AV Cybersecurity – New threats require new strategies
Benson Chan, Senior Consultant at Strategy of Things, looks ahead to Integrated Systems Europe in Amsterdam and explains how the rise of new connected audio-visual technologies should signal the start of a new cybersecurity strategy. The convergence of audio-visual (AV) with information technology (IT) has sparked an innovation arms race in the development of new AV systems. Building on the foundation of network connectivity, AV vendors are integrating cloud, artificial intelligence (AI) and Internet of Things (IoT) technologies into their systems. “Smart” AV offerings in the market today include smart digital signage, voice controlled smart speakers, AI based video security platforms and AV automation systems. Given the disruptive value provided, it is no surprise that these types of smart systems are a fast-growing part of the corporate and enterprise technology infrastructure portfolio. While they provide significant value over traditional systems, they also bring increased security and privacy challenges. Some examples include:
- Voice control makes it intuitive to operate and manage AV systems. However, today's voice control technologies do not distinguish whether the command is coming from an authorized person or not. This “gap” allows anyone who has access to the voice device to control the system, and must be taken into consideration.
- In recent years there have been cases of security breaches with audio and video devices. Devices, such as smart TVs and video cameras can be susceptible to hackers.
- Many AV platforms incorporate a cloud component for remote access and management, content streaming, and storage of system configurations and content. In 2017, a British Broadcasting Company (BBC) journalist signing into his online collaboration service was able to access another company's private files.
Many AV vendors and integrators are experiencing difficulties in effectively dealing with cybersecurity risks that come with these new “smart” systems. There are several reasons for this, including:
- Network and “smart” technologies are new to them. These companies are experts at AV. While AV-IT convergence may have driven them to learn IT and IoT, many vendors still have not yet developed fluency in these technologies. Instead, many vendors outsource the IT and IoT portions to suppliers for design, manufacturing and integration.
- Cybersecurity is hard. It is a very specialised field. It is also a continuously evolving one as new vulnerabilities and threats emerge daily. The integration of IoT technologies into AV creates a whole new class of vulnerabilities that have yet to be discovered.
- Limited inhouse cybersecurity resources and expertise. Most of the cybersecurity experts are found within the IT and security firms, rather than AV companies.
- Use of IT-centric cybersecurity frameworks. While today's AV and IoT systems and platforms are networked devices, they are not IT devices. When connected to the network, they don't work like IT devices. They interact with each other and the network differently.
Networked and smart AV systems can bring great disruptive value for enterprise and corporate buyers. However, this value is undermined by increased cybersecurity risks. To extract the maximum value from these systems, IT and AV managers must work together to build confidence in these technologies within the corporate network. This collaboration can be achieved in a number of ways:
- Establish a single point of accountability for AV cybersecurity. In many corporate environments, AV and IT are still separate organizations responsible for their respective systems. IoT technologies can fall into a “no man's land” with no single organisation that is responsible for it. In a network, AV cybersecurity vulnerabilities don't fall into neat organisational boundaries. Hackers look for any point of entry, whether it is on the AV, IoT or IT side. AV cybersecurity is not AV's problem, or IT's problem. It's everyone's problem.
- Establish the enterprise's level of risk tolerance for AV cybersecurity. Similarly, with IT systems, the level of tolerance will determine your policies, what systems you allow into the network, and how much network access you allow these systems to have.
- Develop an AV centric cybersecurity strategy and framework. Managers must first fully understand how smart AV systems perform in a corporate network. From there, they tailor existing IT security frameworks and policies, as appropriate, for AV. Where there are gaps, managers must develop new models to address those needs.
- Develop an internal AV cybersecurity certification program. This consists of training for internal AV and IT managers, and audit programs for people and systems compliance. In addition, the program must define a cybersecurity verification process for new systems and solutions, as part of the procurement process, and be integrated into the corporate network.
- Augment the AV cybersecurity capabilities with outside consultants and services providers. This is particularly important for emerging technologies as IoT, where internal knowledge is extremely limited.
- Collaborate with AV vendors to proactively accelerate their cybersecurity knowledge. Vendors can have limited experience, and cybersecurity is too important to let them figure it out on their own. Enterprise buyers work strategically with vendors in many ways. This may range from information sharing, testing of engineering models in a sandbox network environment, or even as far as joint development of new solutions.
A new generation of AV systems is coming to market. Powered by such emerging technologies as IoT and AI, these systems promised to bring disruptive change. At the same time, these systems pose significant cybersecurity risks. Corporate buyers must be proactive and implement new initiatives to mitigate those risks, and a visit to Integrated Systems Europe (6-9 February 2018, RAI, Amsterdam) is the best place to start. This annual European flagship event for the AV industry features over 1200 exhibitors, demonstrating IOT-connected products for enterprise managers wishing to embrace smart building technologies, integrated systems, AI, and AV solutions in a secure manner. In addition, an extensive seminar and conference programme throughout the show features thought leaders presenting use cases, market research and best practice. Registration for ISE 2018 is now open, just visit: https://www.iseurope.org/. Additional information is available from: Stefanie Hanel, Director of Marketing, Integrated Systems Events: email@example.com. About Integrated Systems Europe: Launched in 2004, ISE is the world's largest tradeshow for the professional AV and electronic systems industry. ISE 2018 will take place from 6-9 February 2018, and is expected to draw over 1,200 exhibitors and more than 75,000 registered attendees to its Amsterdam RAI location. The event is a joint venture of the Custom Electronic Design and Installation Association (CEDIA) and AVIXA®. For further information, please visit: www.iseurope.org. About Benson Chan Benson Chan has over 25 years of scaling innovative businesses and bringing innovations to market for Fortune 500 and start-up companies. With deep experience in strategy, business development, marketing, product management, engineering and operations management, Benson uses a systems approach to consistently deliver results that matter for clients. He is a recognized domain expert and thought leader in networking, cloud, enterprise IT, Internet of Things (IoT), innovation management, business model innovation, and go-to-market. Benson has held project, management and executive positions in innovation-driven organizations, including NASA, Hughes Aircraft Company, PricewaterhouseCoopers, Cisco and Pakedge. More information at www.strategyofthings.io.