A Cultural Blending How to protect physical security and cybersecurity
BTy Lance Holloway
he concept of “securing security” emerged when physi- cal security was being affected by cybersecurity attacks. In today’s physical security landscape these new threats have been introduced and reinvent the traditional secu- rity battle lines. While life safety, executive protection,
asset protection and compliance are but a few of the traditional fo- cuses of physical security, cybersecurity has emerged, often right be- hind the physical security team’s field of view. Understanding cyber- attack methodology combined with the risk-based security model allows for a successful strategy to address vulnerabilities within IP- based physical security ecosystems – preparing your organization for battle in the digital age.
By examining a few front-page cyberattacks, general insight about methodologies used to gain malicious access to IP-enabled security equipment – whether for denial of services or surreptitious intelli- gence gathering – can be gained. Additionally, spelling out the imme- diate concentric circles that many companies define as their security battle lines allows for applying not just the right technologies to cover the gaps, but the essential disciplines required to shore up a healthy, layered security approach to ensure information security, life safety and shareholder trust.
In October of 2016, the Marai attack on the internet infrastruc- ture launched the largest Distributed Denial of Service (DDoS) im-
20
0118 | SECURITY TODAY
pact ever documented in human history. The tragedy is that most of the Linux bot devices used in the attack were actual security cameras and network video recorders. The Marai malware infects a device and immediately begins scanning for any Internet of Things (IoT) devices that may have default passwords and settings still in place. Subse- quently, infected devices were then commandeered as “bots” — or soldiers in the attack against internet commerce.
The resulting torrent of internet garbage directed at the target was in excess of 600 GBps, bringing down sites such as Netflix and Twitter in the process. Service assurance products now exist that de- liberately monitor IoT devices on a customer network, providing pro- active reports and alerts regarding deficient passwords, out-of-date firmware and quality-of-video storage to ensure use when needed.
Credential and Patch Management
In December 2015, a large-scale cyberattack was launched on the Ukrainian power grid. What is termed as an “attack in depth” began with spear phishing — an artful message (typically email) directed at a specific individual with contextually relevant information, action items and an infected attachment or deceptive URL to click.
Once the attachment or URL is opened, malicious code is intro- duced to the network to begin the process of gaining illicit access. It is believed that over a period of six months, the hackers were able
PHYSICAL SECURITY
BeeBright/Shutterstock.com