Friday, February 21, 2014
Thursday, February 20, 2014
VIDEO: Using NFC Tags In My Car
I decided to do this project because I felt I had a few security vulnerabilities with respect to my vehicle. There are plenty of things I can do to perhaps prevent an attack on myself in my vehicle. That is a fool-hearty goal at best. Prevention of any crime is difficult to measure. We assume crime is prevented by the things we do but we have no idea as to whether the threat ever went away. Our best course of action, then, is to think about mitigation. In other words, we seldom plan for WHEN the attack or emergency will occur. In this scenario, I felt I a great mitigator would be the use of a discreet mechanism alerting authorities and other concerned persons if I found myself in an emergency. I felt NFC (near field communication) tags would be best, since my phone is an integral part of my travels in my vehicle. Placement of course was key, so I positioned the tag just below where I keep another tag that commands my phone to turn on my map an increase its brightness. The duress tag alerts the authorities and tweets out a duress message to friends and followers on social media. As you can see from the video it is place in a way where I can't accidentally activate the duress command. Imagine a scenario where the phone is mounted on the phone holder while I'm carjacked. The bad guy asks for the phone and I have an opportunity to grab the phone and place it on the tag for a second to activate my duress. I stall the attacker until the authorities arrive. I set the phone to activate the duress with the screen locked out when activated with no speakers on and only the microphone working.
Here is the pic of where my tags are located inside my vehicle:
.jpg)
A couple of great links to where you can buy some tags.
http://www.amazon.com/NFC-tags-Writea...
http://www.tagstand.com/
There are also a number of apps to use. I use Trigger. See the link below to download it from the Google Play Store:
https://play.google.com/store/apps/de...
The thing about NFC tags is they are very inexpensive and relatively easy to implement. Almost a perfect security tool when properly used.
To learn more about NFC tags:
https://en.wikipedia.org/wiki/Near_fi...
Be sure to check out my blog for my DIY security projects and security related topics - http://blog.thesecuritydialogue.org
Wednesday, February 19, 2014
Why Attacking The Grid Became Hip & What We Can Do About it
In April 2013, a group of armed men attacked 17 Bay-area power substations in an effort to presumably disrupt power to neighboring business. The attack was carried out using 7.62 rounds which are commonly used in AK-47s (and its variants) as well as numerous other rifles namely certain sniper rifles such as the M-24 depicted below. The attacks were said to be carried out with military precision as the attackers both shot at the transformers and breached the underground area where various power cables were located.
I've also attached the surveillance video of these attacks so you can get an idea of how they occurred.
Much has been pontificated on exactly who could have carried out such an attack. Former Federal Regulatory Commission Chairman John Wellinghoff stated he believed the attacks were a "terrorist act" even though the FBI has said to various media outlets they don't see any evidence of that now. As an investigator and a former military police officer, I can tell you when law enforcement says they "don't see any evidence supporting that", that does exclude any suspicions they might have. My preliminary guesstimate is the FBI has some idea as to who the perpetrators are especially given the investigation is several months old and we're approaching a year since the attacks occurred.
I have heard from various sources this was the work of animal rights groups or environmentalist, given the target selection and court convictions of members of those groups in attacks against similar targets despite the methodology being completely different from the Bay-area attacks. For the record, I completely disagree with this supposition, as it eliminates several other groups who are just as capable and have just as much stake in pulling off this kind of attack. As a matter of fact, I find it odd those who suspect environmentalist/animal rights connections would ignore the attackers would choose a methodology using firearms which goes against one of the strongest weapons going for them - the lack of human casualties and kinetic attacks which harm human beings. Think about what I'm saying here for a second. Why would you bring a gun to an op where you could be discovered by law enforcement if the weapon isn't going to be useful as a defensive weapon against them? Also, any of these groups would have to account for the damage done to their public image if discovered with sniper rifles. It certainly makes it easy for their opponents to call them "enemies of the state".
What I surmise, rather amateurishly, is the perpetrators brought guns to do the damage and possibly, engage responding law enforcement. Thankfully, the latter never occurred I suspect because the suspects believed they had done enough damage. I am also of the opinion this was a dress rehearsal for a larger scale attack. Many groups do a dry-run before a major attack to test how the target and responders react. We see this all the time with bomb threats called in weeks before an attack. No suspicious device is found at first as the subjects observe reactions. They then rework the plan and decide whether to order another test. I know this because this is how I was taught to plan operations in the military and I suspect whoever is behind these attacks was taught the same lessons.
So why the power plants and why sniper attacks? Quite simply, because the security industry and our government partners have been discussing this since 2002. We've consistently asked that critical infrastructure beef up its security. Additionally, a report was done by the National Academy of Science describing the probability for success of a sniper attack against transformers. One could use the CARVER matrix to determine this is perhaps the more likely of any probable attack against critical infrastructure nodes. This is partially because of the ease of access to the target, lack of security at the target, its criticality (it is vital to the target's mission), and its recoverability.
My summation is the attackers didn't have much experience as a group with kinetic attacks and may have used this attack as a means to demonstrate some proof of concept. Whether there will be more attacks is still unknown. Given the hype surrounding this one, they may try again.
Here's what I propose power companies can do to protect their substations:
- Add 10 foot fencing around the perimeter of substations, ensure fence is encased in concrete at the bottom to prevent digging under the fence, and configure the barbed wire in a Y configuration.
- Have a roving armed security unit patrol actively in the area of transformers and substations conducting periodic but random security checks of the area. Have a randomizer pick the days and times of these attacks on a daily basis. Never keep the same schedule.
- Consider feeding the substation's closed circuit television feed into your state's emergency management agency or fusion cell incident management consoles.
- Emplace barriers throughout the avenues of approach to disrupt potential vehicle traffic to the substation.
- Consider placing armoured steel on the transformers and other critical areas.
- Consider using seismographic security sensors and magnetic sensors along various vantage points.
- Conduct a foot patrol in the area as a part of your random checks I mentioned earlier.
- Conduct a red team exercise yearly on your facilities to ensure personnel and security operators understand and implement sound practices to secure your assets in an attack.
Subscribe to:
Posts (Atom)