Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Implementing "Perimeter Intrusion Detection"

It's important to get the funds to support a security initiative - but even more important that these funds are well spent. In the article titled "$90M err-ports" from the New York Post Murray Weiss writes:

A nearly $90 million security system designed to thwart terrorists trying to get onto runways at the metro area's four major airports still isn't up and running four years after it was purchased by the Port Authority -- and it may never work, officials told The Post.

The safety network -- dubbed the Perimeter Intrusion Detection System, or PIDS -- was supposed to provide state-of-the-art electronic fencing complete with sensors and closed-circuit cameras that would immediately pinpoint someone trying to get on a runway to attack a plane at JFK, La Guardia, Newark and Teterboro airports.

Sources: Questions about a new airport security system, $90M err-ports, Raytheon Wins $100 Million Contract for Airport Perimeter Security

This story came to my attention while watching the news the other day. The term "Perimeter Intrusion Detection System" sounded familiar and triggered further investigation on my part. The New York Port Authority signed a more than $100 million contract with Raytheon to build and install perimeter fencing, sensors and cameras around the four major airports in New York (John F. Kennedy International and LaGuardia) and New Jersey (Newark Liberty International and Teterboro). The system is designed to prevent a potential terrorist from accessing a runway to attack a plane. The article states:

"provide state-of-the-art electronic fencing complete with sensors and closed-circuit cameras that would immediately pinpoint someone trying to get on a runway to attack a plane"


When I work with organizations to design defensive measures, I take into account many factors. Looking at previous and current attacks against the infrastructure is certainly one of those factors. While you cannot limit your defensive strategy to known attacks, it needs to play a major role. For example, most of the attacks against airports and planes have not come from terrorists physically accessing the runway. Yet millions of dollars and countless hours are being spent implementing a defense system that will protect the perimeter of the airport. Common sense needs to play a role when you are designing defense systems, whether for airports or your network. Let’s take the airport example a step further. Maybe it’s just me, but isn't it easier to just buy a plane ticket? Even better, get on the inside by becoming an employee of a restaurant inside the airport? If there was ever a physical attack, a rocket launcher puts some distance between the attacker and the plane and eliminates the need to be on the runway. In the case of a rocket launcher, the plane was shot down at 8,000 feet after leaving the airport. With respects to perimeter security, a rocket renders a fence around the runway completely useless as an attacker can be within range and still be at a safe distance from the airport defenses.

Unfortunately the same mistakes are being made in information security. Many of our defenses are not based on the proper sources of intelligence. For example, should you spend millions of dollars on a new firewall when the attackers are abusing your web applications? Probably not. The one you have most likely works just fine with respect to features (throughput may be another story). Firewalls do provide some level of perimeter detection for your network, and you can prove their effectiveness by reviewing logs and providing statistics to management on how many attacks and scans the firewall is preventing. While this technology is useful, it can lead to a false sense of security (e.g., "We have a perimeter fence, no one will shoot a plane with a rocket launcher"). You may not feel the need to patch your systems because, "Hey, it’s behind the firewall". Turns out this same security fallacy projects itself into the physical security world too, because the Port Authority has now scaled back its perimeter patrols (ones performed by humans), and replaced it with the perimeter security, which, by the way, is not working correctly.

It’s a Bird, it’s a Plane, oh no it’s just a False Positive

As it turns out the PIDS was first “tested” at Teterboro airport, where they experienced a high level of false positives. Birds, small animals such as squirrels and weather (rain and wind) caused the alarms to go off. This is a prime example of a lack of testing. Rather than install an expensive system at an airport (57 miles of "intelligent" fencing has already been installed), test it on a small scale in the field first! The same should be true for any technology that you put into your network. Many people have commented how their production systems absolutely cannot be disrupted in any way in order to keep the business running. You should always have a test lab where you can experiment and test new technology. In addition, there are usually smaller pockets of your network that make a good proving ground for technology. They make sure it works the way it’s supposed to, before you surround the entire network (or in this case airport) with it.

Intelligent Security

When implementing security, you need to identify your most critical assets, review the potential threats and prioritize the defenses. So much of security is about proper management and making sure that your projects are aligned with the business goals and working to eliminate risk. Implementing new technologies because "they sound neat" is the wrong way to approach security. Before the project even gets created, you need intelligence about your attackers and what is happening on your network. The intelligence needs to be reviewed on a regular basis and your strategy updated accordingly. Therefore, before you go putting a huge fence around your network, do your homework and make the right decisions.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training