4.6 roll out - cybersecurity
TRANSCRIPT
![Page 1: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/1.jpg)
Company Confidential
Cybersecurity
Company Confidential
![Page 2: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/2.jpg)
Turkish Pipeline (2008)
Company Confidential
![Page 3: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/3.jpg)
An example
Company Confidential
![Page 4: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/4.jpg)
The problem with securing the device alone
Company Confidential
Virus: malicious code written exploit vulnerable devices
Bug (vulnerability): a flaw in the software code that allows an attacker to exploit the device
Immediately made millions of devices vulnerable.
ShellShock existed, undetected, for 25 years
Cyber-Lingo
![Page 5: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/5.jpg)
The Consequences
Company Confidential
Botnet searches started within hours of the announcement
Tyco Proprietary and Confidential Information
“Fix your device, or its off our network!”
630,000 recorded in the first two weeksUp to 1,970 attacks per hour
Cyber-LingoBotnet: A collection of infected computers being controlled by a single hacker without the owners knowledge
![Page 6: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/6.jpg)
Tyco Proprietary and Confidential Information
Our Philosophy
Provide unified cybersecurity security solutions within our physical security solutions that contain the latest, time-tested security technology complementary to the capabilities of our clients and supported for the life of the solution.
Provide the dedication and accountability necessary for the ever-changing field of cybersecurity, provide the documentation and training necessary for our integrators succeed, and as new threats arise and new vulnerabilities are found, continue to provide sound resolutions and timely responses.
Our Product Mission:
Our Service Mission:
![Page 7: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/7.jpg)
Requirements
Design
ImplementationTesting
Deployment
Security TeamCertifications
DocumentationDenial of Service
Vulnerability Testing
Design ValidationDeveloper Guidelines
Vulnerability MonitoringFeature Enhancements
Third Party Testing
Source Code ControlSecurity Bug Tracking
Dedicated Security Team and Process
Security Requirements
Security is not an afterthought.
Approval Required
![Page 8: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/8.jpg)
Alert Assessment Resolution Validation Advisory
Severity: 0 – Not affected1 – Affected, but not exploitable2 – Affected and exploitable
Security • Development • Quality AssuranceCross-Functional Cyber-Response Team
Advisory typically generated and distributed the same day of announcement
![Page 9: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/9.jpg)
December 2014: Federal Information System Modernization Act
Used by most non-DoD installations
Cloud-based applications
*Being phased out for DIARMF
NIST Special Publication 800-53
DoD installations and contractors
A system or application that reside on U.S. government networks or have government-owned data must undergo a formal security assessment before being authorized to operate
The Law
Assessment MethodFISMA Overview
![Page 10: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/10.jpg)
FISMA-Ready Program
Tyco Proprietary and Confidential Information
C•CURE 9000FISMA-Ready since v2.3
victorFISMA-Ready since v4.5
VideoEdgeFISMA-Ready in v4.6
NIST Risk Management Framework
FISMA-Ready Whitepapers describe how applicable controls from NIST special publication 800-53 can be met
![Page 11: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/11.jpg)
Company Confidential
Security Comes Standard
Technical Security Features • Cameras command and control uses SSL/TLS • iSTARs and C•CURE are FIPS certified
Dedicated Security Team• Security advisories and support
Works with existing IT infrastructure• No additional hardware or software required
Customizable to meet specific needs• Use only the features needed
![Page 12: 4.6 Roll Out - Cybersecurity](https://reader034.vdocuments.mx/reader034/viewer/2022052509/55c3cd5fbb61eb015d8b4853/html5/thumbnails/12.jpg)
Questions
William L Brown Jr. Sr. Engineering Manager
Regulatory and Product Security