The Control Policy Group

Large installations such as casinos and airports are attractive targets for well-financed, highly motivated attackers. Thanks to a standard, vendor-neutral protocol, terrorists and criminal attackers no longer need drills, car bombs and Stinger missiles to attack the asset,

How did that happen?

Remote Monitoring is an essential part of the physical, perimeter and insider security used by airports, casinos and high-security installations such as nuclear power plants.

Unlike 10-15 years ago – remote monitoring is now performed using the standard TCP/IP networking protocol. A central Network Control Center (NCC) is sited on the corporate network, with IP connectivity to multiple remote devices (such as IP cameras), systems and networks, for surveillance, monitoring and control purposes.

By replacing an IP camera with a laptop computer -  an attacker can use  the IP surveillance  device end point as a back-door that enables  entry and exploitation of the entire corporate network.

The potential damage of such a back-door attack on a remote monitoring system is enormous.

• Data theft – from center or nodes in an IP Based Surveillance system
• Online attacks – to center or nodes in process control and SCADA monitoring
• Interlinking – from one node to another in remote infrastructure monitoring

“attacks on management system components are potentially far more devastating. By targeting strategic management system resources, including security and security management components, attackers can subvert and disrupt the entire operations of an enterprise.”
(Springer Science + Business Media, LLC 2007)

Why not use a firewall?

Traditional IT security products are not effective security countermeasures against threats to vulnerable IP-based remote monitoring networks. There are a number of reasons for this:

• The remote monitoring network topology may not be amenable to firewall/IPS solutions. Unlike a corporate network which generally has a small number of egress points to the Internet that can be serviced by a small number of firewalls – a SCADA or IP surveillance network can have thousands of access points and a complex hierarchical topology.
• IT Security products suffer from software bugs and misconfiguration – enabling hackers to exploit these vulnerabilities and attack the company’s data.
• Large installations such as casinos and airports are attractive targets for well-financed, highly motivated attackers.
• Hacking information and know-how is out there
• As a result, more money, resources and effort is, and will be invested by attackers to facilitate an attack on sensitive networks like the IP cameras in an airport

There is however a more realistic and practical approach than applying layers of firewalls and intrusion detection which may increase complexity and vulnerability of the network rather than improving security.

The solution is a technology that enforces unidirectional connectivity at the physical network layer between the NCC (network control center) and the IP devices in the remote monitoring network. Remote monitoring networks are by nature unidirectional:

• Command and Control  – The NCC sends command data to remote devices
• Surveillance – The IP surveillance devices send data and/or video/audio to the NCC

By enforcing unidirectional connectivity at the physical layer of the TCP/IP network, a hacker cannot enter the corporate network via the remote monitoring network backdoor.

One of our security technology partners is an Israeli company called Waterfall Solutions.

Waterfall provides an impenetrable solution to the threats of on-line attacks and data leakage that are inherent to TCP/IP connectivity. The key to Waterfall’s solution is Waterfall One-Way™, a successful combination of sophisticated software agents, impenetrable hardware components and an underlying proprietary transfer protocol.