Stanley launches versatile IP based video door entry system

Stanley Security Products is pleased to announce it has secured the exclusive UK distribution rights to the InfinitePlay IP based video door entry system, which will join the existing PAC Access Control and GDX Door Entry range. STANLEY InfinitePlay comes with a host of features whilst remaining exceptionally easy to use and install.

InfinitePlay is a 100% IP based plug and play system that doesn’t require sophisticated networking knowledge, ensuring all security installers and electrical contractors can readily fit it as a new standalone system or add it to an existing IP based door entry system for a cost-effective extension option.

Running over an IP network means there are no limits to the distances between system components and no limit to the number of devices that can be incorporated within the system.   As a result, InfinitePlay is extremely versatile and can be used on a single residence or a large apartment block right the way through to substantial public and commercial multi site applications, including hospitals, offices, schools etc.

Key components to the InfinitePlay system include a stylish wall mounted 7” touch- screen LCD monitor built on the Android™ operating system and a choice of good quality, vandal resistant entry panels with a variety of finishes to match a building’s design style. The keypad comes with a 5 megapixel camera for high resolution images and superb contrast in all lighting conditions; noise cancelling technology built into the microphone to ensure background noise in kept to a minimum; a clear 4.3” display; and a choice of touch-screen for scrolling names / property numbers or up to 4 illuminated buttons. A useful feature on the keypad is the ability to create a pre-recorded message for when the occupant is out, which is especially valuable for businesses wishing to advise customers of opening times, for example.

Both monitor and keypad feature easy to use menus and intuitive icons which makes accessing the comprehensive array of features and functions very simple indeed. In addition to the standard features you would expect from a door entry system, this includes lighting activation, video calls between apartments, voicemail, interconnection with a mobile device to answer and unlock the door (via the InfinitePlay App) even when away from home.   InfinitePlay even enables the occupier to send messages, attachments (via a mini USB port) and service information to and from apartments.

InfinitePlay is available with comprehensive software for management at a reception desk or concierge.

For installers, InfinitePlay is very simple to fit and programme from any monitor connected to the system with just five set up options, and highly cost effective. It uses existing IP network infrastructure, CAT5 cable and RJ45 connectors for a significant reduction in cabling costs.   Furthermore, with the exception of door opening devices, system devices are powered by the IP network using Power over Ethernet (PoE) technology, so do not require connecting to the mains.

It comes with an advanced diagnostic web service for remote diagnosis, making it a highly convenient system to service and maintain.

InfinitePlay is available from STANLEY Security Products. For more information, please go to www.stanleysecurityproducts.com

More

Abloy receives healthcare accolades

Security expert Abloy UK has recently received a number of accolades for its work in the healthcare sector, with positive feedback from the Care Quality Commission (CQC) on its PROTEC2 CLIQ solution.

In addition to this, Abloy PROTEC2 CLIQ, in partnership with Northern Lincolnshire and Goole Foundation Trust, has been shortlisted for the Heath Service Journal (HSJ) Value in Healthcare Awards 2015, in the Value and Improvement in Information Technology category.

Abloy PROTEC2 CLIQ is an easy to use web-based access control system that uses mechanical high security disc cylinders combined with highly encrypted electronic locking and identification.

The positive findings from the CQC were featured in a quality report of Birmingham NHS Foundation Trust’s Queen Elizabeth Medical Centre in Birmingham, in which the centre gained an overall rating of ‘Good’, with services at the trust being led to an ‘Outstanding’ level.

The ‘Innovation, Improvement and Sustainability’ section of the report states there was a strong innovation of culture at the centre – an example of this being the drug key system on trial on the assessment units, which is PROTEC2 CLIQ system.

It had been identified that significant nursing time was spent getting access to the drug cupboard key, leading to poor key control and ineffective use of nurse time.

With the implementation of the PROTEC2 CLIQ system, each member of staff on duty had an electronic key that was linked to them, and provided audit trails and restricted access to certain staff when skills and competencies had not been achieved.

This resulted in less time being spent looking for keys meaning greater nursing efficiency, and also improved key control with access rights to certain areas being regulated more effectively.

