Scotland Surveillance System "Unauthorized Access" Examined
Glasgow, the largest city in Scotland, was recently scrutinized by the local press for what it described as a "former council worker retain[ing] unauthorised access" but the report left many questions unanswered.
Those unanswered questions include: how and whether the system was accessed? What, if anything, was damaged? What system was it? And more.
IPVM spoke with the city of Glasgow to better answer these questions and understand the issues involved and steps to rectify them in the future.
Audit ***** ************ ****
** ********** ************* ** ******* **, *** ******* City ******* ********* **** ** "********** one [****] **** *** ******* ** September ****" *** *** ****** (****** Space ****) ******:
*******'* ****** ****** *** *** ***** cameras **** ******* ** ******* ******* and * ****** *******; ** ** run *** ** *** *******'***************, ************ *** ************** ******.******* ***** **'****** ******* ***** **** **** ~* million *********.
No ****** ****** ** ******, ******* ****
* ******* **** ************ **** **** that *** **-******* *** *** **** remote ******, *** ***** *** **** logged **** *** ****** ******* **** did *** **** ****** ** *** camera ******* ****. *******, *** **** that *** **-******* ******** * **** user *** * ***** "********* ****":
*** ****** ****** ** ***** ***** not **** **** **** ** ****** the ****** ******** ***at ** **** *** **** ****** *** **** ******.
*** ***** ** **** *** ****** employee’s **** *** ***** ******** ** a **** ** ********* **** ** access *** ******.
*** ****** ** *** **** ****** isonly ********** ** ******* ** ** *** ******* ****, which can only be entered with a higher level security pass and that’s within a building that already requires a general security pass to move around.
*** ****** ** ***** *** ***** on ***was ** ****** **** ** ***** *** ******* **** ******* **********.
** ***therefore * ********* **** **** *** ********** rather [than] an incident and steps have now been taken to address the potential risk that was identified. [emphasis added]
**** *** ****** ** ******* *** specific ************ ****** *** ******* **** and ****** ******; *********'* ************ ** ***************. **** ********** ********, **********, **** Scotland's ******* ** ************* * ******* ***.
Tightened ********
******** ****** *** ***** ********* **** reviews *** **** *****, "***** *** *** **********", ****** an "********* ****" ** ************ ****** by ***** *** **** **** *** administration. *** ***** *********** **** ****** ensure **** **** ******* *** **** the **** *** *** ******* **** are ******** **********:
*** ******'* ********** ******* "********" *** recommendation **** * ******** ** ******** 28, ****.
Best ********: ********* ***** **** **/** *******, ***** *********
** ******** ************ **** ** ******** surveillance, **** ******** ** ********* ** integrate *********** **** ** *** ** systems ***** ****** ****-**, *** ****-***** of **************'* ****** *********. **** ***, ******** ** *** surveillance (** **** ** **** ****) system *** ************* ******** **** *** employee ** ***** ** ******, ******* reducing *** **** ** ************ ******. Organizations *** **** ** * **** government ********* **** ******** **** ** Active ********* ** ***** ******* *** their ** *******.
************, ****** ****** ****** ** ********* audited ** ***** **** **** ******** users *** ********* *** ******, *** to ****** ****** *** ** ********** users, *.*., ** **** **** ***** is ******** *** ********** ****, ********* accessed *** ******** ** *** **** at ****, ***.
*******, ******* ** ************ **** ** these **** ** ******"**** *****" ******** **********, ********* ***** *** ***** ******** credentials **** **** ** ******* ***** duties, ********* ****** ************, *** ****. For **** ** ****** **********, *** UK **********'* ******** ***** ******** ****** has ************ *** ********* ******** *****;***** *** ** **********'************** & ************** ******** ******.