Understanding the cyber security implications of a physical break in

When someone breaks into a remote facility, you may dismiss it as simple theft or vandalism. There might be a far more sinister action taking place.


Don't assume a break-in is just about vandalism. There may be cyber security implications.In a recent analyst white paper, Scott D. Swartz and Michael J. Assante (SANS Institute) examine the relationship between physical security and cyber security, and how gaining access to computer hardware that’s part of an industrial network is a very effective way to break into the network. The spray paint on the walls may be there just to distract your investigation so you miss the small modifications the criminals did to create a door into your network. (You can read the complete white paper here.)

Once criminals have gained access to network computers, there are all sorts of ways they can leverage that access to compromise the system. Criminals that gain access to your facilities by other less obvious means can use some of the same techniques, so the discussion is relevant to many types of situations.

The discussion includes ways to respond when there’s been a break in, including how to preserve evidence in the area as a crime scene.

Michael J. Assante has contributed to Control Engineering on a number of occasions. There are links at the bottom of this page to other articles and videos.

This white paper will be distributed along with other materials at the SANS Institute’s 9th Annual ICS/SCADA Security Summit in Orlando, Florida, March 16-18.


No comments
Consulting-Specifying Engineer's Product of the Year (POY) contest is the premier award for new products in the HVAC, fire, electrical, and...
Consulting-Specifying Engineer magazine is dedicated to encouraging and recognizing the most talented young individuals...
The MEP Giants program lists the top mechanical, electrical, plumbing, and fire protection engineering firms in the United States.
Commissioning lighting control systems; 2016 Commissioning Giants; Design high-efficiency hot water systems for hospitals; Evaluating condensation and condensate
Solving HVAC challenges; Thermal comfort criteria; Liquid-immersion cooling; Specifying VRF systems; 2016 Product of the Year winners
MEP Giants; MEP Annual Report; Mergers and acquisitions; Passive, active fire protection; LED retrofits; HVAC energy efficiency
Driving motor efficiency; Preventing Arc Flash in mission critical facilities; Integrating alternative power and existing electrical systems
Putting COPS into context; Designing medium-voltage electrical systems; Planning and designing resilient, efficient data centers; The nine steps of designing generator fuel systems
Designing generator systems; Using online commissioning tools; Selective coordination best practices
As brand protection manager for Eaton’s Electrical Sector, Tom Grace oversees counterfeit awareness...
Amara Rozgus is chief editor and content manager of Consulting-Specifier Engineer magazine.
IEEE power industry experts bring their combined experience in the electrical power industry...
Michael Heinsdorf, P.E., LEED AP, CDT is an Engineering Specification Writer at ARCOM MasterSpec.
click me