• About Us
  • Contact Us
  • Editorial Calendar
  • Careers
  • The Cyber Express by Cyble Vulnerability Disclosure Policy
  • Cyble Trust Portal
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacker News
    • Ransomware News
    • Vulnerabilities
    CVE-2026-50746

    Ubiquiti Fixes Critical CVE-2026-50746 and Multiple UniFi OS Vulnerability Flaws

    CVE-2026-11405

    CERT Warns of Unpatched Tenda Firmware Backdoor Allowing Admin Access

    Wireshark

    Wireshark 4.6.7 Fixes 12 Security Issues Across SSH, IEEE 802.11, Catapult DCT2000 and Other Protocols

    CVE-2026-53359

    Januscape Flaw in Linux KVM’s MMU Code Enables VM Escape on Intel and AMD

    Mount Royal University Cyberattack

    Mount Royal University Data Breach Confirmed After June Cyberattack Exposes Student and Employee Files

    EU-US Data Privacy Framework

    EU-US Data Privacy Framework Under Threat After Supreme Court Ruling

    Japan cyberattacks

    Japan’s Aflac, KDDI, Sapporo, Nidec: Four Breaches, One Common Entry Point

    Scattered Spider

    Alleged Scattered Spider Member Arrested in Finland, Extradited to U.S.

    AI Cyber Attacks

    AI Cyber Attacks Emerge as Biggest Threat to Indian Banking: RBI

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    FBI Warns of Malicious Traffic

    FBI Warns of a Hidden Web Tactic Fueling Phishing and Ransomware

    Ukraine Joins EU Cybersecurity Reserve

    What Ukraine’s Entry Into the EU Cybersecurity Reserve Means

    UK social media ban

    UK Social Media Ban for Under-16s Could Take Effect by Spring 2027

    Ransomware Preparedness

    Ransomware Preparedness Must Be a Boardroom Priority: NCSC Chief

    AI legal assistants

    AI Heads to UK Courts, Bringing New Cybersecurity and Governance Challenges

    VerdantBamboo

    China’s VerdantBamboo Experimented With Three Re-Entries and Three Malware in a Company Network

    Crypto Scam, Crypto

    New Threat Actor Targets Crypto Firms’ Development Infrastructure

    Pink, Pink Extortion, CL-CRI-1147

    Pink Extortion Group Emerges Targeting Microsoft 365 Data

    AI-Powered Bots

    AI-Powered Bots Are Blurring the Line Between Users and Cyber Threats

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Knowledge Hub
    • All
    • How to
    • What is
    Google Chrome

    How to Remove Saved Passwords From Google Chrome (And Why You Should)

    DPDP Rules, Cyble, DPDP Act, Cyble Vantage

    How Cyble’s Front-Row Vantage Can Help You in Complying to India’s DPDP Act

    Cybersecurity Countries

    The Top 8 Countries Leading the Cyber Defense Race in 2025

    link building

    The Link Building Secrets Your Competitors Don’t Want You to Know

    Supply Chain Attack

    Supply Chain Resilience and Physical Security: Lessons for 2025

    Healthcare cybersecurity trends of 2024

    Healthcare Cybersecurity: 2024 Was Tough, 2025 May Be Better

    CEO's Guide to Take-Down Services

    Shield Your Organization: CEO’s Perspective on Take-Down Services

    Azure sign-in Microsoft

    Microsoft Announces Mandatory MFA for Azure Sign-ins to Bolster Cloud Defenses

    Signal Proxy, Signal, Signal Ban in Russia, Signal Ban in Venezuela, Bypass Signal Ban, How to Activate Signal Proxy, Signal Proxy Server

    How to Set Up Signal Proxy to Help Bypass Censorship in Russia and Venezuela

  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Sunil Varkey

    Sunil Varkey Joins Hexaware Technologies as EVP & CISO

    AI Chip, Chip Security Act

    Congress Wants a GPS Tracker on Every Advanced AI Chip America Exports

    Fraud, Agentic AI, AI-assisted Cyberattacks

    Agentic AI Run Fraud Campaigns Earning 4.5 Times More: Interpol

    Stryker, Stryker Cyberattack, CISA, Handala

    Stryker Says Cyberattack Disrupted Processing, Manufacturing and Shipping

    INC Ransom, Western Critical Infrastructure, Critical infrastructure, Russian GRU, Russian Threat Actor, Sandworm, APT44, Energy Supply Chain, Energy Infrastructure

