of standards in this area and enables manufacturing companies to invest once in this approach rather than continually developing
INTERNET OF THINGS
Panchenko Vladimir/Shutterstock.com