Intruder Alert! How cyber security has changed the PHYSEC outlook

Line of Defence Magazine, Summer 2018-19

Pelco
Security risk convergence
Risk convergence means cyber must be part of physical security solutions.

Physical and cyber security risks are converging. An enterprise intruder detection and access system by Inner Range, writes Andrew Thorburn, National Brand Manager – Security at Atlas Gentech, is meeting this new challenge.

Whilst terrorism and espionage have been seen in recent decades as key threats to National Security, cyber threats now loom large.  In his National Security Conference presentation last April, minister responsible for the GCSB and NZSIS Andrew Little stated that terrorism and cyber threats are two threats that for him are now “front of mind.”

In October, the GCSB released a benchmark assessment of cyber security resilience for 250 organisations identified as nationally significant to establish their cyber security resilience and the potential impacts if they were compromised.

“Overall it appears that digital transformation is outpacing investment in cyber security and as a result we found a range of resilience levels”, commented GCSB Director General, Andrew Hampton. “While most organisations are heading in the right direction, more work needs to be done to improve cyber resilience across the board.”

The National Cyber Security Centre reported that in the twelve months to 30 June, 396 cyber security incidents were recorded – an average of 33 incidents per month. In the previous twelve months there were 338 cyber security incidents. According to the Centre, “threats to New Zealand’s interests do not respect international boundaries.”

Physical and cyber risks converge

Traditionally, National Infrastructure or Critical National Infrastructure sectors have addressed physical security with an ad hoc approach, primarily due – in many cases – to being in remote or less accessible locations, or because the perceived and real threats were rated as low. 

Traditionally, physical security (PHYSEC) has sat outside of ICT networks, in a standalone capacity, and were not exposed to the extent of vulnerabilities or attacks that ICT systems have.  That is until now.

With the organisational demand for real time information and their reliance to achieve this through integrated systems, the PHYSEC market has had to evolve with more and more IP based solutions – access control, intrusion detection, CCTV surveillance systems, etc – which are now residing on or within corporate and government networks.

Many of these systems are transforming into remote managed services or ‘aaS models’ in addition to operating with third party PoE supported hardware.  Cyber protection, through recognised encryption standards are thus now expected inside and outside of the PHYSEC environment. Further, considerations need to be made on what supporting infrastructure is deployed, such as servers or network switches, who owns and manages them and what the business impact levels would be if these failed, in addition to if and in what capacity redundancy is required.

Enjoying this article? Consider a subscription to the print edition of Line of Defence Magazine.

Headquartered in Melbourne, Australia, Inner Range has been designing and manufacturing physical security solutions for the intrusion detection and access control market for 30 years. The longest operating security designer and manufacturer in Australasia, it has foundation products in the Defence, Emergency Services, Healthcare, Water, Transportation and Energy sectors, with its Concept 2000, Concept 3000 and Concept 4000 solutions. 

Inner Range has collaborated with end users across all security environments to develop new platforms that meet modern operational environments, with an emphasis on mitigating cyber threat vectors within software and hardware. The result of this collaboration has led to the development and launch of Inner Range’s Infiniti Class 5 solution. 

A Class 5 high-security solution

Infiniti is more than a product. It is the result of working alongside end users, consultants and system integrators to ensure an appropriate and propionate solution is designed and deployed.  Support is delivered by qualified integration partners capable of installing, programming and supporting the end user 24 hours a day, 365 days per year.

The Infiniti Class 5 solution consists of a suite of products that together provide all the elements necessary to meet the stringent requirements set out by the AS/NZS 2201.1:2007 Class 5 standard. Class 5 is the highest risk profile classification defined within this standard, with Class 5 sites typically found in government, military, financial and other high-security environments.

In this standard, the risk profile of an intruder alarm system is determined by conducting a risk assessment based on the likelihood and consequences of an attack.A Class 5 risk profile is proposed when the consequences of the attack may be ‘catastrophic’ regardless of the likelihood of an attack, and when the likelihood of an attack is ‘likely’ or ‘very likely’ and the consequences ‘major’ or ‘catastrophic’. 

