Home
> Uncategorized > Musings on cyber security
Musings on cyber security
I recently attended a very interesting talk at the ICE about what engineers can do to defend against terrorism (especially cyber attacks).
With this in mind I think design offices are fairly guilty of being slack when it comes to security of data. A quick rummage through the office server (which is not encrypted and I imagine would be easy for any potential hackers to access) I found, amongst other things, the detailed design for an ammunition storage plant in Beirut. Closer to home there is the structural designs for many a building in central London.
So, fellow PETs, do any of your design offices have actual security measures in place? I think this will be a growing concern in the future.
Categories: Uncategorized
Holdfast Training Services Trial Blog 
Fred,
I’ll be careful with what I say, as I suspect this site isn’t too secure either and you never know who is watching our fascinating blog chats waiting for a nugget of technical information.
But yep you are right and I raised this as a concern when writing a TMR on alternative robustness methods and blast protection design considerations. If you know how a building is designed to provide robustness, and against what size loading, you can quickly figure out how overcoming those robustness mechanisms could increase damage in a structure. I think design engineers are so busy distracted by BM diagrams this rarely appears on their risk register.
Unsurprisingly, my office in Fort Meade is pretty secure… I’ve been here three weeks and still don’t have access to the intranet. I suspect my position is fairly unique though.
This brings up an interesting point though. It often isn’t the security put in place but more the organisation’s attitude to it. Robust encryption systems and electronic permissions and an extensive list of who has what copy of whatever hard-copy publication/drawing means nothing if people share their passwords and leave things lying around their desks overnight. What is the most important barrier to nefarious activities? Is it in recruitment practices and controlled access to the site office or is it in the electronic barriers that stop workers / intruders from gaining access to sensitive information. I would argue that it’s the combination of these barriers and the risk vs reward for those trying to steal said information.
One thing my office does have that I’d never thought of before is the use of a rotating WiFi password. I reason it limits an outsider’s ability to gain access whilst still using an open system to promote efficient working practices. They literally keep slips of paper at the front desk for workers and visitors to collect if needed: simple but probably quite effective.
I concur with James, I needed DV, STRAP and an NSA brief before they let near a machine, but again, it’s a unique case.
One thing James forgot to mention about practices here in the US is that you physically need to slot your Army ID card into a machine in order to access any of the computer networks. I’d never seen this before, but I assume some other civvy companies have adopted these sorts of strategies too. Once logged in you’ll also be expected to re-enter your password on a regular basis (maybe a couple of times a day) to ensure it’s still you in front of the computer. The physical card just adds an extra layer of security to the password protections. It may also make it easier for employers to track your digital signature to make sure you’re not up to no-good or to retrospectively see what you’ve done if something is highlighted.
It also becomes a big pain in ass when you forget your ID card and drive all the way to work without it! You can go through the procedure to get onto base, but there’s no way to login so there’s no choice but to turn round and drive home and get it!