Vanderbilt Industries
Download PDF version Contact company

We probably take critical infrastructure for granted in our day-to-day living. We turn on a tap, flick a switch, or push a button and water, light, and heat are all readily available to us. However, as critical infrastructure are managed by computerised systems this makes them vulnerable to cyberattack. As a direct consequence, this makes us as a society vulnerable too.

Imagine if a cyberattack took down the power supply to an entire city without warning? Chaos would ensue. Traffic lights, ATMs and cash registers, fuel pumps, and water pumps, amongst a long list of other things, would cease to operate. The scary thing is, the scenario of a cyberattack on critical infrastructure isn’t far-fetched anymore.

Two-factor authentication

For example, in 2016 the WannaCry ransomware attack infected over 300,000 computers around the world. Frighteningly, the virus was spread by something as low-tech as an email. Britain’s National Health Services (NHS) was caught up in the attack. As a result, surgeries were cancelled, staff reverted to pen and paper, and only emergency patients could be treated.

The most well-known example of a cyberattack on critical infrastructure was the attack on the Ukrainian power grid in December 2015 when 250,000 homes lost power as a result. Accessing the systems controlling the plant’s circuit breakers did not require two-factor authentication, thus providing a security breach for the attackers to exploit with stolen credentials.

Physical security has moved from being very simple inputs and outputs, to being always-connected devices

Provide best security

The rapid gains that technology has made into everyday living has also changed how the security industry operates. In short, physical security has moved from being very simple inputs and outputs, to being always-connected devices. This makes the industry very much part of the IoT world. Of course, this leads to the question - how does physical security protect itself from cyber vulnerabilities?

This ethos has changed how Vanderbilt think when designing and developing their own security systems, in particular SPC. FlexC, the company’s communications protocol, was redesigned from the ground up solely with cybersecurity in mind. The protocol has been designed to ensure everything is encrypted, all communications are monitored, and multiple types of attack are considered for defensive purposes to provide the best security possible.

Multiple communication paths

SPC has built-in protection mechanisms whereby if the system is attacked, it will go into protection mode. The system will remain operational and it will still be able to communicate out, but it will start to shut down elements of itself to protect the system from the attack.

While no system is invincible, SPC has been designed so that should an attack penetrate, the system has multiple communication paths available as backup. Therefore, if one server is taken down the system can immediately switch to a backup server and then switch communication paths to bypass the attack and ensure messages still operate successfully.

Targeting people opens the door to the ‘weakest link’ possibility that can uncover vulnerabilities such as lack of authentication and encryption

Targeting critical infrastructure

The most obvious low hanging fruit when targeting critical infrastructure is to target people. Targeting people opens the door to the ‘weakest link’ possibility that can uncover vulnerabilities such as lack of authentication and encryption, and weak password storage that can allow attackers to gain access to systems.

Notably, the clear majority of hacks come down to human error whereby weak passwords, or clicking on contaminated email attachments, will expose an organisation’s security. Hackers have also been known to target contractors and simply wait until they go on-site for scheduled maintenance with their infected laptops.

Spear-phishing email

According to the Kaspersky Lab research, the percentage of industrial computers under attack grew from 17% in July 2016 to more than 24% in December 2016. The top three sources of infection were the internet, USBs, and email attachments.

For instance, a spear-phishing email was the technique used in an attack on a German steel mill in 2014. Here, the attackers gained access to the plant’s network through an infected email attachment. The success of these non-complex methods would indicate low levels of awareness about how cyberattacks are carried out.

Blocking phishing attacks

Technology in day-to-day life might be growing at a rapid rate leading to fears of potential security breaches. But one must remember that technology’s growth also means that security defences are developing in parallel. At its core, security is about being continuously observant, following best practices, and being ready and able to react against a security issue. Unfortunately, in a survey of nearly 600 utility, energy, and manufacturing organizations, only half of the companies had a dedicated IT security program.

