petrochemical factory smart city iot
The only way to guarantee the complete security of critical infrastructure is through a tactful combination of physical security and cybersecurity.

By: Joe Morgan, Business Development Manager (Critical Infrastructure, North America), Axis Communications, Inc.

There’s a trick to predicting the future, and it’s looking to the past. Major advancements or significant leaps forward can seem as though they came out of nowhere, but, in reality, might have been predicted by a careful look at emerging trends. Technology companies have a particular responsibility to not just be aware of these trends, but to get out ahead of them, filling gaps in the market before they even appear.

For those in the security industry, perhaps the most important trend has been the convergence of physical security and cybersecurity as we move toward a world with increased emphasis on edge capabilities. Wrongdoers can often achieve the same goal whether they break into a building or hack into a network and ensuring that both physical and digital infrastructure remains protected will dictate many of the most important trends in the coming years.

The Lines Between Physical and Digital Are Blurring

Imagine, for a moment, that you are a criminal whose goal is to disrupt operations at a chemical plant. In the past, your only option would have been to break into the building and physically damage equipment or perhaps manually contaminate the chemical mixture. You might physically open a valve an extra few centimeters, disconnect a warning sensor, rupture a holding tank, or any one of a thousand potentially harmful actions. Today, many of those things can be accomplished without ever setting foot inside the plant. No longer are cybercriminals limited to stealing personal or financial information when they hack into a network—hacking into today’s industrial control systems can allow criminals to cause serious damage every bit as effectively as if they had broken into the facilities themselves. In as much as there is a concern for external infiltration through cyber means, there is also an increased concern for internal espionage from an employee. These cases are on the uptick and additional layers of security and verification inside the facility are needed more now than ever.

Recent attacks have shown the potential consequences of hackers infiltrating industrial control systems. Earlier this year, hackers infiltrated two Saudi petrochemical plants with the intent to destroy them. Luckily, signs of the intrusion were detected before the plot could be carried out to its conclusion, but even an unsuccessful attack can serve as a sobering reminder of the vulnerability of these industrial control systems, and the potentially disastrous consequences should we fail to effectively secure them. Fortunately, these cyberthreats are widely recognized, and directives to increase cybersecurity for critical infrastructure have come from the very highest levels of government.

Physical Security Remains as Important as Ever

This renewed focus on cybersecurity has made it harder for criminals to break into networks, which is great news—but it would be a mistake to focus exclusively on cyberattacks and neglect the possibility of physical attacks. After all, the harder it is to break into a network, the more attractive just breaking into the facility becomes. Safeguarding a facility with effective surveillance, secure access control, advanced analytics, and other modern security tools is as important as ever, and the capabilities of today’s devices are making it easier than ever to protect both physical locations and network endpoints.

It is important to recognize that a facility is more than just its physical location—there are upstream and downstream locations that represent attractive targets for attack. For instance, a water treatment facility might be well protected, featuring cameras armed with facial recognition capabilities, secure access control checkpoints, and other important security tools. But the pumping stations serving that facility might not be as secure and taking one or more of those offline will disrupt the water supply just as surely as attacking the main facility.

Comprehensive Security Must Cover All Bases

Observing the recent trend of both large- and small-scale attacks on critical infrastructure around the world can help inform our actions in the future. Though America remains one of the safest countries in the world, it is important to avoid complacency. Groups with both the means and the will to attack American infrastructure are out there, and their actions serve as a clear reminder that we cannot let our guard down. Minor, small-scale cyber events in the U.S have also highlighted the vulnerability of our infrastructure, and the need to more effectively secure it.

The “domino effect” is always a fear—if one critical asset goes down, it might lead to another, and another, which has the potential to cause a devastating chain reaction. Protecting infrastructure—both physically and digitally—means keeping networks and locations secure, while building the necessary roadblocks that will buy time for defenders to effectively neutralize the threat. Look for more companies and organizations to adopt a balanced, comprehensive approach to security as the lines between the physical and digital worlds continue to blur.

joe morgan axis communications
Joe Morgan

Joe Morgan is the Business Development Manager for Critical Infrastructure at Axis Communications, Inc. Mr. Morgan is responsible for developing strategies and building channel relationships to expand Axis’ presence in markets specific to Critical Infrastructure in North America and has more than 32 years of experience building market share in the critical infrastructure industry.

Website: https://www.axis.com/en-us

Contact: (978) 614-2000