    INC Ransom’s Franchise Model Is Putting Critical Infrastructure on the Chopping Block

    Terrorist Cyberattacks, UAE Cyber Security Council

    UAE Blocked AI-Powered Terrorist Cyberattacks Targeting Critical Infrastructure

    Eurail Breach, Eurail

    Eurail Breach Escalates as Stolen Passport Data and IBANs Surface on Dark Web for Sale

    Discord teen-by-default settings

    Discord Introduces Stronger Teen Safety Controls Worldwide

    The Cyber Express cybersecurity roundup

    The Cyber Express Weekly Roundup: FortiOS Exploits, Ransomware, Hacktivist Surge, and EU Telecom Rules

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Conference
    • Webinar
    • Endorsed Events
  • Advisory Board
No Result
View All Result
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacker News
    • Ransomware News
    • Vulnerabilities
    CVE-2026-50746

    Ubiquiti Fixes Critical CVE-2026-50746 and Multiple UniFi OS Vulnerability Flaws

    CVE-2026-11405

    CERT Warns of Unpatched Tenda Firmware Backdoor Allowing Admin Access

    Wireshark

    Wireshark 4.6.7 Fixes 12 Security Issues Across SSH, IEEE 802.11, Catapult DCT2000 and Other Protocols

    CVE-2026-53359

    Januscape Flaw in Linux KVM’s MMU Code Enables VM Escape on Intel and AMD

    Mount Royal University Cyberattack

    Mount Royal University Data Breach Confirmed After June Cyberattack Exposes Student and Employee Files

    EU-US Data Privacy Framework

    EU-US Data Privacy Framework Under Threat After Supreme Court Ruling

    Japan cyberattacks

    Japan’s Aflac, KDDI, Sapporo, Nidec: Four Breaches, One Common Entry Point

    Scattered Spider

    Alleged Scattered Spider Member Arrested in Finland, Extradited to U.S.

    AI Cyber Attacks

    AI Cyber Attacks Emerge as Biggest Threat to Indian Banking: RBI

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    FBI Warns of Malicious Traffic

    FBI Warns of a Hidden Web Tactic Fueling Phishing and Ransomware

    Ukraine Joins EU Cybersecurity Reserve

    What Ukraine’s Entry Into the EU Cybersecurity Reserve Means

    UK social media ban

    UK Social Media Ban for Under-16s Could Take Effect by Spring 2027

    Ransomware Preparedness

    Ransomware Preparedness Must Be a Boardroom Priority: NCSC Chief

    AI legal assistants

    AI Heads to UK Courts, Bringing New Cybersecurity and Governance Challenges

    VerdantBamboo

    China’s VerdantBamboo Experimented With Three Re-Entries and Three Malware in a Company Network

    Crypto Scam, Crypto

    New Threat Actor Targets Crypto Firms’ Development Infrastructure

    Pink, Pink Extortion, CL-CRI-1147

    Pink Extortion Group Emerges Targeting Microsoft 365 Data

    AI-Powered Bots

    AI-Powered Bots Are Blurring the Line Between Users and Cyber Threats

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Knowledge Hub
    • All
    • How to
    • What is
    Google Chrome

    How to Remove Saved Passwords From Google Chrome (And Why You Should)

    DPDP Rules, Cyble, DPDP Act, Cyble Vantage

    How Cyble’s Front-Row Vantage Can Help You in Complying to India’s DPDP Act

    Cybersecurity Countries

    The Top 8 Countries Leading the Cyber Defense Race in 2025

    link building

    The Link Building Secrets Your Competitors Don’t Want You to Know

    Supply Chain Attack

    Supply Chain Resilience and Physical Security: Lessons for 2025

    Healthcare cybersecurity trends of 2024

    Healthcare Cybersecurity: 2024 Was Tough, 2025 May Be Better

    CEO's Guide to Take-Down Services

    Shield Your Organization: CEO’s Perspective on Take-Down Services

    Azure sign-in Microsoft

    Microsoft Announces Mandatory MFA for Azure Sign-ins to Bolster Cloud Defenses

    Signal Proxy, Signal, Signal Ban in Russia, Signal Ban in Venezuela, Bypass Signal Ban, How to Activate Signal Proxy, Signal Proxy Server

