By now, many readers have heard about the emerging cyberthreats targeting critical infrastructure. Did you know the same cybercriminal tactics can be used to attack AV control systems? Typical cyber security policy is about IP networks, it does not address AV systems that use serial, contact closure, or other classic 4-wire AV control busses like AXlink or Cresnet. Learning the Tactics, Techniques, and Procedures (TTPs) of industrial control cyber attackers may help the AV industry see how vulnerable their classic AV control systems really are.

Oftentimes, a malicious actor may compromise enterprise IT networks and steal control system related information. Procurement documents, engineering specifications, and software configurations may be stored on corporate folders. In audiovisual terms, this could be signal flow diagrams showing the wiring, control system code, engineering libraries, templates.

In terms of microphones, some mics exhibit a “proximity effect” causing an increase in bass as you move physically closer to the microphone. It’s not that it just gets louder, the deeper frequencies are amplified more than the high frequencies are. A good example of this is the Shure RE20 microphone which has been the personal favorite of live radio DJs, since it makes their voices sound deeper.

In other circles, “the proximity effect” is a social psychology theory proposed by Leon Festinger, which is that physical and/or psychological closeness between individuals increases interpersonal attraction.

Crestron® Virtual Control (VC-4) is a Linux-based control platform for enterprise applications that can be used in place of traditional hardware‑based Crestron control systems.   The VC-4 platform controls multiple rooms over the network from a single, centralized location. Cloud‑based monitoring is also available through XiO Cloud, Crestron’s IoT (Internet of Things) monitoring system.

Readers should note that the Crestron VC-4 is not, as shipped, a secured platform. But rather, has the ability to be secured. Without going too deep into the differences between Alma Linux versus Rocky Linux, let’s just say, it’s not easy, and you will want an experienced Linux administrator to secure the device.

The first step towards proper AV monitoring is admitting The Problem: the tools are simply not there. Admit it. You are flying blind. You don’t even know what you have. Answering the simple questions of, “What is our total number of conference rooms? And how many are working right now?” in a larger organization is blurry at best. This is not an easy problem to solve, due to the isolated AV ecosystems and vendor allegiances.

And even if you can solve it, you may not yet be able to implement it, because your solution is not scalable. Or not manageable, or both. For now, your best solution is to include multiple windows to monitor the siloes. Human eyes have to jump from window to window or screen to screen, trying to piece together the data in real-time, which often leads to information overflow for the human mind.

Monitoring is a fundamental step that gathers the telemetry data from AV devices, automatically. This level of automation requires some level of programming skills to implement. It also assumes that the data you need is readily available, and that you can somehow check the data for integrity.  

At Level 3 Audiovisual, we are taking a more standardized, templated approach, more cattle, less pets.

You may have heard the terms “Zero Trust” or “Zerotrust” being tossed around in marketing materials, but what does Zero Trust really mean?  Is it just a trendy word, or words?

The traditional castle and moat security model doesn’t work in modern cybersecurity as so many of us are now telecommuting and working in the cloud. A more recent paradigm called Zero Trust is trending. 

The Zero Trust movement being lead in some part by the U.S. Government. In 2020 the director of DISA, the Defense Information Systems Agency, laid out three main tenets of Zero Trust, “Never trust, always verify; assume breach; and verify explicitly.”