This question is key in today’s security world, when focusing on security cameras. As part of the IoT world, security cameras of today are playing important roles not only in the security area, but also in providing intelligence to accelerate operational efficiency and decision-making in many other business areas. As they become smarter and more complex, their cybersecurity risks also grow. In recent years, the world experienced several examples of cybersecurity incidents with cameras, with the ‘Mirai Botnet’ as one of the most well-known examples. ‘Mirai Botnet’ malware incident Mirai malware took advantage of insecure IoT devices in a simple but clever way Mirai malware took advantage of insecure IoT devices in a simple but clever way. It scanned the internet for open Telnet ports, then attempted to log in with default passwords. In this way, it was able to amass a botnet army, using the computer power of millions of cameras with default passwords worldwide. The Mirai Botnet took place in 2016 and, luckily, the cyber security of IoT devices has improved significantly since then. But, some things are still the same and/or cannot be changed. Mikko Hypponen, a Finnish cyber evangelist, is well-known because of his statement, “If a device is smart, it’s vulnerable.” He shows with this statement that all devices that consist of hardware and software, and are connected to the internet, are insecure (and therefore ‘hackable’). Athough, he made this statement some years ago, it is still true and very relevant, an example of something that hasn’t changed. Complex systems are inviting for unauthorised hackers Security cameras are IoT devices and, therefore, are vulnerable. They are also abundant on the market in a number of forms and are being designed, developed, and built by several producers from different countries. Current cameras are so technologically advanced that they come with lots of complex processes and computer power onboard. These technological developments provide incredible innovative security capabilities, but also serious digital risks. The cameras consist of advanced hard- and software components that are produced both in-house and by third parties. Importance of cybersecurity for cameras Because of this complexity, such a camera can be seen as a kind of ecosystem on its own and it’s extremely challenging to protect it holistically against the things that could possibly go wrong in this ecosystem. A camera becomes an interesting and inviting attack surface for the ‘bad guys’. Luckily, cybersecurity has also evolved in recent years and there are different kinds of digital security measures for cameras that can be applied by the camera manufacturers. But, this firstly requires willingness of the camera manufacturer to put effort and budget into the security of the camera itself. This becomes a key question in this discussion. Cybersecurity ‘built-in’ instead of ‘bolt-on’ Cyber-attackers are very smart and sophisticated, but also very pragmatic As stated before, all security cameras are vulnerable. However, it’s also true that the more difficult it is to hack a camera, the more likely it is that a cyberattacker will jump to another camera that’s easier to hack. Cyber-attackers are very smart and sophisticated, but also very pragmatic. They prefer easy targets (if they achieve a similar result). A camera manufacturer that invests in building a cybersecurity foundation that ensures more cyber-resilient cameras, will become a less favorable target for those cyber-attackers, because they prefer to focus on cameras that generate the same results with less effort (in other words ‘easier to hack’). Implementation of Secure-by-Design All camera manufacturers and customers need to be fully aware that the more cyber-resilient their cameras are, the less interesting they are for unauthorised hackers to gain access. This cyber resillience requires serious cybersecurity investments in a solid foundation, and one of the most effective investments is the implementation of Secure-by-Design into the production process. This means that cybersecurity is built-in during each phase of the production process and not seen as an afterthought when the camera is produced and implemented at the customer’s location. A good example of a Secure-by-Design production process within the IoT industry is the Hikvision Secure Development Life Cycle (HSDLC) as described in the Hikvision Cybersecurity Whitepaper. Cyber resilience of IoT portfolio Security Response Centre has cybersecurity professionals that handle security incidents Besides the Secure-by-Design implementation, there are other cybersecurity investments that show the commitment of an organisation towards the fundamental cyber resilience of its IoT portfolio. A Security Response Centre is another example. This centre is a dedicated team of cybersecurity professionals that responds to and handles customer-submitted security incidents & security matters. Call to action So, a security camera is an IoT device and vulnerable for hackers that are looking for unauthorised access. But, it doesn’t have to be that way, because camera manufacturers can improve the cybersecurity of their IoT devices significantly as long as they take this task very seriously and are willing to invest in its fundamental building blocks of its cybersecurity. Secure-by-Design and a Security Response Centre are just two examples of these investments. The question to consider is whether a company is aware of this and is willing to invest in cybersecurity. Because at the end of this story, it’s not necessarily cameras from one area or lower-priced cameras that will be breached, but cameras from those that don’t take product cybersecurity seriously.
What new horizons does AI have to offer? And how powerful is the blockchain? How can I defend myself against cyberattacks? From 24 to 28 June 2019, the CEBIT d!talk conferences will be dedicated to exploring the future of digital transformation. The topic-oriented CEBIT Summits represent a key element of the d!talk program, focusing on key technologies for the digital economy, including their impact and application opportunities for selected industries. Speaker topics will include artificial intelligence, the blockchain, cyber security, the Internet of Things and data analytics, but also the future job world, digital marketing, customer relationship management and sustainability. Safe technologies Mikko Hypponen, a globally recognised computer security expert and Chief Research Officer at F-Secure, will appear at the event While spotlighting the technologies shaping digitisation, the Summits will also address the topic of user industries, including the public sector, as well as the healthcare market, retailing and distribution, mobility and financial services. Around eight months before the event, the first round of speakers has already been confirmed. Mikko Hypponen, a globally recognised computer security expert and Chief Research Officer at F-Secure, will appear at the event. At the Cyber Security Summit on CEBIT Tuesday, 25 June, he will speak on the critical importance of security solutions in a digitised world. “Technology shapes the world, which is why we need safe technologies now more than ever,” he emphasises. Promotional activities Further speakers include Ralf Schrömgens, CEO and co-founder of the hotel search engine trivago, and Christoph Gerber, founder of the delivery service Lieferando and head of Talon One, a company which facilitates the planning of promotional activities. This learning platform for school and university students provides information on a variety of scientific disciplines Dr. Anna Lukasson-Herzig will present her company nyris, which has developed a technology for image and object recognition using artificial intelligence. Free online tutoring is what ‘The Simple Club’ is all about. This learning platform for school and university students provides information on a variety of scientific disciplines. Company founders Alexander Giesecke and Nicolai Schork will talk on the success of this platform. Support of students Other d!talk speakers who have already confirmed their participation include the President of the Fraunhofer Society, Dr. Reimund Neugebauer, former tech blogger and current Head of Digital Transformation at Daimler Sascha Pallenberg, and Tijen Onaran, director and founder of the Global Digital Women’s network. CEBIT has enlisted the support of students from the Hannover University of Applied Sciences and Arts (HsH) in designing the d!talk areas. Students majoring in Integrated Media & Communication will be creating the visual setting for the CEBIT areas under the motto of ‘Technology and the City’. The d!talk scenario comprises the speakers’ stages, the auditorium and workshop rooms.