Mitigating the threats from Cyber attack

What is Cyber Space ?

One of many definitions is :

“Cyberspace is an interactive domain made up of digital networks that is used to store, modify and communicate information. It includes the Internet, but also the other information systems that support our businesses, infrastructure and services.”

The strategy illustrates the critical infrastructure which is necessary for society’s everyday activities (Lehto 2013).

What is a Cyber attack ?

A Malicious attempt to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means. Source : https://www.ncsc.gov.uk

There are many different types of Cyber attack, through many different mediums and with different techiniques.

Not only limited to an External Attack, it can come from Within.

However it is not only data that is at risk, it is the creation of false alarms and false positives that can also have an effect on a security system, as a means of a diversion to a potentially serious physical intrusion.

Some commonly used Words

http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/

So Why is Cyber security such a important topic

The Growth of our Connected Connect Society (IoT)

• So Many Devices are connected to the Internet and can be open to attack, and it’s not just PC’s.

• Todays IoT devices means there are many points of contact that may be vulnerable to attack. A lot of these devices don’t have sufficient Security settings. IoT 2 is hopefully going to address this issue

• There are some simple techniques to stop basic intrusions such as firewalls and decent password protection but todays hackers are becoming more adept at “breaking and entering”.

And its not Just IT

Operational Technology (OT) is defined as technology that interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS).

Where cyber security for IT has traditionally been concerned with information confidentiality, integrity and availability.

OT priorities are often safety, reliability and availability, as there are clearly physical dangers associated with OT failure or malfunction.

Many businesses strive for improved OT process efficiency and reliability for their customers, which often results in increased connectivity to enterprise technologies and the Internet. Source https://www.ncsc.gov.uk/guidance/operational-technologies

So How do we Protect ourselves ?

• We have to look at all the elements of our systems, both physical and virtual, Enterprise It and operational Technology.

• It is becoming increasingly common for the attack to be a mixture of the two, I,e Cyber + Physical

• Therefore We must look at our Devices, our passwords, our connectivity methods and procedures.

What can happens if we ignore the risk ?

A few Scenarios Intellectual property loss Damage or destruction of CNI Loss of earnings Current and Future Danger to the general public Loss of Reputation Loss of Credibility Break down of CNI sites You could even be sued and or prosecuted by very unhappy customers.

To Protect our Customers and our CNI we must first Secure our site from a potential attack.

Each part of the system needs Protecting/locked down.

1) IT System Servers Client Machines Switches Routers Software – OS Exe

2) Operational System SCADA, IDS PLC

3) Security System Alarm System Fence Detection CCTV – Cameras & Recorders

Cyber essentials

Security Systems Today I am going to concentrate on the 3rd part of the system,

Security and Surveillance

CPNI have identified the potential risks of Cyber attack on security systems and have a new standard

• Cyber Assurance for Physical Security Systems (CAPSS) (Contact CPNI for more information)

Cyber Assurance for Physical Security Systems (CAPSS) • CAPSS looks at the risks to the communication and electronic equipment within

the security systems to confirm the systems are secure from being compromised.

• The Cyber assurance on an approved product tested by CPNI confirms the known risks and the product has passed the rigorist attack tests.

• The tests covers a multitude of security layers for the security system from added physical protection to virtual protection.

• The Major point of this new standard is that it protects the Security system both from an IT and Physical Perspective.

Design Resilience The System has to be resilient against the following security conditions:

• System Bypass • Breach of Audit Capability

• Denial of system (Dos) functionality

This provides assurance against traditional C.I.A security models ( as Below) . So to ensure that the security solution this will provide the following:

• Confidentiality: Data cannot be accessed by an unauthorised person • Integrity: No data can be modified by unauthorised user • Availability: Any resources used within the system should always be accessible when required by the user. An attacker cannot disrupt the system capability

Main areas which need Protection

Four key elements within the topology of a system to safeguard are:

• Front end control room equipment which allows direct access by operators & maintenance staff into the system

• IP Communication which allows access into the system anywhere on site to network ports

• Detection control equipment being compromised so alarms are not sent or bogus information is sent

• Cameras being compromised affecting images for operators to confirm an alarm event

System Components :Control room The Control room may be the easiest areas to access the system and to attack the system.

Applying the following measures is the first stage of protecting the system:

• All computers making up the system have a number of different levels of cyber encryptions installed to protect the system in different states.

• This is then enhanced by the each site having their own encryption key for the database.

• Each peace of hardware on the system then has their own unique encryption certificate.

System Components :IP Communication This is the Backbone of the system

Applying the following measures is the first stage of protecting the system:

• All Devices on the Network are intrinsically linked, each individual device has a unique identifier that is stored in the SMS database which is also encrypted

• The Switches connecting the devices also have special Firmware and are layer 2 devices, and these also have a unique address and they also have a SSL Certificate.

• Each peace of hardware on the system then has their own unique encryption certificate.

Secure Video Management software

• The fully integrated Management system is the Brains of the operation.

• It holds the Certificates and manages the connection of all authorised devices on the secure network

• It also allows full communication and integration with a number of different types of detection techniques, it can also integrate with 3rd party devices.

• To keep everything secure at the Cleint PC, not only are there strict Password protection policies the whole Windows operating system is locked down.

• Each Device on the system is Encrypted to and certificated, no Unauthorised devices can be connected.

Encryption & Security within System

• Bit Locker with a Trusted Platform Module (TPM) is the first layer which fully encrypts the hard drives within the system and locks the hard drive to the Microsoft Windows Boot and system files. This level secures the complete system in its dormant state. So if the hard drive was stolen then it cannot be unencrypted by any other hardware.

• The database for the system is then encrypted with Federal Information Processing Standards (FIPS) 140-2 encryption to level Advanced Encryption Standard (AES) 256 to protect the complete database of the site. If the database was copied and taken of site, then it could not be read, so could not be manipulated and then reloading back into the site again.

Video Surveillance Protection

Physical Protection Hardware Protection

• There is further physical protection to mitigate against unauthorised access

• All unused ports on computers are deactivated so cannot be use as an access point into the system.

• All machines are within a secure alarmed 19” rack.

• The machines themselves then are tampered to detect if the casement is opened.

• The equipment is supported by UPS backup.

Summary

• No Unauthorised Devices can be added to the Network

• All IP devices are managed and Authenticated by the Front end management system

• The Physical Detection systems are also Secure so that no False Positives can be generated.

• Any attempt to unplug/change a device is detected and an alarm generated

• The total solution gives you peace of mind that any generated alarm is genuine and that your system cannot be tampered with without an alarm being generated.

The Solution – The Good News

• Geoquip has a System solution that conforms to the new Cyber Assurance standard and has all of the features and attributes mentioned in the previous slides to ensure your Security System is Secure

• Namely our the following Devices :

Geoquip Vision HS

Geoquip Micralert HS

Approved for UK Government Use, for details contact CPNI

Help and Assistance • What can we do to mitigate the risk?

• Get some Advice – Where from ? • Uk government body - National Cyber Security Centre • PGI – Can give advice and run training courses • Hire a Cyber Security Professional • Speak with Geoquip.

• Start with getting your IT department instigate the Cyber Essentials Program • https://www.cyberaware.gov.uk/cyberessentials/

Thank you for your Time, Any questions ?