Northern Lincolnshire and Goole Hospitals NHS Foundation Trust also recently upgraded the security of the drug cabinets at Scunthorpe General Hospital to PROTEC2 CLIQ, resulting in significant cost and timesavings, and a HSJ Awards shortlisting.

Jon Burke, Marketing Manager for Abloy UK, said: “We’re really proud to be receiving this high level of recognition within the healthcare industry for our PROTEC2 CLIQ system, from both the CQC and HSJ.

“The feedback we’ve had from a number of Trusts around the UK has been extremely positive, and we believe that all healthcare institutions could benefit from the increased efficiency and high level of key control that the solution provides.”

For further information on PROTEC2 CLIQ any of the products and services available from Abloy UK, please call 01902 364 500 or email marketing@abloy.co.uk

More

How to Safeguard your Home and Reduce your Insurance Premium

When looking for home insurance it’s crucial that you have the best possible locks fitted, not only will this give you the best protection for you house but it could also save you money on your insurance premium.

When you apply for cover, the insurer will ask you what sort of locks you have fitted to your property. In most cases you should receive a discounted premium providing that you have a higher degree of security, it is important to consider that in some areas, if your locks are not up to standard, then you might struggle to get insurance cover at a reasonable price.

How to keep your hfastkeys2ome secure

Most crimes are against property rather than people, we will outline a few tips on how you can make your home and valuables more secure. Many of the suggestions listed are common sense and if fully implemented will go a long way towards making your home and property more secure and potentially saving you the distress and expense of being the victim of a burglary.

The majority of crimes are opportunistic, spur of the moment events and can be the result of leaving a door or window open or having valuables left on view.

Firstly, let’s start to make life awkward for the burglar by taking these simple and cost effective precautions.

Many burglars are opportunistic and they often don’t even have to resort to using force, they simply let themselves in through an open window or door.

  • Take a look at your property from a burglar’s perspective.
  • Are there any unsecured windows or doors?
  • Are your window and door locks strong and secure enough?
  • Are there any places hidden from view where someone could attempt to break in?
  • Would they have to make a lot of noise to break in by attacking doors or breaking glass?

Windows

One in three burglars gain entry through a rear window. Window locks are an effective deterrent because they force the thief to break the glass and therefore risk drawing attention to himself.

If the window lock is visible, this will also further deter a criminal. There are many types of window locks available with keys for all kinds of windows and frames from your local locksmith. A qualified locksmith is best suited to advise you on the best lock to suit your requirements.

Fit window locks with keys to all vulnerable windows, in particular all ground floor and basement windows, all upstairs windows that are not visible from the street, all windows that can be accessed via drainpipes and gutters or via flat roofs. You should even consider small windows and skylights – bear in mind that a burglar can squeeze through any opening that is larger than a human head.

For UPVC windows, make sure you check with your window fitter before fitting locks as this may affect your warranty.

Remember not to leave your keys in locked windows and store them in a safe place. Consider getting a small key cabinet, these can be inexpensive and will have other benefits which we will touch on later in this series.

Louvre windows can be particularly vulnerable as burglars can remove window slats with ease. Glue the slats into the end plates and if you can find something suitable for Louvre windows, fit a locking device. Here again your local locksmith might be best placed to advise. Also, if you can – consider replacing louvre windows with fixed glass.

When replacing windows, consider using laminated glass as this is harder for burglars to penetrate. Also, think about fitting security grilles to openings that might be vulnerable to attack, such as basement windows that cannot be viewed from the road.

Doors

  • Make sure all your doors, front and back are secure.
  • Doors should be strong and in good condition and at least 44mm thick (2 inches).
  • Any glass panels located on or around doors can pose a risk to security and you should consider replacing them with laminated glass if necessary.
  • Make sure all doors are fitted with five lever mortise deadlocks and that you use them. They should be fitted about a third of the way up the door.
  • Insurance companies normally ask for locks to have a kite mark to British Standard BS3621.

The benefit of a deadlock is that it can only be opened with a key. So even if a burglar smashed a nearby glass panel to reach inside, he still wouldn’t be able to open the door. Also, if a thief gets in through a window, they won’t be able to carry your possessions out via your deadlocked door.

