A Fortune-100 enterprise with thousands of retail locations.
This enterprise initiated a multi-year, multi-million dollar video surveillance system upgrade. The end result was significantly better for surveillance capturing and management functionality, but there was a hidden cost – compromised network security. Many retail location camera installation contractors had purchased cameras using the provided video system specifications, without realizing that these cameras often included firmware and chipsets with a weak security posture.
The enterprise found itself under attack by an organized Far East adversary who exploited firmware vulnerabilities in these camera systems and rapidly compromised nearly every camera on the network. Without firmware updates being extracted from the different camera manufacturers and then painstakingly applied to every installed camera, the enterprise would have to consider a complete hardware and installation re-deployment with updated acceptable cameras. Even worse, the new secure cameras had much higher price points, so overall installation cost would be significantly higher!
Those responsible for maintaining the digital security of surveillance systems typically consider three ways of overcoming these challenges:
- Prohibiting the use of unclassified network
- Issuing devices re-configured to thwart cyber threats; or
- Implementing an add-on solution.
Prohibiting the use of unsecured Internet networks impedes workflow and reduces productivity. Issuing new secure devices is cumbersome, difficult to manage, cost prohibitive, and poses interoperability problems. Aftermarket device re configurations, on the other hand, cannot keep up with changing requirements.