Understanding the cyber security implications of a physical break in

When someone breaks into a remote facility, you may dismiss it as simple theft or vandalism. There might be a far more sinister action taking place.

01/21/2014


Don't assume a break-in is just about vandalism. There may be cyber security implications.In a recent analyst white paper, Scott D. Swartz and Michael J. Assante (SANS Institute) examine the relationship between physical security and cyber security, and how gaining access to computer hardware that’s part of an industrial network is a very effective way to break into the network. The spray paint on the walls may be there just to distract your investigation so you miss the small modifications the criminals did to create a door into your network. (You can read the complete white paper here.)

Once criminals have gained access to network computers, there are all sorts of ways they can leverage that access to compromise the system. Criminals that gain access to your facilities by other less obvious means can use some of the same techniques, so the discussion is relevant to many types of situations.

The discussion includes ways to respond when there’s been a break in, including how to preserve evidence in the area as a crime scene.

Michael J. Assante has contributed to Control Engineering on a number of occasions. There are links at the bottom of this page to other articles and videos.

This white paper will be distributed along with other materials at the SANS Institute’s 9th Annual ICS/SCADA Security Summit in Orlando, Florida, March 16-18.

www.sans.org



No comments
Consulting-Specifying Engineer's Product of the Year (POY) contest is the premier award for new products in the HVAC, fire, electrical, and...
Consulting-Specifying Engineer magazine is dedicated to encouraging and recognizing the most talented young individuals...
The MEP Giants program lists the top mechanical, electrical, plumbing, and fire protection engineering firms in the United States.
MEP Giants; MEP Annual Report; Mergers and acquisitions; Passive, active fire protection; LED retrofits; HVAC energy efficiency
Integrating electrical and HVAC systems; Tracking and conserving facility water use; Energy code advancements; The future of professional engineers
Control noise, vibration in building design: Tackling acoustics and design issues; High-performance building design; NFPA 99; Combined heat, power
Putting COPS into context; Designing medium-voltage electrical systems; Planning and designing resilient, efficient data centers; The nine steps of designing generator fuel systems
Designing generator systems; Using online commissioning tools; Selective coordination best practices
Understanding transfer switch operation; Coordinating protective devices; Analyzing NEC 2014 changes; Cooling data centers
As brand protection manager for Eaton’s Electrical Sector, Tom Grace oversees counterfeit awareness...
Amara Rozgus is chief editor and content manager of Consulting-Specifier Engineer magazine.
IEEE power industry experts bring their combined experience in the electrical power industry...
Michael Heinsdorf, P.E., LEED AP, CDT is an Engineering Specification Writer at ARCOM MasterSpec.
click me