Letterboxes – do not leave spare keys hanging inside your letterbox as this is an obvious place that a burglar will explore. Thieves are very adept at fishing for keys through letterboxes using poles and magnets, so never leave keys visible anywhere near your front door. That includes your vehicle keys; locking security on modern cars is so strong now that it is virtually impossible to steal a vehicle without having the keys. Hence, would be car thieves have to resort to breaking into homes or fishing for keys through letterboxes. Here again, consider getting a small key cabinet to store your keys. Consider fitting a letterbox cage, this will prevent burglars from getting their hands or special tools inside in order to try the latches.

Exterior doors – Fit solid good quality bolts with strong screws to the top and bottom of exterior doors. For French doors, fit a mortise lock in conjunction with bolts top and bottom of the door.

For UPVC doors check with your installer to ensure that you are not invalidating your warranty before fitting locks and bolts. It is also worthwhile getting some expert advice from your local locksmith.

When buying UPVC or metal framed doors or windows, make sure they come pre-fitted with built-in locks.

Garages and Sheds

Garages and sheds should be kept locked and secure as they are often full of expensive tools and things such as ladders that the burglar could use to break into your home. If the garage has a door connecting it to the house, the burglar can easily try and gain entry via the inner door unobserved.

Make sure your shed has a good sturdy door with strong hinges and that it has a good quality hasp and staple fitted with a security padlock.

If possible make sure ladders are locked away in a garage or shed. If left outside, ladders should be chained up to a strong bracket and in a horizontal position. Check to see that there are no other objects outside that can be used as climbing tools to gain access to first floor windows.

If you would like more information on securing your home, call us on 01268 562 562 or visit the experts at our Trade Counter – Unit 3 Pilot Close, Flumar Way, Wickford, Essex, SS11 8YW

www.fastkeys.co.uk

More

CCTV experts EyeLynx adopt impossibly small PC for rapid deployment system

Tiny Green PC has announced that EyeLynx, a leading manufacturer of CCTV surveillance systems has standardised on its Fit PC2 as the processing platform for the Pharos™ all-in-one surveillance system for rapid deployment applications.

Widely used by police forces, building contractors and event organisers, the EyeLynx Pharos™ all-in-one surveillance system is the only true High Definition (HD) Rapid Deployment surveillance system on the market with Edge Recording Cluster ERC™ capability. With SharpView NVR software running on an ultra-compact and low power Tiny Green PC Fit PC2, Pharos™ records multiple slave HD cameras 24/7 and whenever the perimeter is compromised or a potential intruder approaches too close to the fence, SharpView will send a snapshot alert to the control centre or assigned person’s mobile devices for visual verification. Pharos™ has been used at some extremely high profile events, including the previous two Conservative Party conferences in Manchester and Birmingham for example.

Commenting on his choice of Tiny Green PC for the PC platform, EyeLynx Managing Director Jay Patel said, “SharpView is an efficient software solution that records HD video from multiple cameras and processes the images in real time. The challenge was to find a very low power PC, small enough to be hidden in the camera case and able to run for several days from a battery system.“

EyeLynx also offers an industrial grade stand-alone 12V battery power system of 100 to 300Ah with solar/wind charging options to give Pharos a real go-anywhere at any time capability. TinyGreenPC Fit PC2 draws just 8W allowing the whole system to run from these batteries for several days without recharging. The TeraByte Hard Disk fitted as standard can store over 30 days of evidential quality HD video, based on a 1.6GHz Intel Atom CPU, the PC offers more than enough power to run the efficient SharpView NVR software. Yet all this is packaged in a case just 10cm x 11.5cm by 2cm deep – less than a quarter of the area of an A4 sheet of paper.

Summarising, Jay Patel concludes, “EyeLynx doesn’t compromise quality for performance. Tiny Green PC Fit PC does more with less, providing us with both. It delivers ample computing power to run our SharpView NVR software and can be tucked away securely in the camera case. It also supports the low power side of the equation too so Fit PC is the perfect solution for our Pharos™ high performance, rapid deployment CCTV system.”

