Understanding the cyber security implications of a physical break in

When someone breaks into a remote facility, you may dismiss it as simple theft or vandalism. There might be a far more sinister action taking place.


Don't assume a break-in is just about vandalism. There may be cyber security implications.In a recent analyst white paper, Scott D. Swartz and Michael J. Assante (SANS Institute) examine the relationship between physical security and cyber security, and how gaining access to computer hardware that’s part of an industrial network is a very effective way to break into the network. The spray paint on the walls may be there just to distract your investigation so you miss the small modifications the criminals did to create a door into your network. (You can read the complete white paper here.)

Once criminals have gained access to network computers, there are all sorts of ways they can leverage that access to compromise the system. Criminals that gain access to your facilities by other less obvious means can use some of the same techniques, so the discussion is relevant to many types of situations.

The discussion includes ways to respond when there’s been a break in, including how to preserve evidence in the area as a crime scene.

Michael J. Assante has contributed to Control Engineering on a number of occasions. There are links at the bottom of this page to other articles and videos.

This white paper will be distributed along with other materials at the SANS Institute’s 9th Annual ICS/SCADA Security Summit in Orlando, Florida, March 16-18.


No comments
Consulting-Specifying Engineer's Product of the Year (POY) contest is the premier award for new products in the HVAC, fire, electrical, and...
Consulting-Specifying Engineer magazine is dedicated to encouraging and recognizing the most talented young individuals...
The MEP Giants program lists the top mechanical, electrical, plumbing, and fire protection engineering firms in the United States.
Salary survey: How much are you worth?; Dedicated outdoor air systems; Energy models and lighting
Fire, life safety in schools; Fire protection codes; Detection, suppression, and notification; 2015 Commissioning Giants; Emergency and standby power in hospitals
HVAC and building envelope: Efficient, effective systems; Designing fire sprinkler systems; Wireless controls in buildings; 2015 Product of the Year winners
Designing positive-energy buildings; Ensuring power quality; Complying with NFPA 110; Minimizing arc flash hazards
Implementing microgrids: Controlling campus power generation; Understanding cogeneration systems; Evaluating UPS system efficiency; Driving data center PUE, efficiency
Optimizing genset sizing; How the Internet of Things affects the data center; Increasing transformer efficiency; Standby vs. emergency power in mission critical facilities
As brand protection manager for Eaton’s Electrical Sector, Tom Grace oversees counterfeit awareness...
Amara Rozgus is chief editor and content manager of Consulting-Specifier Engineer magazine.
IEEE power industry experts bring their combined experience in the electrical power industry...
Michael Heinsdorf, P.E., LEED AP, CDT is an Engineering Specification Writer at ARCOM MasterSpec.