Firewalls against terrorists?

Unidirectional connectivity offers complete security against threats of IP-based surveillance.

computer virus 88 (photo credit:)
computer virus 88
(photo credit: )
As the Security Israel 2008 convention opens today, representatives from all over the world will come to see what country's finest security companies have to offer. One emerging market that they will be focusing on will be the growing need for securing IP (Internet Protocol) video surveillance. Imagine what would happen if terrorists were able to penetrate the control center of a critical national infrastructure, such as a national gas line. Controlling such a facility would enable the terrorists to cause unimaginable destruction. Unfortunately, such a scenario is not imaginary. Critical national facilities are prime targets for terrorist activities. Several years ago terrorists attempted to blow up Pi Glilot (gas depot in Israel) by placing explosives on a fuel truck that was supposed to enter the compound. Such attempts have occurred in Israel as well as around the world. Consider how much easier the terrorists' task would be if they could hack the control center of a critical infrastructure from the comfort of their home. Over the past few years there have been several reports of cyber attacks on control systems of nuclear power plants, sewage systems, transportation facilities, etc. Only recently the CIA disclosed that cyber attacks have caused at least one major power outage affecting multiple cities outside the US. There is a well-known tradeoff between the security of a modern business and business requirements. While the latter requires increased connectivity to the critical national infrastructure's network, the former promotes complete segregation of the facility's network from the outside world. The benefits of connectivity and the growing dependency on it have risen to a stage where complete segregation is impractical and impossible. One area where this dissonance is even more pronounced is the area of Physical Perimeter Security, a fast growing market that is rapidly shifting to IP-based technology. Organizations install modern IP-based surveillance networks in order to improve their facility's physical security. Doing that unfortunately may reduce the overall security of their organization. Whereas IP-based surveillance networks provide greater efficiency, IP communication also entails great risks. An attacker can gain access to a surveillance network by simply connecting a laptop in place of a camera. This allows access to other devices on the same network (e.g. additional cameras, access control systems) and if the network is connected to additional networks, the hacker can gain access to these networks as well. The resulting damage can be immense. Israel is one of the innovators of security technologies, trying constantly to stay ahead of hackers and provide the means for protecting IT infrastructures. Israel's position in the world of security could not have been more evident than at the recent ISC-West International Security Conference and Exposition, where Hebrew was in many booths as useful a language as English. The ISC-West conference focuses mainly on surveillance technologies and draws tens of thousands of visitors aiming to be a part of the growing trend of migration from analog based surveillance to the modern IP-based capabilities. Naturally, Israel is not ignorant of the new security risks posed by this new trend. The industry provides a wide range of solutions to these threats. Firewalls, intrusion prevention systems and anti-viruses are only some of the technologies used to secure data and infrastructures. However, none of these solutions provide complete protection. Software-based security measures have vulnerabilities and exploits and are not immune to human errors. Given enough time and effort they can be hacked and circumvented. When looking to protect sensitive or mission critical facilities, one must consider that hackers will go to great lengths to cause damage. One must keep in mind that in real life terrorists are willing to be killed while performing terrorist attacks. Thus, one must deploy a solution, which is not vulnerable to standard attacks. A full proof, fool proof and future proof solution is required. One of the promising trends in the network security world is that of unidirectional connectivity, a concept which provides precisely these security requirements. A unidirectional connection is a system that allows data to pass between networks in one direction only. A secure unidirectional communication system must enforce its unidirectional data flow by means of physical hardware as opposed to software and other logical ways. Unidirectional connectivity provides complete security against threats inherent in IP-based surveillance. The idea is transmitting video feeds through a unidirectional link. This architecture creates an impenetrable gateway preventing hackers from penetrating the network. Even if a hacker obtains physical access to a camera, he will not be able to create additional damage, as the unidirectional gateway creates a barrier to online attacks. Israeli companies are leading the trend of migrating to IP-based surveillance supplying the customers with innovative technologies to better monitor their facilities, and also to enable the capabilities, which secures the surveillance system. Thus providing mission critical organizations the ability to reap the benefits of IP-based surveillance without compromising their security requirements. The author is CEO of Waterfall Solutions Ltd (www.waterfall-solutions.com), which specializes in unidirectional communication technologies for critical national infrastructures, homeland security, banks and enterprises.