Security Systems News is a monthly business newspaper that reaches 25,100 security installers, product distributors, central stations, engineers & architects, and security consultants. Our editorial coverage focuses on breaking news in all major se
Issue link: https://ssn.epubxp.com/i/671662
Q 1 2 0 1 6 3 Q1 By Owais Hassan T oday's cybersecurity landscape is faced with a wide range of threats from sophisticated hackers to malware infections and malicious attacks that can threaten the delivery of essential services. These advanced persistent threats have changed the security industry and how organizations protect their networks. Traditional security solutions fail and security must expand beyond the physical perimeter when it comes to life safety and intrusion. Mission critical infrastructure such as embassies, federal buildings, and military bases are particularly vulnerable targets. Cybersecurity attacks also impact commercial installations at banks, museums, campuses, and enterprises that have high-value assets. Physical perimeter security alone is not enough, it needs to be supported by the underlying communication infrastructure. The delivery of alarm information must be disseminated by a trusted source that provides a stable network in a secure environment. WIRELESS ALARM COMMUNICATIONS SECURITY A typical wireless alarm communication system consists of various components connected to the alarm panel, as illustrated in the network diagram. Every component of the alarm communication system needs to satisfy the following security requirements: • Physical security (tamper detection) • Transmission security • Substitution security (rogue and stolen equipment) • Information security (data encryption and information assurance) • Real-time mitigation controls (logging and network management) PUBLIC VS. PRIVATE Mitigating Security Risks with Alarm Communication Systems for Mission Critical Applications Traditional methods of alarm communication are exposed to potential threats, posing serious security risks. The communication infrastructure starts from the transport layer security. Some alarm communication systems utilize the cellular spectrum where a public service provider is common knowledge (GSM, 3G, LTE, etc.), therefore susceptible to jamming. In the U.S. and most countries, it is illegal for private citizens to jam cell phone transmission. The fact that its illegal does not prevent it from happening. Some countries allow businesses and government organizations to install jammers in areas where cell phone use is seen as a public nuisance. There are plenty of low cost commercial off-the-shelf handheld jamming devices readily available over the Internet. Any alarm communication system leveraging either unlicensed or cellular licensed spectrum is vulnerable to radio frequency interference and jamming. This issue impacts deployment of alarm communication networks serving mission critical needs. All equipment deployed in high- value installations need to be designed to effectively safeguard and protect information against common security threats found in wireless networks: • Loss of data conf dentiality • Data corruption and loss of integrity • Replay attacks • Spoof ng, substitution, and masquerading • Stolen f eld equipment • Denial of services NEXT-GENERATION SECURITY Technical solutions are being developed as a countermeasure to mitigate security risks. Next-generation alarm communication technology is evolving and will provide end-to-end encryption, plus ensure data is transmitted without eavesdropping, data tampering, and message forging. The implementation of this next- generation security solution will use advanced authentication techniques such as dynamic key management, distributed denial-of-service f rewall, and digital certif cates that require digital signing before any equipment is authorized to be added to the network. The wireless mesh radio technology will use licensed spectrum, an unknown and covert frequency band along with frequency agility, and cognitive radio capabilities to combat jamming to head-end equipment. The packet delivery communication protocol will use dynamic mesh which is proven to be less disruptive and more tolerable under jamming or radio frequency interference conditions. This distributed architecture is preferable compared to centralized base station cellular architecture where localized jamming at the single cellular base station could impact a large volume of customer premise equipment or shut down a substantial territory serviced by a single base station tower. NETWORK MANAGEMENT The high security alarm communication system installation should be routinely evaluated to identify any threats arising out of potential vulnerabilities. The impact of a security threat should be quantif ed with Mean Time Between Hazardous Events measurements based on the following factors: • Diff culty level of exploiting a threat • Degree of harm caused by exploitation of the threat • Mitigation & Control techniques and their effectiveness To rapidly mitigate any security risk as it unfolds in the real-world, the next- generation security system infrastructure must have: • An encrypted f le system • Secured executable image and critical data storages • Anti-tamper and anti-cloning capabilities • A f exible architecture • Secured software upgrade capabilities to proactively harden the system Expert implementation is key and network management is critically important. This modern approach to network security is the most reliable option for protecting the delivery of alarm information to the central monitoring station. Owais Hassan is Vice President of Engineering at AES Corporation. He can be contacted at ohassan@aes-corp.com.