Find

1000s of security products & solutions

Organise

Unlimited Project Folders with option to request advice

Buy

Simple order placement

Values of Encryption

27th Aug 2019

Introduction

Secure by Default is a Government scheme that conveys the basic standards required for video surveillance systems to be secure from cyberattacks. The initiative aims to make participating manufacturers more responsible for designing networked products and therefore ensuring systems can be installed securely, helping to combat cybercrime, and ensuring that the video surveillance industry is working to the highest possible standards.

The Secure by Default initiative outlines nine mandatory requirements that Video Surveillance Systems (VSS) should incorporate for products to be secure at the manufacturing stage. All nine must be addressed for security to be at its optimum level –

Security requirements:

  • Default passwords
  • Hard-coded engineer reset passwords
  • Protocols and Ports
  • Encryption
  • Open Network Video Interface Forum Protocol
  • Remote Access
  • Software Patching and Firmware Upgrades
  • Penetration/Fuzz Testing
  • Devices must be IEEE 802.1x capable

For a full explanation, please click here.

In this article, we focus on encryption and the important role it plays in the fight against cybercrime.

What is Encryption?

Encryption is the process of encoding data so that it is unreadable to unauthorised users and can only be interpreted by those who possess the ‘key’ that converts the data back to its readable form. By doing this, encryption helps to protect data from being misused or tampered with. There are different levels of encryption – the harder the encryption, the more difficult it will be for cybercriminals to crack the code and hack a system.

The importance of Encryption

With the world becoming increasingly connected, data is being constantly created, shared and captured in every aspect of our daily lives. This includes personal data which can be stolen or tampered with to commit crimes such as fraud. Just last year, British Airways’ security systems were hacked and details of roughly 500,000 customers were harvested by the attackers. British Airways was fined £183 million for the data breach. Furthermore, the Cyber Security survey reported that 32% of businesses and 22% of charities experienced a cybersecurity breach or attack.

Now, of course, these attacks won’t be just due to weak encryption. However, these examples do suggest that the digital world requires far more robust methods to protect data, and at the heart of achieving that lies encryption. Unfortunately, many businesses don’t realise its importance and use often un-encrypted security systems or easily hackable encryptions. This poses a real threat as hackers could use the weakness to access CCTV systems and steal footage.

How is Encryption linked to GDPR?

The European Union developed the General Data Protection Regulation to better protect society and keep up with the modernisation of the internet. With this improved Data Protection Act legislation, businesses are liable for the unauthorised access, processing and misuse or destruction of personal data and measures must put in place to stop this from happening. Video Surveillance businesses have the responsibility of protecting the CCTV footage recorded. To prevent such data from being stolen, vigorous encryption methods must be used to deter cyber criminals.

Under the new GDPR, consequences of a breach or a cyber attack include hefty fines and public embarrassment. For instance, UK Watchdog plans to fine Marriott International £99 million for a data breach that leaked the personal details of 339 million guests.

Secure by Default and Encryption

The Secure by Default initiative requires manufacturers to encrypt their products at the design stage to make it more difficult for hackers to gain access. The Surveillance Camera Commissioner’s code of practice suggests that CCTV systems must use the minimum encryption of HTTPS for communication with web interfaces. Of course, this is just a minimum requirement, and manufacturers can decide if they want to incorporate higher levels of security. By implementing this basic level of encryption, manufacturers restrict cybercriminals from hacking their systems and better protect against cybercrime.

The role of encryption is clear. End-users must be able to have confidence in the intrinsic security of the products they have installed. It’s vital for manufacturers to be seen as addressing cybercrime issues and taking responsibility for the products they sell.

The next Secure by Default article will be based on Managed Networks.  All articles can be found here.