vGRID - Security & Compliance Brief
SaferCities connects CCTV and ANPR cameras to New Zealand Police through the vGRID SaferCity Platform. This service allows for efficient collaboration between Police, businesses, and communities for crime prevention and public safety.
The vGRID Gateway connects your CCTV & ANPR cameras and operator screens to the vGRID SaferCity Platform using NZ Police-approved software. Number Plate Information and images are received through ANPR metadata and CCTV streams offer live video without recording any footage.
vGRID has established security and privacy policies, procedures, and controls to protect the Security and Privacy posture of your organisation and the organisations that share and view visual information through the vGRID SaferCity Platform.
Personnel, Development & Organisational Security
SaferCities’ employees with access to any element of the vGRID SaferCity Platform are vetted every 2 years by NZ Police, who we hold a Master Services Agreement with for vGRID.
SaferCities’ access the vGRID SaferCity platform for day-to-day administration, configuration, support and troubleshooting activates such as onboarding new cameras or users, and responding to support tickets. All access is logged and auditable, with access requiring a VPN which is authenticated via SaferCities’ Azure AD. MFA is enforced, alongside Conditional Access policies.
Secure coding practices are followed including; peer-review, linting, automated testing, dependency and vulnerability scanning and software lifecycle management.
To deliver the vGRID SaferCity Platform, SaferCities also use the below trusted suppliers. These suppliers do not have access to the vGRID SaferCity Platform.
- Dell Technologies - Hardware suppliers of vGRID Datacentre hardware (servers & switching).
- Intel - Hardware supplier for vGRID Gateway (currently Intel NUC).
- Fortinet - Firewall supplier for core vGRID Datacentres.
- 2Degrees - Datacentre hosting provider.
- AWS - S3 block storage for ANPR Images, Vault Data and backups. ECR for container images.
- Fusion Networks and Megaport - Major network connections.
- GitHub - Version Control.
vGRID Gateway Security
vGRID Gateways are installed at donor sites and establish connectivity to the vGRID Core and communicate with donor Video Management Systems to provide access to video and ANPR data feeds.
Communications between the vGRID Gateway and the vGRID Core leverage OpenVPN with client certificate authentication (a certificate is issued to each vGRID Gateway, allowing revocation as/when required).
For communication with the CCTV/ANPR system, vGRID Gateways are configured as a user within the donor system and then authenticate and communicate with this system as a normal user. This means all data relating to use, access and access controls are managed and accessible by the donor’s system and administrators.
vGRID Gateways are regularly and automatically patched at the OS, Device Management and Application Container Level and additional patches are deployed as appropriate for critical vulnerabilities.
Where possible, vGRID Gateways will be installed in secure data centres or equipment racks. Gaining physical access to a vGRID Gateway does not grant any person access to the device or to the wider vGRID Platform. vGRID Gateways can be accessed via SaferCities’ support staff when and where required, via short-lived SSH certificates. These SSH certificates are only generated for support staff that are granted access via Azure AD, via Hashicorp Vault.
The data partition of the vGRID Gateway is encrypted and vGRID Gateways do not store any user data.
vGRID Gateway Network Requirements
Connections to the vGRID SaferCity Platform (outbound only) are encrypted and securely streamed over a VPN, and we offer various connection options to suit your network and IT security requirements. Outbound connectivity is required on the below ports:
- OpenVPN - UDP/1194
- Device Management - TCP/443
- DNS - UDP/53
- NTP - UDP/123
Connections will then also be required to your CCTV system (VMS, CCTV or ANPR cameras). Specific ports depend on system type and vendor.
Bandwidth consumption is configurable and can be dependent on your site’s connection capability. This can range from 500kbps for 1 low quality camera up to ~100Mbps for several full quality streams. Our team will work with you on any bandwidth limitations or requirements and configure the vGRID Gateway to suit.
For further details view Connection Requirements.
vGRID Core Infrastructure Security
The vGRID Core is the centre of the vGRID SaferCity Platform and connects vGRID Gateways (and their associated assets) to vGRID App Users. vGRID has been developed alongside Police agencies, such that the only information gathered is information required for the platform to operate.
