to capture network credentials and own the bios level of the power command center software servers, the battery backup devices (after all, the power was about to be cut), the phone system (hit by DDOS at the same mo- ment) and other attack vectors. The result was a loss of power to a quarter-million peo- ple for approximately six hours. Aggressive awareness campaigns around the nature of cyberattacks can greatly mitigate such intru- sions. Coupled with strategic network design and privilege management, these layers and awareness should now be commonplace.
Employee Training
In 2010, the Stuxnet worm was discovered and eventually tagged as the key element in frustrating uranium production in the Ira- nian centrifuges at Natanz. The delivery ve- hicle is of particular interest here. Contrac- tors entering and exiting the facility each day were one point of infection. A laptop being brought onto the premise and connecting to the production network availed the requisite access for the worm to hit pay dirt. The mal- ware then provided the means to find exact manufacturer products and adjust the set- tings necessary to spoil batches of uranium — delaying the enrichment process consider- ably and invisibly for a period of time.
There is a direct parallel between this incident and numerous U.S.-based high se- curity locations. These concerns can be ad- dressed with a high degree of success with what Microsoft terms “Privileged Access Workstations” (PAW). The end user issues a whitelisted, pre-configured laptop or device to the contractor for the work to be per- formed on-site. This laptop undergoes the governance scrutiny that the IT department dictates and the contractor has the tools re- quired, all made available at low risk.
This specific vulnerability also threatens air-gapped networks. An air-gapped strate- gy calls for the literal separation of two net- works to completely avoid the possibility of a hacker spanning their invasive reach from the security equipment to the corporate pro- duction network. Separate topologies do re- duce the attack surface exposure, but, most importantly, they provide damage control measures for the IT department: if the sepa- rate physical security network is compro- mised it is quarantined and does not impact the production business environment.
The next challenge is stronger, however. Leaving security equipment out on its own infrastructure without aggressive oversight fosters a vulnerability breeding ground. The answer is to craft a hybrid cybersecurity so- lution that bridges and thoroughly interfac- es physical security assets with the already existing risk management and cybersecurity campaigns. Service Assurance Engines, IoT Monitoring and Physical Identity Access
WWW.SECURITYTODAY.COM
Dak
Wireless driveway alarms — Be alerted any time someone enters the property.
Dakota Alert has sensors for your backyard, driveway, porch, outbuildings and more...
• Solar Powered Wireless Breakbeam
• Motion Detectors • Vehicle Sensors
• Easy installation • Wireless ranges
up to several miles
Dakota Alert, Inc. is a leading manufacturer of wireless alert products. Whether you’re trying to keep an eye on outbuildings or just want to know if someone is coming up your driveway, our wireless alerts and accessories allow you to be completely aware of any presence on your property.
(605) 356-2772 | www.DakotaAlert.com
Go to sp.hotims.com and enter 15 for product information.
ota Alert_Security Products AUG2017.indd 1 7/10/2017 11:30:01 AM