If we are to lengthen CCTV systems’ lifecycles we need to focus on more proactive management of cyber security threats, while enabling remote management and picking your vendors more carefully, explains Frank Crouwel, Managing Director of camera systems integrator NW Security Group.
Until recently the lifecycle of a camera system was determined by the form and function of a given piece of equipment. CCTV system upgrades happened when it became clear that the extant cameras or video recording systems had been superseded by higher specification equipment which was intrinsically better at preserving evidence, detecting crime and identifying wrongdoers.
With cameras, we had the gradual upgrading from analogue to IP and improvements in both resolution and frame rate from 320×240 pixels for some network cameras in the early 2000’s, all the way up to multi-megapixel and 4K cameras available today.
We had cameras built for specific types of applications, often supported by smart video analytics software – perhaps set up to collect number plates of vehicles on motorways or monitoring people’s movements around a shop.
In the video surveillance recording world, many upgrade requests revolved around replacing ageing analogue-based CCTV recording systems with, first hard disk drive systems, and more recently also with cloud-based or ‘hybrid’ storage solutions.
However, today CCTV systems’ lifecycles are increasingly determined by whether they can remain cyber secure, whether they work with the latest, inherently more secure operating systems and have the capacity and processing power to perform optimally with the latest firmware and video analytics upgrades.
Building strong lifecycle management for camera systems is increasingly about ensuring systems remain cyber secure. Can the latest manufacturer security patches be applied to a system’s cameras and video management software, and is the surveillance system supported by strong firmware policies and management tools from the vendor, enabling regular updates to be applied? If the answer to these types of questions is ‘no’, then the system’s life should be considered to have come to an end, at least from a cyber risk perspective.
And it’s increasingly security systems installers who will need to be assessing the level of cyber security of the CCTV systems they propose to clients, whilst also prioritising work to harden systems against cyber risks and recommend equipment replacement where it can no longer be kept up to the latest cyber protection levels.
Cybersecurity at the heart of system lifecycle management
Cybersecurity is an unrelenting challenge for all organisations as increasingly mission critical corporate and personal data is held in connected systems. However, if that data is stolen or access to it blocked by a hacker, there are very real reputational as well as financial costs associated with, for example, paying ransomware demands and/or Information Commissioner’s Office (ICO) fines where breaches have compromised personal, identifiable data, not to mention huge reputational cost damage that can escalate as the word gets out so quickly these days via social media channels.
Cybersecurity is a topic which has finally made it all the way into the senior executive team of most businesses today. No networked corporate system is immune from the scrutiny of the director in charge of keeping systems secure from ransomware and other cyber-attacks, and so it should be.
Major companies have been damaged by data breaches over the last few years including Nintendo, Easy Jet, Yahoo, Equifax, LinkedIn, Twitter, the NHS and the Marriott group, and many more. Hacks and breaches have become a reality for many, and they’ve become more visible to the outside world from 25th May 2018 onwards when the UK GDPR went live forcing companies to report data breaches.
The Data Protection Act 2018 set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater – for infringements. Data protection became a whole lot more important as the risk of picking up a fine which could hole a company’s finances below the waterline loomed large, while company reputations have become increasingly challenged through much more mainstream news reporting on the topic.
With CCTV systems now mostly sitting on organisations’ networks, it’s critical for firms putting in network camera and audio equipment, and other network devices, and video management software to ensure that the very latest cybersecurity best practice is applied, and that this can be maintained over the years in an ever-changing cyber risk landscape, to guarantee a long system life.
In this context, it’s worth noting that the NCSC (National Cyber Security Centre) and its training delivery partner for Cyber Essentials IASME have just completed a major technical review of the training scheme, the results of which led to the largest update of Cyber Essentials since it was launched more than eight years ago.
These updates will help organisations maintain their basic cyber hygiene, providing reassurance for owners, directors, managers, staff and customers. They include revisions to the use of cloud services, as well as home working (of course much more prevalent during the pandemic), multi-factor authentication, password management, security updates and more.
Are your installation and CCTV servicing partners up to speed with these and other changes? In our view cybersecurity is at the heart of optimal system lifecycle management. If equipment cannot be patched with the latest firmware or the latest security updates applied to it then it must be segregated, taken off line or replaced as soon as possible.
The trick is to only work with vendors which build and support products with long-term usage in mind. The built-in obsolescence, or short-term thinking of old, should no longer be an acceptable product development policy for vendors. Preventing businesses being exposed to cyber risks must now be the main focus of CCTV and security vendors working in partnership with integrators. Not doing so is irresponsible. NW’s partnerships with Axis Communications and Milestone Systems and built on this foundation.
Sustainability also critical
Linked to this, leading professional security product vendors have been working hard for many years to reduce the impact of the manufacturing and usage of their products on the environment. To consider sustainability in the round you have to get a handle on how the products are built; what goes on in the vendor’s supply chains in terms of the multiple components which make up these products?
Are all OEMs in those supply chains running their factories offering workers a fair wage, and the ability to operate in humane working conditions? It’s a big ask to probe all this. However, luckily there are specialist agencies such as EcoVadis which can do a lot of the Environmental Social and Governance (ESG) data gathering and analysis for you.
They can provide an independent report benchmarking how a shortlisted vendor is performing in areas such as the Environment (e.g., carbon emissions, use of hazardous or un-recyclable materials etc), Labour Relations and Human Rights, Ethics and Sustainable Procurement.
You can view this data alongside what leading vendors are communicating themselves in these areas. For example, leading network video and audio product provider Axis Communications has been working for some time to use recycled plastic from PET bottles in its camera chassis and has committed to phasing out brominated/chlorinated flame retardants (BFR/CFR) from manufacturing processes.
Remote Support & Management increasingly important
With a combination of secure networked security systems, cloud computing and a focus on sustainable and ethical working practices, the emphasis on being able to remotely manage and support systems has come to the fore, particularly in the last two years as COVID-19 made on-site maintenance and upgrade visits that much tougher to undertake.
NW Security responded to this by beefing up its helpdesk support team during the pandemic so that it is able to monitor, manage and upgrade security systems for all of its clients remotely, mostly without setting foot on its customers’ premises. The resulting reduction in business travel adds to efficiencies and cost savings for the customer, while reducing carbon emissions, thereby improving the overall sustainability aspects of systems for customers.
The pandemic has acted as an accelerant for two trends: both the demand for remote support services and management of operations from separate locations. Many organisations now use cameras as a key tool to manage their multi-site operations. For example, during the pandemic London City Airport decided that, rather than upgrading its onsite air traffic control tower, it would instead revert to building a remote digital control tower to find greater efficiencies.
So, today all flights into and out of London City Airport in London’s Docklands are guided in to land or take off by air traffic controllers based 115km away at NATS’ air traffic control centre in Swanwick, Hampshire using an ‘enhanced reality’ view supplied by a state-of-the-art 50m digital control tower bristling with high specification network cameras and other equipment.
In today’s world more questions should be asked. How mature are your security installers’ support capabilities? Are they geared to helping you buy well and maintain systems remotely and cost effectively, supporting you to extend the life of your CCTV systems?
As we all try to rethink the way we work post-COVID, it’s worth considering not only building, but working out how to maintain, your security systems for the longer term – keeping them cyber secure in the process and by doing so, extending their life longer into the future, all driven by our shared responsibility for sustainability.Let us help you with lifecycle management