CyPhy Part 2 – How big of a problem do we have? Why we need Security Convergence today.

/in , /by

CyPhy Part 2By David Strickland, Vice President of Kenton Brothers

The second of a three part series covering the Cybersecurity and Infrastructure Security Administrations (CISA) newest announcements around Security Convergence. Kenton Brothers Systems For Security hopes to help organizations understand this concept and adopt best practices for securing the Cyber-Physical Systems (CPS) currently deployed.
(Part 1 | Part 2 | Part 3 | Part 4)

In our last blog, we discussed what Security Convergence is and why it’s so important. In this blog, we will discuss how large the problem is and how many systems and verticals are affected by not having a converged security plan.

CISA Explains a Connected Environment

Convergence of Cyber and Physical SecurityCISA Explains that the adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices have led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security. 

Juniper research reports that there are at least 46 billion IOT and IIOT devices on the connected network across the world. This number is expected to reach 125 billion by 2030. 18,788 are added every minute across the globe. There are approximately 6 IOT and IIOT devices per every human being on the planet. This will grow to approximately 12 per person (every man woman and child) by 2030.

The average number of devices per American household in 2021 was 10.

IOT Devices

Convergence of Cyber and Physical SecurityBeecham research provides a very useful look at the nature of IoT devices. (See graphic.)

This trend makes up a large part of the world’s economy. However, for every device on a network there is a vulnerability introduced. This presents a unique problem for commercial, government and critical infrastructure entities. Each physical security device that is connected to the network is also an IoT device.

Every cell phone that connects to the network is also a vulnerability. Every surveillance camera, video doorbell, IP telephone, television and computer present there own unique threats and risks.

IoT and IIoT to be considered secure on a network will normally have updated firmware, current certificates, have default username and passwords changed, have an updated OS and have at least dual authentication. As you may deduce with 46 billion devices out there, this is quite the task. Especially when each of these devices may have different manufacturers and communication protocols to let organizations know that there is a new vulnerability or a patch that needs to be applied.

46 Billion Devices

Convergence of Cyber and Physical SecurityThis 46 billion device reality, coupled with the fact that most organizations have siloed Physical and Cyber Security offices, has led to the vulnerabilities you hear about on the news every night. When the vulnerabilities affect critical infrastructure, such as energy or supply chain, the ramifications are far reaching.

In our next blog, we will concentrate on breaking down the CISO and CSO silos and the specific steps an organization can take to reach security Convergence.  Organizations with converged cybersecurity and physical security functions are more resilient and better prepared to identify, prevent, mitigate, and respond to threats. Convergence also encourages information sharing and the development of unified security policies across security divisions.

Kenton Brothers Systems for Security can help your organization understand this initiative and begin to help you close the gap. Please reach out with any questions.

CyPhy Part 1 – Have you heard of Convergence Security?

/in , /by

CyPhy Part 1By David Strickland, Vice President of Kenton Brothers

The first of a three part series covering the Cybersecurity and Infrastructure Security Administrations (CISA) newest announcements around Security Convergence. Kenton Brothers Systems For Security hopes to help organizations understand this concept and adopt best practices for securing the Cyber-Physical Systems (CPS) currently deployed.
(Part 1 | Part 2 | Part 3 | Part 4)

CISA defines Security Convergence as the formal collaboration between previously disjointed security functions.

The Convergence goal is to bring together the physical security leadership with the IT leadership to identify risks in their physical and cyber infrastructure. These departments normally hold two very different roles in an organization.

Convergence of Cyber and Physical SecurityConvergence seeks to bring together these two leaders to better understand the ways Physical and Cyber security depend on each other and its importance for protecting critical infrastructure including Healthcare Systems, Transportations Systems, Energy Systems and Industrial Control Systems. Today’s cyber-attacks are more developed and strategic than in the past. They also include hybrid attacks that combine cyber attacks with physical breaches.

CyPhy: The Convergence of Cyber and Physical Security

Convergence of Cyber and Physical SecurityTogether, cyber and physical assets represent a significant amount of risk to physical security and cybersecurity— each can be targeted, separately or simultaneously, to result in compromised systems and/or infrastructure. Yet physical security and cybersecurity divisions are often still treated as separate entities. When security leaders operate in these silos, they lack a holistic view of security threats targeting their enterprise. As a result, attacks are more likely to occur and can lead to impacts such as exposure of sensitive or proprietary information, economic damage, loss of life, and disruption of National Critical Functions (NCF).

