Embed Size (px)
Citation preview
Company Confidential
Cybersecurity
Company Confidential
Turkish Pipeline (2008)
Company Confidential
An example
Company Confidential
The problem with securing the device alone
Company Confidential
Virus: malicious code written exploit vulnerable devices
Bug (vulnerability): a flaw in the software code that allows an attacker to exploit the device
Immediately made millions of devices vulnerable.
ShellShock existed, undetected, for 25 years
Cyber-Lingo
The Consequences
Company Confidential
Botnet searches started within hours of the announcement
Tyco Proprietary and Confidential Information
“Fix your device, or its off our network!”
630,000 recorded in the first two weeksUp to 1,970 attacks per hour
Cyber-LingoBotnet: A collection of infected computers being controlled by a single hacker without the owners knowledge
Tyco Proprietary and Confidential Information
Our Philosophy
Provide unified cybersecurity security solutions within our physical security solutions that contain the latest, time-tested security technology complementary to the capabilities of our clients and supported for the life of the solution.
Provide the dedication and accountability necessary for the ever-changing field of cybersecurity, provide the documentation and training necessary for our integrators succeed, and as new threats arise and new vulnerabilities are found, continue to provide sound resolutions and timely responses.
Our Product Mission:
Our Service Mission:
Requirements
Design
ImplementationTesting
Deployment
Security TeamCertifications
DocumentationDenial of Service
Vulnerability Testing
Design ValidationDeveloper Guidelines
Vulnerability MonitoringFeature Enhancements
Third Party Testing
Source Code ControlSecurity Bug Tracking
Dedicated Security Team and Process
Security Requirements
Security is not an afterthought.
Approval Required
Alert Assessment Resolution Validation Advisory
Severity: 0 – Not affected1 – Affected, but not exploitable2 – Affected and exploitable
Security • Development • Quality AssuranceCross-Functional Cyber-Response Team
Advisory typically generated and distributed the same day of announcement
December 2014: Federal Information System Modernization Act
Used by most non-DoD installations
Cloud-based applications
*Being phased out for DIARMF
NIST Special Publication 800-53
DoD installations and contractors
A system or application that reside on U.S. government networks or have government-owned data must undergo a formal security assessment before being authorized to operate
The Law
Assessment MethodFISMA Overview
FISMA-Ready Program
Tyco Proprietary and Confidential Information
C•CURE 9000FISMA-Ready since v2.3
victorFISMA-Ready since v4.5
VideoEdgeFISMA-Ready in v4.6
NIST Risk Management Framework
FISMA-Ready Whitepapers describe how applicable controls from NIST special publication 800-53 can be met
Company Confidential
Security Comes Standard
Technical Security Features • Cameras command and control uses SSL/TLS • iSTARs and C•CURE are FIPS certified
Dedicated Security Team• Security advisories and support
Works with existing IT infrastructure• No additional hardware or software required
Customizable to meet specific needs• Use only the features needed
Questions
William L Brown Jr. Sr. Engineering Manager
Regulatory and Product Security