    How to Set Up Signal Proxy to Help Bypass Censorship in Russia and Venezuela

  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Sunil Varkey

    Sunil Varkey Joins Hexaware Technologies as EVP & CISO

    AI Chip, Chip Security Act

    Congress Wants a GPS Tracker on Every Advanced AI Chip America Exports

    Fraud, Agentic AI, AI-assisted Cyberattacks

    Agentic AI Run Fraud Campaigns Earning 4.5 Times More: Interpol

    Stryker, Stryker Cyberattack, CISA, Handala

    Stryker Says Cyberattack Disrupted Processing, Manufacturing and Shipping

    INC Ransom, Western Critical Infrastructure, Critical infrastructure, Russian GRU, Russian Threat Actor, Sandworm, APT44, Energy Supply Chain, Energy Infrastructure

    INC Ransom’s Franchise Model Is Putting Critical Infrastructure on the Chopping Block

    Terrorist Cyberattacks, UAE Cyber Security Council

    UAE Blocked AI-Powered Terrorist Cyberattacks Targeting Critical Infrastructure

    Eurail Breach, Eurail

    Eurail Breach Escalates as Stolen Passport Data and IBANs Surface on Dark Web for Sale

    Discord teen-by-default settings

    Discord Introduces Stronger Teen Safety Controls Worldwide

    The Cyber Express cybersecurity roundup

    The Cyber Express Weekly Roundup: FortiOS Exploits, Ransomware, Hacktivist Surge, and EU Telecom Rules

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Conference
    • Webinar
    • Endorsed Events
  • Advisory Board
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Firewall Daily

Cyber Security for Video Management System (VMS) is Pivotal

A compromised Video Surveillance System can result in unauthorized access to sensitive data, loss of data, disruption of operations, and even physical harm to personnel or equipment.

thecyberexpress by thecyberexpress
August 17, 2023
in Firewall Daily, Vulnerabilities
0
Cyber Security for Video Management System
660
SHARES
3.7k
VIEWS
Share on LinkedInShare on Twitter

Cyber Security for Video Management System: Cybersecurity has become increasingly important in the industrial sector, and the video surveillance system is no exception. A compromised Video Surveillance System can result in unauthorized access to sensitive data, loss of data, disruption of operations, and even physical harm to personnel or equipment.

This can have severe consequences in industrial settings, where any disruption or damage to critical infrastructure can lead to significant financial losses and pose a threat to public safety.

While awareness of choosing the certified cameras, network equipment and servers and storage has increased, the certification and compliance standards followed by the Video Management Software (VMS) cannot be overlooked. Cyber Security for Video Management System has become increasingly more crucial.

VMS software is a critical component of security systems, providing the ability to manage and monitor video feeds from cameras across an organization. However, VMS software is also vulnerable to cyber-attacks, as it is often connected to the internet or other networks, making it a potential target for hackers.

One example of a known attack that compromised a VMS is the 2019 cyber-attack on a Norwegian aluminum company, Norsk Hydro. The attack, which was carried out by hackers using ransomware, affected the company’s VMS, causing it to fail and leaving the company unable to monitor its facilities.

This attack highlights the vulnerability of VMS software and the potential impact of a successful cyber-attack. In industries such as Oil & Gas, Power, Heavy Manufacturing, and Pharma, the consequences of a security breach can be severe, including production downtime, financial losses, and potential safety risks.

As a result, it is essential that these industries use secure VMS software that is compliant with industry security standards, such as FIPS 140-2.

This is especially true in critical infrastructure sectors such as Power, Oil & Gas, Heavy Manufacturing, Pharma, Utilities, etc. where a cyber attack could have devastating consequences.