Today’s threats are a result of hybrid attacks targeting both physical and cyber assets. The adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices have led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security. Meanwhile, efforts to build cyber resilience and accelerate the adoption of advanced technologies can also introduce or exacerbate security risks in this evolving threat landscape.

Convergence Vocabulary Infographic

Convergence creates a framework for discussion and identifying ways these two departments can support each other. The goal is to have good communication, coordination and collaboration. To seek out any vulnerabilities and attack them together.

Over the next three blogs, we will discuss the following topics:

  1. How big of a problem do we have? Why we need Security Convergence today.
  2. Security Convergence – The first steps.
  3. Security Convergence – Tools and resources to continue the collaboration.

The Security Convergence Initiative

The Security Convergence Initiative by CISA is important and has a long reach. Kenton Brothers Systems for Security can help your organization understand this initiative and begin to help you close the gap. Please reach out with any questions.

Introducing the LenelS2 Elements Security System

/in , , /by

By Courtney Emra, Lead Customer Service/Sales Assistant at Kenton Brothers

At Kenton Brothers Systems for Security, it’s important that we partner with the best solution providers in the industry. LenelS2™ is one of those providers.

LenelS2 ElementsLenelS2 is a leader in advanced physical security solutions, including access control, video surveillance and mobile credentialing. Their products, systems and services tackle the evolving needs of some of the world’s most demanding organizations. They provide a security backbone with deployment options that incorporate multiple technologies including mobile, cloud, artificial intelligence and cybersecurity. Their open architecture supports hundreds of third-party system interfaces that extend the capabilities of many security management systems.

The LenelS2™ Elements™ system is a comprehensive, yet simple, unified access control and video management solution built for the cloud. From single-site access control and video surveillance to more complex systems, the Elements system contains all the key ingredients for an effective and scalable, cloud-based solution; providing businesses with a brand-new security option that’s as simple as it is essential.

Perfect for Small and Medium-Sized Businesses

LenelS2 Elements ArchitectureThe Elements security solution is perfect for small to medium-sized businesses or satellite locations that need secure workplaces, but may not have permanent IT staff or security professionals. Easy to operate and maintain, the Elements system provides hassle-free, effective security that allows businesses to focus on more important things — like running their business.

Updates and enhancements are pushed in real time, reducing costly site visits. This makes budgeting more predictable and helps keep capital expenses down. Mobile first, the system can be accessed at any time, from anywhere. As the only unified access control and video management system that integrates with the OnGuard security management platform, the Elements solution can expand to meet a growing business’ needs.

LenelS2 Elements Checks All the Boxes

  • Cloud Based
  • Ideal for small and medium businesses
  • Easy to budget, get predictive monthly billing
  • Browser based user experience
  • No need for IT or security personnel

 

Active Shooter: Real world stories about lockdowns in schools saving lives.

/in , , , /by

By David Strickland, Vice President of Kenton Brothers

On November 14th, 2017 at 7:30 am, shots ring out near Rancho Tehama Elementary in Northern California. It’s an all too familiar but tragic scenario these days. One moment children are playing on a full playground, the next, panic, confusion and the succession of two more shots. This time however, the outcome is different than some of the other school shootings you may have heard about.

The staff members of the elementary school went into lockdown mode and followed the procedures they’d practiced and drilled multiple times. The staff knew what to do, and they did it in the face of true and present danger.

The secretary immediately sent out the signal for LOCKDOWN. 

Lockdown ProtocolsStudents were rushed into the building by staff members. Family members still present in the school yard were corralled by school support personnel. Teachers and staff members locked their internal doors and barricaded external doors. They huddled in their rooms away from the windows and out of the line of sight of the shooter. Hugging each other and the most solid wall in their classroom for safety.

Within seconds, two-thirds of the school was in lockdown. An then the shooter drove his pickup truck through the school fence and barreled toward the front entrance. The school custodian was busy getting parents into the school. He paused to look and see how far away the shooter was and, “looked the shooter in the eye as the shooter shot at him.” After the shot rang out, “The shooter was struggling with his weapon at this time. The gun appeared to be jammed, and he was having trouble loading ammunition.”

