With near market domination at this point, a great percentage of corporations and institutions have experience with physical security and control systems that are now Internet Protocol (IP) network based. Whereas video surveillance systems, access control systems, intercom and paging systems, and programmable logic control (PLC) systems used to be closed systems by their nature, they are now all joined together for integration leveraging IP communications. Serial communication ports using potentially proprietary data transmission that required directly connecting matching hardware have been largely replaced by standard “RJ45” ports which can connect to any standard Ethernet switch. There are many benefits to this, including the standardization of inexpensive cabling, the ease of integration, and the anywhere-anytime availability. However, these very benefits come with new challenges related to operations, maintenance, and, perhaps most importantly, security.
It seems like a logical extension that physical security and control systems would be Internet connected, since they nearly universally leverage IP networks. Smartphones, tablets, laptops, remote accessibility, and (more recently) smart watches enable us to access or take our documents, email, videos, music, or practically anything else with us wherever we go. Applying this to physical security and control systems, we can see definite benefits of remote access. Your IT group, Security group, or third party maintenance contractor could remotely monitor, manage, and maintain your critical systems. This would decrease response times while likely decreasing costs. Or, how about the occasional critical issue that occurs when the response manager or decision maker is offsite? That person could be automatically notified of an event and given access to the situation as if onsite at the monitoring and control station.
In order to take advantage of universal accessibility, it is reasonably understood that network and software security measures need to be in place to prevent malicious access. The point at which your local area network (LAN) connects to the Internet is very likely to be protected by a firewall which is configured to permit only authorized or internally requested traffic into the LAN. Additional network security measures can include intrusion prevention systems (IPS), intrusion detection systems (IDS), virtual local area networks (VLAN), access control lists (ACL), and many other acronymic services and protocols. These mechanisms and systems combine to make it increasingly difficult for any persons with malicious intent to reach your critical systems. But sometimes pinholes in the armor are found and exploited.
Breach events can occur when people meaning to do your facility harm find their way “inside.” Data and information that is supposed to be secure could be stolen or altered. If you are storing employee personal information, patient medical records governed by HIPAA regulations, financial information, intellectual property, critical security information, or similar, you know how damaging it could be if that information is improperly altered or stolen. When physical security and control systems are ultimately accessible from the Internet, a malicious entity could take control of all of the physical systems intended to keep them out of the facility. In a prison situation, it could be catastrophic if a malicious third party was able to gain control over any one of many critical systems.
It may seem like a reach to assume that these catastrophic events are credible and realistic threats. However, increasingly large network security breaches have been in the news over the past few years. Stuxnet, Duqu, and Flame are a few names of very sophisticated, possibly state-sponsored malware found since 2010 which targeted industrial control and data systems for sabotage and espionage. It is believed that the targeted infections were initiated via USB stick, which would naturally require privileged physical access, but all infections had the ability to spread using network connections. These malware packages exploited previously unpublished vulnerabilities in very common operating systems and software packages. In such instances, large manufacturers will be able to publish patches to eliminate the exploits, but naturally, those patches must be installed to provide protection and close the holes.
Sometimes the very mechanisms used to keep data and communications secure contain points that can be exploited. It was discovered early this year that most Apple devices running OS X or iOS contained the “goto fail” bug which could cause the verification process for secure communications to fail, resulting in potentially unsecured connections showing as secure. This was caused by the erroneous repeat of a single line of code. This could potentially have affected physical security and control systems if one of the affected devices was used for remote access. Another recent and hugely impactful bug was discovered in April of this year and was dubbed Heartbleed. This bug in a cryptography library could allow a malicious third party to steal any and all data in transit to or even ultimately at rest on an otherwise secure web server. It is estimated that 17% of all secured web-connected servers were vulnerable at the time of discovery, including the servers of multi-billion dollar companies like Yahoo and Google (who immediately moved to patch all affected systems). The publication of this issue forced many other industry giants to individually evaluate large portions of their product lines, including routers, switches, servers, and software packages.
Maintaining secure networked systems is a never-ending and critical task requiring monitoring, updating, patching, researching, and testing. This said, we do not universally recommend that internal systems are never connected to the Internet. The best course of action must be decided through a risk/benefit analysis for your specific organization. It may be necessary for your organization to have remote access, monitoring, or control capabilities and, in turn, you would need appropriate IT groups to maintain network security. For mission critical facilities, we often recommend that physical security and control systems are kept on separate networks which are physically disconnected from the Internet because the risks far outweigh the benefits. Network security systems and IT groups employed to configure and manage them can be very costly and even the most sophisticated of them can never truly reach the level of remote access breach resistance that an “air-gapped” network can.
There are many considerations that need to be made to maintain network security, and Internet connectivity is just one subset of them. For an assessment and network configuration analysis, Tim Bergan, CCNP, CCDP of PSE’s technical staff can discuss and coordinate the detailed organizational requirements for accessibility, portability, and security with your Executive, IT, Security, and Facilities Operations groups.
Please reach out to our office at 800-839-5060 to walk through your engineering options.
Tim Bergan, CCNP, CCDP, is a Secure Networks Project Manager, developing network solutions for complex systems involving data centers, emergency communications, telecom, and data network systems.