VMS software is the central component of a video surveillance system and is responsible for managing video data, user access, and other security features. If the VMS is vulnerable to cyber attacks, it can compromise the entire system, regardless of how secure the cameras, storage, servers, and networks are.

Therefore, it is important to select a VMS that has been certified as meeting relevant cybersecurity standards, such as FIPS 140-2, and that follows best practices for cyber security for Video Management System.

This can help ensure that the video surveillance system is as secure as possible and can provide reliable and accurate data in the event of a security incident.

Hacked VMS

What is FIPS?

The standard known as “Security Requirements for Cryptographic Modules,” or FIPS (Federal Information Processing Standard) 140-2, lays out guidelines for which encryption and hashing algorithms can be utilized, as well as how encryption keys should be created and handled.

These requirements are put in place to uphold the security of a cryptographic module. However, adhering to this standard alone does not guarantee the security of a specific module.

The responsibility for ensuring that a cryptographic module offers adequate security and meets the owner’s standards for protected information lies with the operator of the module. Additionally, any remaining risk must be recognized and accepted.

Compliance with FIPS 140-2 ensures that the VMS meets a high standard of security, which is particularly important in sensitive industries such as the power sector. A secure VMS is essential to prevent unauthorized access to critical infrastructure and ensure the safe and reliable operation of power plants and energy facilities.

Sourish Dey, Founder at Trisim Global Solutions, a company with a focus on solutions for smart cities, commented “Many regulatory bodies in the industrial verticals, like power sector, require compliance with specific security standards, including FIPS 140-2. The clause mandating FIPS 140-2 compliance ensures that the VMS meets these requirements and can satisfy the security needs of the customer.”

The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards, which are mandatory requirements for the reliability and security of the North American power grid require compliance with FIPS 140-2 for cryptographic modules used in the control and protection of critical cyber assets, such as those used in the VMS.

Another example is the International Electrotechnical Commission (IEC) 62443 standard, which is a global cybersecurity standard for industrial control systems, including those used in the power sector.

The standard includes requirements for secure communication protocols, access controls, and cryptography, with compliance with FIPS 140-2 being one of the recommended cryptographic controls.

FIPS (Federal Information Processing Standard) compliant Video Management Software (VMS) should be made mandatory in industries such as Oil & Gas, Power, Heavy Manufacturing, Pharma, and others, as it provides a high level of security and protection against cyber-attacks.

What does FIPS compliant Video Management Software mean?

According to Arya Banerjee, Business Manager at Milestone, a globally leading provider of Video Management Solutions, “The use of FIPS compliant VMS is essential in industries such as Oil & Gas, Power, and others where security and safety are critical. By using FIPS compliant VMS, organizations can be assured that their security systems are using strong encryption algorithms and key management, providing a high level of protection against cyber-attacks.

  •  The VMS must use an approved cryptographic module that meets FIPS 140-2 requirements for encryption, hashing, and other security functions.
  • The VMS must have a secure authentication process for users, including password policies and access control mechanisms.
  • The VMS must have a secure key management system for generating and protecting cryptographic keys used for encryption and decryption.
  • The VMS must provide secure communication channels between the VMS and other components of the security system, such as cameras and recording devices.
  • The VMS must have secure mechanisms for storing and transferring data, including video footage, logs, and configuration files.
  • The VMS must provide audit logs and other monitoring features to detect and respond to security incidents.
  • The VMS must have a documented security policy and procedures for the installation, configuration, and operation of the system.
  • These requirements are designed to ensure that the VMS provides a high level of security for video surveillance data and operations, protecting against unauthorized access, tampering, and other security threats. By using a FIPS-compliant VMS, organizations can be assured that their security systems meet industry-standard security requirements and provide a high level of protection against cyber threats.

What may happen if Video Management Software is not complaint to FIPS?

The attacker may exploit a vulnerability in the VMS software that is not FIPS compliant, such as weak encryption algorithms or poor key management practices.

They could intercept the data transmission between the VMS server and the camera, and use a network analyzer to decrypt the data since it is not using a FIPS-approved encryption algorithm. This would give them access to the video stream and possibly control of the cameras.

The attacker could also exploit a vulnerability in the VMS server operating system or other components, such as unpatched software or weak passwords.