The gun jamming bought the staff, kids and parents precious seconds to finish their lockdown procedure. Everyone made it inside and all access to the school rooms and offices was now secure. The shooter, now fully loaded, entered the middle quad of the school 8 seconds later.

“The school secretary recognizing the threat made all the difference between 100 kids being around today and dozens being shot or killed. Those eight seconds were critical!”

The shooter was angry and frustrated and began to shoot into the classrooms and offices. In between shooting, the gunman tried to get into classrooms and the main office, but was unable to gain entry. He checked the bathroom, which was open but empty.

One 6 year old child was injured but survived and no one was killed. Six minutes after the shooting started, the gunman drove away. Hundreds of lives were changed forever, but everyone survived.

The Rancho Tehama Elementary School staff had practiced drills and executed lockdowns before, so even though they’ve never had an active shooter on campus, they knew what to do. It had become second nature.

The superintendent said, “The lockdown procedure was implemented flawlessly. The reason that we have a situation where I have one student injured on campus and nothing worse happening on campus is because of the heroic actions of all members of my school staff.”

Oxford High School in 2021

Lockdown ProtocolsThe same techniques and lockdown training were used in Michigan at Oxford High School on November 30, 2021.   Just after lunch, shots rang out inside the school in the main hallway. A 15 year-old student opened fire on his classmates. School staff, students and parents in the school that day followed the LOCKDOWN call and began to follow their training. “They had drilled this exact scenario so much that everyone knew exactly what to do next.”

In the hours after the shooting outside Detroit on Tuesday, Oakland County Sheriff Michael Bouchard said that without the measures taken by students, the tragedy would have been worse. “It is also evident from the scene that the lockdown protocols, training and equipment Oxford schools had in place saved lives.”

David Riedman, lead researcher on the K-12 School Shooting Database, said that the lockdown procedures that were deployed in Oxford, in which students sheltered and stayed out of sight, “absolutely saved lives.” The training that appeared to be on display in Michigan is similar to what students all over the country are taught, he said.

LOCKDOWNS took on new meaning during the heights of the COVID-19 Pandemic. 

Lockdown ProtocolsIn the physical security world, lockdowns mean locking down a building so that no one can enter or leave for a period of time. The location stays locked down until an all-clear signal is given. This seems like a pretty straight forward premise. It is – IF you plan correctly and have the right systems and procedures in place to make a LOCKDOWN effective.

Kenton Brothers uses several access control platforms to make it easy and quick to lock down a school. When a panic button is pressed, all the school doors lock. And alarms and mass communications go out audibly through speakers and electronically through mobile devices and computers throughout the school.

One of our manufacturers, Gallagher, allows you to not only lock down the school, but also send out emergency messaging to any staff members or parents who are not at the school. This would allow them to stay away or help support police in their efforts to bring the situation under control. Gallagher also has the ability to remotely muster or check off each person from a pre-determined list to be sure 100% of the people on-site are accounted for. This is a powerful benefit in the aftermath of these incidents.

Police can also remotely operate and IP Surveillance cameras in the building to gain situational intelligence on the location of the shooter and the direction they’re headed. This is just one example of how these security systems can help support the training, processes and procedures during a Lockdown situation.

Kenton Brothers Systems for Security helps guide schools and other entities through the process of identifying risks around active shooters and the techniques in protecting your people, property and possessions. Kenton Brothers’ qualified consultants will perform a no cost physical security assessment with recommendations for security system components, processes and procedures that will help prepare your staff. Just give us a call.

Additional Resources

CISA K-12 School Security Guide, 3rd Edition

Red Team Testing: It’s the 1992 “Sneakers” movie in real life in 2022.

/in , , , /by

By David Strickland, Vice President of Kenton Brothers

1992 Sneakers Movie Poster

The 1992 movie Sneakers, starring Robert Redford and Dan Aykroyd, was about a Red Team that was hired to break into companies all over San Francisco.  They were hired by the same companies they were trying to break into. This was done to test their security measures (both Physical and Cyber) – What we like to call “convergence” these days.

