Year
2015
Abstract
Advancements in technology as applied to Physical Protection Systems (PPS) have made them more robust and responsive. However, with these new technologies PPSs are becoming more vulnerable to cyber-attacks. The convergence of IT (Information Technology) and PPSs with respect to design, configuration, and ongoing support has evolved in both industry and government. Nevertheless, these two areas intrinsically continue to be treated separately, especially when it comes to support. With analog components giving way to IP (Internet Protocol) based technologies, vulnerabilities are introduced that can be exploited by both the outside hacker and the informed insider with access. Therefore the cyber component must be considered when designing or upgrading PPSs. If systems are protecting nuclear material or information they should have dedicated non-routable networks. Still, what about attached subsystems, are they connected to the outside world? Are VLANs (Virtual Local Area Networks) utilized, and who manages them? Is the IT staff who maintains the networks also cleared at the same level as those who manage and maintain the PPS, or are they one and the same? What about redundancy? Is configuration management implemented properly? These are some of the many questions that need to be asked. While computer forensics sounds exciting, it is usually too late—you’ve already had a breach. Due diligence is needed to appropriately address the cyber threat to Physical Protection Systems, especially when those systems protect Nuclear and radiological material and their associated control and accounting systems.