They may use social engineering techniques to trick an authorized user into revealing their login credentials, or use brute-force methods to guess weak passwords. Once they gain access to the VMS server, they could exfiltrate sensitive data or plant malware to disrupt or disable the system.

Despite firewalls in place, the attacker could use a variety of tactics to bypass them, such as exploiting known vulnerabilities in the firewall software or using social engineering techniques to trick an authorized user into disabling the firewall or opening a port.

Additionally, the attacker may use techniques like domain name system (DNS) tunneling or port hopping to bypass firewall rules.

Shaunak Mody, Cyber Security Consultant and CEO at Trixter Cyber Solutions said, “FIPS compliance is an important consideration for video surveillance projects, as it provides a recognized standard for security and can help mitigate the risks associated with cyber threats. By using a FIPS-compliant VMS, utilities and industries can ensure that their video surveillance system meets industry standards and regulations, while also providing a high level of security for their critical infrastructure. And with many OEMs like Milestone, Genetec, Avigilon, Bosch, Pelco complying, soon FIPS compliance will be industry standard.”

 

Share this:

  • Share on LinkedIn (Opens in new window) LinkedIn
  • Share on Reddit (Opens in new window) Reddit
  • Share on X (Opens in new window) X
  • Share on Facebook (Opens in new window) Facebook
  • More
  • Email a link to a friend (Opens in new window) Email
  • Share on WhatsApp (Opens in new window) WhatsApp

Related

Tags: VMS cybersecurity
Previous Post

‘Standards Are No Longer Voluntary’

Next Post

All You Need to Know About the Top Ransomware Groups

Next Post
Top 10 Ransomware Gangs

All You Need to Know About the Top Ransomware Groups

Q1 2026 Threat Reports

❮ ❯
Cyble-Vision


Follow Us On Google News

Latest Cyber News

Weekly Roundup
Cyber News

The Cyber Express Weekly Roundup: Campus Cyberattack, Januscape VM Escape, Router Backdoors, UniFi Flaw, and Wireshark Security Updates

July 10, 2026
CVE-2026-50746
Firewall Daily

Ubiquiti Fixes Critical CVE-2026-50746 and Multiple UniFi OS Vulnerability Flaws

July 10, 2026
CVE-2026-11405
Firewall Daily

CERT Warns of Unpatched Tenda Firmware Backdoor Allowing Admin Access

July 9, 2026
Wireshark
Firewall Daily

Wireshark 4.6.7 Fixes 12 Security Issues Across SSH, IEEE 802.11, Catapult DCT2000 and Other Protocols

July 9, 2026

Categories

Web Stories

Do This on Telegram, Your Bank Account Will Become Zero
Do This on Telegram, Your Bank Account Will Become Zero
If You Install the iOS 18 Beta, Your iPhone Could Be Hacked
If You Install the iOS 18 Beta, Your iPhone Could Be Hacked
Cricket World Cup Ticketing Systems Under Cybersecurity
Cricket World Cup Ticketing Systems Under Cybersecurity
Cyber Threats and Online Ticket Scams During the NBA Finals
Cyber Threats and Online Ticket Scams During the NBA Finals
Biometric Data Security: Protecting Sensitive Information
Biometric Data Security: Protecting Sensitive Information

About

The Cyber Express

#1 Trending Cybersecurity News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

 

Quick Links

  • About Us
  • Contact Us
  • Editorial Calendar
  • Careers
  • The Cyber Express by Cyble Vulnerability Disclosure Policy
  • Cyble Trust Portal

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
10080 North Wolfe Road, Suite SW3-200, Cupertino, CA, US 95014

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2026 The Cyber Express - Cybersecurity News and Magazine.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Knowledge Hub
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Conference
    • Webinar
    • Endorsed Events
  • Advisory Board

© 2026 The Cyber Express - Cybersecurity News and Magazine.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00
Do This on Telegram, Your Bank Account Will Become Zero If You Install the iOS 18 Beta, Your iPhone Could Be Hacked Cricket World Cup Ticketing Systems Under Cybersecurity Cyber Threats and Online Ticket Scams During the NBA Finals Biometric Data Security: Protecting Sensitive Information