Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Implementing "Perimeter Intrusion Detection"

It's important to get the funds to support a security initiative - but even more important that these funds are well spent. In the article titled "$90M err-ports" from the New York Post Murray Weiss writes:

A nearly $90 million security system designed to thwart terrorists trying to get onto runways at the metro area's four major airports still isn't up and running four years after it was purchased by the Port Authority -- and it may never work, officials told The Post.

The safety network -- dubbed the Perimeter Intrusion Detection System, or PIDS -- was supposed to provide state-of-the-art electronic fencing complete with sensors and closed-circuit cameras that would immediately pinpoint someone trying to get on a runway to attack a plane at JFK, La Guardia, Newark and Teterboro airports.

Sources: Questions about a new airport security system, $90M err-ports, Raytheon Wins $100 Million Contract for Airport Perimeter Security

This story came to my attention while watching the news the other day. The term "Perimeter Intrusion Detection System" sounded familiar and triggered further investigation on my part. The New York Port Authority signed a more than $100 million contract with Raytheon to build and install perimeter fencing, sensors and cameras around the four major airports in New York (John F. Kennedy International and LaGuardia) and New Jersey (Newark Liberty International and Teterboro). The system is designed to prevent a potential terrorist from accessing a runway to attack a plane. The article states:

"provide state-of-the-art electronic fencing complete with sensors and closed-circuit cameras that would immediately pinpoint someone trying to get on a runway to attack a plane"


When I work with organizations to design defensive measures, I take into account many factors. Looking at previous and current attacks against the infrastructure is certainly one of those factors. While you cannot limit your defensive strategy to known attacks, it needs to play a major role. For example, most of the attacks against airports and planes have not come from terrorists physically accessing the runway. Yet millions of dollars and countless hours are being spent implementing a defense system that will protect the perimeter of the airport. Common sense needs to play a role when you are designing defense systems, whether for airports or your network. Let’s take the airport example a step further. Maybe it’s just me, but isn't it easier to just buy a plane ticket? Even better, get on the inside by becoming an employee of a restaurant inside the airport? If there was ever a physical attack, a rocket launcher puts some distance between the attacker and the plane and eliminates the need to be on the runway. In the case of a rocket launcher, the plane was shot down at 8,000 feet after leaving the airport. With respects to perimeter security, a rocket renders a fence around the runway completely useless as an attacker can be within range and still be at a safe distance from the airport defenses.

Unfortunately the same mistakes are being made in information security. Many of our defenses are not based on the proper sources of intelligence. For example, should you spend millions of dollars on a new firewall when the attackers are abusing your web applications? Probably not. The one you have most likely works just fine with respect to features (throughput may be another story). Firewalls do provide some level of perimeter detection for your network, and you can prove their effectiveness by reviewing logs and providing statistics to management on how many attacks and scans the firewall is preventing. While this technology is useful, it can lead to a false sense of security (e.g., "We have a perimeter fence, no one will shoot a plane with a rocket launcher"). You may not feel the need to patch your systems because, "Hey, it’s behind the firewall". Turns out this same security fallacy projects itself into the physical security world too, because the Port Authority has now scaled back its perimeter patrols (ones performed by humans), and replaced it with the perimeter security, which, by the way, is not working correctly.

It’s a Bird, it’s a Plane, oh no it’s just a False Positive

As it turns out the PIDS was first “tested” at Teterboro airport, where they experienced a high level of false positives. Birds, small animals such as squirrels and weather (rain and wind) caused the alarms to go off. This is a prime example of a lack of testing. Rather than install an expensive system at an airport (57 miles of "intelligent" fencing has already been installed), test it on a small scale in the field first! The same should be true for any technology that you put into your network. Many people have commented how their production systems absolutely cannot be disrupted in any way in order to keep the business running. You should always have a test lab where you can experiment and test new technology. In addition, there are usually smaller pockets of your network that make a good proving ground for technology. They make sure it works the way it’s supposed to, before you surround the entire network (or in this case airport) with it.

Intelligent Security

When implementing security, you need to identify your most critical assets, review the potential threats and prioritize the defenses. So much of security is about proper management and making sure that your projects are aligned with the business goals and working to eliminate risk. Implementing new technologies because "they sound neat" is the wrong way to approach security. Before the project even gets created, you need intelligence about your attackers and what is happening on your network. The intelligence needs to be reviewed on a regular basis and your strategy updated accordingly. Therefore, before you go putting a huge fence around your network, do your homework and make the right decisions.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.