Mar 17, 2021
By Sarah Czarnowski

Stolen Camera Feeds and a Single Source of Truth

Network-connected cameras help ensure safety and security by monitoring activity in schools, jails, hospitals, police stations, businesses, and industrial environments. Cameras are also becoming more common in the home, monitoring doors, windows, family members, and even pets. However, if the video feeds from your cameras are observed by unauthorized personnel, there can be serious implications, including legal liabilities to your business. When outsiders can see sensitive locations like hospitals and schools, it doesn’t instill a lot of confidence in your cameras—and it might even negatively impact your reputation.

A Real-World Incident

Several news outlets dubbed the most recent hack as the Verkada security breach. During this incident, hackers gained access to thousands of video feeds through administrator accounts using valid credentials found online. When unauthorized access to your cameras is achieved using exposed or stolen credentials, it can be difficult for your security tools to generate security alerts because the activity may look like normal camera use.

One victim of the incident said, “As soon as we were notified of the breach, we proceeded to shut down the cameras in all our office locations to prevent further access.” That’s a wise approach. But did they shut down every single camera? Did they have the full context of all their cameras? Did they know the location, the camera software version, and the name of the authorized owner that performs maintenance on these cameras?

How could they be sure?

Remediating Issues Quickly

No level of investment in security tools provides 100% protection against your cameras being hijacked. The Verkada breach is evidence of this. While it is vital to remain vigilant about who is accessing your camera feed, what’s more important is remediating an issue as fast as possible and understanding the implications of the response. Does unplugging your cameras that are monitoring your production environment or the highest security area in a jail do more harm than good? That’s where knowing what your cameras are doing, where they’re located, and the full context of their operation is so important.

Without a trusted inventory of all cameras, connected or not, remediation gets to be overly complicated. This is because without a single source of truth, it can be difficult for you to have accurate details about your cameras so you can remediate issues quickly. What if there are rogue or unknown cameras that were installed with good intentions, but only one person is aware of their operation? That’s just one example of why you need the full context regarding your cameras to make sure your response does not end up harming your business operations.

Once you have a single source of truth, you need to be able to quickly dispatch authorized personnel to correct the camera. Armed with all the relevant information, you’ll know the device owner and whether the camera is in a critical location such as an intensive care unit or a secure area, so you can prioritize and orchestrate the correct authorized response to the threat.

OT Security in Nuvolo Connected Workplace

The OT Security solution in Nuvolo Connected Workplace enables you to have a single source of truth for all your cameras—both on or off the network. It does this with a cloud-based inventory for all your assets, equipment, and devices. With Connected Workplace, you’ll be able to confirm device inventory with a contextual view, including profile, business context, and device history.