Skip to main content

Blog


Take a deep dive into audiovisual news articles written by the industry’s most knowledgeable and passionate audiovisual experts.

Articles in Category: Attack Vector

The Attack Vector is a new blog series about cyber security by Paul Konikowski


Attack Vector - Securing AV Control Systems Using CISA/NSA Cybersecurity Advisory Recommendations Attack Vector - Securing AV Control Systems Using CISA/NSA Cybersecurity Advisory Recommendations

By now, many readers have heard about the emerging cyberthreats targeting critical infrastructure. Did you know the same cybercriminal tactics can be used to attack AV control systems? Typical cyber security policy is about IP networks, it does not address AV systems that use serial, contact closure, or other classic 4-wire AV control busses like AXlink or Cresnet. Learning the Tactics, Techniques, and Procedures (TTPs) of industrial control cyber attackers may help the AV industry see how vulnerable their classic AV control systems really are.

Oftentimes, a malicious actor may compromise enterprise IT networks and steal control system related information. Procurement documents, engineering specifications, and software configurations may be stored on corporate folders. In audiovisual terms, this could be signal flow diagrams showing the wiring, control system code, engineering libraries, templates.

Don’t Hack So Close to Me: Is there a Proximity Effect in Cybersecurity? Don’t Hack So Close to Me: Is there a Proximity Effect in Cybersecurity?

The term “Proximity Effect” can mean different things to different people.

In terms of microphones, some mics exhibit a “proximity effect” causing an increase in bass as you move physically closer to the microphone. It’s not that it just gets louder, the deeper frequencies are amplified more than the high frequencies are. A good example of this is the Shure RE20 microphone which has been the personal favorite of live radio DJs, since it makes their voices sound deeper.

In other circles, “the proximity effect” is a social psychology theory proposed by Leon Festinger, which is that physical and/or psychological closeness between individuals increases interpersonal attraction.

Cybersecurity Considerations for Crestron VC-4 Cybersecurity Considerations for Crestron VC-4

Crestron® Virtual Control (VC-4) is a Linux-based control platform for enterprise applications that can be used in place of traditional hardware‑based Crestron control systems.   The VC-4 platform controls multiple rooms over the network from a single, centralized location. Cloud‑based monitoring is also available through XiO Cloud, Crestron’s IoT (Internet of Things) monitoring system.

Readers should note that the Crestron VC-4 is not, as shipped, a secured platform. But rather, has the ability to be secured. Without going too deep into the differences between Alma Linux versus Rocky Linux, let’s just say, it’s not easy, and you will want an experienced Linux administrator to secure the device.

The Problem with Monitoring The Problem with Monitoring

A lot of AV people talk about remote monitoring and management, but do they talk about The Problem?

The first step towards proper AV monitoring is admitting The Problem: the tools are simply not there. Admit it. You are flying blind. You don’t even know what you have. Answering the simple questions of, “What is our total number of conference rooms? And how many are working right now?” in a larger organization is blurry at best. This is not an easy problem to solve, due to the isolated AV ecosystems and vendor allegiances.

And even if you can solve it, you may not yet be able to implement it, because your solution is not scalable. Or not manageable, or both. For now, your best solution is to include multiple windows to monitor the siloes. Human eyes have to jump from window to window or screen to screen, trying to piece together the data in real-time, which often leads to information overflow for the human mind.

Monitoring is a fundamental step that gathers the telemetry data from AV devices, automatically. This level of automation requires some level of programming skills to implement. It also assumes that the data you need is readily available, and that you can somehow check the data for integrity.  

At Level 3 Audiovisual, we are taking a more standardized, templated approach, more cattle, less pets.

The Attack Vector: What Are The Basic Tenets of Zero Trust? How do they apply to AV systems? The Attack Vector: What Are The Basic Tenets of Zero Trust? How do they apply to AV systems?

You may have heard the terms “Zero Trust” or “Zerotrust” being tossed around in marketing materials, but what does Zero Trust really mean?  Is it just a trendy word, or words?

The traditional castle and moat security model doesn’t work in modern cybersecurity as so many of us are now telecommuting and working in the cloud. A more recent paradigm called Zero Trust is trending. 

The Zero Trust movement being lead in some part by the U.S. Government. In 2020 the director of DISA, the Defense Information Systems Agency, laid out three main tenets of Zero Trust, “Never trust, always verify; assume breach; and verify explicitly.”

Call Us: 1.877.777.5328
Email:
Fax: 480.892.5295
Tech Support: 480.690.4496
Call Us: 1.877.777.5328
Email:
Fax: 480.892.5295
Tech Support: 480.690.4496

Sitemap   |    Certifications   |    Privacy Policy