Many of us take critical infrastructure for granted in our everyday lives. We turn on a tap, flip a switch, push a button, and water, light, and heat are all readily available. But it is important to remember that computerized systems manage critical infrastructure facilities, making them vulnerable to cyber-attacks.
The recent ransomware attack on the Colonial Pipeline is an example of the new types of threats. In addition, any number of physical attacks is also possibilities. We asked this week’s Expert Panel Roundtable: What are the security challenges of protecting critical infrastructure?
Since critical infrastructure facilities can be quite large, the challenge of protecting them is complex and often requires multiple and varied solutions. However, protecting the security of these sites goes beyond pure physical security, as was clearly demonstrated by the latest ransomware cyber-attack on the Colonial Pipeline. As the threat landscape continues to evolve, critical infrastructure organizations need a system that can converge both their physical and cyber security plans, to reduce their exposure, protect sensitive information and ensure individuals’ privacy. As the industry becomes increasingly regulated to help protect our critical infrastructure, security team needs to modernize their compliance practices with a security solution that helps them meet regulations and avoid strict penalties and fines, if found out of compliance. With the continued rise in mergers and acquisitions between utilities, security departments also need to merge their strategies with a solution that manages their security operations in one place.
Charles (Chuck) O’Leary
It seems so often we hear about a new threat or cyber-attack in the news. Because of the rapid growth in technology over the last few years, cybercriminals are getting bolder and discovering new ways to attack critical infrastructure. One of the biggest challenges boils down to the capabilities of the operating security system and whether the organization is aware of the current risks they face. Because there are so many points of entry for cybercriminals to target within critical infrastructure, it is vital that the security solution be prepared for attacks at every level. Many older systems are not capable of the depth of data protection required, and unfortunately, any computerized system is ultimately at risk. Using an outdated system that is only reactive or does not utilize the most up-to-date protective procedures places the whole infrastructure at risk. Choosing a trustworthy and reliable security provider is essential.
Critical infrastructure sites traditionally rely on electronic access solutions such as RFID cards, Bluetooth, fingerprints, or unique PIN codes. The best thing about most electronic access systems is that they leave an audit trail. The worst thing about many of these systems is that some can be easily circumvented, when a pass code is shared, or cards or fobs are pilfered. While fingerprints are highly accurate, only face recognition provides dual-purpose capability in that cameras used to capture the face of a person seeking access authorization can also provide watchlist monitoring functionality and tailgating alerts. As facilities seek to retool their security infrastructure to meet today’s challenges, facial recognition provides a touchless, accurate option that easily integrates with existing solutions, providing a new level of convenience for employees and a layered approach to perimeter security that provides early warning when persons of concern are in the view of surveillance cameras.
Cyber security is a big concern because of its possible devastating impact on critical infrastructure facilities. While the newer threat scenarios may overshadow age-old concerns such as physical security, the reality is that critical infrastructure facilities face an ever-broadening array of threats. Whether it is physical security or cyber security, utmost vigilance is required – along with the latest technologies.