As much as the cybercrime evolves, the cybersecurity is becoming increasingly important part of the policy for manufacturers in the security sector, so companies are taking measures to protect their products and the customers and improving standards against cyber-threats.
Recently SDM Magazine published the article with industry-leading surveillance experts of companies like FLIR, Speco Technologies, Axis Communications, and others. The experts shared their experiences and opinions about cybersecurity and how to mitigate the risk of cybercrime.
“Cybersecurity awareness has had a positive impact on the industry at large, including how we put our products through the paces to ensure that by the time it gets to the end-user, it is indeed cyber secure,” says Fredrik Wallberg, director of marketing security and ITS, FLIR, Wilsonville, Oregon.
It became common practice that the spec includes cybersecurity issues
Manufacturers in the security industry make concerted efforts to protect their products and setting high standards around cybersecurity:
Openness allows to fix security issues more efficiently
“The best way forward is being open and honest”, says Fredrik Wallberg from FLIR. Openness is an essential value of FLIR’s company, which provides good business relationships with both the integrators and the customers.
The ability to quickly communicate information about potential vulnerabilities is crucial. Customer’s feedback helps to react immediately at discovered vulnerability and to choose the best way to fix the issue.
Password protection – is the most basic tool of security process that prevents the risk of getting hacked.
FLIR’s customers are forced to set up a strong password. This the compulsory feature installed in the camera’s software. “There’s an admin password that can be very simple to guess, so instead of letting the customer decide whether or not they want to change it, we’ve mandated it,” says Fredrik Wallberg.
End-to-End Encryption – provides a higher level of data security.
Bosch Security and Safety Systems utilize a trusted platform module (TPM) to secure data from hackers by encrypting.
Panasonic combines reliable certificates and technology for detecting and analyzing cyberattacks threat protection of provider DigiCert with its in-house embedded cryptography technology to protect the integrity of video streams
Upgrading the firmware provides better protection
By updating the firmware, the user will be able to explore new features that are added to the device and also improve protection against cyber threats. Firmware should also be encrypted. Manufacturers should provide reliable and straightforward updates to the product firmware.
Securing products from design to using
Axis Communications employs programmers who can write and test secure code throughout the product development process. Threat Modeling is the next efficient tool to prevent cybercrime. This tool also utilizes by Axis Communications to identify potential risks and vulnerabilities in the system.
Hanwha Techwin controls of all activities involved the transformation of raw materials into a finished product. “We design, engineer, manufacture, and assemble, so we are controlling the entire supply chain. By manufacturing our products in our facility with our people, we can make sure something isn’t being implanted, or we’re not using the wrong parts or the wrong firmware”, says Hanwha’s Aaron Saks.
Manufacturers use a trusted platform module (TPM) and secure-boot features to protect products along the supply chain. TPM designed to secure hardware through integrated cryptographic keys.
Testing and re-testing to close vulnerabilities
Many manufacturers join forces with third-parties to test their systems. “We work with a dozen third-party security service companies to provide more robust and secure products,” says Tim Shen, director of marketing, Dahua Technology USA, Irvine, Calif. “Through our collaboration with these companies, system scans, protocol fuzz testing, penetration testing, and threat modeling is used to help discover and close vulnerabilities.”
FLIR cooperates with ethical hackers who try to find security vulnerabilities in the company’s products that a malicious hacker could potentially exploit.
MOBOTIX also cooperate with ethical hackers who try to find security vulnerabilities in the company’s products that a malicious hacker could potentially exploit.
“If they find any areas of vulnerability, they forward any potential security leakage to MOBOTIX to stay proactive and ahead of large threats,” says Thomas Dieregsweiler, head of product management, MOBOTIX, Langmeil, Germany.
End user’s role, cybersecurity guides, and webinars
In addition to other protection measures, manufacturers provide cybersecurity guides and webinars for integrators and end-users. This is meant to serve as a general guide for end-users and system integrators to understand and safely use the security features implemented in the product. These guides provide practical advice on how to configure devices to offer the most protection against cyber-attack, and end-users should strictly follow these instructions for best protection of their systems.
By Anastasia Golubeva