Advertisement

Advertisement

Is Your System Safe From Takeover? Secure installations are more complex and require new expertise

By Deborah L. O’Mara | Jun 14, 2024
video doorbells can be hacked
News reports continue to surface questioning the lack of cyber resolve for some physical security systems.

Advertisement

Advertisement

Advertisement

News reports continue to surface questioning the lack of cyber resolve for some physical security systems. Video doorbells are the latest product that is easily hacked. Apps or Wi-Fi jammers and tools sold online are often used to compromise these systems, and recently researchers at Consumer Reports found certain video doorbells could be taken over with an app that allows bad actors to gain access to live video footage.

In this instance, a Consumer Reports journalist got an email that showed her near the doorbell camera she had just installed. A privacy and security test engineer with the organization, evaluating video doorbells for their ratings program, was able to hack the system and pull this and other images from nearly 3,000 miles away. The report attributed the vulnerability to insecure or “buggy software” for the products.

This isn’t the first time cameras have been hacked, and it’s not just do-it-yourself or video doorbells sold through mass marketers. Several years ago, a major camera manufacturer discovered vulnerabilities that allowed anyone to view camera feeds with a simple click on an icon on a map.

Digital landscape based in IT

The increasingly connected digital environment comes with perks and precautions. Now systems are open and talking to each other, including security, building and industrial automation, operations technology and a range of integrated devices and sensors.

For systems integrators, the landscape has completely turned around. Analog is mostly out, and digital and IP systems are the bigger picture. The digital transformation requires cybersecurity controls and training in system design and architecture. Expect users to request proof of cyber-secure processes at your company, the companies you do business with and in the products you deploy in the field—especially in government and critical infrastructure applications.

How can integrators make certain their systems are safely deployed? What are some steps to take, and what should you look for in products and software?

Pierre Bourgeix, CEO and founder of ESI Convergent LLC in Mooresville, N.C., said there are many precursors to success for integrators to ensure they deploy the right technology within the architecture to minimize risk from a cyber takeover.

“The ecosystem in security has gone through an upheaval in the last 10 years. The industry was product-based, and now we are software-based and the infrastructure and the cloud is important. You need to have resources in your own organization that can look at the entire infrastructure—or outsource these capabilities,” he said.

Bourgeix advises systems integrators to start with testing and evaluating the potential product to validate its capabilities, examining where it’s produced and determining if it’s compliant with National Defense Authorization Act regulations or National Institute of Standards and Technology standards—all before you even think about selling it.

Bourgeix also recommends the following:

  • Seek manufacturer partners that offer training and deployment strategies and take advantage of those educational programs. Training helps systems integrators and manufacturers achieve installation integrity and potential new opportunities.
  • Determine your technical capacity to successfully deploy the product. Are you trained fully on it and have people certified in its installation who can program and service the product correctly?
  • Evaluate the project’s architecture, network, wiring and communications infrastructure to ensure you understand what’s in place and how to apply the designed solution.
  • Partner with the right companies, including design engineers, architects and security consultants to ensure you understand high voltage, low voltage and whether the product can fit into the current ecosystem. There may be automated controls tied into building automation that require integration, and that’s where CSI Division 25 (integrated automation) or Division 28 (electronic safety and security) could come into play.

“You must speak the language of the technology and understand its ability to solve problems or deal with the outcomes required for the client. All of this is prework and presales, but necessary to ensure you deploy the right technology correctly,” Bourgeix said.

As the digital world advances, so do cyber criminals’ methods. In this ever-evolving landscape, Steve Bell, chief technology officer at Gallagher Security, Riverside, Mo., wrote in the company’s 2024 Security Industry Trends Report, “Security systems are the front line of defenses, making it imperative for businesses to maintain their cyber health in the relentless pursuit of security.”

He advises upgrading security hardware and software, especially as “regulatory bodies and governments worldwide tighten their grip on data protection and privacy.”

We’ve moved into the digital landscape. Security solutions are more complex and software-based, often driven by the cloud. Approached with expertise, the opportunities for systems integrators are endless.

stock.adobe.com / Kitikorn/ le_mon

About The Author

O’MARA writes about security, life safety and systems integration and is managing director of DLO Communications. She can be reached at [email protected] or 773.414.3573.

Advertisement

Advertisement

Advertisement

Advertisement

featured Video

;

New from Lutron: Lumaris tape light

Want an easier way to do tunable white tape light?

Advertisement

Related Articles

Advertisement