Cybersecurity for control centers

Control centers are the most vulnerable part of ongoing missions, and yet they are the eyes, ears, brains, and brawn of each one. Everything that happens on missions goes through the control center. It is therefore paramount that it operates reliably and is well protected against any scenario that, depending on the mission, could jeopardize its confidentiality, integrity, or readiness. These threat scenarios can be triggered by intentional attacks (external or internal) or by accidents caused by the well-intentioned actions of users (such as employees or contractors).

After a thorough risk analysis, several measures must be implemented to minimize the impact of the above-mentioned threats following the defense-in-depth concept. Often, these measures are also mandated by internal or external regulations with which the operator or control center must comply.

The problem is that control centers have very specific characteristics that prevent them from applying solutions that are common in other IT infrastructures. User authentication and authorization provide a clear example. In control centers, computers must always be on and displaying telemetry data so that operators can immediately detect any anomalies and react accordingly. Round-the-clock operation also requires non-interruptible monitoring and as smooth a shift changeover as possible. Consequently, it may be preferred to have generic (rather than individual) accounts for controllers or operators and to keep authentication mechanisms to a minimum.

However, restricting access to control center workstations and having traceability are important controls for deterring and detecting (unlikely but high-impact) insider threats, as well as effective mechanisms for improving the traceability of actions for users, thereby cutting down on malpractice and improving operator training.

We are therefore faced with a two-sided issue: on the one hand, user authentication and authorization and traceability at workstations are a key security control, often mandatory to comply with regulations, but, on the other hand, there are no technological solutions that fit the specific features of control centers. This is usually solved by implementing strict physical access control to enter the control room, having reliable and well-trained operators, and accepting the residual risks.

GMV has worked on tackling this issue and proposes a specific solution aimed at protecting control center workstations: Biolock. This solution makes it possible to keep workstations on so that they can continuously display telemetry data. At the same time, it blocks any interaction with the workstations until users are authenticated, performs authentication quickly with a contactless card, keeps workstations unlocked while users are interacting with them, and automatically relocks them when inactive.

Biolock is controlled and monitored from a central server through which users can manage user privileges, workstations, and logs, as well as log different system accesses.

These technological solutions make it possible to tighten security in control centers and ensure compliance with internal and external security regulations by logging who accesses each workstation and when. All this without hindering the important work of the operators, without any impact on the monitor display, and with minimal impact on the authentication process to interact with the workstations.

Author: Julio Vivero