Security Technology Executive

SEP-OCT 2018

Issue link:

Contents of this Issue


Page 25 of 59

26 SECURIT Y TECHNOLOGY E XECUTIVE • September/October 2018 • www. SECURING THE GRID can be unacceptable. The growing reliance of energy grids on system control and data acquisition (SCADA) systems, designed to automate processes such as power generation and distribution, coupled with the Internet-interfaces that service these systems, cre- ates a vulnerability that is hard to belittle. Of course, the respon- sible authorities - in this case, the departments of Energy and Homeland Security - are aware of these vulnerabilities. They established a National SCADA Testbed at the Idaho National Engineering and Envi- ronmental Laboratory to explore and mitigate against these very threats. It's important to remem- ber that SCADA systems are not f irewall -friendly, and can be slowed down considerably by intrusion detection and encryp- tion activities. In fact, SCADA systems are so complex that many experts worry about self- inf licted failures, requiring no outside interference. Avoiding cascading failures of power grids, and overloaded redundancy systems require "brute" physical safety measures, such as inspections, no less than super- sophisticated coun- ter cyber-threat activities. Transpor tation America's huge transportation network presents a complex and combined physical and cyber security challenge. While the almost total computerization of rail, air, and marine traffic invites cyber terrorists' attention (and even just plain amateur hackers), the simplest physical disruption of rail or aviation hubs, due to human or nature-made events can rapidly mushroom into a damaging stoppage of essential human and commerce links. Add to this the fact that trains often carry large amounts of hazardous materials, sometimes in very close proximity to large concentrations of people and industry, and trans- portation networks are a prime axis of vulnerability, requiring constant attention and resources. Maritime hubs present no less of a threat. Each and every shipping container is a potential guided missile and should be treated as such. A remote-controlled detonation of a container loaded with radiological waste products, such as those produced by almost every large- scale hospital around the world, can spread enough contamination and fear to freeze a huge seaport for months if not years, exacting an incalculable economic and psychological impact. The security industry has responded to such threats with the development of complex human- machine systems designed to detect, alert and miti- gate against maritime borne threats. Still, it's impor- tant to remember that terrorists have to detect only a single hole in the safety net, while defenders must maintain equally high vigilance along the entire front. And of course, the aviation sector is also vulner- able and attractive to both physical and cyber threats, and as such has received and continues to receive enormous amounts of attention and resources from a wide spectrum of security-minded outfits – both pri- vate and governmental. Air cargo is a significant chal- lenge that requires additional innovation; so far, the multi-layered approach adopted by aviation's security experts seem to provide a reasonable combination of deterrence, but red-team tests of security systems pro- vide consistently discouraging results on the physical front, while cybersecurity presents a formidable chal- lenge, if only because aviation's data and connectivity must be shared across a very wide array of users, such as airlines, traffic control hubs, and multiple security and intelligence centers – all terminating with people whose intentions and loyalty are almost always good but can prove damaging when/if they don't. Government The federal government has a dual role of ensuring the safety and security of the nation's critical infra- structure as well as of ensuring the safety and secu- rity of the government itself – another formidable critical building block in the critical infrastructure mosaic. DHS is the "quarterback" coordinating almost all of America's cyber and physical security efforts as they pertain to critical infrastructure. Indeed, the Department of Energy (DoE) is responsible for energy installations (including nuclear facilities); the Depart- ment of Treasury (DoT) is responsible for the safety and security of financial services infrastructure; the Environmental Protection Agency (EPA) is respon- sible for the nation's water infrastructure, and the Department of Health and Human Services (DHHS) is responsible for the nation's healthcare and human services infrastructure, and the Department of Agri- culture (DoA), together with the DHHS is responsible for America's agriculture infrastructure. The Federal Information Security Management Act (FISMA) is the driver of America's cybersecurity efforts. It is responsible for hardening networks against exter- nal attacks and internal misuse. Another body, National Cybersecurity Division (NCSD) constitutes the core of the DHS' cybersecurity effort to coordinate critical secu- rity information dissemination to federal agencies as well as to the private sector. Another governmental defensive tool is the Cyber Warning and Information » America's huge transportation network presents a complex and combined physical and cyber security challenge. «

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - SEP-OCT 2018