This is the third in our series of articles from Cyber Security expert Cevn Vibert. This week Cevn goes beyond Cyber Security and back to security basics e.g. physical security for control centres.
Holistic Integrated Cyber-Physical or Industrial Cyber Security
Physical Security is just as necessary as Cyber Security since a network or datacentre can be compromised much more easily by someone connecting devices, logging in directly to a terminal or stealing hardware for later analysis.
Physical security can also help to protect staff who may be compromised through force or coercion by intruders. The logs and records of physical security system can be an invaluable component of a forensic analysis, or the cameras and Intrusion status for a real-time situational awareness requirement.
Physical security may include a wide range of technology such as CCTV, Intrusion Detection, Fence Alarms, Break-beam or IR detectors, radar, ground seismic sensors, Thermal imaging, Vehicle identifying systems, card readers, biometrics, audio sensors, chemical and radiological sniffers, and x-ray and radiometric sensors and air/force pressure sensors. There are many different technologies deployed to detect changes or unknown people or vehicles around and inside perimeters. The sensors are usually networked and collated into an Intrusion Detection System or Access Control System or a PSIM (Physical Security Information Management) system.
The Security guardroom or control centre of a facility may have a number of computer screens dedicated to security management with an Access Control screen, PSIM screen, numerous CCTV screens, a card reader management screen, Public Address, Radio Communications Management, Fire Management display and a Building Management display. The diversity of each system, from different vendors with differing Operator Interface standards, methods and operations makes the life of the Security Personnel more difficult than it strictly should be. Operator standards have been known, defined and standardised nationally and internationally for a variety of industries. The Security vendors are most often not cognisant or have chosen to ignore such standards. Each system requires both education and experience to use effectively hence creating many opportunities for ineffective operation. This is an area for significant improvement where PSIM systems are starting to take on more and more management functions for all the other systems in the Security Room.
Cyber Security Management systems are still in their infancy for Operator Interfaces. These typically sit in a Network Operations Centre NOC or a Security Operations Centre SOC.
Operations Security Management is essentially about the people, their procedures, methods and capabilities. The Concept of Operations ConOps of a Security Team should be made up of the manuals and documents and the process which has been worked out to achieve the highest and most robust levels of security, and of course honed over time. In reality the ConOps are defined once, read once, then left on the shelf or even stored safely in a box.
Changes have been seen in the market with a welcome increase in knowledge management systems deployed to support Operations in Security Control Rooms. Rules Engines and Flexible database driven Operator assistance and mandatory guides are now being used to good effect. When a site alert occurs the Security personnel can be taken through an approved procedure step-by-step, with each action being recorded for future alarm analysis, and for operational improvements in the database steps.
Safety is now being seen as strong component part of the Security mix, and vice versa. Systems cannot be stated as Safe if they are not Secure and Systems cannot be stated as Secure if they are not Safe. Safety and Security have different meanings for each exponent of expertise. We are lacking a truly international definition which is used as a standard by all experts, be they Safety Experts or Security Experts.
Integrated Security means bringing at least two systems of differing type together to create a tangible benefit to the operations of a Control or Security Room.
Holistic Integrated Security means bringing multiple systems together to create a Command, Control, Communications and Computer solution.
The draw backs of Integrated systems are the cost of developing and maintaining the integration, the potential security risks of inter-connectivity, and the cost of managing the complexity and rule-sets.
The benefits are often seen to easily outweigh the potential drawbacks. Integrated systems are evolving as the norm. Security of interconnection is not such a challenge with newer technologies being adopted.
A selection of Scenario Stories now follows which are designed to illustrate a disconnected enterprise and a Holistic Integrated Security System: -
Scenario 1: Nuclear Operations Controls Manager...
The Manager is authorised to use the Main Control Room control screens to adjust reactor control parameters. He logs into the control screen and issues a 20% increase in the control rods.
The control system allows this as he is logged on as authorised.
Scenario 2. An Intruder climbs over a fence……
A secure facility somewhere, somewhen,..
Technology all plays a key role in the Solutions to improve security but human interactions and the softer skillset are needed in equal measures.
Enterprises need to be aware of the significant advantages of Holistic Integrated Security Solutions for de-risking potential threats, improving current business operations though efficiencies, reducing mistakes across disparate systems, and finally improving morale through greater staff security.
Integrated Holistic Situational Awareness is not a silver bullet to threats posed but can yield enormous improvement if carefully engineered, and integrated into the normal operations of security teams as a clearly perceived benefit.
Cevn Vibert LinkedIn: https://uk.linkedin.com/in/vibertprofile