Understanding the cyber security implications of a physical break in

When someone breaks into a remote facility, you may dismiss it as simple theft or vandalism. There might be a far more sinister action taking place.

By Michael J. Assante January 21, 2014

In a recent analyst white paper, Scott D. Swartz and Michael J. Assante (SANS Institute) examine the relationship between physical security and cyber security, and how gaining access to computer hardware that’s part of an industrial network is a very effective way to break into the network. The spray paint on the walls may be there just to distract your investigation so you miss the small modifications the criminals did to create a door into your network. (You can read the complete white paper here.)

Once criminals have gained access to network computers, there are all sorts of ways they can leverage that access to compromise the system. Criminals that gain access to your facilities by other less obvious means can use some of the same techniques, so the discussion is relevant to many types of situations.

The discussion includes ways to respond when there’s been a break in, including how to preserve evidence in the area as a crime scene.

Michael J. Assante has contributed to Control Engineering on a number of occasions. There are links at the bottom of this page to other articles and videos.

This white paper will be distributed along with other materials at the SANS Institute’s 9th Annual ICS/SCADA Security Summit in Orlando, Florida, March 16-18.

www.sans.org