In late April, Novell announced a new deal to integrate its identity management technologies with access control systems made by industrial giant Honeywell, based in Morris, N.J.
By integrating such IT access tools with traditional physical security and operations management products made by Honeywell, the companies said, they can both improve existing infrastructure defenses and create new opportunities for thwarting attacks.
For instance, if an employee who has used a door access card at a facility is also observed trying to log onto the company's virtual private network remotely, alerts can be sent to on-site and IT security teams to gauge if the firm is somehow being infiltrated.
In addition to protecting themselves against would-be attackers, infrastructure companies are also mindful that they may soon be facing more stringent government security regulations. Some industries, including the electricity segment, have already begun creating their own guidelines in preparation for that possibility.
The North American Electric Reliability Corp (NERC), an industry oversight body, is already establishing tougher security standards in the space, with business leaders hopeful that such self-policing might encourage the federal government to stay out of the process.
"First of all, no one wants to be the plant that gets blown up, and secondly, the industry is scrambling to self-mandate to avoid the government stepping in and regulating," said Peter Fehl, a product manager for Honeywell Security. "This is still a difficult process because the existing requirements are written loosely and there's a lot of IT security work to make up in a short amount of time."
Fehr said that attacks combining IT and physical threats are becoming more popular. A company recently came to Honeywell seeking help after an outsider plugged a computer into a port in the firm's lobby and found a way to break into their IT network from the outside.
"The attacks are getting smarter, the regulations are coming, and there's still a lot of older technology in these companies that needs to be addressed from a security standpoint," said Fehr. "Things are starting to get stronger on the IT side and physical access is improving, but the gap is in between the two. That's where you'll likely see a lot of incidents."