classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018

Protecting the nerve centre
April 2018, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions

A control room is seen as a secure location that is tasked with securing other locations, but it is not unheard of in South Africa that a control room is attacked (or hijacked) in order to allow syndicates to attack their intended target, for example a mine or a cash centre. These attacks have happened to both on-site and remote control rooms, showing just how well informed and prepared the syndicates are.

However, a physical attack is one thing, in today’s digital world we are also likely to see cyber-attacks on control rooms in an effort to shut them down. The cyber approach doesn’t need people to actually be on site to carry out the attack. Of course the cyber-attack needs people and planning, but malware can be installed in the control room well ahead of time and activated quite easily on the required day.

So what is the security team supposed to do? Build another control room to monitor its control room? Have the entire control room backed up to another site in case the primary site goes down?

Drew van Vuuren.
Drew van Vuuren.

There are many options when it comes to protecting your control room. Hi-Tech Security Solutions asked Drew van Vuuren, ESET’s data protection officer, for some insights into the cyber and physical protection of control rooms – after all, these sites hold sensitive and personal information that you need to protect from unauthorised parties, which includes employees taking information home with them.

Where are the risks

Van Vuuren provides the following examples of how control rooms can be left vulnerable.

Vulnerabilities would extend to insufficient controls on access systems that are used to gain access to the key points within the control room. This includes things like doors left ajar as well as tailgating without authenticating your credentials on a physical access control reader. Additionally, doors, windows, etc. being left open by employees also contribute significantly to the likelihood that vulnerabilities would be introduced into the environment. A further consideration on physical vulnerabilities would be insufficient controls on the mitigation of flood, fire and other risks, with these controls having to be defined in business continuity and disaster recovery programmes.

To mitigate these risks, van Vuuren advises control room management uses “a combination of defined security control milestones, like scheduled checks as well as ensuring educating of staff and employees on the risks faced when allowing people to tailgate or leaving doors or windows open.”

If access to the control room is not managed by an authentication mechanism, then anyone would be free to enter and exit the control room as they wished. Use of biometrics, smartcard readers, as well as keypad codes etc. should be used to ensure access is strictly controlled. Failure of these systems would lead to a significant impact on security within the control room.

“To mitigate these risks, ensure redundancies exist in the systems that manage the authentication of logical access control systems by defining, implementing and managing them in business continuity and disaster recovery plans.”

Save the technology

It goes without saying that control rooms are expensive investments when considering the technology that is used in these nerve centres. To ensure a reliable service, these environments need backup or redundant technology to cater for normal problems such as wear-and-tear, electricity blackouts and human error. For example, they require redundancy in their power supplies and telecommunications channels, through to servers and desktops, video walls, etc.

In order to protect its investment, van Vuuren says an organisation needs to ensure it has considered the following, among others, physical and logical security solutions:

• Fire suppression and mitigation technologies: Sprinklers, CO2 filtering systems, air conditioners, flood defences by ensuring systems are isolated from water sources, and raising the equipment.

• Ensure networks, servers and desktops have security controls implemented for mitigation of cyber-attacks by implementing endpoint security, network security and lock down configurations for these systems.

Watch the people

Ask any security operator in almost any industry and you will find that the internal risk of employees working for syndicates, or simply trying to enrich themselves at the expense of others is a serious threat. No matter how low the percentage of these ‘risks’ is, it only takes one to create havoc.

Van Vuuren believes companies need to perform extensive background checks on any employees who will be responsible for accessing systems within a control room. “Additionally, ongoing education on the challenges of being co-coerced into working with criminals is a very important initiative within an organisation.

“Finally, ensure that employees are sufficiently compensated for their roles so that they are not tempted to work with outside parties against the organisation.”

