Hi, I’m Mike Gillespie the Director of Cyber Strategy & Research for the Security Institute and Tony has asked me to lead on drafting a cyber guide for surveillance cameras. I am delighted to have been asked to lend my cyber security experience and understanding to the National Surveillance Camera Strategy working group. If my years working in both physical and cyber/information security have taught me anything, it is that things do not stand still and change is an inevitable part of life, security doubly so. The work that has already been done on this strategy is so solid and well done it is a great platform for us to build on and move forward. The change in how we use, manage and secure cameras needs careful guidance and a good framework.
Surveillance systems are increasing in both number and technical complexity; this creates a great agile set of systems for users and has so many business benefits alongside the primary functions of safety and security, of course. But we know now that this agility can offer threat and sometimes the threat is not local, it comes from cyberspace. Understanding this threat and the resulting risk is vital if we are to realise the true potential of our systems and move forward securely. That is why we need to have an understanding of cyber risk at every stage of our surveillance system lifespan; manufacture, specification, procurement, installation, lifecycle management and maintenance.
Alongside the development of the technical capabilities of the surveillance systems we use, is the development of malware. We have been used to dealing with malware in our corporate systems like email, for years now. But the truth is, malware is now being developed and used to attack physical systems and this includes surveillance systems. Assuming that a system that does not collect or store any financial information or such like, would not be a target for hackers, is folly. Physical systems often offer a way into a network which is less challenging and the nature of connection in our systems these days mean that we could even be inadvertently offering threat to supply chain partners as well as our own connected systems.
Prior to the recent inauguration of Donald Trump, Washington DC faced a ransomware attack – using two different strains of this particular malware family, to knock out the recording systems of 70% of the cameras in the area around Capitol Hill. Getting cyber security in physical systems wrong, could have disastrous consequences and that is why I am so pleased that its importance has been acknowledged by the Surveillance Camera Commissioner and I will be keen to ensure the continuance of this forward thinking in the strategy.