Surveillance infrastructure has become one of the weakest links in U.S. critical systems. The same network-connected cameras and site monitoring equipment meant to provide oversight and safety are now exposing utilities, energy operators, and other vital systems to serious cyber risk.
Many of these devices are outdated, unpatched, or otherwise unsupported. Some are already known to have exploitable flaws. Attackers know and track the device vulnerabilities, but increasingly often, organizations’ defenses are a step or more behind.
Earlier this month, CISA disclosed a serious vulnerability affecting hundreds of thousands of LG surveillance cameras deployed in the critical infrastructure sector. The vulnerability allows remote code execution, and because the cameras are now considered end-of-life, no patch will be released.
Operators relying on this equipment have no remediation path aside from physical removal or complete network isolation. Left alone, these devices now represent a permanent open door in the networks they inhabit.
The problem extends far beyond any one vendor or one model. Surveillance devices frequently remain invisible to IT and security teams. They get installed quickly to meet operational needs, sometimes outside standard procurement or cybersecurity review. Over time, they accumulate untracked vulnerabilities until an attacker exploits them.
Surveillance systems sit at the intersection of physical and cyber domains. They are embedded deep within utility and energy infrastructure, often with network access and sufficient privileges to allow lateral movement if compromised. That makes them an ideal starting point for adversaries seeking to quietly surveil, map, and eventually exploit critical infrastructure.
Adversaries are Paying Attention
Last year, the pro-Iranian group Cyber Av3ngers exploited vulnerabilities in a water utility’s monitoring systems and forced a shutdown of operational technology. Pro-Russian hacktivists have taken similar aim at water and energy utilities across North America and Europe.
In many cases, attackers are not relying on novel exploits or exotic malware, but instead leveraging known vulnerabilities in neglected equipment. Surveillance gear has become one of the most attractive targets in that category.
Most critical infrastructure operators have made meaningful overall progress in securing IT systems. Many have applied modern frameworks like zero trust to environments and hardened endpoints through advanced detection tools. But that progress has encouraged attackers to shift tactics and look for new soft spots, such as overlooked assets and under-managed systems that provide a foothold.
Surveillance infrastructure often checks all those boxes. These devices are deployed at the edge, often unmonitored, and provide both cyber and physical visibility into operations. Critical infrastructure faces three major problems.
- The first is discovery. Many surveillance assets are not visible to centralized teams, especially in large, distributed environments with inconsistent equipment tracking.
- The second is vulnerability management, because even when a device is identified, there is often no simple patching path (particularly for end-of-life equipment that lacks vendor support).
- The third is risk prioritization. Without understanding how a device fits into the broader network and how likely it is to be exploited, security teams cannot make informed decisions about what to replace, segment, or isolate.
The solution is a consistent and modern approach to these challenges, grounded in operational risk rather than traditional IT hygiene. In many cases, known-vulnerable devices do not pose an immediate threat, depending on how they are used or connected. Others, especially those at the edge of infrastructure or placed near sensitive systems, may offer a far more accessible path for attackers.
What works best is fast, effective risk assessment tailored to these connected-device environments. Passive discovery techniques that avoid crashing fragile systems can help teams build a real-world inventory of what they are running. From there, utilities and other critical infrastructure can assess which devices pose practical risks, which ones require segmentation, and which must be removed or replaced entirely.
This level of prioritization also helps teams conserve time and resources, which are often in short supply.
Encouragingly, security practices around device access and vulnerability remediation are beginning to catch up with operational realities. More teams are implementing strategies and solutions that can help enforce strong, non-reused credentials across surveillance devices and automate patching where supported.
These improvements make it easier to reduce attack surfaces without interrupting operations. As automated-patch support for surveillance device vendors expands and coverage grows, teams are implementing more practical ways to secure large, diverse fleets of critical infrastructure surveillance equipment without adding complexity.
Surveillance Risk Demands Action
The LG camera flaw illustrates how end-of-life equipment, if visible on the network, becomes a long-term liability. Once a vulnerability is disclosed, exploitation may follow within days or even hours. When a patch is no longer available, isolation or removal becomes essential. Hoping attackers will ignore the gap is not a viable strategy.
Critical infrastructure already faces complex challenges, from tight regulations and supply chain risks to persistent staffing shortages. Surveillance infrastructure should not become another blind spot. Devices installed to improve visibility and safety must not become the very tools that open the door to intruders.
Stealth threats are not coming; they are already here.
Not every attack will be loud, nor every breach come through a user-facing device. Some threats will move more silently, taking advantage of forgotten endpoints that were designed more for operational agility. As adversaries grow more patient, more precise, and more persistent, defenders must act with greater urgency. That all begins with securing the network-connected equipment, quietly watching everything.
