The recent appointment of a new Biometrics and Surveillance Camera Commissioner is a timely reminder of the critical role surveillance systems play in public safety and national security, writes Mike Gillespie, pictured, of the information security consultancy Advent IM.
These systems are integral to crime prevention, incident response, and the protection of critical infrastructure. However, as they become increasingly networked and sophisticated, their security depends not just on physical protections, but on robust cyber resilience.
Video Surveillance Systems (VSS) are no longer standalone solutions. They are embedded within wider IT ecosystems, often connected to cloud services, remote monitoring platforms, and integrated security systems. This connectivity brings efficiency and functionality—but also risk. When basic cyber hygiene is neglected, VSS becomes as vulnerable as any other Internet of Things (IoT) device. Misconfigured systems, outdated firmware, and weak network segmentation create easy entry points for attackers. These vulnerabilities can be exploited by criminal groups seeking financial gain or by hostile nation states aiming to disrupt or manipulate critical security infrastructure. In short, if VSS is not treated as a networked device, it becomes a liability.
The good news is that a well-configured, properly patched, and secured network dramatically reduces the likelihood of compromise. This requires a layered approach that begins with keeping firmware and software up to date to close known vulnerabilities. It also means isolating video surveillance systems from other critical systems through network segmentation, enforcing strict traffic controls and least privilege principles via firewalls and access management, and hardening configurations by disabling unused services and requiring strong authentication. These measures, when applied consistently, create a robust security posture that makes interference or manipulation far less likely. Cybersecurity is not a one-time exercise—it is an ongoing process that demands vigilance and discipline.
Recent headlines have reignited concerns about Chinese technology in national security contexts. While supply chain risk is real and should be assessed, the bigger picture is that any poorly secured system—regardless of origin—can be exploited. A camera manufactured in one country is no more inherently dangerous than another if deployed within a well-secured environment. The conversation should shift from geopolitics to resilience. Strong cyber controls, rigorous configuration, and continuous monitoring are what make systems secure. Blaming hardware origin without addressing fundamental cyber hygiene misses the point—and leaves systems exposed.
Even with best practices in place, regular penetration testing is essential. Pen testing validates that controls are working as intended and identifies weaknesses before adversaries do. Think of it as a health check for your security posture. Without this assurance mechanism, organisations risk assuming they are secure when, in reality, vulnerabilities remain. Testing should include not only the VSS itself but also the wider network environment in which it operates. Attackers rarely target a single device—they exploit weak links across the ecosystem. A holistic approach to assurance is therefore critical.
The physical security world is still catching up with the realities of cyber risk. Traditionally, the focus has been on camera placement, image quality, and storage capacity. While these remain important, they are no longer sufficient. A high-definition camera is of little value if its feed can be intercepted, manipulated, or disabled remotely. Public safety organisations must recognise that VSS is critical security infrastructure and treat it with the same rigor as any other networked device. This means embedding cybersecurity into procurement, deployment, and ongoing management—not as an afterthought, but as a core requirement.
Good cyber hygiene isn’t optional—it’s the foundation of trust and resilience in a world of evolving threats. Surveillance systems protect people, assets, and national interests. Protecting them in turn requires a mindset shift: from viewing cameras as isolated tools to recognising them as part of a complex, interconnected network. When we get the basics right—patching, segmentation, hardening, and testing—we make compromise much less likely and ensure these systems can do what they were designed to do: keep us safe.
