Hackers vs. IP Video Surveillance Systems

SurveillanceAsk any organization to rank its nightmare scenarios and a cyber attack is probably going to float to the top, particularly if that organization handles mission critical tasks such as nuclear power generation or chemical water treatment.

ACME Chemical in Idaho Falls, IL got the cyber attack treatment recently, courtesy of employees of the Idaho National Laboratory, who conducted a cyber attack simulation in front of reporters including Wired’s Kim Zetter. According to Zetter, the purpose was “to show how the Department of Homeland Security is training people who run industrial control systems to do so securely, to fend off real-life instances of the simulated attack.”

Zetter writes of the simulation:

Within half an hour of that tap hackers had extracted proprietary documents from the company’s network, commandeered IP-based surveillance cameras at the facility to spy on network administrators, seized control of a computer system managing its chemical mixing process and finally caused a toxic spill that administrators were powerless to stop.

Fortunately ACME Chemical’s meltdown was only a simulation. However, it serves as a good warning as more highly sensitive organizations look to install sophisticated, IP-based intelligent surveillance systems.

But it’s not just the organization’s administrators who need to learn how to shore up security systems from external attack. Security vendors also have a crucial role in ensuring hackers don’t get the upper hand. At 3VR, we’ve built a few key features into our Video Intelligence Platform to prevent external attacks like the one in Idaho:

• Embedded Operating System: We use a modular version of the Windows 7 operating system called Windows Embedded Standard. This allows us to remove the most commonly used attack points from the Windows operating system in order to secure ourselves against hackers. We only include the minimum components of the operating system required to run our software – the less entry points for hackers, the better.

• Firewall: We’ve built a custom software based firewall for our applications that only allows network communications over certain, pre-determined network ports. Therefore, any rogue application or hacker can’t access the system without using one of these of pre-defined ports.

• Proprietary protocols: All communications between 3VR systems and programs are handled using proprietary protocols built by 3VR. Therefore, hackers would need to build custom tools in order to access any 3VR systems.

These are just a few of the features we’ve developed to make sure intelligent video systems stay in the hands of the right team. For more on 3VR’s cyber security work, check out our IT Security Whitepaper.