The vGRID Core is hosted on SaferCities-managed infrastructure in a secure datacentre (2Degrees Albany). Only authorised SaferCities infrastructure engineers have access to the equipment rack.
vGRID is built on a microservices-based architecture with continuous integration and continuous deployment. vGRID is constantly updated and improved without outages or interruption to service to provide high availability and regular updates, patching and maintenance where required.
vGRID Core also follows network segmentation best practices such that higher-security level information cannot be accessed by lower-security users. vGRID is designed to expose the least number of ports to the internet necessary and ensures that all communication is done with industry best practices.
vGRID Core Servers run Debian Linux and use UEFI Secure Boot. vGRID VMs run Ubuntu Linux and also leverage UEFI Secure Boot. Data disks are encrypted in both the core servers and VMs.
Firewalls, Routers and Switches all run signed updates via respective vendor update channels. vGRID Core infrastructure is regularly patched (monthly, or as appropriate based on critical vulnerabilities).
For engineer access to core infrastructure Single Sign On is leveraged. Where a system doesn’t support SSO directly (such as the underlying Linux systems), short-lived signed SSH certificates are issued by SaferCities’ SSH CA (Hashicorp Vault), which itself only allows access based on Azure AD groups. User action logging is enabled and forwarded for auditing.
User and application data (databases) are backed up daily to AWS S3. All S3 data including ANPR images and vGRID Vault data is encrypted at rest using Amazon S3 Server-side encryption with Amazon S3 managed keys (SSE-S3). Backups are tested where required.
vGRID infrastructure leverages infrastructure as code where configuration settings scripts are version controlled and managed in Github.
vGRID App Security
The vGRID App is the web or iOS app where users can view the CCTV or ANPR data shared with them by donors.
NZ Police can only access the vGRID App from Police devices on the NZ Police Enterprise network. All Police users are authenticated via Single Sign On and access is regularly audited.
Non-Police users (where relevant) are offered SSO for access, or at a minimum SMS-based MFA is required.
All organisations and users only have access to assets and types of access explicitly approved by the asset owner (donor).
User access leverages role-based access controls to ensure personnel are only provided access required for their role.
vGRID’s user permission system has been carefully designed with compliance, flexibility and hierarchy in mind. Users can be placed in multiple groups each capable of providing various levels of access to different visual data sources; These groups can form a hierarchy to ensure that the right users are seeing the right resources, and nothing else.
Permissions in vGRID support complete granularity from a user only having access to a single camera, right up to a system administrator having access to all visual data sources, the ability to administer users and user groups, and everything in between. By default all access is configured following the Principle of Least Privilege.
All administrative changes within the application (user permissions, camera configuration etc) is logged and auditable. This also applies to all standard user actions such as viewing cameras or logging in.
User actions performed in the system (opening, creating, updating, deleting records / comments) as well as video streaming sessions are all logged with associated information to tie this back to who performed the action, and when. This data is available to selected users in the admin panel of vGRID.
All data in transit between vGRID Core and the vGRID Web / iOS Apps are encrypted utilising HTTPS/TURNS.
Ongoing Improvements
In addition to the practices outlined above, we are constantly improving our security and compliance posture and have multiple activities in flight including:
- Sep-Oct 2024 - Independent review of our privacy policies and processes by Simply Privacy.
- Oct-Nov 2024 - Renewed penetration testing focusing on the vGRID Gateway installed on customer sites.
- Oct-Nov 2024 - Public facing trust centre with public access to relevant internal policies.
- Oct-Nov 2024 - Published compliance with Essential 8 Level 2 (Australian).
- Preparation for our ISO27001 Audit in mid-2025.
- Review and updates to our PSR in 2025.
Once the trust centre is live, this Security & Compliant document will be updated and published. The live version will be found at trust.vgrid.io. To view the Privacy Policy for the vGRID SaferCity Platform Visit: vgrid.io/privacy/platform.
If you have any questions, please contact support@safercities.com.