About Tiny Green PC

Tiny Green PC, a division of Anders Electronics plc, is a leading supplier of ultra-small, ultra-robust, ultra-low energy, fanless computing solutions used across Security, Education, Medical, Industrial, Signage and many other sectors. The company is the official European home of Fit PC, Intense PC™ and Utilite™.

Adding value through custom design and configuration services, software integration, installation and financing, Tiny Green PC helps companies improve their green credentials and reduce their energy usage, whilst providing ‘genius’ technical solutions that do the job better, faster and cheaper, making great long-term commercial sense.

Tiny Green PC is headquartered in London with offices in Italy covering Europe, the Middle East, North America and Asia.

For further information, please visit: http://www.tinygreenpc.com

More

Introducing New Genesis GRP Kiosks

New to the Glasdon collection are Genesis GRP Buildings, a range of high quality kiosks which are available off the shelf for quick delivery (free to mainland UK).

These economical GRP buildings are ideal for a large variety of outdoor applications such as car parks, security gates and toll booths. Perfect for limited budgets!

The Genesis range of glass reinforced plastic buildings, provide a strong, versatile and comfortable accommodation solution for employees.

These stylish GRP kiosks come as standard in four layouts, offering high quality materials at a budget-conscious cost.

Portable and adaptable, the sizes available are as follows: 1.5 x 1.5m portable kiosk2.3 x 1.5m portable kiosk2.3 x 1.5m portable kiosk (double sliding window model) and 2.7 x 2.2m portable kiosk.

The largest GRP building in the Genesis range is suitable for retail purposes, as kiosks offer a low cost way of enhancing your brands visibility and presence at venues and events. From goods inward offices and portable offices to gate houses and sentry posts, this size unit would be ideal.

The GRP booth with double sliding window allows you to easily communicate with visitors and provide quick customer service, perfect for information kiosks and busy ticket sale areas. Ideal for football and other event programme selling. This model is also suited as a security cabin, as the double window space allows a higher visibility span.

Insulated and weather resistant, the Genesis GRP kiosk range come as standard with fully flame retardant white panels. A wide range of optional extras available to kit out the cabin to your specification, and stickers can be used to personalise and brand the outside.

The practical and multifunctional Genesis GRP units are sturdy and robust, available in a wide range of sizes that are low–maintenance and affordable.

Glasdon also produce a wide range of GRP Modular Buildings, GRP / Steel Housings and Equipment Cabinets.

With an infinite set of uses within the industrial and commercial sectors, GRP and IP-rated units provide a quality, reliable and cost effective solution. The durable constructions deliver an impressive focal point and superior accommodation for a large range of applications.

If you have any questions contact Glasdon today on (01253) 600410, email sales@glasdon-uk.co.uk, or visit www.glasdon.com.

More

Abloy App and Handbook make specification easier

 

Security expert Abloy UK has updated its hugely successful smartphone app and compliant specifications handbook, offering users all the help they need in specifying the most effective Abloy locking solutions, no matter what the requirements.

The handy Abloy app – available for iOS and Android devices – allows users to find the right door security solution by quickly selecting suitable products for specification or installation. It then utilises GPS to direct users to their nearest Abloy Dealer Centre so the job can be completed quickly and efficiently.

The app can also be used to check price and availability, or send a technical question to the customer services team and receive a swift answer. Updates to the software include information about new door packages, enhanced search functionality, web news and videos.

Users are also able to view courses available at the Abloy Academy, and sign up for specific dates. The Abloy Academy offers a range of courses to help installers learn more about standards and legislation, as well as practical workshops on how to install electric locks, door operators and access control.

In addition to the app, the pocket-sized compliant specifications handbook offers a complete guide to specifying door security solutions, providing an easy reference point for installers, to ensure they are putting the right products on the right door.

The guide is ideal for those who prefer using a physical booklet rather than a mobile device, and it contains information such as product details, technical specifications, and the standards each of the packages meet when installed correctly.

Jon Burke, Marketing Manager for Abloy UK, said: “When you’re on site or away from your computer and need to specify the right door security solution, the Abloy app and compliance handbook can direct you quickly and easily to the product you need.

“The app makes product selection intuitive, efficient and easier than ever before, as well as providing unprecedented on-site technical support for installers, across all stages of the specification and installation process.

