Introduction
Due to the daily reported cyberattacks, much attention is paid to cyber security. The attack surface grows dramatically as more gadgets connect to the Internet and become desirable targets for hackers. The adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices have produced a network of Cyber-Physical Systems (CPS) that is more interconnected than before, increasing the attack surface and hiding features of physical security and cybersecurity that were previously obvious.
Main body
Protecting people, property, and tangible assets against the risk of physical actions and occurrences, such as fire, flood, natural disasters, robbery, theft, vandalism, and terrorism, is referred to as physical security. Examples include fences, vehicle obstacles, limited entry points, warning signs or window stickers, and security lights. Physical security and cybersecurity divisions that work separately lack a comprehensive understanding of the security risks aimed at their company. Successful assaults are, therefore, more likely to happen. They may lead to the theft of confidential or private information, financial loss, the interruption of essential operations, or even fatalities.
Physical security safeguards cybersecurity by restricting access to data storage areas, and the opposite is true. Hackers frequently target physical security devices with Internet connections, including RFID key card door locks, cellphones, and surveillance cameras. Experts have historically managed physical security operations with a background in law enforcement (Bellizia et al., 2020). They are skilled in upholding the physical safety of a site using locks, cameras, guards, fences, and alarms. The IT division, which was in charge of the network and computer systems, had exclusive responsibility for cybersecurity. Initially, the two departments had minimal decision-making regarding security processes (Ahmed et al., 2019). However, this communication breakdown may leave attack surfaces wide open—a flaw that numerous hackers have exploited in recent years.
Physical security is an essential business strategy to address various issues, including reducing workplace violence, protecting people’s intellectual property from corporate espionage, and preventing unauthorized individuals from accessing the firm and inflicting harm. The sensitive information that a solid cybersecurity approach protects physical systems stores (Bellizia et al., 2020). One of the essential parts of the transmission system is the protection system, which is constantly becoming computerized and automated. Attacks and vulnerabilities in these digital systems can significantly negatively impact the power grid’s operation (Al-Fedaghi & Alsumait, 2019). Several alerts might be transmitted to the control center due to malfunctions and frequent excursions. It may also result from protective system flaws, abnormalities, and unforeseen triggering (Ahmed et al., 2019). This illustrates the instability of cyber networks that ignore their physical appearance and employ just digital protection.
Continuous cyber-physical monitoring of the system may be built thanks to the situational awareness derived through sensors like the Vector Measurement Unit (PMU) and the data gleaned from the cyber system (Al-Fedaghi & Alsumait, 2019). The technique is validated by simulating the IEEE test system in real time and adding industrial hardware relays and PMUs to the loop (Bellizia et al., 2020). The data analysis algorithm running on the server continuously uses this data in real time to identify abnormalities and categorize for the intended use cases.
In contrast to other system-related challenges, the subject of system security, particularly cybersecurity, is unique. Security faces a constantly evolving opponent, while fault tolerance problems encounter design, implementation, and validation concerns in a constantly changing operational environment—Designers attempt to simulate the continually shifting conditions that the system must operate to continue performing its tasks (Ahmed et al., 2019). Additionally, designers must test their work on this model.
Modeling becomes crucial for measurement as well. The assessment of systems to ascertain their overall risk and security posture, the construction of countermeasures, and the subsequent re-evaluation of systems to establish the effectiveness of countermeasures in a verifiable, repeatable manner (Al-Fedaghi & Alsumait, 2019). We must be able to model these systems’ security, vulnerability, and risk in a quantifiable manner (Bellizia et al., 2020). There are several techniques to represent attackers based on modeling the attackers themselves (Griffor, 2017). Additionally, their complexity is increased by how they link to and interact with other systems. These complexities must also be recognized and modeled to comprehend the indirect influence on the security posture.
As embedded cryptographic technology is utilized increasingly often, such as for the Internet of Things, the development of authentication systems has gained relevance. To increase security against side-channel attacks, authenticated encryption and encrypted encryption are crucial. Over the past ten years, several operation types utilizing various abstractions have been proposed and investigated (Griffor, 2017). Such systems’ practical effects have already been somewhat researched in the past. For this, the physical presumptions on the evidence of leak resistance are first translated into baseline security criteria for developers.
This heuristic translation allows experts to see numerous results. The first finding is that protection from physical attacks may be viewed as a tradeoff between defenses at the mode level and those implemented (Bellizia et al., 2020). The second is that the security criteria might be notably distinct for various implementation elements and are also feasible to ensure confidentiality and integrity before a leak. One may observe validation of the initial conclusion after examining several operational modes with progressively higher leakage resistance. Single-level implementations, in which specific circuit components have different criteria for leakage safety, are also feasible (Al-Fedaghi & Alsumait, 2019). When high physical security is necessary, this results in improved performance. Nevertheless, a physical security strategy is required to increase the security of encryption systems. Finding ways to instantiate the different parts of a leak-proof encryption system with authentication is necessary.
The usual modes of operation can be used to determine a physical security attribute, such as the integrity of a leaked ciphertext. Traditional modes can be OCB as long as all block cipher executions in these modes are sufficiently secured from DPA. This results from the high expense of the end product (Griffor, 2017). This DPA security criterion can be relaxed for some implementation portions in modes with improved leak resilience. Additionally, it should be emphasized that the literature already offers a variety of operational modes that correlate to a variety of leak prevention goals (Bellizia et al., 2020). This enables us to demonstrate the tradeoff between physical security and the accuracy of algorithms, including potential candidates for ongoing work on related NIST standardized ciphers.
Conclusion
Despite the apparent connections between physical and cyberspace security, many businesses still perceive these systems as distinct. This was acceptable in the past since there was no technology to combine cybersecurity with physical security. To strengthen any firm, the issue ultimately comes down to governance, which should focus on establishing a unified body for security policy and bringing physical security and cybersecurity teams together. An integrated security architecture provides a platform for tying the physical and digital worlds together through intelligence exchange, visibility, control, and automation. As technology becomes more prevalent in our everyday lives, CPS is required to assist in safeguarding the business against unintentional harm (Griffor, 2017). This may also harm the exploitation of these resources and systems, which helps protect against interference with or compromise planned tasks.
References
Ahmed, A., Krishnan, V. V. G., Foroutan, S. A., Touhiduzzaman, M., Rubin, C., Srivastava, A., Wu, Y., Hahn, A., & Suresh, S. (2019). Cyber-Physical Security Analytics for Anomalies in Transmission Protection Systems. IEEE Transactions on Industry Applications, 55(6), 6313–6323. Web.
Al-Fedaghi, S., & Alsumait, O. (2019). Towards a conceptual foundation for physical security: A case study of an IT department. International Journal of Safety and Security Engineering, 9(2), 137–156. Web.
Bellizia, D., Bronchain, O., Cassiers, G., Grosso, V., Guo, C., Momin, C., Pereira, O., Peters, T., & Standaert, F. X. (2020). Mode-Level vs. Implementation-Level Physical Security in Symmetric Cryptography. Advances in Cryptology – CRYPTO 2020, 369–400. Web.
Griffor, E. R. (2017). Evolving Security. NIST. Web.