Bridging the Gap between Cyber and Physical Security

Year
2019
Author(s)
Anna Wikmark - Swedish Nuclear Fuel and Waste Management Co, Stockholm, Sweden
Sanna Engqvist - Swedish Nuclear Fuel and Waste Management Co.
Mikael Hammarstrom - Knowit Secure AB
File Attachment
a1439_1.pdf276.72 KB
Abstract
The systems installed to provide physical security are a mixture of servers, clients and products best be described as Internet of Things. This means that they are highly capable products with network features just as any computer. The physical security systems are designed to keep unauthorized people out and provide authorized access to the areas they are protecting. The purpose of cyber security is basically the same as for the physical security systems. The team responsible for the cyber security are typically part of the IT staff, while the systems for physical security are often installed and maintained by external sub-contractors. It shall not to be taken for granted that the coordination between these two parties is effective, if even existing. This paper describes the challenges The Swedish Nuclear Fuel and Waste Management Co. has experienced bridging the gap between cyber security and physical security for the Swedish Nuclear Transport System. There are a wide range of issues, from managing to get the cyber team and the physical security team working together to the need to evaluate if the manufacturers of physical security products are taking the cyber security of their products seriously. You pass questions like “Has there been an improvement since the Mirai botnet almost brought down the Internet by using default passwords in CCTV cameras?” and at the end you cannot get rid of the worrying “Have you really found all the weak spots when it comes to cyber security?”