Cybersecurity Is Hot, But Don’t Overlook Physical Security
November 9, 2016 Alex Woodie
Cybersecurity played a major role in the run-up to yesterday’s presidential election, as Russian hackers leaked private communications and attempted to influence the outcome of the election. They weren’t successful, largely because elections remain mostly a manual affair in United States. But it did serve as a reminder of the need to protect critical American institutions in both the cyber and physical worlds.
In a recent report, the Department of Homeland Security identified 16 infrastructure sectors that are vital to the safety, security, and health of the United States and its people. You’ll find sectors you’d expect to find there, such as nuclear power operators, defense contractors, and chemical manufacturers.
But the DHS also singled out water treatment plants, hospitals, and food manufacturers as potential targets that must be fortified against physical and cyber attacks. In 2013, President Barrack Obama ordered extra resources be spent to build up security around these critical and largely privately owned infrastructure elements.
Cybercriminals impact our critical infrastructure on a regular basis. Earlier this year, we told you how “hactivists” from the Middle East were able to take control of the AS/400-based supervisory control and data acquisition (SCADA) application of a water district by hacking a Web-based payment system. The criminals were actually able to remotely turn the valves that control the flow of chemicals into the drinking water system for the water district.
Nobody was hurt in the water district incident, but it did show how vulnerable the U.S.’s critical infrastructure actually is. Whether it’s electrical substations protected with just a padlock or dams secured with a chain link fence, it’s clear that physical security shouldn’t be lost in the scramble to bolster cyber security.
One IBM i vendor that’s working to improve physical security is CYBRA. The New York company is best known for its MarkMagic barcode software that runs on IBM i, but it’s been spending much of its time recently building its EdgeMagic products for encoding radio frequency identification (RFID) tags.
Last month CYBRA rolled out its latest RFID product, called Edgefinity IoT. The Java-based product uses RFID technology to track people as they move about a geo-fenced area, while a rules engine generates alerts when specific conditions are met in the real world.
The product uses a network of RFID tags and antennas to automatically track the location and movement of people within a facility, such as a hotel or a water plant. If somebody who’s been given an Edgefinity badge wanders into an area of the facility where they’re not supposed to be, then it sends an alert to the security officer.
The software can also be used to boost worker safety. If the system detects that a worker in a remote facility stops moving, it could indicate that something is wrong. The Edgefinity badges, which are equipped with accelerometers, also have a panic button that the remote worker can press three times to call for help.
CYBRA’s safety and security solutions architect, Ben Jakubovic, designed Edgefinity to address unmet safety and security needs. “There are so many safety and security issues to which organizations are vulnerable,” he says. “Water treatment plants and other utilities, airports, mining facilities, disaster recovery teams, you name it. Any industry or organization that needs to keep track of the safety of employees and security of their facilities will find Edgefinity IoT. . . useful.”
CYBRA is selling versions of Edgefinity IoT for specific industries and enterprises such as schools, mining, utilities, hotels, and hospitals. The software can run on any system capable of running Java and the MySQL database.
The software side of security gets a lot of attention. But it’s clear that physical security shouldn’t be overlooked in the rush to plug security vulnerabilities, in IBM i servers or elsewhere.