Cyber-physical security addresses security concerns for physical systems used to maintain and implement cybersecurity solutions, including Internet of Things, Industrial Internet of Things, operational technology, and industrial control systems. These technologies and their associated devices play an increasingly important role in critical infrastructure, government, businesses, cities, buildings, transportation, and ultimately our everyday lives.
When you review the architecture for any one of these systems, you discover smart, networked systems with embedded sensors, multi-data processors, and physical actuators that sense and interact with the physical world. These systems support real-time operations that help drive a safety-first mission to protect human lives, infrastructure, and financial investments in equipment and operations.
As the digital transformation continues and employees have settled into the new normal of working from home or hybrid workplaces, these technologies have gotten cheaper, can be managed remotely, and are performing more functions than ever before. This includes being able to detect and stop a collision in a car (automatic braking) to automatically turning on streetlights at dusk versus a fixed time. These systems are efficient, can lower costs, improve maintenance, save lives, and protect physical resources from harm.
Unfortunately, with all this efficiency comes risk. These systems are distributed, networked, have operating systems, applications, and require maintenance and assessments to ensure that the risks do not go unmitigated. The consequences of accidental faults or malicious cyber and physical attacks could have a severe impact on human lives and the environment. Cyber-physical security is the protection and strategies to safeguard these resources outside of traditional information technology and considers attributes like cellular communications, IPv6, environmental conditions, security assessments, and management and mitigation strategies to ensure continuous and reliable operations.
To begin, what are some unique attributes that need modeling and consideration when protecting cyber-physical security?
Physical access: While this may seem like a simple requirement, strong physical access to buttons, ports, cabling, network connections, and even power are absolutely required to ensure the device is physically tamper-proof. This can include physical key locks, tamper-proof screws, hardened cable harnesses, and even hardwiring devices in place of standard power cables.
Environmental: The environmental conditions these devices operate within can place a strain on their operations from temperature, moisture, sand/dust, and even corrosive elements. For the most extreme environments, consider devices that have been tested against the MIL-STD-810 standard to prove that the environment will not cause a mission failure.
Cybersecurity: Since these devices are essentially distributed computer systems, they can suffer from the same flaws electronically present as any operating system or application. The software and firmware components should be subjected to penetration testing, vulnerability assessments, change control, and patch management to ensure that a cyberattack cannot jeopardize the mission of the assets. This includes the physical manipulation of external devices controlled by the resource that could be a liability to human lives and the physical environment.
Planning: Due to the nature of devices classified for management under cyber-physical security, the standard operating procedures and planning for them definitely will be unique. You cannot just deploy a patch and reboot, nor perform an active penetration test during normal operations. In addition, if a problem is identified any outage for remediation could cause other unexpected consequences like a fire control system being unavailable within a building. All of the resources that support these systems must have operational backup plans, processes for outages, and exception handling if they are attacked or become available.
Risk analysis: Since these devices interact with the physical world, a risk assessment is required at each operational layer to determine the potential impact and any mitigation strategies to ensure that a catastrophic event does not occur. For example, if a water treatment plant was electronically or physically compromised, what prevents the poisoning of the water supply using electronic control systems?
Privacy: These systems can contain a plethora of personally identifiable information from video recordings from cameras to details from door access card readers. Depending on the geolocation and local laws, this data requires proper encryption, storage, and data to ensure that private information is protected.
Reliability: The reliability of these systems is critical. Performing a reboot to clear an error is simply just not acceptable during operations. Outside of normal runtime, power faults, disaster recovery, and high availability are strong design and implementation considerations for these systems.
Supportability: One of the most important, and often overlooked considerations is the supportability of all components in the system. This includes the lifetime availability of spare parts for physical components as well as life expectancy for software upgrades and security patches. If the system uses commercial off-the-shelf components, how long does the vendor plan to support the component or software before the product's end of life? Since many of the systems are implemented to last over a decade, the supportability should exceed any vendors plan to retire the products contained within. Otherwise, the system may fail before its planned depreciation.
Outside of these traits, cyber-physical security can also have special considerations like supply chain security and geolocation support, and require special certifications, depending on its mission. One thing is for certain, however: As we use more technology in our daily lives, the more there is a need for cyber-physical security. This protects us from accidental and potentially malicious abuse of these systems and resources and helps ensure their intended missions are not interrupted or compromised.