The security needs of Critical National Infrastructure organisations have never been higher. National Cyber Security Centre can fine CNI organisations if they leave themselves vulnerable to cyber attacks.
But who really needs absolute watertight security? What does it comprise? And doesn’t it cost the earth?
Tim Northwood, Managing Director at Inner Range Europe, offers his advice to these frequently asked questions.
When is watertight security necessary?
We advise all organisations to conduct a risk assessment of their current security system to ensure it’s fit for purpose. If the chance of an attack is ‘likely’ or ‘very likely’ and the consequences are ‘major’ or ‘catastrophic’ (or may be catastrophic regardless of the likelihood of an attack) it’s imperative to invest in a robust security system.
UK organisations that deal with health, energy and water, defence, finance, transport, civil nuclear, communications, chemicals, food and our emergency services will all have high security needs.
For example, a power station is a good example of a facility where an attack is ‘likely’ or ‘very likely’ and the consequences would be ‘major’ or even ‘catastrophic’. The risks are physical and cyber in terms of an intruder gaining access to your site and means you need a security system that cannot be tampered with on or offline and offers you exceptional protection including lock-down protocols, strict visitor management systems, high level asset management and personnel tracking to name just a few.
What does a high security system offer?
Encryption
Systems that provide an end-to-end fully encrypted solution to 128bit with Mac authentication offer organisations the ability to add an additional layer of protection. Data encryption ensures secure LAN communications at all times and continuous monitoring detects any fault or attempted module substitution.
Most security systems in the UK should conform to European Standards BS EN 50131 series – but that doesn’t make them equal. All components of the system are graded and the overall grade is measured by how resilient the system is to attacks by intruders and other outside influences. Lower graded systems can be vulnerable to fairly low tech attacks and even Grade 3 systems can be compromised with specialist knowledge that is often shared on-line.
End-to-end encryption – from every controller, keypad and beyond – is key to reducing your risk of sophisticated attack.
Systems integration
A sophisticated high security system will integrate with a host of other programmes and systems, simplifying the way you manage your site or organisation. For example, it could integrate with:
- CCTV,
- Lift access
- Automated Number Plate Recognition (ANPR)
- Building management systems
- Visitor management
- Asset and personnel tracking
- Active Directory
It should be able to do this at one site, or across many at local, national or even global levels.
High availability
CNI organisations need to ensure an ‘always on’ service. A security system that runs multiple instances of itself – at the same time – across multiple nodes or servers using technology like Microsoft failover clustering mean it will auto-connect to available nodes when necessary and minimise costly or vulnerable downtime.
Is high security affordable?
The best high security systems come in a modular design, so you can expand them if and when you need to. They also come with a hybrid architecture that supports higher and lower security zones at the same facility at the same time. This means your budget for high security is only used when necessary and the end result is a single, holistic and affordable security solution.
Inner Range’s Integriti Encrypted High Security system offers all these solutions and more. For information and to organise a demonstration email integriti@innerrange.co.uk