Tag Archives: Cyber Protection

Blog

Washington DC City Officials- Surveillance Cameras were Hit by Ransomware

Tyco Security Products Cyber Protection Program

The Washington Post reported that Washington DC City officials were hit by ransomware that, between Jan. 12 and Jan. 15, left the police cameras unable to record events. The cyberattack affected 123 of 187 cameras network video recorders deployed in a closed circuit TV system for public spaces across the city, the officials said late Friday in disclosing the event.

We encourage all of Tyco Security Products customers to take cybersecurity seriously and highly recommend implementing validated backup and restoration processes. Ensuring that our products have comprehensive capabilities required for a resilient operation is one part of our Six Part Approach to Cyber Protection of Physical Security Products. Read about it and other cybersecurity best practices on our Cyber Protection webpage and sign up to receive cybersecurity advisories.

Blog

80% of IoT apps not tested for vulnerabilities, report says

Tyco Security Products Cyber Protection Program

A new report from the Ponemon Institute, IBM, and Arxan claims that just 20% of IoT apps are actually tested for vulnerabilities.  In addition 46% were sure their organization experienced a breach due to an insecure IoT app. We encourage all of Tyco Security Products customers to take cyber-security seriously. That is why we have developed a Six Part Approach to Cyber Protection of Physical Security Products which includes on-going rigorous testing. Read about it and other cyber-security best practices on our Cyber Protection webpage and sign up to receive cyber-security advisories.

Blog

Cyber Security in the News

Cyber security breaches aren’t limited to high profile incidents such as credit card information theft from retail companies or personal information theft from government organizations. As recently reported by Reuters, ThyssenKrupp AG (TKAG.DE) was subject to various cyber attacks in their steel production and manufacturing plant design divisions earlier this year, resulting in loss of technical trade secrets and project data (http://www.reuters.com/article/us-thyssenkrupp-cyber-idUSKBN13X0VW) .

cyber protection

The gravity of these incidents serve as a reminder of the importance of Cyber Security.  To help better protect your organization from similar attacks, Tyco Security Products has developed a Six Part Approach to Cyber Protection of Physical Security Products. Read about cyber security best practices for physical security on our Cyber Protection webpage and sign up to receive cyber security advisories.

Blog

Competing hackers dampen the power of Mirai botnets

In a recent article published by PC World, the malware behind last month’s distributed denial-of-service attacks is losing its potency as hackers compete for control of IoT devices. As we reported in a recent Tyco Security Products Security Advisory, be sure to disable remote access if it’s not critical, change the password to a complex password, and reboot the device.  Be sure to complete these steps in this order rather than reboot it first – as this article states, competing hackers are quickly re-infecting the devices, sometimes within 30 seconds of the device being rebooted and going back online.  (Read the Article)

Cyber Security

Sign up to receive Tyco Security Products Cyber Security Advisories and read about other cyber security best practices on our Cyber Protection webpage.

Blog

Many Cyber Attacks Are Preventable

In a recent article published by eSecurity Planet, 43 percent of IT professionals admit that cyber-attacks could be prevented with better policies around potential vulnerabilities such as weak passwords; 58 percent prioritize heightened capabilities in perimeter-based controls such as ensuring that devices are properly configured and are running the most up-to-date software. (Read the Article)

cyber awareness

Tyco Security Products has developed a Six Part Approach to Cyber Protection of Physical Security Products. Read about it and other cyber security best practices on our Cyber Protection webpage and sign up to receive cyber security advisories.

Blog

Cyber Protection Program – Security Features

What Comes After Device Hardening?

It’s common knowledge that encrypted communication and other device hardening features are necessary for cybersecurity, but it’s vitally important to think beyond hardening.  Now that the security industry has adopted IP technology, manufacturers and integrators must consider not only the security operator’s needs, but also those of the IT manager.

An unsecured device can be the target of a cyber attack that might affect the entire network. While IT managers in government agencies, utilities, transportation, retail operations and financial enterprises are most acutely aware of the dire consequences of a successful hack, IT managers in all sectors are demanding security measures that go well beyond hardening before accepting devices onto their networks.

