Integrate 2024 Panel Discussion & Key Takeaways

Hosted at the International Convention & Exhibition in Sydney, Integrate 2024 held a panel discussion focused on cybersecurity imperatives for the audio visual landscape, summarised as follows:

As the AV landscape becomes increasingly interconnected, the spectre of cybersecurity threats looms larger than ever. This panel discussion aims to demystify the complexities of cybersecurity and empower professionals with the knowledge to protect AV systems. From threat landscapes to preventive measures, our panellists will navigate the intricate intersection of cybersecurity and AV technology.

The panel included key representatives from the audio visual industry including Cisco, Biamp Systems, Harman, Pro AV Solutions, Axis Communications, and our very own Dean McFadden from UT Consulting. This blend of manufacturers, integrators, and consultants covered a broad swath of the cybersecurity and audio visual landscape. So, what were the key takeaways from the panel, and what are the tangible things you can implement to protect your organisation from a cyber attack?

In this article, we discuss the importance of cybersecurity and provide a high-level review of how you can secure your organisation’s audio visual infrastructure.

The Importance of Cybersecurity for your Audio Visual Systems

Recently, the Australian Government (advised by MediSecure) disclosed that approximately 12.9 million individuals may have had their personal and health information relating to prescriptions, as well as healthcare provider information, exposed by a cyber security attack (article).

Cybersecurity attacks have become more common and far more detrimental to the smooth functioning of your organisation than ever before. Organisations now have legal obligations to ensure they are protecting the private and personal information of their employees and customers.

Today, AV over IP deployments are now the norm. These deployments consume considerably more network resources and services than they have in the past. In addition, AV over IP devices are reliant on external services to provide conferencing capabilities, control, monitoring, and management. Because of the rise in these deployments, and their dependence on external services, they have become a substantial vector for a cyber attacks. As such, it is necessary for all audio visual deployments to consider and, where possible, minimise cyber security risks.

Panel Discussion Key Takeaways

Cyber security is a large and growing field of expertise. While one panel discussion cannot make anyone a cyber security expert, it can provide an overview of areas for considerations and help flag some critical items for future discussion.

During the panel there were several key takeaways for organisations to consider and some items which should be implemented to minimise the risk of a future cyber attack. Some of these takeaways are as follows:

Replace default login credentials with strong passwords.

Often devices are supplied with default login credentials for ease of setup. It is important that default login credentials like User: Admin / Password: Admin are replaced with robust and secure passwords. The Australian Signals Director provides an excellent guide for setting secure passwords.

Password Security Table
Credit via CyberPartners

Disable unsecured ports such as Telnet and HTTP.

Typically, all device ports are open on devices by default. To secure devices, all unsecure and unused ports need to be disabled to minimise points of vulnerability. Physical protection of devices should also be considered as many products offer local USB ports for maintenance purposes which can also be exploited.

Ensure any software backdoors are closed. 

Sometime programmers, and even vendors, may include backdoors in their code to allow for maintenance and remote support. These are basically an unmanaged user account that can be exploited. I am sure we all remember ‘1988’ and the Morris Worm. Backdoors may have been a great way to provide technical access 10 years ago but today it is not a recommended practice.

Ensure that AV devices have the latest firmware installed and are patched as required by the manufacturer.

AV systems typically consist of multiple components from several different vendors, with each vendor requiring a separate application or appliance to manage their devices on the network. This becomes cumbersome to deploy and is often omitted due to complexity and cost.

To mitigate this risk is to minimise the number of different vendors used in a system design, select vendors that provide enterprise based monitoring and management tools (these should include device discovery across multiple networks).  There are a few vendors that have incorporated monitoring of third-party products, which is great from a service management point of view, but it does not address the cybersecurity issue of managing firmware. It may be a while before we see a vendor agnostic solution in this space.

Deploy Audio Visual Systems on their own network.

While some deployments may be suited to a separate physical network, using VLANs to provide a logical separation is suitable. By using VLANs and deploying AV on a shared network, existing IT services can be leveraged to improve security and system functionality.

Use an Identity and Access Management (IAM) approach

A defined Identity and Access Management (IAM) approach allows organisations to manage the access of uses and to ensure that only authorised people can access administrator levels of control.  IT teams have a tool called Active Director (AD) to manage this. Devices permitting this should be implemented for all AV deployments.

The Importance of Cyber Security Training

Training was another topic that was raised by both the panel and the audience.  Cybersecurity is a specialist IT domain that requires extensive training and experience. This is generally not an option for most AV professionals, but there are a number of institutions offering free or cheap training. Options include Udemy, IT Masters (Charles Sturt University) even YouTube has almost unlimited content available to supplement your knowledge.

Defence in Depth

While the panel takeaways noted above may appear extensive, these are only the tip of the iceberg for protecting an organisation from a cyber attack. One of the fundamentals of cyber security is defence in depth.

At your organisation, your IT and Cyber security team will be working to an enterprise level plan that can provide this depth with the deployment of dedicated tools and practices which include port access control (802.1x), Intrusion Detection and Prevention Systems (IDPS), certificated based authentication, and vulnerability scanning of devices.

Audio Visual Consulting & Minimising Cyber Security Risks

One of the key things that was reiterated by the panel is a lack of cyber security education targeted for audio visual professionals and a lack of understanding of audio visual systems among IT professionals.

The lack of knowledge in this space makes it difficult for the AV and IT teams to have a clear discussion about risks and requirements, and provide the inputs necessary to develop an appropriate cybersecurity plan. These gaps within the cyber security industry extend beyond the organisation’s AV and IT teams to the manufacturer, distributor, consultant, and integrator.

The role of an Audio Visual Consultant has always been to interpret the technical aspect of devices to ensure that they provide the required functionality to support the user’s needs. The nature of this role places the AV Consultant in an ideal position to assist with the development of a cyber security plan or deployment approach in conjunction with an organisations IT and cyber security team.

However, this assumes the audio visual consultant has the cyber security knowledge to navigate these conversations. Often, the skills required to prepare actionable and effective cyber security plans involve specialise IT and cybersecurity expertise that is outside the audio visual consultants skillset.

As a specialist technology consulting organisation, UT Consulting has a team with a blended skill set including audio visual, information technology, and communications infrastructure design and project management. Because our team is focussed on the delivery of ICT and AV systems, we have the requisite skills required to navigate these important conversations and facilitate cybersecurity planning and discuss the implications this may have on your organisations AV deployment.

If you require assistance developing cybersecurity, network development plans, strategies, or road maps, please don’t hesitate to contact our consulting team at: +61 3 9601 6555.

Guarding Pixels - Live Panel