Convergence of physical and IT security is becoming a necessity
- By William Jackson
- May 09, 2007
Physical attacks increasingly will be accompanied by cyber attacks that will magnify the impact of the assault or hamper response, according to analysts with the U.S. Cyber Consequences Unit.
"In the future, we will see that cyber vulnerabilities will determine where physical attacks will take place," Scott Borg, director and chief economist of the US-CCU said Wednesday at the GovSec conference being held in Washington.
Combining physical and IT security will be necessary to provide adequate protection to the nation's critical infrastructure, he said. "Physical security is becoming utterly dependent on cyber security," Borg said. 'And cyber security is becoming utterly dependent on physical security. Handling these things separately is not going to be possible for very much longer and do a good job.'
The Cyber Consequences Unit is a government-funded independent research organization that looks at real world vulnerabilities and consequences of security breaches. Much of the research is done with on-site examinations of facilities.
"We keep finding huge security holes in companies that said they were compliant with the ISO standards," Borg said. Many of the holes are in areas that fall between the IT and physical security organizations, or where the areas overlap and security on one side can be circumvented on the other.
Areas of overlap that creat vulnerabilities include IP-enabled surveillance systems. Many systems have inadequate IT security and can be accessed through the Internet or through wireless networks, letting an outsider manipulate the system, said John Bumgarner, US-CCU research director for security technology. IP-enabled control systems offer another avenue of attack or manipulation of physical systems, he said. Physical authentication and access control systems, which often include wireless chip readers, are vulnerable to interception so that cards and biometric templates can be copied or spoofed.
On the other side of the equation, access to physical facilities can make IT infrastructure vulnerable.
"If you get physical access, you can circumvent all kinds of cyber security," to launch an attack from the inside,
How much of this activity is actually happening is difficult to say, because reports typically lag and this is a relatively new area of study, the researchers said. But there is a lot of chatter on hacker Web sites and discussion groups about these techniques.
"We've seen a huge amount of intrusions," Borg said. "SCADA systems are getting a lot more attention than they used to." Data is mostly anecdotal, but the attacks seem to be in a reconnaissance stage, he said.
The emphasis of many hackers, criminals or hostile organizations is not to take IT systems down, but to subvert or manipulate them, Borg said.
"It has been a long time since shutting something down has been a hot topic" in hacking communities, he said.
William Jackson is a Maryland-based freelance writer.