In my last CI article, we reviewed cyber threats and vulnerabilities in AV systems. Many of the known vulnerabilities, or “vulns” can be fixed with a firmware upgrade, securing your network, and/or enabling passwords; but what else can AV manufacturers, consultants, and integrators do to achieve secure AV systems?
One thing that can be done is to adopt a secure mindset from the get-go when designing secure AV systems, keeping the following design principles in mind.
These principles were outlined by Jerome H. Saltzer and Michael D. Schroeder in an IEEE paper way back in 1975. We will apply those secure design principals to AV systems here.
Economy of mechanism
Keep designs simple, which also means keeping your programming code as small as possible, making it easier to test and analyze. Simpler design means that less can go wrong.
The default access to a resource should be no access. A good example of something that violates this principle is a wireless router that does not require a password and/or encrypt the traffic by default.
This means every access to a resource is checked against the access control mechanism, every time, and all attempts to bypass security are prevented.
“Security by obscurity” does not work. Adapt an open-source attitude so your security does not depend on secrecy. Code and designs should be open for scrutiny by your community. It’s much better to have a friend or colleague find an error, then it is to wait for a bad actor to discover it
Separation of privilege
Access to rooms, systems, or files should depend on more than one condition. If someone gains access to the AV rack, can they simply access the components using a console cable? Or did you go a step further, and enable passwords, as well as encryption of those passwords?
Users (and programs) should only be given the minimum access rights to complete their tasks. The default access should be none, and then access should be granted as needed, on an individual basis, or based on well-defined roles within the organization. Temporary access can also be granted.
Least common mechanism
This means that one should minimize the amount of mechanisms and/or equipment that is used by more than one user. A good example of this would be a “room PC” in a training room used by multiple instructors. Does each instructor log in with their own credentials?
Psychological acceptability, a.k.a. ease of use
Users will avoid security measures that get in the way of convenience. A physical analogy would be a dead bolt that requires a key on both the outside and the inside. Some people won’t bother locking it from the inside, especially if their key gets stuck in the lock.
Other best practices like layering, isolation, encapsulation, modularity, and auditability should also be kept in mind.