![Page 1: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/1.jpg)
Considerations for deploying a security
information and event management system
supporting physical protection systems
in nuclear facilities
IAEA CN-254
![Page 2: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/2.jpg)
Authors
• Mitchell HEWES
Australian Nuclear Science and Technology Organisation
Lucas Heights, Australia
Email: [email protected]
• Alan COWIE
Australian Nuclear Science and Technology Organisation
Lucas Heights, Australia
Email: [email protected]
![Page 3: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/3.jpg)
Outline
• Physical Protection Systems within a Facility
• Components of an ECS
• Where does a CSS fit in?
• Sensitive Information
• Information Security Assurance
• CSS monitoring a PPS
• Conclusion
![Page 4: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/4.jpg)
Terminology
• PPS – Physical Protection System
• ECS – Electronic Control System
• CSS – Computer Security System
![Page 5: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/5.jpg)
Physical Protection Systems
within a Facility
![Page 6: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/6.jpg)
Typical physical protection systems
• Physical barriers necessitate access points e.g.
doors, gates, lifts
• Mechanical locks & keys
• Photo identification cards & documentation
• Guard personnel
• Access protocols & procedures
• Access log books & visitor lists
![Page 7: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/7.jpg)
Physical Barrier & Access Point
![Page 8: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/8.jpg)
Guard Personnel
![Page 9: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/9.jpg)
Components of an ECS
![Page 10: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/10.jpg)
Electronic card/token & reader
![Page 11: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/11.jpg)
Access Controlled Door
![Page 12: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/12.jpg)
Centralized Access Control
![Page 13: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/13.jpg)
Computer-based components of an example
networked security system.
![Page 14: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/14.jpg)
Biometric Identification & Data
![Page 15: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/15.jpg)
Purpose & Benefits of ECS
• Greater efficiency – augment physical
• Managing keys
• Robust record of actions undertaken
• Negate need for a guard at each door
• Monitoring and recording of the state of electro
mechanical components
• Programmatic automation of Physical
Processes e.g. Enforcement of a “no alone”
zone
![Page 16: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/16.jpg)
Where does a CSS fit in?
• In our example the Computer Security System
forms an overwatch function for the ECS
• It would sit within a different security zone and
take in inputs from multiple facility functions to
be able to provide correlation for monitoring
and response on attacks spanning multiple
systems.
• How can we enable this while protecting the
function of the ECS?
![Page 17: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/17.jpg)
Sensitive Information
![Page 18: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/18.jpg)
Sensitive Information
• Items used in granting automated access
– Card ID
– PIN Number
– Biometric Templates
• State information of electromechanical assets
• CCTV Camera video feeds
• Computer configuration
• New EACS parameters supplied to make system
changes
Automated State Change
Contextual State Change
![Page 19: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/19.jpg)
Computer Security Measures for PPS
• Host integrity checking
• Sub zone network segregation
• Netflow - record capture and parsing
• Port monitoring
• Port security
• Wifi rogue monitoring/suppression
Contextual State Change
![Page 20: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/20.jpg)
Data Flow Model Between PPS and CSS
• Sensitive information that could affect an
automated state change within a facility
function should not leave it’s source security
zone while it is still functionally significant.
• Sensitive information that could affect an
automated state change within a facility
function must not be generated by a system at
a lower security level.
![Page 21: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/21.jpg)
Information Security Assurance
![Page 22: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/22.jpg)
Goals
• Ensure the confidentiality, integrity, and availability of the
automated operation of the PPS and the accuracy of
information supplied to an operator to make contextual
changes
• Monitor the operation of the computer-based hardware
components and software for indicators of compromise.
• Provide independent computer security measures to ensure
a defence in depth against a single computer security
vulnerability.
• Enable the response, remediation, and restoration of
verifiable normal operation.
Transitive from PPS: Deter, Detect, Delay, Respond
![Page 23: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/23.jpg)
CSS Monitoring a PPS
• Monitor the computer-based components of the physical
protection system and the computer security measures
protecting them.
• Monitor the effectiveness of zone-decoupling measures for
computer security zones interacting with the PPS.
• Decouple from the PPS itself - limit the information flow to
prevent information important to automated operation of the
PPS from being captured by the CSS. E.g. through a data
diode.
• Provide the potential to correlate with the monitoring of other
computer security zones to monitor the overall facility
computer security defence in depth posture.
![Page 24: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/24.jpg)
Conclusion
![Page 25: Considerations for deploying a security information and ... · Considerations for deploying a security information and event management system supporting physical protection systems](https://reader036.vdocuments.us/reader036/viewer/2022081523/5fca5fff1d0133607065bdd2/html5/thumbnails/25.jpg)
Conclusion1. A nuclear facility PPS augmented with an ECS
increases defence in depth from physical attack.
2. An ECS transfers some risk from a physical
compromise to an computer-based compromise, thus
the need to incorporate computer security measures
to maintain defence in depth.
3. A CSS monitors computer security measures. Just as
the ECS monitors the physical security measures.
4. A well thought out and implemented CSS, which
preserves the confidentiality of sensitive information
critical to PPS automation, is required to provide
continued assurances of defence in depth.