Understanding the cyber security implications of a physical break in

When someone breaks into a remote facility, you may dismiss it as simple theft or vandalism. There might be a far more sinister action taking place.

01/21/2014


Don't assume a break-in is just about vandalism. There may be cyber security implications.In a recent analyst white paper, Scott D. Swartz and Michael J. Assante (SANS Institute) examine the relationship between physical security and cyber security, and how gaining access to computer hardware that’s part of an industrial network is a very effective way to break into the network. The spray paint on the walls may be there just to distract your investigation so you miss the small modifications the criminals did to create a door into your network. (You can read the complete white paper here.)

Once criminals have gained access to network computers, there are all sorts of ways they can leverage that access to compromise the system. Criminals that gain access to your facilities by other less obvious means can use some of the same techniques, so the discussion is relevant to many types of situations.

The discussion includes ways to respond when there’s been a break in, including how to preserve evidence in the area as a crime scene.

Michael J. Assante has contributed to Control Engineering on a number of occasions. There are links at the bottom of this page to other articles and videos.

This white paper will be distributed along with other materials at the SANS Institute’s 9th Annual ICS/SCADA Security Summit in Orlando, Florida, March 16-18.

www.sans.org



No comments
Consulting-Specifying Engineer's Product of the Year (POY) contest is the premier award for new products in the HVAC, fire, electrical, and...
Consulting-Specifying Engineer magazine is dedicated to encouraging and recognizing the most talented young individuals...
The MEP Giants program lists the top mechanical, electrical, plumbing, and fire protection engineering firms in the United States.
Water use efficiency: Diminishing water quality, escalating costs; Lowering building energy use; Power for fire pumps
Building envelope and integration; Manufacturing industrial Q&A; NFPA 99; Testing fire systems
Labs and research facilities: Q&A with the experts; Water heating systems; Smart building integration; 40 Under 40 winners
Maintaining low data center PUE; Using eco mode in UPS systems; Commissioning electrical and power systems; Exploring dc power distribution alternatives
Protecting standby generators for mission critical facilities; Selecting energy-efficient transformers; Integrating power monitoring systems; Mitigating harmonics in electrical systems
Commissioning electrical systems in mission critical facilities; Anticipating the Smart Grid; Mitigating arc flash hazards in medium-voltage switchgear; Comparing generator sizing software
As brand protection manager for Eaton’s Electrical Sector, Tom Grace oversees counterfeit awareness...
Amara Rozgus is chief editor and content manager of Consulting-Specifier Engineer magazine.
IEEE power industry experts bring their combined experience in the electrical power industry...
Michael Heinsdorf, P.E., LEED AP, CDT is an Engineering Specification Writer at ARCOM MasterSpec.