Interoperability brings convenience… and its own security risks
May 8, 2020
Print this page
May 8, 2020 – Critical infrastructure (CI) buildings, such as schools, hospitals, government buildings, utility buildings, airports and first responder stations, are essential threads that are woven into the tapestry of a smart city. Smart cities are growing exponentially as their benefits are helping us tackle challenges around community mobility and population growth, safety and security, public and environmental health and more.
Henceforth, every building will either be retrofitted or built with connections to an on-site management system or an offsite cloud-based management system known as Building Automation Systems. BAS comes with the convergence of IoT devices, big data and improved connectivity to deliver operational insights.
This means interoperability is crucial to the life of smart buildings that require open architecture systems that can be more easily integrated with each other and widely adapted. It helps to have all technology components working together instead of competing—IT and surveillance systems can easily be added after-the-fact when you have network Internet Protocol (IP).
Interoperability in CI buildings
When CI building systems are not siloed, but working together, there’s ease of management and more accessibility among different groups and departments, leading to an overall better user experience. Systems become more scalable, less rigid and there’s an ability to tailor these systems to the building’s needs and use cases. Systems in one building can work across a series of buildings, so information and data can easily be shared, i.e. workers in a city building working with the police, who are working with a health agency residing in another building, etc. As a matter of fact, Ontario was the first in Canada to receive province-wide data sharing for broader public sector and large private buildings.
Full interoperability means taking surveillance and security devices and having them integrate with non-security applications, so that CI building users can get a lot more functionality from their IoT devices. It’s essential for edge-based devices such as IP cameras to be able to integrate easily into “together systems” such as IT, building automation, smart lighting systems, fire, access control and HVAC systems. Video analytics surveillance is critical for improving interoperability that meets the requirements of CI buildings and should also address regional needs, existing infrastructure, cost verses benefit and sustainability.
There are two categories for implementing video analytics in a smart building setting: centralized and distributed. A centralized architecture setting allows cameras and sensors in the network to collect video and other information, and then convey it to a centralized server for analysis. The early days of video analytics applications in analog video networks followed this type of setup of processing the video stream.
It’s quite a laborious task that requires fetching all the recordings from all the cameras and transferring them manually to one central processing device, which clogs up the network and servers. Modern technology now allows for distributed architectures with clever edge devices (network cameras and video encoders) that are built to process the video data and extract relevant CI buildings information themselves.
The many benefits
Surveillance interoperability through distributed architecture allows your surveillance solution to scale with your CI building. It considers proper planning, includes all necessary stakeholders and edge devices and can be better leveraged to achieve the goals of the application.
An architecture that is scalable, cost-effective and flexible is supported by the concept of “intelligence at the edge or edge computing” where bandwidth usage is lessened—since the cameras can detect and transfer only meaningful, useful data, or data that requires further analysis, investigation or action (for example, detecting an object that is obstructing a fire exit door or even applications where using video is now possible to detect smoke as an early warning detector that supplements the fire detection system) and what can be deleted or kept for future reporting. Another example is camera data that captures times of the day where a building has a higher percentage of occupancy to make changes to staffing, lighting levels and HVAC systems.
This easier video navigation reduces cost and network complexity, eliminates the drawbacks of a centralized architecture and increases overall ROI. The result is servers that can now handle hundreds of video streams if some of the work is done in the cameras.
CI smart buildings coexist with smart cyber threats
Critical infrastructure smart buildings are an increasing target in cybersecurity threats and attack vectors. From Malware, Phishing, Man-in-the-middle (MitM), Distributed-denial-of-service (DDos) attack, Structured Query Language (SQL)-injection, Advanced Persistent Threat (APT) and more, these attacks are a reality that all smart buildings may come up against sooner or later and they all intend to cause harm, very slow response times, data theft and complete shutdowns.
Now more than ever, security/surveillance teams need to work more cohesively with a building’s IT department. There are often assumptions made that a matter of cybersecurity pertains specifically to IT. However, this is something that affects everybody and it’s important that all CI building stakeholders are more “cyber aware”.
As one of the 2019 top smart buildings trends, Frost & Sullivan report that digitizing buildings is a major current trend, however this trend comes with new security issues. It is for this reason, the market for information technology (IT)/operation technology (OT) security services in smart buildings is predicted to hit $897 million by 2022, reaching a record compound annual growth rate of 37 per cent, the report found.
With building systems such as lighting, HVAC, audio, communications and safety/surveillance systems like access control all moving to IP architectures, we are faced with new challenges and concerns that need to be considered and met with best practices to harden these systems and make them cyber-secure.
When it comes to network surveillance cameras, aside from physical sabotage, vandalism and tampering, from an IT/network perspective, the camera is a network endpoint like business laptops, desktops and mobile devices. Unlike a business laptop, a network camera is not exposed to the common threat of users visiting potentially harmful websites, opening malicious email attachments, or installing untrusted applications.
However, the camera is a network device with an interface that may expose the system to risks. In this case, it is not recommended to expose the camera to a public server, allowing unknowns to get network access to it. For individuals and smaller facilities that do not operate as Video Management System (VMS) and need to access video from remote locations, there are software options available that provide an easy way to access video in a more secure way without exposing the camera to the Internet.
In a VMS environment, the clients will always access live and recorded video through the VMS server. Placing the VMS server and cameras on an isolated network, through physical or virtual isolation, is a common and recommended measure to reduce exposure and risks.
Scalability and flexibility underpin the future proofing of any building IoT surveillance system. There are a few best practices that contribute to effective and sustainable systems: involving all stakeholders so that expectations are set, including IT, evaluating and testing the solution, having a cybersecurity policy and working with manufacturers that are active in updating their platforms often.
Using proprietary or locked-in systems can be risky, plus requires more specialized skillsets and dependency on others to configure them. Be wary of larger end users that are trying to have more ownership of the systems they procure. Work with reputable suppliers and manufacturers that foster backwards compatibility to legacy systems, can help put a migration path in place and that have open standards, versus closed proprietary protocols and systems that may be difficult to support long term. This will likely improve the success and longevity of the systems.
About the author…
Gavin Daly manages the Professional Service Group (PSG) at Axis Communications, Inc., providing technical expertise and personalized advice for both internal and external customers. Gavin’s industry insight and experience provides value and practical expertise to ensure customers achieve full realization of their surveillance needs. All photos courtesy Axis Communications.
This article—along with other great content—appears in the April 2020 edition of Buildings IoT Canada Magazine.