Cybersecurity is one of the top concerns for anybody working in the IT space, which increasingly includes surveillance professionals. The proliferation of internet-connected devices has offered more entry points for cybercrime and put more pressure on organizations to bolster their defenses.
The challenge for organizations is not only to place strong technical measures to protect the ever-increasing number of connected devices, but to educate employees, customers, and other stakeholders about the fact that any connected item presents a potential vulnerability. Many people who take necessary precautions when operating online do not realize that they need to be similarly vigilant when dealing with a connected refrigerator, television or light fixture.
And with the ongoing transition from closed-circuit surveillance systems to cloud-based systems, the prospect of cyberattacks on key security infrastructure has become a major pain point for any organization that relies on video surveillance solutions.
Pelco seeks to provide the greatest possible security by prioritizing cybersecurity at every stage of the development process, ensuring that every new product is crafted through a cybersecurity lens.
Limiting Port Access
Ports are doorways into different devices. Each port is a potential entry point for a cyberattack. In the surveillance industry, each device has the capacity for over 65,000 different ports, but it’s in the interest of users to keep the number as low as possible. Pelco dramatically reduces the probability of breaches by limiting its devices to two ports, making them far easier to secure against attempted breaches.
Some competitors make themselves more vulnerable to attacks by constantly running universal plug-in-play. Many also similarly have open file transfer protocol services, another potential breach point. Pelco distinguishes itself from other surveillance providers through the absence of such vulnerabilities.
Pelco has a dedicated team of cybersecurity professionals who keep tabs on the ever-evolving population of viruses, malware, ransomware, and other bad actors that pose risks to surveillance operators.
Similarly, Pelco continuously monitors the National Vulnerability Database, an online repository set up by the U.S. federal government that identifies software flaws, misconfigurations, and other problems in the IT landscape that can be exploited by cyber-criminals if they are not quickly addressed.
The use of encryption provides a means to ensure that the confidentiality and integrity of sensitive information is properly maintained. Encryption is perhaps the key technical challenge of securing a video management system (VMS) and the broader IT network to which it connects. The overarching goal for surveillance providers should be to provide end-to-end encryption, from the cameras to the recorder to the work station. There is still significant work to be done in this arena across the industry, largely due to the limited processing capability of video cameras.
Pelco is at the forefront of innovative encryption practices. Currently the company is focused on bolstering encryption of configuration, back-end management, and client access communications. The next step will be to develop greater encryption capabilities for the video feed.
Secure Technical Implementation Guideline
For our flagship system, VideoXpert Professional, each quarterly software release is rigorously tested to ensure that it meets both federal compliance guidelines and our own higher cybersecurity standards. On both the Beta version and the final release, we conduct a vulnerability scan, combing the system for potential security issues.
Just as important, when a release is pending, we will set up a system that is representative of a typical federal environment. We then identify an appropriate set of configuration rules for hardening a system, otherwise known as a Secure Technical Implementation Guideline (STIG). We apply the STIG and conduct a compliance check to ensure that the STIG does not interfere with functionality.
We conduct these two key quality assurance steps –– a vulnerability scan and a STIG compliance check –– at least twice every quarter. These configuration benchmarks ensure that VideoXpert is not only compliant with regulations that govern how information is handled within a federal landscape, but also maintains its full functionality within the strictest of environments.
We consistently monitor the National Vulnerability Database, and we also vigilantly watch for updates or changes to government legislation and standards such as the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST). Additionally, we provide documentation and guidance specific to its implementation of these standards and how they are securely configured.
Pelco is also one of the only video surveillance providers with a stance on NDAA. Click here to learn more.
Building a Culture of Cybersecurity
More important than any technical feature is Pelco’s commitment to integrating cybersecurity into every part of the business. Our mission is to build cybersecurity into our internal processes so that we are always a few steps ahead of those who would seek to do harm.
That’s why our cybersecurity team works in tandem with our engineers at every stage of product development, making for a truly secure software lifecycle process. In addition to investing resources in cybersecurity on the back end, we seek robust collaboration to keep security systems safe.
Why do we focus so much on cybersecurity? Simple: it protects your valuable data and contributes towards a safer future.
Learn more about our full range of video surveillance solutions here.