“Security is escalating in importance,” said Dan Reuckert.
Rueckert is the associate vice president of Black & Veatch’s Management Consulting Division’s Security & Compliance practice. He has 35 years of experience in information technology, security, project management, and consulting.
Rueckert discussed the relationship between physical security and cybersecurity when it comes to critical infrastructure sites like water treatment facilities and nuclear power plants. “Weak physical security can allow people to physically get through and break into a network,” he explained. “Some critical infrastructure sites have substations and boxes behind fences and if they can get in one layer, they can get back in through another layer.”
Cyber criminals must be well versed in how to manipulate utilities. “These are knowledgeable people that also have an understanding of utilities and infrastructure,” said Reuckert. If someone does penetrate the system, they may “switch on and off resources, do financial transactions, access operational technologies, or steal intellectual property.
“Cyberattacks can come from casual hackers or nation-states,” he said. “Casual hackers are usually organized around environmentally conscious causes and they try to form localized factions to disrupt things. They have an agenda that they are promoting. A recent incident involved both a protest at a company that coincided with an attack on their firewalls.”
Nation-states that attempt to hack into critical infrastructure systems often have a completely different objective. “Nation-states tend to be 2nd tier nation-states like North Korea or Iran that may attempt to disrupt our way of life,” he explained. “Other types of nation-states like China or Russia are more interested in gaining an understanding of our technology and intellectual property.”
Critical infrastructure sites are gradually becoming more secure through the Obama Administration’s critical infrastructure protection and cybersecurity initiatives. Reuckert was also optimistic regarding the NERC Critical Infrastructure Protection Standards Version 5.0.
He advised workers at critical infrastructure sites to be very mindful of their surroundings. “People should have a certain level of awareness when working around physical sites,” he said. “They should look out for activity around fences and gates. Access control devices and security cameras are needed. Wireless devices also need to be hardened.”
Going forward, Reuckert explained that both physical and cybersecurity will be of the utmost importance. “They are part of an escalating cycle that will not go away.”
Black & Veatch is a global engineering, consulting, and construction company based in Overland Park, Kansas.