Addressing the vulnerability of IP-based infrastructure security
The growing reliance on IP networks to control security systems offers greater efficiency but also increased vulnerability; one of the promising trends in the network security world is that of unidirectional connectivity which allows data to pass between networks in one direction only
Protecting infrastructure facilities occupies center stage at the Security Israel 2008 convention which opened a couple of days ago. Representatives from all over the world came to see what country’s security companies have to offer. One emerging market that they will be focusing on will be the growing need for securing IP video surveillance. Imagine what would happen if terrorists were able to penetrate the control center of a critical national infrastructure, such as a national gas line. Controlling such a facility would enable the terrorists to cause unimaginable destruction. Such a scenario is not imaginary. The Jerusalem Post’s Esti Peshin writes that critical national facilities are prime targets for terrorist activities. Several years ago terrorists attempted to blow up Pi Glilot (gas depot in Israel) by placing explosives on a fuel truck that was supposed to enter the compound. Such attempts have occurred in Israel as well as around the world. Consider how much easier the terrorists’ task would be if they could hack the control center of a critical infrastructure from the comfort of their home. Over the past few years there have been several reports of cyber attacks on control systems of nuclear power plants, sewage systems, transportation facilities, etc. Only recently the CIA disclosed that cyber attacks have caused at least one major power outage affecting multiple cities outside the United States.
There is a tradeoff between the security of a modern business and business requirements. While the latter requires increased connectivity to the critical national infrastructure’s network, the former promotes complete segregation of the facility’s network from the outside world. The benefits of connectivity and the growing dependency on it have risen to a stage in which complete segregation is impractical and impossible. One area where this dissonance is even more pronounced is the area of Physical Perimeter Security, a growing market which is rapidly shifting to IP-based technology. Organizations install modern IP-based surveillance networks in order to improve their facility’s physical security. Doing that, however, may reduce rather than enhance the overall security of their organization. Whereas IP-based surveillance networks provide greater efficiency, IP communication also entails great risks. An attacker can gain access to a surveillance network by simply connecting a laptop in place of a camera. This allows access to other devices on the same network (for example, additional cameras, access control systems) and if the network is connected to additional networks, the
