<http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn_daily&sto ry.id=44258> http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn_daily&stor y.id=44258
Convergence of physical and IT security is becoming a necessity 05/09/07 -- 11:21 AM By William Jackson <http://www.gcn.com/images/clearpixel.gif> <http://media1.gcn.com/accipiter/adclick/CID=000028f4f10ec1ae00000000/site=g cn/area=PRINTER_FRIENDLY/pos=BOX_R1/aamsz=336x280/content=/acc_random=814858 /pageid=814858> Physical attacks increasingly will be accompanied by cyber attacks that will magnify the impact of the assault or hamper response, according to analysts with the U.S. Cyber Consequences Unit. <http://www.gcn.com/images/clearpixel.gif> "In the future, we will see that cyber vulnerabilities will determine where physical attacks will take place," Scott Borg, director and chief economist of the US-CCU said Wednesday at the GovSec conference being held in Washington. <http://www.gcn.com/images/clearpixel.gif> Combining physical and IT security will be necessary to provide adequate protection to the nation's critical infrastructure, he said. "Physical security is becoming utterly dependent on cyber security," Borg said. "And cyber security is becoming utterly dependent on physical security. Handling these things separately is not going to be possible for very much longer and do a good job." <http://www.gcn.com/images/clearpixel.gif> The Cyber Consequences Unit is a government-funded independent research organization that looks at real world vulnerabilities and consequences of security breaches. Much of the research is done with on-site examinations of facilities. <http://www.gcn.com/images/clearpixel.gif> "We keep finding huge security holes in companies that said they were compliant with the ISO standards," Borg said. Many of the holes are in areas that fall between the IT and physical security organizations, or where the areas overlap and security on one side can be circumvented on the other. <http://www.gcn.com/images/clearpixel.gif> Areas of overlap that creat vulnerabilities include IP-enabled surveillance systems. Many systems have inadequate IT security and can be accessed through the Internet or through wireless networks, letting an outsider manipulate the system, said John Bumgarner, US-CCU research director for security technology. IP-enabled control systems offer another avenue of attack or manipulation of physical systems, he said. Physical authentication and access control systems, which often include wireless chip readers, are vulnerable to interception so that cards and biometric templates can be copied or spoofed. <http://www.gcn.com/images/clearpixel.gif> On the other side of the equation, access to physical facilities can make IT infrastructure vulnerable. <http://www.gcn.com/images/clearpixel.gif> "If you get physical access, you can circumvent all kinds of cyber security," to launch an attack from the inside, Bork said. <http://www.gcn.com/images/clearpixel.gif> How much of this activity is actually happening is difficult to say, because reports typically lag and this is a relatively new area of study, the researchers said. But there is a lot of chatter on hacker Web sites and discussion groups about these techniques. <http://www.gcn.com/images/clearpixel.gif> "We've seen a huge amount of intrusions," Borg said. "SCADA systems are getting a lot more attention than they used to." Data is mostly anecdotal, but the attacks seem to be in a reconnaissance stage, he said. <http://www.gcn.com/images/clearpixel.gif> The emphasis of many hackers, criminals or hostile organizations is not to take IT systems down, but to subvert or manipulate them, Borg said. <http://www.gcn.com/images/clearpixel.gif> "It has been a long time since shutting something down has been a hot topic" in hacking communities, he said. [Non-text portions of this message have been removed] -------------------------- Want to discuss this topic? Head on over to our discussion list, [EMAIL PROTECTED] -------------------------- Brooks Isoldi, editor [EMAIL PROTECTED] http://www.intellnet.org Post message: osint@yahoogroups.com Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/osint/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
