Monday, February 8, 2010
Reader Comment – 02-03-10 Cyber Sec Resp 2
Last week (sorry for the delay in mentioning this) D3 left another comment in our conversation about cyber security responsibility. As usual the comments are worth going back and reading. D3’s closing remark in the comment is worth some discussion here on this blog. D3 closed by saying: “I just think that we in the security industry (whether general or specific) need to observe the entire spectrum of issues.” Cyber security issues have an impact on almost every other security procedure or control system at high-risk facilities. Ignoring for the moment the security of our industrial control systems, facilities might use computer based security systems to control facility access, monitor security cameras and other security monitoring systems. This means that the security of those systems must also be assured. To ensure that COI shipped from the facility only go to legitimate, vetted customers, we use a variety of computer based inventory and customer management systems. The security of these systems must also be assured. All of these disparate computer systems require both system security and physical security measures to adequately protect them against attack. The necessary security measures for these systems must include personnel surety controls for those with physical or electronic access to the systems. One area of cyber security that is nearly always ignored when discussing facility security issues is the issue of identity theft. This can affect facility security in two different areas. The most obvious is the identity theft of current employees. While the employees will be most concerned with the affect on their personal finances, facility security personnel should be concerned with the compromise of electronic access to protected cyber systems. Identity theft can result in an even more basic compromise of the facility security when new employees use a fake identity to get a job at the facility. There are frequent stories in the national news about illegal immigrants using stolen identities to gain jobs. If it is that easy for the run of the mill illegal to gain access to identity documents, how easy would it be for a terrorist or terrorist supporter to do the same to gain ‘legitimate’ access to high-risk chemical facilities? So, D3 is correct, security managers need to cast a wide net in the security concerns that they have to take into account when managing the security program for high-risk chemical facilities. The wide diversity of cyber security issues is just one example.