SSI Article: ‘Why Better Cybersecurity Standards Mean Better Security’
Hikvision Senior Cybersecurity Director Guest Authors SSI Story on Physical Security Industry & Cybersecurity Standards to Minimize IoT Device Vulnerabilities
Hikvision’s senior director of cybersecurity, Chuck Davis, guest authored the Security Sales & Integration (SSI) piece, “Why Better Cybersecurity Standards Mean Better Security.” Davis talks about the need for the security industry to establish cybersecurity standards to ensure devices, especially IoT devices, are fully secure and vulnerabilities are minimized.
The 2017 Mirai Botnet malware attack that took down or slowed large parts of the internet had an impact on internet-connected devices including IP video cameras, NVRs, and home routers. “Since then, cybersecurity has become not only a talking point in the security industry, but also a concern. End users are rightly concerned that a vulnerable camera or NVR will be the vector by which an attacker breaches their network. This is a valid concern, but they need to realize that their cameras, recorders and all of their IoT devices are computers …,” said Davis, in the article.
Network segmentation can go a long way to reduce IoT device risk. But across the security industry, each player should take responsibility for cybersecurity and know what role they must take to secure devices, Davis advocates.
“The bottom line is this: Everyone has responsibility when it comes to cybersecurity and the challenge is making sure that everyone knows what their role is in securing a device.”
To bake cybersecurity into the fiber of the industry, starting points include:
- Vendors should build cybersecurity into their products
- Dealers and integrators need to install devices according to secure best practices, while advising end users on how to securely manage their devices
- End users need to maintain devices and patch them as needed
With everyone knowing their role and executing on their part, cyberattacks stand less of a chance.
There has been progress in the way of government standards. On December 4, 2020 the IoT Cybersecurity Improvement Act of 2020 became law. This new IoT security law calls for the National Institute of Standards and Technology (NIST) to publish within 90 days a set of “standards and guidelines for the federal government on the appropriate use and management by agencies of Internet of Things devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices.”
Click the link to read more about IoT vulnerabilities and the security industry, with insights from Hikvision’s Chuck Davis.