Safety by distance

It may be tempting for some to consider having their control room hosted offsite in an attempt to address some of the risks of compromise, but will this pay off? It’s impossible to determine a standard in this regard. Van Vuuren says it is difficult to say specifically what is better for an organisation when it comes to placement of a control room. In reality, it is specific to each company and warrants a detailed investigation and discussion by each stakeholder within an organisation. He provides an example of some of the factors each organisation could consider:

Profile of the business. What does the business do?

Profile of business systems. What information does the company manage, handle etc.?

Response and resourcing requirements. Are onsite staff required to respond to issues in the short-term or are remote responsive resources acceptable to the organisation?

Location of the business. Are there environmental factors which would influence the location of control rooms?

Commercial model. Is it more commercially viable to outsource to an external service provider for a managed control room service?

At the end of the day, each organisation needs to make these decisions based on its own risk profile and the specific requirements it has of its control room and related security operations. It is also worth noting that control rooms are increasingly being used for managing more than security, which can have an even greater impact on the onsite or offsite decision. When it comes to selecting technology aimed at protecting the control room, there are four areas which van Vuuren says is the starting point for each organisation:

• Logical access control such as biometrics etc.

• Environmental control systems including fire detection and suppression.

• Redundant IT systems, i.e. backup systems for network, servers and clients.

• Information security solutions and controls to protect your network and endpoint.

For more information contact ESET-SA, +27 (0)21 659 2000,,

  Share via Twitter   Share via LinkedIn      

Further reading:

  • Trust but continually verify
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Hi-Tech Security Solutions looks at access and identity management and asks some industry players what ‘zero trust’ and ‘least privilege’ access means.
  • Managing who, what and why
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security
    Today’s access control isn’t only concerned with who has access, but also what has access, why they need it and what they are doing with it.
  • Physical/logical convergence
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
    The convergence between physical and logical (or cyber) security will be a game-changer because it will change the way we do everything, from planning to design and all the way to installation and maintenance.
  • Physical and logical convergence is a fact
    November 2018, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
    Convergence, the next buzzword? A dated buzzword? Is convergence ­merely ­integration on steroids? What is convergence?
  • Taking augmented identity to the world
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    Hi-Tech Security Solutions spoke to Gary Jones, VP Global Channel and Marketing biometric access and time solutions) at IDEMIA (formerly Morpho) about his career with the company and its new vision of Augmented Identity.
  • BIMS set to change identity ­management
    November 2018, Technews Publishing, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Local biometrics integrator, Ideco Biometric Security Solutions, has announced that its Biometric Identity Management System (BIMS) has been launched to market.
  • Tracking biometrics into a brave new digital world
    November 2018, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    The industry is increasingly transitioning from unimodal to more integrated multimodal biometric solutions for more accurate identity verification and faster real-time results.
  • Panasonic’s Face Recognition Server
    November 2018, Panasonic South Africa, Access Control & Identity Management, CCTV, Surveillance & Remote Monitoring, Products
    Panasonic has adopted deep learning technology in its face recognition products that overcomes the difficulties of conventional technologies.
  • Your face tells a story
    November 2018, Technews Publishing, Access Control & Identity Management, CCTV, Surveillance & Remote Monitoring, Government and Parastatal (Industry)
    Facial recognition has advanced to the point where it can be rolled out over large areas and accuracy is no longer a hit-and-miss affair.
  • Key components of access control
    November 2018, Paxton Access, Access Control & Identity Management, Integrated Solutions
    Dan Drayton speaks to Hi-Tech Security Solutions about what the key components in modern access control systems are.
  • IP is no stranger to access control
    November 2018, Technews Publishing, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Just as the surveillance market made the move to IP-based communications, the access control market is also moving to IP (or some say it already has).
  • Applying the SaaS model to access control
    November 2018, Technews Publishing, Access Control & Identity Management, Integrated Solutions
    The software-as-a-service model has proven transformative to many organisations, and even entire industries. The benefits it can offer are undeniable, but in the security sector which is risk-averse by necessity, we wanted to hear the views of some local experts in access control as a service (ACaaS) to find out what some of the pros and cons are.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.