Robert Redford’s Red Team was made up of both physical security experts (a thief and a federal agent) and cyber security experts (a hacker and electronic technology expert). Their mission was to test and penetrate the defenses of the target company to point out any weaknesses. If vulnerabilities were found, the company could shore up their defenses and make their company more secure.

Fast forward 30 years to 2022. The Red Team Testing technique is still in full swing.

Red Team Testing is still the pinnacle of testing your security systems so that you can determine your risk of exposure. The Red team will look at every aspect of your convergent security systems and create a detailed report on your weaknesses.

Red Teams ask the question – What would happen if your company was faced with some of the following scenarios?

  • Active Shooter
  • Cyber Attacks (Internal and External)
  • Industrial Espionage
  • Theft (Physical, Digital, Intellectual Property)
  • Sabotage
  • Power outage
  • Mass Casualty event (Weather, explosives, Chemical)
  • Pandemic
  • Work Place Violence

Here are a few of the techniques Red Teams will use to test your company’s exposure level:

Physical Security Penetration Testing:

Red Team TestingRed Teams will test physical penetrations with your company’s physical assets (buildings, vehicles, networks, people) and measure the company’s response and how long it took to detect and act on those tests. They will measure the effectiveness of your policies and procedures and how they affect your deterrence and detection systems.

The Red Team will pose as employees or service providers to gain access to your company’s inner workings. They may also attempt to break into see what is possible and if they get caught. They’re looking for assets they can compromise and gain access to while on the inside.

Did your coworker leave proprietary information on a white board for all to see? Did everyone sign out of their workstations? Are your access control doors propped open for easy access? If someone unplugged one of your surveillance cameras and plugged it in to their laptop, could they gain access to your network? Can they connect a thumb drive to your server? Could they sneak a weapon in? Have all of your Internet of Things (IOT) devices had their default usernames changed? The list is long.

Cyber Security Penetration Testing

Where physical penetration testing might seem like a hammer, think of cybersecurity testing as a scalpel. Red Teams utilize web application attacks, such as cross-site scripting, SQL, piggybacking, injection and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit these vulnerabilities. These types of risk include stealing data, intercepting private/confidential traffic, asset discovery, exploitation and complete shutdown. As we all have become aware, Ransomware is a true and present threat to every size of business.

In the complex cybersecurity landscape, penetration testing has become a must for most industries. In many, in fact, it’s required by law.

For instance:

  • Health organizations ensure healthcare data security under HIPAA
  • Financial institutions test for FDIC compliance
  • Businesses accepting or processing payment cards must comply with Payment Card Industry standards
  • Critical infrastructure entities must follow guidelines outlined by NERC

Even businesses that might think they don’t have any valuable information to protect could be at risk of someone trying to take over the network, install malware, disrupt services, and more.

The End Game

What does all this sneaking around mean and why should you care? Red Team Testing allows you to identify and exploit your security weaknesses without the impact of debilitating consequences. From a Red Team’s report, you can adjust your response to the threats that you see as your biggest exposure. You’ll have the ability to identify specific weaknesses and the best approach for shoring them up.

Breaches Happen Every Day – Here’s an example.

One story about a Red Team that comes to mind was about a team that created malware laced thumb drives. And they labeled them with the contracted company’s logo to make them look official. The Red Team followed several employees to a local convenience store and would drop these thumb drives by their car door when the employee would enter the store. When the employee would come back, they would see the logo and thumb drive and assume they had dropped it. They would dutifully pick it up and bring it back to work with them. Curious about what was on the thumb drive, they would insert it in the USB port on their workstation and physically introduce malware to their cyber network. Game over.

This is a great representation of the techniques a red team employs to gain access. They used social engineering to “hack the employees” and defy the policy of no outside USB connections on the network. It seems innocent enough to the employee, however the vulnerability was able to exploit the banking information of a large regional bank. Fortunately, this was a test. Only a test.

Security Systems and Processes have the best chance for success when they’re working in unison. You may have the best security system in the world, but if you forget to arm it, it’s useless. Red Team testing allows you to test both systems and processes.

Interested in how this testing could help your organization? We can help! Please reach out today and we will discuss exactly how Red Team testing can increase the protection of your business.