Since most systems are connected through the Internet and Internet protocol, networks are a potential target for cyber-based attacks. Hackers do not prefer one system over another; they just want to access the network. The hackers' goal may be to cause chaos, and whether that is done through the data system or the electrical system, the result is basically the same: unauthorized and unwanted network access.
Does this really concern me?
Many contractors may feel network security is of no great concern-unless it is theirs. But for every installation, at every client location, that network's overall security should be of interest. Contractors need to be aware that many of their routine systems installations are computer driven and attached to the network in some way.
“Not being concerned about network security seems like a very limiting posture for a contractor, and [being concerned could be] a good opportunity to carve out a niche business model that can better benefit customers than their competitor can,” said Joshua Wright, deputy director of Training, SANS Institute, a Bethesda, Md., computer security specialist.
Network security concerns should be addressed because organizations may need to protect trade secrets or comply with federal regulations.
“In many organizations, the weakest point in the overall security of the network is exactly the equipment that is being handled and installed by contractors,” Wright said. “If an attacker can compromise a router, hub or other data system at the LAN level, there are not usually firewalls or intrusion detection systems to stop them from amassing large quantities of confidential data.”
Tackle the problem
Knowing what vulnerabilities exist is the first step, and using vulnerability assessment tools are the next. Often referred to as “security audits,” these tools perform network scans that evaluate current conditions and help reveal potential problems. Since new threats crop up all the time, scans must be run regularly.
The assessment tools also list vulnerabilities in order of priority, allowing the contractor scanning the network to tackle to the most critical problems first. When using vulnerability-assessment tools, remember that permission from the network owner is a definite requirement.
Wright said the shift toward interconnected and interdependent system architecture, such as Ethernet and wireless LANs, has opened the door to more network threats.
This “shift” brings systems and components such as HVAC controllers, video monitoring arrangements, physical security controls and biometrics into the network.
For example, since many integrated building systems now are set up for remote access, monitoring and control, an attacker could wreak havoc on the HVAC system-without even being on-site-by tapping into the main network.
It is imperative to understand that when discussing network vulnerability and systems, many contractors forget about the hardware, which is where they can exert some control.
“Whenever a contractor or an installer deploys a system that connects to a network, they should ask, 'What are the security measures in place to protect this system' and, 'What is the potential impact if this system is compromised,' then convey that information to the customer,” Wright said.
It seems that reverting to the basics-in this case the infrastructure-can be beneficial in overall network security. Once again, contractors seem to have the upper hand.
“Installers are in a unique position to offer advice on how these types of systems could be abused, and often have more experience with protecting these systems at setup time than the customer will,” Wright said. “By helping organizations understand these threats and risks, contractors can provide an increased value, potentially saving their customers from costly hacker break-ins.”
Even if performing vulnerability assessments and scans is not something you want to start offering as a service, merely understanding the importance and need, and being able to explain it, can strengthen customer relations. EC
STONG-MICHAS, a freelance writer, lives in central Pennsylvania. She can be reached at JenLeahS@msn.com.