Recently research conducted by Genetec indicated that almost 7 out of 10 cameras are currently running out of date firmware. Installing the latest firmware is not just about accessing new features, warned Genetec, it ensures the latest cybersecurity protection measures are implemented as soon as they become available, a crucial step in ensuring an organisation’s resilience against cyber-attacks.
So how does the PSI Panel of experts think we got to this situation and what is their advice to installers?
CCTV cameras and systems continue to be a focused target for cyberattacks. Despite this, as the report shows, many cameras and systems remain vulnerable or are too out of date to be protected. Installers need to remain vigilant to these threats and remind their customers of the consequences of such a data breach. Updating systems is essential to ensure they have the latest firmware and network security. Secure remote access to CCTV cameras provides the ability for remote maintenance, software updates and scheduled tests, to ensure a system is always up and running. Connectivity alone, however, is still not enough. The connection must be secure, provide failover and ensure 24/7 access. Installers must choose experts, who know the risks and can ensure the technical infrastructure is optimised and bulletproof. Only then can manufacturers and services providers provide the management tools – portals and Apps – to enable Installers to take control of their base more effectively and efficiently. This also presents opportunities for Installers. Providing connectivity to CCTV systems can help a company to bring increased value to their offerings whilst reducing the costs associated with traditional maintenance packages. This could allow Installers to reduce the cost for their customers, whilst still increasing their own margins.
I don’t find the results of the report a surprise for a couple of reasons; on one hand there is typically a problem in our industry whereby VMS updates (new versions) are usually out of sync with camera firmware updates. I know a number of installers have experienced problems updating s/ware and firmware and then find they are incompatible and left with a system that is unusable. Then spend more time on site undoing the updates. This leads to lack of confidence and hesitation in updating firmware. Manufacturers certainly do not help as there is little guidance on the severity of the update whether it is a bug fix or a priority security update. On the other hand there is a skill shortage in the industry for networking and cybersecurity and correct planning for updates and security breaches and this had led to a ‘just in time’ fix mentality.
The industry needs to be led by manufacturers adopting better update policies and instructed through the Secure by Default guidance through the Surveillance Cameras Commissioner and as part of a manufacturer’s training/industry training there needs to be a greater emphasis on cybersecurity and keeping a CCTV system secure.
Read the full article including comments from experts such as Alistair Enser of Reliance High-Tech, David Davies of DVS and Kerry Jones of Professional Surveillance Management in the February 2020 edition of PSI magazine