This post is also available in: עברית (Hebrew)
A senior manager talked to me this week about the “sophisticated means” he applied to protect the drilling rig. He explained that he had invested millions of dollars (anybody said ‘taxpayer’s money’?) on physical protection in order to prevent hostiles from entering, hitting and stopping the rig’s operation. He said he could even see if I approached from a mile distance.
Since we were in a pub with light atmosphere, I smiled and asked him if he would bet I could stop the rig’s operation from more than a mile of distance, and basically distance is not an issue. As soon as I saw the question marks in his eyes, I explained to him that you can sit in a cafe close to the beach and then turn off the rig by bypassing the expensive security and protection means he applied. I described the capabilities of cyber warfare (also known as cyber) as a new dimension in defense and their impact on national critical infrastructure. He did not remain indifferent.
Cyber warfare dimension
The evolution of technology has introduced a new fundamental dimension – cyberspace. No matter what infrastructure involved, if it’s a drilling rig at sea, port, airport, oil pipelines, facilities, seeds, oil refineries or power station – all these infrastructures are managed by computer systems, and as you well know – all computer systems can be hacked.
Ironically, the most crucial command and control systems (a.k.a SCADA) are most vulnerable to cyber-attacks. The reasons are many, but the bottom line is that the computer systems that control the controllers (valves, generators, power, gas, water etc.) are the weakest point from hacker point-of-view.
Now imagine what will happen, if a hacker is sitting somewhere with internet connection and penetrates the security barriers of the critical site? He could easily shut down the power, blow-up the generators, play with the valves etc. This is scary. And it is also scary how easy it is. The web is filled with examples of teenagers playing with railways crossing, power plants etc. The US DOD declared in May 2012 that securing USA’s critical infrastructure, with highlight on the Oil & Gas industry – is their no. 1 concern for the upcoming years.
Therefore, the cyber-attacks are a real threat posed by sophisticated opponents such as countries, terrorist organizations and organized crime groups, business competitors or individual hackers. These actors, using a variety of techniques that make it difficult to identify the threat and could lead to a stop, downtime or loss of sensitive data.
Smart security circles
The common perception is that the optical (cameras) and electromagnetic (radar) protection systems provide effective security suit to protect the rig and critical facilities such as seaports, does not take into account the dimension of cyberspace. However, implementation of smart “security circles” in perimeter security combined with information assurance (including cyber) and effective response mechanism will provide the facility with a more comprehensive protection suit.
This article presents an overview of ten circles of security to protect the rig and sea port as an example of critical infrastructure.
Virtual fence – this surrounding security circle is farthest away from our site. This protection is provided by means of electromagnetic means (radar) which distinguishes different objects such as boats, up to distances of tens of kilometers. There are radars who find objects to the horizon and beyond the horizon (due to Earth’s curvature). The radar’s role is to scan a wide area and find the objects, than give an alert if they deviate from their path, with the aim to create a “virtual fence” within tens of kilometers from the site. This area is also called a “discovery zone”.
Water World – the underwater equivalent of the radar defense – performed by advanced sonar systems. These systems create the same virtual fence detection zone, under water.
“Say cheese” – After we discovered the boat, we want to identify them. What is the model of the craft, is it a rubber boat or whether it is actually a swimmer. For that “investigation” we use advanced optical means working in collaboration with the radar or sonar. These optical systems know how to identify objects in high-resolution, including face recognition capabilities. In addition, these systems can combine the real-time data with databases that give human identification from a distance.
Using unmanned – after the discovery zone and only a few kilometers away from the site, is the “intervention zone”. It’s a zone where we want to be active and make certain identification of the suspected object. Aerial or underwater patrol, unmanned, designed to detect and identify objects that legacy systems did not identify, or alternatively a certain identification of the object trying to get closer to the site. A drone or a “mini” submarine equipped with thermal and optical sensors can serve as another security circle, complementary to the detection systems.
Obstacles – This is an additional security circle built of obstacles above and below water. Above water there are fences that can float and sink under water. On the sea floor we use sensors creating a sub-aqueous “fence” designed to alert of divers.
Response teams – within a radius of a few kilometers from the site is the “sterile zone”. This is a zone where all the objects are identified and approved by the facility. When a suspected object is approaching the site – it should be identified and establishing contact with it.
Each facility should be prepared and skilled with relevant response procedures in case of various events. Response teams can be varied, ranging from unmanned drones with public announcement systems, non-manned speed ships, helicopter based teams and all the way too active systems.
Cameras, lighting and access control to the site – the site itself is secured by security cameras and lighting above and below water level and access control (smart gates, compartmentalized areas, etc.) to ensure authorized entry only. Access Control includes the identification and verification of incoming workers to different areas in the facility and access control to sensitive areas.
Information Security – now we will focus on the information. Each site and facility contains various information systems. Some command and control systems (such as SCADA), access (doors and gates), information systems, permissions, financial systems, commercial information, etc. The purpose of information security is ensuring that the information is reliable, available, and clean of malware, compartmentalized for permissions and backed up safely.
Information is a proprietary asset for all purposes, and should be secured. Sometimes the value of the information exceeds the value of the facility’s production. There are many good measures designed to protect and classify different permission levels, both in terms of coverage (Firewall), in terms of operating (permissions, anti-virus etc.) and in terms of applicative aspects (classifying data for viewing by authorized parties).
Cyber – cyber dimension essence lies in identifying hostile elements. Today you can buy at a negligible cost of hundreds of dollars harmful viruses and other destructive software non-detectable by traditional information security systems. IF facility owners and their operators will not realize the potential risk in cybernetic threats, they may find the facility disabled, although perfect peripheral security circles.
Usually those hackers who attack critical facility are not beginners. It’s a financed organization, with the capabilities and resources which has an interest in stealing information or disabling the facility. Therefore, we must recognize this kind of threats and be prepared for them to occur.
Today there are a variety of solutions in the cyber world giving reasonable solutions to such problems.
Command and control systems – the brain behind all the security circles (peripherals and cybernetic) is a control system which integrates all data to a single common operational picture. This is the command and control system of the facility. These systems know how to get alerts and indications from sub-systems, to fuse and cut off data in real time and display to the operator the marine arena status and threats at any given time. These type of systems can identify which of the hundreds of objects in the arena are “friendly” and innocent and who is acting in a suspicious manner.
A challenging threatened environment
Implementation of these security circles requires the administrator and facility security manager proficiency in a wide range of technology platforms. In perimeter security assets such as radars, sensors, sonar systems, SIGINT systems, access control, unmanned aerial vehicles, thermal imaging and facial recognition systems, and cyber security assets that include the operating system, database, network layers and site cyber warfare such as abnormal behaviors on behalf of enterprise users.
There is no doubt that the security of critical infrastructure is becoming a technological and managerial challenge which is not simple. Complex threats are growing, and with it the complexity of required security solutions, while the facilities and their operators are faced with a demand for integrated solutions, including peripheral protection measures and cybernetic in the same equation. In this reality, extensive knowledge is required to enable the choice of the most appropriate measures to secure the facility.
When it comes to HLS and protecting critical infrastructures, you should see the ‘wide picture’ and understand that only fusion between different ‘sensors’ (radars, cameras, voice, access control, IT, cyber etc.) into an actionable C4I – will provide the highest defense possible.
Remember, when defending critical assets – Failure is NOT an Option !
The writer is Mr. Oded Blatman,
Founder and CEO
NetSys HLS Ltd.