“This new update has made the process even more streamlined, and the compliance handbook is great for those who prefer a pamphlet in their pocket, so if you’re a professional installer, specifier or security manager we have a solution to assist you.”

To download the app, search for ‘The Abloy App’ in the App Store or Google Play, and to request a copy of the compliant specifications handbook e-mail marketing@abloy.co.uk

For further information on any of the products and services available from Abloy UK, please call 01902 364 500 or email marketing@abloy.co.uk

 

More

Cashless payment systems – beneficial to security and access control

Chris Lyons, Managing Director, Systopia International.

“One of the main responsibilities of a Facilities Manager is to oversee the security of a building and the staff which work within it.   Over recent years we have seen many advances in technology which help to keep sites secure and Facilities Managers are now spoilt for choice when it comes to figuring out how best to run daily business operations and make the most of their facilities.   When making the important decision on what technology to invest in, many Facilities Managers might be surprised to learn that cashless payment systems can provide an all-in-one solution for security and access control.

“Using Radio-Frequency Identification [RFID] technology, cashless payment systems can be integrated onto existing security cards or passes, providing a one-stop token which can be used to gain access into a building. As well as this, the cards can be used to pay for food and beverages on site and many other items within the business environment such as car parking, printing and internet use.   This ‘all-access’ card means that the amount of money held on site is significantly reduced and therefore lessens the danger of theft.

“Integrating the technology onto one card means it is a much simpler and easier system to manage, and also ensures only those with approved access status can operate within the business environment, helping to minimise the risk of lost and stolen access cards. The RFID technology provides a unique identifier for each card, allowing Facilities Managers to track where the card is located at any given time and the activity history. Therefore, if a card was lost or stolen and an ‘outside’ individual had obtained access to the building, they would easily be able to be tracked down and stopped.   Not only this, but any money which had been spent during the theft, could be seen on the account history making it easy to identify the funds owed back.”

To find out how your business can benefit from Systopia’s cashless payment systems visit www.systopia.co.uk or call 0800 085 2056.

Background Information on Systopia:

Systopia, established in 2008, provides cashless systems, cashless vending and cashless catering for the Business, Education, Healthcare, Leisure and Stadia sectors. With an impressive record of delivering the highest standards in reliable and innovative cashless solutions, Systopia boasts an impressive and extensive client list.

Using RFID technology, Systopia’s cashless systems integrate directly with proximity cards, such as security, ID or membership cards, allowing users to pay for items in a fast and convenient way. With the way that transactions take place changing rapidly, Systopia is leading the way in this cashless revolution, offering cashless systems combining modern, high-class and reliable EPOS systems with cashless vending.

In partnership with leading hardware providers, Systopia is able to offer stylish and efficient cashless systems capable of handling any requirement. With unique Cashless Payment Terminals and reliable EPOS suites, Systopia offers cashless systems that are ruggedized for retail yet stylish enough for the most high-end settings. Systopia strives to offer complete cashless catering systems and also provide dynamic cashless vending readers as part of your cashless solution.

With one eye on the future, Systopia provides cashless systems that are compatible with a variety of payment methods, which can be integrated into the same EPoS terminal. Alternative forms of integrated payment are becoming more and more popular amongst customers, with mobile payments and banking requirements for ‘Wave and Pay’ technology, to name just two that Systopia’s cashless systems can accept.

More

UK business leaders failing to translate information security awareness into action

  • UK businesses have highest data security awareness levels since 2011
  • SMEs lagging behind C-suites in implementing data security protocols
  • Lack of understanding on impact of data breach still exists

Businesses in the UK are putting the confidential information of their customers and employees at risk by not implementing data security measures despite having the highest level of awareness of their responsibilities since 2011, the UK’s largest information destruction company has warned today.

New research from Shred-it reveals that despite business leaders in the UK (98% of C-suite executives [C-suites] and 88% of SMEs business owners [SMEs]) claiming they are aware of their legal data protection requirements, this is still not translating into action with just over half of C-suites (56%) and fewer than a third of SMEs (28%) carrying out frequent information security audits. Of greater concern is the fact that while 72% of C-suites say they’re ‘very aware’ of the legal guidelines around storing, keeping or disposing of confidential data, only half of UK SMEs (50%) say the same, an increase of just 7% since the survey began in 2011, indicating that SMEs risk falling behind their C-suite counterparts.

