The security of security is our top priority in the IoT era
With data protection laws being tightened and internet of things hacks proliferating, physical security vendors are talking a lot more about cybersecurity than they used to. For Genetec, whose systems are popular in the enterprise space and installed in 70% of airports in the Middle East, safeguarding systems against cyberattack is a particularly urgent priority. We spoke to Simon Cook, sales engineering manager EMEA and APAC, about the company s defining mantra: the security of security.
Genetec has just been confirmed as sponsor for Borders & Infastructure Expo, which debuts at IFSEC 2017 in June. IFSEC Global: Why is cybersecurity such a big priority for Genetec right now? Simon Cook: The security of security should be high on every physical security professional s priority list. A large part of this is the recent growth in DoS, or denial-of-service, attacks that took place last year, targeting internet of things devices from cameras to campus vending machines. But these things aren t new; DoS attacks have been happening since the start of the internet and cybercrime. The 21 st Century has been characterised by a large growth in the IoT. This is great for business efficiency and personal communication, but the more devices that come online, the more vulnerabilities there are for cybercriminals to exploit, especially seeing as pretty much everything can be connected to the internet these days even fridges! What we want to do is be sure that whatever is connected to our solutions via our customers networks is pure , or safe It s pretty terrifying when you think about the potential of DoS attacks, which is only growing with the number of connected devices. Think about it: when you get 1.5 million devices generating over 600-odd gig of traffic, aimed at a handful of organisations, the result is going to be quite a serious attack.
The world that Genetec operates in seems, on the surface, to be largely physical as we deal with CCTV, access control and automatic number plate recognition (ANPR) to name a few. But, it s important to recognise, which we do, that crime is moving away from the physical world and into the cyber. This is why the surveillance market should be thinking more carefully about security from a cyber threat angle, rather than purely from the physical. (Check out the latest solutions from Genetec at IFSEC International, 20-22 June 2017, London ExCeL. You can find Genetec on stand F500. Get your free badge now.) This issue is also now consumer as well as commercial. More and more we see people with cameras at home that can be turned into a node and hacked, which in a way is even more worrying as they will lack the awareness and training to ensure their devices are protected that professionals in the security industry have. What we want to do is be sure that whatever is connected to our solutions via our customers networks is pure , or safe. The vital thing is to work to continuously build up that level of security in response to the rapid development of cyber-crime. We call this the security of security .
We have a lot of high level enterprise customers so a lot of banks, airports, big businesses etcetera so access into their networks could open up some critical issues for customers. We need to make sure that whatever connects to our system does not open a door for potential attacks. embedded content IG: So what measures do you take to ensure connected systems are as robust against cyber-attacks as Genetec solutions? When we develop our software we ask ourselves the important questions from the outset to ensure our tech is secured against anything which may try to attack it. Penetration testing, regression testing, adding devices and having them tested is all part of the development of the software rather than relying on just reacting to cyber-crime by retrofitting after an attack. We ve done a number of regression tests on our software so we know our platforms are as secure as they can be. But, the cleverer you make the tech, the more sophisticated the attackers become so it is a constant battle. Another problem for us is that we want to be more open platform, so we don t just connect cameras but access control, body-worn cameras, other third-party systems. So, in the unified space, when we try to build up one holistic platform, we have to do a lot of testing to ensure we can still call ourselves secure.
The way we counter this is through authorisation, authentication and encryption. We start by using certificate-based authentication. This may sound complex, but if you use online banking, you have a certificate between yourself and the third-party so the browsers share certificates to verify you are who you say you are, and the banks are who they say they are. Some hardware we work with has a good level of security built in; some of the more traditional stuff is more legacy, and we have to compensate for these devices In terms of encryption, we used to use SSL. But, a quick google will now tell you that SSL can be hacked quite easily. There are even wiki pages about how to hack SSL within 20 minutes! So we had to evolve and now use TLS, or transport layer security, which is a cryptographic protocol that provides communications security over a computer network , which is much more advanced. The thing with hacking, it is company to company, person to person, government to government, and it can be used in many ways. It s not always just the case that cybercriminals want to break in and steal your information or credit card.
Sometimes DoS attacks aim to bring websites or companies down for a period of time. In the 50s, 60s and 70s we wanted to protect against bank robberies and attacks on people and property. But these days you can bring a company down without leaving your house. So, we have to get smarter. Some hardware we work with has a good level of security built in; some of the more traditional stuff is more legacy, and we have to compensate for these devices. I m sure you can see now why the security of security is something that always has to be top of mind for Genetec! The industry already has to collaborate to make sure these devices connect to each other presumably collaboration is just as important where cyber is concerned Absolutely. And it s not just between manufacturers. Whether it s end users, integrators or consultants, to a lot of our customers we are trusted advisors.
We don t just sell kit and software and then move on to the next customer, and there is a gap of knowledge in the industry for this level and kind of security. So we are trying to work with other manufacturers to collaborate with our systems integrators, consultants and end users so that best practice is followed. Genetec has always been very IT-focused and we work with IT departments too. We want everyone that works with us to know that they can trust our solutions to be secure, and that we can offer them advice on security if they ever feel any confusion or worry about the security of their technology. Many of our customers are more enterprise level, so you can see how a breach could not only put company data at risk, but even people s lives in some instances Is there any trade-off with convenience and the user experience when you tighten up cybersecurity? We try and make the system as user-friendly as possible. When we talk about certificates and TLS, it s all done at installation level. So the customer will work with one of our certified installers, who will be familiar with our product, and the operator shouldn t notice any difference to their user experience. They just type the username and password on their client machine and the security is all done on set up.
Once they are logged in, what they do and don t have access to has already been set up according to company policy. All the clever stuff happens under the hood. Cybersecurity is presumably a particularly high priority in critical national infrastructure? Of course, many of our customers are more enterprise level, so airports, train stations, cities, high end retail, mid-tier retail you can see how a breach could not only put company data at risk, but even people s lives in some instances. Airports, for example, are one of our largest sectors: at last count, 85 of the world s largest airports use Genetec systems, and 70% of all airports in the Middle East one of our fastest growing markets are protected by Genetec Security Center systems. As well as this, when it comes to urban security, we have worked with a lot of blue light services in city centres and they want us to do a lot of regression testing. This is not something we re doing just because it s a buzzword or because of the DOS coverage last year. It s to keep up to speed with developments to make sure we are in line with best practice. It goes back to building this into the core rather than being a retrofit after an event or attack.
And it s equally important to encourage our partners and customers to be vigilant. Now we re starting to look at cybercrime insurance. As more devices come online, there are more data points and we need to be more cautious about what we are adding to the system. We also need to continue our core precautions of regression and security testing to make sure that security devices don t expose holes into our customers networks. Presumably cybersecurity will be a big talking point on your stand at IFSEC 2017? This will all be very much a focus when our customers end users, integrators and consultants visit the booth. See you at stand F500! Check out the latest solutions from Genetec at IFSEC International, 20-22 June 2017, London ExCeL. You can find Genetec on stand F500.
Get your free badge now. Visit Europe s leading security event in June 2017 Register here to attend IFSEC International where you will be able to take advantage of our meetings service, allowing you to select and meet with the manufacturers you want to see and with 600 companies exhibiting you are not short on choice. There are also discounts of up to 20% across a large range of products at the show, helping you to get the best value for your money.
Click here to register your place now to join us at London Excel on 20 22 June 2017.