20 Sep IP CCTV can pose threat to national security warns former intelligence boss
A former director of operations and intelligence at MI6 has raised concerns about the threat to national security through vulnerabilities in IP (Internet Protocol) connected CCTV systems including components manufactured in countries that have a reputation for state-sponsored espionage.
In an article published by British newspaper, The Times, Nigel Inkster, former director of operations and Intelligence at MI6 said: “If you’ve got cameras that are IP enabled, or potentially could covertly be so enabled … they could potentially be used for malign purposes.”
He was speaking in response the claims that that there were concerns among those working in British intelligence about the number of surveillance cameras being shipped to the UK from China.
The British Security Industry Association (BSIA), has issued a statement saying that insecure cameras can become the weak link that provides hackers with an entry point to a network. They add that: ‘Manufacturers should ensure that accidental design or implementation errors are kept to a minimum and that systems are regularly scanned for vulnerabilities. They should be proficient in secure coding and testing procedures and should ensure that their products are capable of supporting the stringent controls necessary for secure network communication.
This may include:
End to End Encryption with SHA-2 & TLS
Encrypted database communication
System auditing, alerting and management
Denial of service protection
Restriction of ports, protocols and services
Highly customisable user access and permissions
Archive, failover and high availability
Chairman of the BSIA’s CCTV section, Simon Adcock, comments: “Responsible installers and integrators will conduct a risk-based approach to any system design, taking into account the origin of the hardware in the design and whether this presents potential risk to the customer. Anyone who is designing a system or making decisions on behalf of an end user should be considering the security of the hardware they are installing, ensuring that it is robust and manufactured responsibly. Responsible installers will also ensure that the system they have installed is protected from cyber attacks by changing manufacturer’s default system credentials.
“Ultimately, an end user must take responsibility for the security of their network. When procuring an IP connected surveillance system, end users must use the services of a reputable installer integrator that is fully committed to best practice. They should also ensure that they have comprehensive cyber security and information security policies in place” concludes Adcock.