4.6 roll out - cybersecurity

Company Confidential

Cybersecurity

Company Confidential

Turkish Pipeline (2008)

Company Confidential

An example

Company Confidential

The problem with securing the device alone

Company Confidential

Virus: malicious code written exploit vulnerable devices

Bug (vulnerability): a flaw in the software code that allows an attacker to exploit the device

Immediately made millions of devices vulnerable.

ShellShock existed, undetected, for 25 years

Cyber-Lingo

The Consequences

Company Confidential

Botnet searches started within hours of the announcement

Tyco Proprietary and Confidential Information

“Fix your device, or its off our network!”

630,000 recorded in the first two weeksUp to 1,970 attacks per hour

Cyber-LingoBotnet: A collection of infected computers being controlled by a single hacker without the owners knowledge

Tyco Proprietary and Confidential Information

Our Philosophy

Provide unified cybersecurity security solutions within our physical security solutions that contain the latest, time-tested security technology complementary to the capabilities of our clients and supported for the life of the solution.

Provide the dedication and accountability necessary for the ever-changing field of cybersecurity, provide the documentation and training necessary for our integrators succeed, and as new threats arise and new vulnerabilities are found, continue to provide sound resolutions and timely responses.

Our Product Mission:

Our Service Mission:

Requirements

Design

ImplementationTesting

Deployment

Security TeamCertifications

DocumentationDenial of Service

Vulnerability Testing

Design ValidationDeveloper Guidelines

Vulnerability MonitoringFeature Enhancements

Third Party Testing

Source Code ControlSecurity Bug Tracking

Dedicated Security Team and Process

Security Requirements

Security is not an afterthought.

Approval Required

Alert Assessment Resolution Validation Advisory

Severity: 0 – Not affected1 – Affected, but not exploitable2 – Affected and exploitable

Security • Development • Quality AssuranceCross-Functional Cyber-Response Team

Advisory typically generated and distributed the same day of announcement

December 2014: Federal Information System Modernization Act

Used by most non-DoD installations

Cloud-based applications

*Being phased out for DIARMF

NIST Special Publication 800-53

DoD installations and contractors

A system or application that reside on U.S. government networks or have government-owned data must undergo a formal security assessment before being authorized to operate

The Law

Assessment MethodFISMA Overview

FISMA-Ready Program

Tyco Proprietary and Confidential Information

C•CURE 9000FISMA-Ready since v2.3

victorFISMA-Ready since v4.5

VideoEdgeFISMA-Ready in v4.6

NIST Risk Management Framework

FISMA-Ready Whitepapers describe how applicable controls from NIST special publication 800-53 can be met

Company Confidential

Security Comes Standard

Technical Security Features • Cameras command and control uses SSL/TLS • iSTARs and C•CURE are FIPS certified

Dedicated Security Team• Security advisories and support

Works with existing IT infrastructure• No additional hardware or software required

Customizable to meet specific needs• Use only the features needed

Questions

William L Brown Jr. Sr. Engineering Manager

Regulatory and Product Security

willbrown@tycoint.com