The Infiniti Class 5 hardware is certified for use in Class 5 compliant installations when installed, commissioned and maintained in accordance with this standard and documentation. 

The Infiniti Class 5 range of products includes Controllers, Input Expansion Modules, End of Line Modules, Keypads, Card Readers, Power Supplies, Equipment Enclosures, Alarm Transmission devices and equipment power isolation kits. Importantly, the Infiniti Class 5 solution is not reliant on a server to perform functions, as all logic is stored within the controller.

The specifications

The solution’s modular design provides scope for expansion whilst also boasting a hybrid architecture. The hybrid architecture supports both high-security Class 5 zones and lower-security areas at the same facility at the same time. By ensuring that budget allocations are made for Class 5 zones only where necessary, the result is a single, holistic and affordable security solution.

Unsurprisingly, Infiniti provides the lowest total cost of ownership when compared with other similar solutions, without compromising PHYSEC or INFOSEC standards.

The entire platform, including multiple Controllers, can be managed from the Infiniti Enterprise software.Internal communications between the Class 5 controllers and edge devices are all encrypted to AES 128-bit with MAC authentication. External communications between controllers and server(s) is AES 256-bit with MAC authentication.

Data encryption ensures secure LAN communications always, while the programmable supervisory polling system continuously monitors the LAN to detect cable tamper, cable fault conditions, module off-line and module substitution. 

The solution is equipped with the award winning Multipath-IP T4000 Security Communicator. The T4000 provides high security and polled connection to the monitoring station for alarm reporting. All communications are encrypted to AES 128-bit and polling intervals can be as frequent as 10 seconds. 

Should a poll fail to be delivered within the allocated time, the T4000 intelligently tries to re-establish connection and, if available, will attempt to route the connection through another gateway, i.e. switching from on-site Internet to GPRS. If a failed connection cannot be re-established within a pre-determined time an alarm will be raised within the monitoring station. Multipath-IP T4000 has been independently certified to Australian standard AS2201.5 Class 5.

In addition, to a high security alarm system, the Infiniti Class 5 solution boats an integrated access control platform. At the heart of Infiniti Class 5 lies the Infiniti Access Controller (IAC). The IAC is an IP-based enterprise Access Controller which supports two doors and up to four readers on-board (and more with expansion modules).

Inner Range SIFER Card Readers can be used with the IAC to ensure compliance with AS/NZS 2201.1:2007 Class 5. The SIFER Card Reader employs AES 128-bit encryption from the card through to the door module, providing a far superior level of security than that of traditional Wiegand based card readers. SIFER readers utilise the MIFARE® DESFire® EV2 format.

Off-the-shelf, deployment-proven

Because the Infiniti solution is IP based, off-the-shelf, and able to support high level integration with third party internal building management systems, lighting, IP video surveillance, HVAC, perimeter electric fencing, gates and lift control amongst others, it provides a holistic and real time insight to site risk management, no matter what the scale of deployment.

Current deployments include, Australian Federal Police, non-disclosed Defence sites, non-disclosed power generation sites, ACT Government Shared Services, AirTrunk data centres, Australian Bullion Company, Bega Hospital, BlueCross Aged Care, Department of Industries NSW, Energy Queensland Limited, Mater Hospital, Melbourne Central Retail Complex, Metro South Health, Prosegur (cash in transit), RMIT University, and Sunshine Coast University Hospital.

Specific documentation and resources are available to assist in the production of security specifications and additional advice and assistance is also available through contact with individual major projects specialists.

Inner Range solutions have been distributed and supported from Auckland, Wellington and Christchurch for 29 years through Atlas Gentech NZ Limited.  For an in-confidence discussion and to see if Infiniti is the right solution for you, please get in touch with Andrew Thorburn on 09 570 2700 or AndrewT@atlasgentech.co.nz.

Madison

Be the first to comment

Leave a Reply

Your email address will not be published.


*