A hacker waits an average of 146 days from having penetrated a system before they strike

Email controls assist in blocking phishing attacks that can bypass spam filters. While regular compromise assessments will check to see if an attacker is already in the system. Currently, a hacker waits an average of 146 days from having penetrated a system before they strike. Therefore, regular assessments give the opportunity to root out penetrations before they strike.

Following best practices

However, one of the most obvious places to start is to choose equipment from reliable suppliers that have a knowledge and interest in cybersecurity and are focused on protecting your data. When your security system is designed from the ground up to protect against cyberattacks, naturally your organisation will be in a much better place.

So how do we best protect against the darker side of an increasingly connected world? By being open and transparent in exposing and reporting vulnerabilities. The best way to avoid attacks is to keep systems up-to-date, change passwords regularly, provide employee training and be diligent in safeguarding facilities through firewalls and following best practices in network maintenance. Keeping up with security updates allows us to make the most of the new technologies available today and into the future.

Download PDF version Download PDF version

Vanderbilt Industries news

Vanderbilt Industries announce the launch of major update for its cloud-based access control systems, ACTpro 3.1

Vanderbilt Industries, a globally renowned company in providing state-of-the-art security systems, has announced the launch of the newest version of its cloud-based access control system, ACTpro 3.1. This update introduces key features representing Vanderbilt’s commitment to providing customers with a robust, scalable, and comprehensive access control platform. ACTpro access control system ACTpro is a network-based access control system that benefits from multiple integration scenarios w...

Vanderbilt Industries offer cloud-based security solutions for schools to enhance students and staff safety

School is out for the summer, but as the new school year approaches and students return to the classroom, the need for streamlined security solutions has never been greater. Not only are the typical procedures needed to protect against physical security threats, but the increase of demand for touchless solutions also plays a significant role in educational facilities reopening in a post-COVID society. Currently, over 90% of public schools are already using some type of access control and video...

ACRE acquires Time Data Security (TDS) to strengthen their product portfolio and expand business

ACRE, a provider of state-of-the-art security systems, announces the acquisition of TDS based in Dublin, Ireland. This purchase will enhance ACRE’s strategic expansion plans for strengthening the product portfolio and geography in the UK and Europe and bringing new cloud-based visitor management and access control products to North America. This is ACRE’s first acquisition since being acquired March 11 by Triton Partners. TDS provides cloud-based workspace solutions that will comple...

Vanderbilt Industries case studies

Oliver Law Security installs Vanderbilt ACT365 security system to protect one of Doncaster’s largest gyms, The Fitness Village

Doncaster Culture and Leisure Trust (DCLT), The Dome, required a new solution that would protect several areas, including one of the largest gym’s in Doncaster, The Fitness Village. Vanderbilt ACT365 system DCLT had a specific brief for this project that specified enhancing the staff and customer experience, while simultaneously providing access control solutions to restricted areas from the general public, members, and staff alike. Oliver Law Security (OLS) Ltd. did not hesitate to rec...

Vanderbilt secures a hospital in Ireland with access control integrated solutions

St. James Hospital in Dublin, Ireland, which has more than 1,000 beds, is a teaching hospital that specialises in not only treatment but health promotion and preventative services at its central location. It is also a central location for the treatment of COVID-19 patients. Tasked with keeping patients and staff safe from the threat posed by the COVID-19 pandemic, St. James Hospital needed a way to add additional screening capabilities to its facility alongside its existing access control termi...

Vanderbilt integrates ACT365 with Mobile BankID to enhance supermarket security at ICA Sweden

Installation company Nessence recently integrated Vanderbilt’s ACT365 cloud-based access control and video management system with Mobile BankID in Sweden. Mobile BankID is a citizen identification solution that allows companies, banks, and government agencies to authenticate and conclude agreements with individuals over the internet. The integration with ACT365 comes together to solve a brief put forward by the supermarket chain, ICA Sweden. Web API for integration Tobias Olofsson, Proj...