Shred-it is calling on UK businesses to once and for all turn information security awareness into action, and is encouraging SMEs in particular, to: conduct frequent data security audits, train staff on information security procedures, and safely dispose of unwanted confidential information.

shredit2

“While it is encouraging to see data security awareness improve among UK businesses, it is simply not enough to be aware of the risks and legal requirements associated with information security, businesses in the UK must put this into action,” warns Robert Guice, Executive Vice President Shred-it EMEA.

Guice continued, “SMEs are in serious danger of damaging existing relationships with larger businesses by not putting as much emphasis on information security as their C-suite counterparts.”

According to the fifth annual Security Tracker survey, almost a third of SMEs (27%) have no protocol in place for storing and disposing of confidential data, compared to just 3% of C-suites. Larger companies are also striding ahead when it comes to disposal methods with over a third of C-suites (35%) saying they have a locked console in the workplace for confidential information, as well as the services of a professional information destruction firm, compared to only 11% of SMEs.

SMEs failing to recognise impact of lost or stolen data
Despite half (50%) of SMEs claiming to be ‘very aware’ that they should implement information security protocols, many SMEs were not aware of the overall impact to their business if these protocols are not put in place. Worryingly, only 10% of SMEs claim that a data breach would seriously impact their organisation compared to 37% of C-suites, despite the potential legal, reputational and financial repercussions. Although the average data breach costs companies£2.37 million per breach, according to figures from the Ponemon Institute, only 5% of SMEs think that a security breach would result in severe financial loss compared to 23% of C-suites.

Data security five years on

Since the inception of Shred-it’s Security Tracker research in 2011, results have shown that C-suites are continuing to improve their data security practices and are turning their awareness into action. There is a dramatic improvement in how often they dispose of confidential information, with 56% now disposing of information every two or three months – increasing from just 17% in 2014. SMEs have not seen such a drastic improvement despite being aware that they should have the right protocols in place, with 36% still claiming that they do not know the perceived impact of lost or stolen data.

More

PEL upgrades school with safe and secure access control environment

PEL Services Ltd. has completed the installation of a new wireless access control system, further enhancing security for The American School in England (TASIS).

TASIS is a leading independent, co-educational university and college preparatory school located in Surrey.  Accommodating 650 children, of whom 195 board, it required a well-rounded security solution to account for students in its new single gender dormitory facility, which is home for up to 28 students during term time.

After a careful review of the site, PEL Services proposed a wireless access-control solution, using the British manufactured Paxton Net2 Paxlock access control system.  Net2 PaxLock is a battery powered access control unit in a slim line door handle.  PEL was able to install the new electronic door handles, with customised handles to match the style in use throughout the site, on all internal dormitory doors quickly and cost-effectively and without compromising on security.  The handles are wirelessly controlled from a central on site PC with easy to use software.

In addition, PEL installed a hard wired access control system to the main entrance and corridors for additional safety and security.
The decision to use PEL Services for this installation was based on PEL’s distinctive multi-disciplinary systems expertise, and as a result of the excellent relationship built between these two organisations over 30 years, during which PEL has provided multi-disciplinary maintenance of the school’s fire alarms, intruder alarms and access control systems. In 2007 PEL designed, supplied and commissioned a ‘Lock Down’ system covering the complete campus by using the Bosch Praesideo networked system and, more recently, PEL has been involved in the upgrade design, supply and commissioning of the TASIS networked addressable fire alarm system.

For Mary Ealey, Personnel and Operations Director at TASIS, service is one of the deciding factors in the appointment of an installer: “We continue to use PEL’s services as they are specialists in their area and have undertaken a considerable amount of work with schools. PEL always go above and beyond, to meet requirements in an efficient and timely manner and the service is always first class and very obliging.”

