by Michael Cataletto, Chief Technology Officer
As municipal districts continue to integrate evolving video security systems, they require a reliable and secure network to protect their sensitive information. Knowing what threats can affect a municipal network and how to prevent them can save a municipality thousands of dollars in potential damage. Below are the primary threat vectors that can affect your video network.
1. Standard Ransomware Attack: Here, the attackers are attempting to get control of the video network or video data and hold the network/data, hostage, for their own financial gain.
2. Network Disablement Attack: There are multiple reasons behind these kinds of attacks, ranging from financial gain and political motivations to terrorism. Additionally, cameras can be hijacked to perform malicious attacks on their networks.
3. Hacktivists: With the goal of wanting to gain access to confidential video files and make them public without following the proper FOIA (Freedom of Information Act) regulations or are angrily backlashing due to their FOIA requests being denied due to various reasons.
4. Criminals Demanding Access: This applies to those attempting to gain access to municipal video footage in an effort to aid their criminal enterprises. These hackers strive to create havoc or even the destruction of video to hide evidence of a crime i.e., bank robbers who hack into the police department’s video cameras, so they know the location of the police vehicles in the area, lockdown all of the doors at a city hall, delete video from police department servers, etc.
5. Denial-of-Wallet: The final and newest threat vector is where the attackers flood the cloud-based video management servers with frivolous data to run up the cloud services bills, with the intent of making the municipality pay an extortion fee to stop the attacks.
As if the above-listed threats are not enough to be aware of, an additional challenge for managers of video surveillance networks is those presented by the documentation and procedures of Chain-of-Custody. NIST defines Chain-of-Custody as “A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer” (Chain of Custody, Computer Security Resource Center, National Institute of Standards and Technology). Chain-of-Custody is vital, especially in court cases where video or any data from the video management system is being utilized in a criminal or judicial case. As such, ensuring that all video or other data is securely recorded, transferred, and then presented to the court with documented proof that neither the video nor other data have been tampered with is crucial.
As each year passes, these types of attacks have become more and more prevalent. In 2022, an Iranian hacker group successfully penetrated Israel’s defense department camera system collecting and them publishing numerous videos of secret DOD facilities like the video published on YouTube of a previously secret Israeli arms facility (Horovitz, 2022). In a similar attack but with a different intent, over 70% of Washington DC’s police surveillance cameras became rendered useless via a ransomware attack just before President Trump’s inauguration (Pascu, 2017).
With the rise of vector attacks across all industries, it is imperative to have solutions in place to protect against them. Municipalities need to ensure they are equipped with a powerful, future-proof network customized to their environment, and prepared to defend against vector threats. Scientel offers a myriad of networking and lifecycle management solutions that can ensure network safety, functionality, and security for local and state municipalities.