Protect IIoT Devices and Logical Systems as Physical and Cybersecurity Converge

The convergence of physical security systems with the Industrial Internet of Things (IIoT) has transformed the way we protect our homes, offices, and public spaces. While these integrated systems offer unprecedented convenience and efficiency, they also expose us to significant vulnerabilities.

?

This article summarizes a longer, in-depth piece written by my colleague Jeffrey A. Slotnick?, CPP, PSP and I for Security InfoWatch exploring the evolution of physical security and emerging threats, both physical and cyber, then sharing use cases and strategies for safeguarding the devices used in physical security solutions. It’s distilled here.

?

The Evolution of Physical Security

?

Not long ago, physical security systems were isolated and purpose-built, operating as independent entities. Exterior and interior security, access control, visitor management, intrusion detection, and closed-circuit television were all managed by disparate systems using separate cabling. Though inefficient, these systems were inherently secure, with the primary risks being cable tampering, system spoofing, or illicit entry via system bridging.

?

In 2006, Physical Security Information Management Systems (PSIM) emerged, designed to integrate various unconnected security applications and devices into a unified user interface. However, PSIMs were middleware, and most faded away as the industry matured and software capabilities improved.

?

The Current State of Physical Security

Today, efforts are underway to create a single management interface for integrated physical security solutions, with Application Programming Interfaces (API) and Web Parts facilitating cooperation between manufacturers. Platforms like Lenel, Genetec, and Open Options enable the integration of multiple physical security devices and other information sources, such as crime reports and geospatial data. However, these integrations can introduce network risks if not managed meticulously throughout the system's lifecycle.

?

Vulnerabilities in IIoT Devices

Manufacturers of security devices often prioritize speed to market and ease of use over security. This neglect leads to several vulnerabilities:

?

Weak Authentication and Authorization: Many IIoT devices come with default login credentials, which users often fail to change. Hackers exploit this oversight to gain unauthorized access, manipulate settings, or collect sensitive data. The absence of multi-factor authentication exacerbates the risk.

?

Outdated Firmware and Software: Neglected updates expose networked devices to known vulnerabilities. Incorporating firmware and software updates into security technology lifecycle management is crucial.

?

Lack of Encryption: Inadequate encryption in devices can lead to data interception, compromising privacy and security. For instance, unencrypted video streams from smart security cameras are susceptible to interception.

?

Inadequate Secure Boot Mechanisms: Some manufacturers neglect to implement robust mechanisms for this, leaving devices vulnerable to malicious firmware modifications and enabling unauthorized access.

Lack of Regular Security Audits: Periodic security audits are essential to identify and mitigate potential risks. Neglected open-source code poses significant risks without regular audits.

?

Supply Chain and Third-Party Risks: Complex supply chains may introduce vulnerabilities through third-party components and software. Understanding supply chain security processes is vital.

?

DDoS Attacks: IIoT devices with weak security can be recruited into botnets, launching DDoS attacks that disrupt critical infrastructure and services.

?

Physical Protection of Logical Systems

Cybersecurity is not just a technology issue. According to NIST, many people narrowly associate cybersecurity with only software and code. However, physical security should not be discounted when protecting sensitive data assets and logical systems.?Logical systems, including computer networks, software, and databases, underpin modern organizations. The security of these logical systems is of utmost importance to protect sensitive information, maintain data integrity, and ensure the continuity of operations. Often, social engineering is the mechanism used to create the breach.

?

Social engineering is a form of psychological manipulation used to deceive individuals or groups into divulging sensitive information, performing specific actions, or compromising security measures. It relies on exploiting human trust, emotions, and cognitive biases rather than technical vulnerabilities to achieve its objectives. Some important things to consider when physically securing data assets and logical systems are:

?

·???????? Employee Awareness: Comprehensive security training for all employees is essential to establish a security-focused culture.

·???????? Data Rooms: Repurposed data rooms should undergo security upgrades to prevent physical breaches.

·???????? Access Control: Implementing access control technologies requires planning and credential management to prevent unauthorized access.

·???????? Locks: Ensure locks are secure and monitored to prevent physical tampering or network access.

·???????? Server Cabinets: Smart server cabinets provide an extra layer of security with access control and monitoring.

·???????? Cameras: Installing security cameras in data rooms enhances monitoring and intrusion detection.

·???????? Cabling: Secure network cabling in metal conduit or enclosed cable trays to prevent tampering.

?

Cyber Protection of Logical Systems

Logical systems encompass all digital components that process, store, and transmit data. They include operating systems, applications, servers, routers, firewalls, and databases.? Phishing, malware, ransomware, and Distributed Denial of Service (DDoS) attacks are some common techniques used to infiltrate and compromise logical systems. A holistic security posture that includes physical and cyber elements will reduce the organization's risk. Some essential elements include:

·???????? Risk Assessment: Regular assessments identify vulnerabilities and prioritize security efforts.

·???????? Access Control: Limit access to authorized personnel and implement multi-factor authentication and role-based access control.

·???????? Encryption: Encrypt data at rest and during transmission to safeguard sensitive information.

·???????? Patch Management: Regularly update software and hardware to address known vulnerabilities.

·???????? Network Security: Deploy firewalls, intrusion detection, and virtual private networks (VPNs) to protect against external threats.

·???????? Employee Awareness: Educate employees to prevent social engineering attacks and promote best practices.

·???????? Incident Response and Business Continuity Plan: Develop these in advance to respond effectively to security breaches.

?

Other considerations

The Zero-Trust model is gaining prominence, assuming that no device or user should be trusted by default. Every access request is rigorously verified, reducing lateral movement opportunities for attackers. With the increasing adoption of cloud computing, securing cloud-based logical systems becomes paramount. That requires robust authentication, data encryption, and monitoring of cloud service providers' security practices. Additionally, periodic audits and penetration tests help identify weaknesses and vulnerabilities in cybersecurity measures.

?

To Sum Things Up

As network-based physical security solutions become more prevalent, a comprehensive approach is vital. Organizations should adopt multi-layered security practices that encompass both physical and cyber elements to fortify defenses against evolving threats. By implementing risk assessments, access controls, encryption, network security measures, physical security measures, employee training, and robust incident response plans, organizations can enhance the resilience of their security solutions and protect against the evolving cybersecurity landscape.

?