printer friendly version

Can you secure security?

With the rapid expansion of digitisation, the barrier between physical security and network security has disintegrated. Today, almost every security camera or sensor device sold operates on an Ethernet-based wired or wireless network, which means that physical security solutions, like CCTV surveillance systems, are vulnerable to the same types of attacks and exploitations that have plagued data networks for decades. However, because such IP infrastructure brings with it the benefits of high capacity, low-latency performance efficiencies and operational cost-effectiveness, it’s important for manufacturers and integrators to be able to educate and advise their clients on the risks and educate them on the importance of cybersecurity.

Laurence Smith, Executive at Graphic Image Technologies.

This means assisting organisations to secure their physical security network to ensure that the very infrastructure should be protecting business assets is not in fact their biggest vulnerability. This is achieved by treating the physical security infrastructure and devices in the same manner as network infrastructure and devices, which means securing everything, right down to switch level.

A real danger with real consequences

A hacker’s main goal is to find system and device vulnerabilities to exploit them. These vulnerabilities allow a hacker to unleash botnets, Denial of Service (DoS) attacks by acting as an entry-point from which they can launch themselves into the rest of the network. Once they’re inside the network, anything is possible.

Before ‘cybersecurity’ was even a buzzword, in 2008 hackers entered the operational controls of the Baku-Tbilisi-Ceyhan (BTC) oil pipeline (which runs more than 1 000 miles from the Caspian Sea to the Mediterranean) and quietly increased the oil pressure without setting off security alarms, resulting in an explosion on the pipeline near a town in eastern Turkey. Although the incident was declared a mechanical failure by the Turkish government, Bloomberg reported in 2014 that hackers had in fact disabled alarms, cut communications and super-pressurised the crude oil in the line.

How did they do this? By taking down the system of sensors and video cameras that monitored the pipeline in the area, there was no signal of the explosion. In fact, the incident was only called in 40 minutes later when a security worker spotted flames. It was later discovered that the hackers had erased video footage from the last 60 hours before the incident, in order to cover their tracks. It was only thanks to footage from a single offline thermal camera that showed two men with laptop computers walking near the pipeline days before the explosion.

The Internet of Things takeover

Since 2008, technology has advanced tremendously and we are now on the cusp of a total Internet of Things (IoT) assimilation. Everyday devices like door locks and smoke detectors are becoming smarter with the addition of a sensor to capture data and an IP connection over which to transmit this data to other things and people. It was predicted that the IoT market would grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and a further 75.4 billion by 2025.

Protecting the physical security network

So how can businesses protect their IP-based security systems from intruders? There are a number of common-sense methods that bear repetition. Any IP-based security system needs network protection and each device must be treated as a possible vulnerability. Organisations should be advised by integrators to use a dedicated network for their clients and servers, to separate security from business-critical networks on top of establishing a secure perimeter with an intelligent firewall.

It is also advisable to research the various network access control solutions created by manufacturers to help protect IP devices against viruses and other malicious software, by sealing hardware and software devices off from outside attacks and isolating them from the rest of the network should they become affected or infected.

Protect those ports

Port protection should be used to establish switches within an organisation’s network, limiting user access to certain network locations. By placing protection at a port level, it becomes possible to quickly allow or block devices. These appliances have display panels that provide network information, such as device IP and MAC addresses, making it possible to identify the port number to which devices are connected as well as authentication status. In the event of an unauthenticated device (such as the two laptops that were used in the Turkish pipeline explosion) an alarm will be triggered in the security management system even if the appliance is turned off. These alarms provide information that allows security operators to take immediate informed action.

While it can be challenging to protect physical infrastructure against network-based exploitation, mercifully the tools, measures, and operational processes that make it possible already exist. Although there is no silver bullet or magical combination of technologies that will provide invulnerability, with a carefully planned security strategy that takes care of the details, right down to switch level, it becomes a lot easier to identify, understand, monitor and contain any potential cybersecurity incidents. By placing security at switch level, it is possible to effectively mitigate the risks present in the physical security infrastructure by remembering that every IP device is no longer just a product or a device – it is a vulnerability and must be treated accordingly

Share this article:

Further reading: