Are you aware of the threats to your physical security system?
Physical Security System
A Physical Security System is a system designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm such as espionage, theft, or terrorist attacks. Such systems involve the use of multiple layers of interdependent systems which include CCTV systems, communication systems, protective barriers, access control and alarm systems, and more.
To understand the true threat that an intruder can pose, it is vital to start at the beginning and take a closer look at the following questions:
- What critical data is available in your physical security system?
- What actions can your physical security system perform?
Critical data is often available on a physical security system. Such data can be used as information linked to criminal investigations and as evidence in prosecutions.
- Video recording – CCTV monitoring of sensitive and secure locations
- Event recording – data providing a historical log of events and actions
It is also common that physical security systems contain user data for access control systems.
- Credentials for accessing different areas in the building
Critical actions that a system can perform:
If you consider all the critical actions that your physical security system is able to perform, then it becomes immediately apparent why you need to protect it from outside threats and attacks. Below is an example of just some of the typical actions that can be vulnerable to attack:
- Intercom for communication from the public to security personnel in order to get assistance
- PA system for communication from security personnel to the public, providing guidance and advice in critical situations
- Radio system for communication between security personnel
- CCTV system to monitor different areas in the building
- Access control system to open doors and gates to public and protected areas
- Analytics and security management system to provide faster response times to incidents
Think through all the critical actions that your system is able to perform in your own organization, as this is key to then being able to identify the threats.
Example of threats:
Threats can come in many shapes and forms. Hackers and intruders are constantly looking for weaknesses in your physical security defense system, which make it possible for them to commit an offence such as one of those listed below. Take the time to consider the types of threats that your organization would face should an unwanted party gain access to your physical security system:
- taking control of the door lock system to open doors and gates during a robbery
- turning off video recording and monitors to allow a thief to come unnoticed into a building
- removing records from the security management system, thus removing evidence of a crime
- taking control of CCTV systems to guide an intruder through the building
- monitoring CCTV cameras to know when the most money is in the bank, thereby finding the optimal time for a robbery
- monitoring CCTV cameras to get details when people enter PIN codes
- monitoring CCTV cameras to know when security personnel are not present in key areas
- turning off complete physical security systems, leaving security personnel without tools for monitoring and response
- instigating false alarms in order to occupy security personnel, leaving key areas unprotected
A global problem
News reports are increasingly filled with examples of cybersecurity breaches. Insecam claims to feature live feeds from IP cameras all over the world. With over 11,000 feeds from the U.S. alone. Not only is it possible to view streams from public buildings and car parks, but also from private areas including bedrooms and living rooms. The founders of the site claim that it has been set-up in order to highlight the importance of having adequate security settings in place. But how would you feel if your IP cameras were accessible by anybody with a computer?
Can you afford to ignore the threat?
Given the sensitive nature of the information stored on your physical security system and the magnitude of the risks associated with unwanted access, then your answer is likely to be “No”. Cybersecurity is not a nice to have, but a necessity – there is no point having a lock on your door if you don’t take the time to use it.
Each new system, application or network service added to your system comes with its own potential security vulnerabilities, making cyber protection increasingly more difficult and complex. By confronting the serious network security risks pragmatically, you can reap the benefits while minimizing security risks. To accomplish this, you need a solid cybersecurity plan and the resources to execute it. Handling cybersecurity risk reduction up front typically takes less resources than having to clean up after avoidable cyber attacks.
Zenitel has developed a Cybersecurity Hardening Guide to help you approach your planning, based on the CIS Controls developed by CIS® (Center for Internet Security®). It combines our experience applying best practices developed by CIS, as well as our background in this area, to support end users and integrators in building a solid, resilient cyberdefense. Click here to read the Hardening Guide.
Hackers can even be found in galaxies far, far away
In the Star Wars films, “The Empire” obviously did not have an adequate Cybersecurity plan in place. Thus, R2-D2 was able to access the network used for physical security, which enabled him to open doors and warn Luke Skywalker when storm troopers were in the close vicinity. Had The Empire’s IT department taken more care with its cyberdefense, the outcome of the film would have been dramatically different.