Here are four features that Tyco Security Products offers to achieve network acceptance for our Software House C•CURE 9000 Access Control Systems and American Dynamics victor Unified Video Management Systems that incorporate iSTAR controllers:

 

  1. Archive and Failover featuresto ensure continual operation and fast recovery

 

  1. LDAP Support to manage credentials.

 

  1. FIPS 140-2, Level 2, end-to-end validated encryption

 

  1. Network Storm Protection that ensures an iSTAR controller continues to operate during a denial of service attack.

 

Not every industry or enterprise requires the same security features for network acceptance. Our application specialists are available to advise which features are relevant to a specific application.

Learn more about our Cyber Protection Program and how we’re working to protect our physical security products from attacks, damage, disruptions and misuse.

Blog

Responding Rapidly to Security Vulnerabilities

While hardening is important, it does not guarantee that the device you install today will be secure tomorrow. Potential problems can lie dormant for years and then provide easy access for hackers when uncovered. For example, Shellshock was actually introduced as a product feature in 1989. Its vulnerability existed undetected in numerous products — including “hardened” versions of Linux and Unix operating systems — for 25 years. But within a single day of the vulnerability announcement in 2014, hackers reportedly were taking advantage of this critical bug.

At Tyco Security Products, we understand that a vulnerability discovered in one of our security products could potentially put your entire business at risk. That’s why we’ve put a team and process in place designed to deliver a fast, actionable response to help protect your investments from harm.

Our Cyber Protection Team continuously monitors for vulnerabilities using multiple resources. When a new bug is discovered, the Cyber Protection Team and key product engineers work quickly to tackle and resolve security concerns before they become critical to your operation.

This dedicated response enables us to create a security advisory, typically within 24 hours. The notification includes information about which products are vulnerable along with mitigation steps. It also lists products that we have confirmed are not vulnerable for greater peace of mind.

In the case of significant vulnerabilities, advisories are updated as needed until the issues are resolved. Quality engineers ensure that software patches are fully tested and validated. While we cannot predict how long it will take to resolve an issue, it took the team just two weeks to deliver patches for ShellShock and Heartbleed, both critical vulnerabilities.

BugHeart

Learn more about our Cyber Protection Program and how we’re working to protect our physical security products from attacks, damages, disruptions and misuse. You can also sign up to receive security advisories.

Blog

Cybersecurity Acronyms

As with any industry, there are a slew of acronyms that are used. Cybersecurity is no different. To completely understand the standards and best practices for cybersecurity, you must understand the various groups and terminology being used.

Tyco Security Products Cyber Protection Program

Developed over five years from providing critical solutions to the U.S. Government and other multi-national customers, Tyco Security Products Cyber Protection Program is one of the first in the industry to offer a holistic, six-part approach to cyber security for physical security products. We have effectively worked with government agencies to meet the appropriate standards and validations. Below is an explanation of many of the various cyber security groups and common terminology used.

FIPS

Federal information Processing Standards (FIPS) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with agencies.

Having a FIPS validation ensures that encryption completed properly. Test results are validated by the United States National Institute of Standards and Technology (NIST), yet another acronym.

FISMA

The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against threats.  View the Tyco Security Products FISMA-ready configuration guidelines. These guidelines apply to Software House CCURE 9000 and American Dynamics victor video management system (VMS) software and VideoEdge network video recorders.

NERC

The North American Electric Reliabilty Corporation (NERC) is a non-profit organization that works with all stakeholders to develop standards for power system operation, monitoring and enforcing compliance with those standards.

NERC CIP

NERC Critical Infrastructure Protection (CIP) is 9 standards and 45 requirements covering the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning. View the Tyco NERC-CIP V5 ready configuration guidelines for Software House CCURE and iStar.

DISA

The Defense Information Systems Agency (DISA) is a United States Department of Defense (DoD) agency that provides information technology (IT) and communications support to any individual or system contributing to the defense of the United States.

SRG

Security Requirement Guide (SRG) is compilation of singular, actionable statements that comprise a security control or security best. An SRG is used by DISA field security operations and vendor guide developers to build security technical implementation guides (STIGs). I know we cannot stop with the acronyms. A STIG is a guide for implementing IT systems within the DoD. View the Tyco DISA security requirements for VideoEdge using the General Purpose Operating System SRG.

SANS

System Administration Networking and Security (SANS) released Top 20 security vulnerabilities. These are security controls for protecting a network. VideoEdge and victor have been designed and have had the necessary features implemented to assist our installers and users with configuring their networks in the manner they need to implement the SANS controls they elect.

Learn more about our cyber protection program.