Holistic Integrated Cyber-Physical or Industrial Cyber Security
Category: Blog
By Janice
17/10/2016
This is the third in our series of articles from Cyber Security expert Cevn Vibert. This week Cevn goes beyond Cyber Security and back to security basics e.g. physical security for control centres.
Holistic Integrated Cyber-Physical or Industrial Cyber Security
Physical Security is just as necessary as Cyber Security since a network or datacentre can be compromised much more easily by someone connecting devices, logging in directly to a terminal or stealing hardware for later analysis.
Physical security can also help to protect staff who may be compromised through force or coercion by intruders. The logs and records of physical security system can be an invaluable component of a forensic analysis, or the cameras and Intrusion status for a real-time situational awareness requirement.
Physical security may include a wide range of technology such as CCTV, Intrusion Detection, Fence Alarms, Break-beam or IR detectors, radar, ground seismic sensors, Thermal imaging, Vehicle identifying systems, card readers, biometrics, audio sensors, chemical and radiological sniffers, and x-ray and radiometric sensors and air/force pressure sensors. There are many different technologies deployed to detect changes or unknown people or vehicles around and inside perimeters. The sensors are usually networked and collated into an Intrusion Detection System or Access Control System or a PSIM (Physical Security Information Management) system.
The Security guardroom or control centre of a facility may have a number of computer screens dedicated to security management with an Access Control screen, PSIM screen, numerous CCTV screens, a card reader management screen, Public Address, Radio Communications Management, Fire Management display and a Building Management display. The diversity of each system, from different vendors with differing Operator Interface standards, methods and operations makes the life of the Security Personnel more difficult than it strictly should be. Operator standards have been known, defined and standardised nationally and internationally for a variety of industries. The Security vendors are most often not cognisant or have chosen to ignore such standards. Each system requires both education and experience to use effectively hence creating many opportunities for ineffective operation. This is an area for significant improvement where PSIM systems are starting to take on more and more management functions for all the other systems in the Security Room.
Cyber Security Management systems are still in their infancy for Operator Interfaces. These typically sit in a Network Operations Centre NOC or a Security Operations Centre SOC.
Operations Security Management is essentially about the people, their procedures, methods and capabilities. The Concept of Operations ConOps of a Security Team should be made up of the manuals and documents and the process which has been worked out to achieve the highest and most robust levels of security, and of course honed over time. In reality the ConOps are defined once, read once, then left on the shelf or even stored safely in a box.
Changes have been seen in the market with a welcome increase in knowledge management systems deployed to support Operations in Security Control Rooms. Rules Engines and Flexible database driven Operator assistance and mandatory guides are now being used to good effect. When a site alert occurs the Security personnel can be taken through an approved procedure step-by-step, with each action being recorded for future alarm analysis, and for operational improvements in the database steps.
Safety is now being seen as strong component part of the Security mix, and vice versa. Systems cannot be stated as Safe if they are not Secure and Systems cannot be stated as Secure if they are not Safe. Safety and Security have different meanings for each exponent of expertise. We are lacking a truly international definition which is used as a standard by all experts, be they Safety Experts or Security Experts.
Integrated Security means bringing at least two systems of differing type together to create a tangible benefit to the operations of a Control or Security Room.
Holistic Integrated Security means bringing multiple systems together to create a Command, Control, Communications and Computer solution.
The draw backs of Integrated systems are the cost of developing and maintaining the integration, the potential security risks of inter-connectivity, and the cost of managing the complexity and rule-sets.
The benefits are often seen to easily outweigh the potential drawbacks. Integrated systems are evolving as the norm. Security of interconnection is not such a challenge with newer technologies being adopted.
A selection of Scenario Stories now follows which are designed to illustrate a disconnected enterprise and a Holistic Integrated Security System: -
Scenario 1: Nuclear Operations Controls Manager...
The Manager is authorised to use the Main Control Room control screens to adjust reactor control parameters. He logs into the control screen and issues a 20% increase in the control rods.
The control system allows this as he is logged on as authorised.
However: -
- Door Access System of the Control Room does not show him as being in the Control Room.
- The Site Access Management System does not show him as being on-site.
- The HR Management System show him as being on vacation this week.
- The HR Training system show his training status for control screen authorisation has lapsed.
- The site IT network intrusion system has recently discovered a number of unauthorised VPN tunnels being used.
- The control system has not had a 20% parameter increase for the control rods in its history.
- There was no control screen keyboard activity when the parameter was changed.
- The Control Room had not had any IR movement detector triggers for at least 25minutes.
Scenario 2. An Intruder climbs over a fence……
A secure facility somewhere, somewhen,..
- The site fence impact and vibration alarms are suddenly triggered.
- The site fence alarms have just slewed the PTZ CCTV cameras to the alarm zone.
- Review of the CCTV footage in the Control Room in real-time shows a person in a hoody and jeans climbing over the perimeter fence.
- A security guard force is alerted to attend the scene. They confirm e.t.a.
- The site CCTV motion detectors detect significant movement of the intruder over the roads and grassed areas outside of normal traffic times. The CCTV cameras follow the intruder to a building.
- The local Police force are alerted to attend the site. They confirm date and time and e.t.a.
- The building access control detects a break in at an external door followed by a break-in at an internal door to the server room corridor.
- The internal intruder detectors detect movement in the corridor.
- The door to the server room signals a break in.
- The server room computer cabinet-opened alarm is triggered as out-of-normal-hours.
- A server alerts the IT system IDS as an unauthorised USB stick has been detected on a server.
- The server IDS signals a major cyber alarm due to significant file changes and attempts to run non-whitelisted programs.
- The security guard force arrives at the scene having been briefed in real-time to the actual situation, including location and nature of the alarms and potential efforts by the intruder to mask their targets. Smart devices, position based information, body cams and bidirectional information flow between Operatives and Control Room and between Operative Teams all are enablers for realistic real-time Situational Awareness.
- Actions can be taken in real-time to mitigate either actual occurring threats, or potential threats based on a situation unfolding.
- The Intruder situation is effectively and speedily resolved due to fully Integrated Holistic Situational Awareness.
Technology all plays a key role in the Solutions to improve security but human interactions and the softer skillset are needed in equal measures.
Enterprises need to be aware of the significant advantages of Holistic Integrated Security Solutions for de-risking potential threats, improving current business operations though efficiencies, reducing mistakes across disparate systems, and finally improving morale through greater staff security.
Integrated Holistic Situational Awareness is not a silver bullet to threats posed but can yield enormous improvement if carefully engineered, and integrated into the normal operations of security teams as a clearly perceived benefit.
To be featured or find out more abOut Company Connecting:
e-mail us on support@companyconnecting.com
call us on 0845 643 5375
or contact Janice on Linkedin
"Holistic Integrated Cyber-Physical or Industrial Cyber Security" First published on Company Connecting October 2016