For over 35 years PEL Services Limited has been a leading UK building services and systems company designing, supplying, installing and commissioning integrated sound, fire, security, assistive technology and audio visual solutions.  In addition PEL provides a range of service agreements including routine maintenance and fully comprehensive cover, on third party equipment as well as PEL’s systems, throughout the UK and Eire.  The company supports markets as diverse as local authorities, public utilities, finance, healthcare, education, retail and leisure.

For sales information please contact PEL Services Ltd on 0333 123 2100 or go to www.pel.co.uk/security

More

Cyber security in SCADA environments

Chris Day, SCADA security consultant for MWR InfoSecurity

The beginning of 2015 saw one of the biggest cyber events ever take place. Unfortunately, it was  drowned out by the news of the various divisions of Sony being hacked.  At the same time, the German government quietly admitted it had suffered a sophisticated cyber attack against an industrial facility – a steel mill – which resulted in equipment damage, production downtime and which could have potentially cost lives. This event was only the second time ever a cyberattack had resulted in physical damage.

Following Stuxnet, the computer worm designed to attack industrial programmable logic controllers and ruined almost a fifth on Iran’s nuclear centrifuges, this is also the second publicly disclosed cyber attack against SCADA (supervisory control and data acquisition) equipment which has been formally investigated and attributed to a sophisticated remote attacker. This in itself is a rare event and demonstrates the credible and increasing risk to SCADA equipment, or computer systems used for gathering and analysing real time data. It is an unfortunate truth that a risk typically needs to be demonstrated in the wild repeatedly before it is addressed with the resolve appropriate to the potential impact of a successful attack.

However, unlike Stuxnet which featured sophisticated air-gap hopping methods to gain access, this attack is reported to have used less exotic, yet still credible spear-phishing (email spoofing fraud) and social-engineering techniques. The steel mill attackers were able to infiltrate the corporate network by sending a targeted phishing email that appeared to have come from a trusted source in order to deceive the recipient employee into downloading malware to his/her computer. Once the attackers obtained a foothold on the corporate system, essentially, they were able access to the steel mill by successively working their way into production networks to access the system’s plant equipment controls.

In this particular attack on the unnamed German steel mill, attackers manipulated and disrupted control systems  to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—albeit unspecified—damage. This event demonstrates how gaining access to and attacking SCADA systems doesn’t necessarily need to employ expensive or overly sophisticated techniques.

I have personally spent many years scoping, conducting and reporting SCADA system computer security assessments. In practically all my assessments, across several different sectors, I have noticed one common theme; a reluctance to admit or lack of understanding of connectivity between corporate and SCADA systems.

I believe I understand why this situation exists; it is typical to see an organisation’s IT and engineering as separate departments. Yet, to enable greater exploitation of SCADA metadata (such as manufacturing output or power consumption) and a lowering of infrastructure costs, it is increasingly common to find SCADA and corporate networks connected. In many instances, this fusion of networks is focused on maintaining the functionality of the corporate and SCADA systems by each group of specialists – the SCADA and network engineers. The discussion of the security implications of such a merger is often absent. It is at this junction, the known and unknown security issues of two networks have been combined into one, vastly increasing attackers’ chances of gaining access and having a negative effect against corporate or SCADA systems.

Also, we stand no hope of effectively dealing with cyber attacks against SCADA if we don’t improve our ability to share knowledge with the wider SCADA community. If organisations do not acknowledge security issues or attempt to diminish the credible, demonstrated threat for PR purposes, they are merely burying their heads deeper in the sand and perpetuating the problem. By recognising and sharing details of these attacks, we can make effective defensive countermeasures and strategies based on experience and understanding gained from studying real life attacks.

In summary, if we are connecting corporate and SCADA systems together we must ensure this union is forged securely so the networks do not share their security weaknesses with one another. These weaknesses could be in the form of vulnerable Internet exposed corporate network services, remote access for SCADA maintenance engineers or outdated SCADA workstations laden with historic vulnerabilities and operating systems. To enable robust security when combining networks, we need to be aware of the latent risks in each of the networks we are combining. We also need to also investigate the technologies present in each network to understand if new security risks would be created when combining them. Without this understanding, and an appreciation of in-the-wild attacks, we will be unable to implement effective defensive strategies and measures we need to protect SCADA systems and the Industrial and critical processes that exist upon them.

 

More