Report No: Technical Report SERC-2015-TR-110
Report Name: System Aware Cybersecurity A Multi-Sentinel Scheme To Protect a Weapons Research Lab
Publication Date: December 7, 2015
Project: Security Engineering
This document (and the project it reports on) presents a scenario and a model where multiple, overlapping, and redundant rings of defenses protect a sensitive government/military installation such as a weapons research laboratory or nuclear reactor facility; (referred to in this document as ‘’the facility”). These rings of protection seek to utilize the standard ‘system aware’ techniques of hardware/software diversity, configuration hopping, data consistency checking, and tactical forensics to offer confidence that the surveillance data and authentication responses are accurate, reliable, and untampered with.
These protective “rings” include UAV full motion video (FMV) surveillance and ground-based RADAR to detect approaching threats from the air and also ground vehicles from a distance, and a wide variety of physical barriers (fences, walls, locked doors), video surveillance (camera/video feeds), electronic sensors (seismic, acoustic, and motion sensors), as well as RFID/proximity badges for human guards that reinforce the electronic and technical methods of intruder detection, access control, and authentication. The RADAR data is an additional input source in this scenario, and greatly enhances the range that can be covered.
The outer rings of protection are made up of layers 0, 0.5, and 1 (described below as the UAV, the RADAR, and perimeter fence) that seek to either identify approaching entities or to limit access to the facility. The UAV not only scans the ground for ground-based threats and approaching targets, but also frequently scans the outside of the building to offer the video monitors an opportunity to insure that everything appears normal on the outside of the building, the fence perimeter is intact, and that the RADAR is scanning properly. The RADAR is calibrated to detect approaching aerial and ground vehicle traffic, and the UAV is programmed to fly low enough to be periodically scanned by the RADAR as a check to see if the RADAR is detecting real targets, and that the UAV is still circling overhead in the location expected. The fence line (layer 1) can be reinforced with an underground fiberoptic cable that circles the fence line that detects seismic activity of a human generated origin (foot traffic, approaching vehicles, underground tunneling efforts, etc.) and the fence itself is equipment with motion detectors that would detect climbing activity and/or fence cutting actions. Further details are contained in the layer descriptions on the following pages.
Protective layers 2, 3, and 4 cover the spaces just inside the perimeter fence to the outside walls and doors of the building itself. These protective layers include FMV video cameras, seismic/acoustic/motion sensors, the physical wall itself, and the two entry doors that have biometrically-based authentication/authorization means that are backed up by a human guard at each entry point, each guard employed by a different contractor company or Federal Agency. As the human guards walk their rounds around the interior of the building and around the perimeter, an RFID tag in their badge provides their location information so that the seismic, acoustic, and motion detectors do not flag this activity as originating from a possible intruder. The human guards, when reporting each day for their duty shift, use their RFID-capable badges to scan in at the outer fence line and at the exterior door. Furthermore, additional biometric-based authentication is required to gain complete access to the building’s interior.
Although not shown in this document, other layers of interior doors (providing access to the laboratories themselves) should require additional biometric-based authentication (using a different biometric means) and additional human guard scrutiny in order to gain access. In a full production environment, the biometric data, the RFID tag in the guard’s badge, and human recognition must all ‘match’ in order for full access to be given. The ‘simplified’ scenario B (protecting an internal space) that is discussed in detail in this document can be easily demonstrated with two sets of sensors and associated hardware. Even if not part of the defenses thus far deployed as part of this project, all of these protective technologies have been demonstrated in other venues.
Additional research team:
- Dr. Peter Beling, University of Virginia
- Dr. Marty Humphrey, University of Virginia
- Lt Col Chris Gay, UVa Graduate Student