State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

The Importance of Physical Security and Its Implications on Cybersecurity

Garden State Cyber Threat Highlight

Original Release Date: 1/14/2021

undefined

During the storming of the US Capitol on January 6, 2021, many individuals gained unauthorized physical access to the US government building, desks and private offices, devices, paper files, and more. All systems and devices were left at risk and could have been compromised. Of the many consequences that resulted from the insurrection, unlawful entry, intimidation, and vandalism, digital government assets were left exposed and this riot serves as a reminder of the cybersecurity implications of any physical breach and reinforces the importance of physical security as part of cybersecurity best practices.

Physical Security 

Physical security refers to the protection of people, property, and physical assets from the risk of physical actions and events, such as fire, flood, natural disasters, burglary, theft, vandalism, and terrorism. In terms of cybersecurity, the purpose of physical security is to minimize this risk to information systems and information. Systems and devices can provide threat actors with additional attack vectors to connect to networks, infect other devices, and exfiltrate data; therefore, access to systems, equipment, and respective operating environments should be limited to only authorized individuals. Multiple layers of physical security can be implemented to protect the most critical assets and services. There are four categories of physical access security zones: public, reception, operations, and restricted access. Physical access controls can be implemented in accordance with these security zones, including barriers, security guards, security cameras, physical access devices, and identity and authorization controls. In addition, sensitive information, whether in paper or electronic form, must be protected from unauthorized access and disclosure.

The Cybersecurity Aftermath and Implications

If an adversary has physical access to a space or network, all information systems and information are considered “fair game” and are vulnerable to compromise and theft. Systems and devices may be left behind and unattended outside the view of security cameras; screens may still be unlocked with access to files, network shares, and other resources; and sensitive or confidential data may still be open in plain view on the screen and can be captured, stolen, modified, and/or deleted. Any exfiltrated information on the screen or in paper form regarding calendar schedules and plans, operational details, personal information, contact lists, details from presentations, etc. could be used in phishing, impersonation, and other cyberattacks as well as used to spread disinformation to provoke future unrest.

There is also the possibility of malware, device cloning, spyware, keyloggers, and other cyberattacks. Adversaries may have the opportunity to plant malicious code on computer systems and leave other surveillance tools or spyware behind. They could connect USB drives, hard drives, or other devices to open ports without detection. They could also leave generic USB drives on or inside desks among other USB drives, only to be plugged in later to execute malicious code unknowingly to the user. Other physical attacks may include the use of devices that look like ordinary items, such as a USB charger with a built-in wireless keylogger and a power strip with hidden wireless network hacking tools. These devices may be hidden or in plain sight and take weeks or months, if at all, to be detected. If systems and devices are physically accessed, then all communications, files, and network connections from and to these devices should be considered compromised.

Recommendations

The NJCCIC recommends users apply cybersecurity best practices to protect their digital assets and reduce the likelihood and impact of attack.

  • Lock screens. When stepping away from your computer or device, the manual lock function helps to protect the information stored on or accessible from your computer. Also, check security settings or policies to automatically lock screens after inactivity.
  • Secure physical devices. Safeguard devices and ensure a password/passcode or an additional authentication factor is enabled for all devices to prevent unauthorized access in the event a device is lost or stolen, or USB or external device is inserted.
  • Check privacy and security settings. Checking these settings will help manage your cyber risk and limit how and with whom you share information. This will help safeguard information or resources if an unauthorized user gains access. 
  • Cover and/or disconnect your camera when not in use. Covering or disconnecting your webcam and microphone when not in use prevents malware from taking control of your camera to spy on you and your surroundings. Additionally, when the camera is in use, ensure no sensitive information is visible.
  • Backup devices. Protect your information from malware, hardware failure, damage, loss, or theft by making multiple copies and storing them offline.
  • Keep devices up to date. Stay informed about publicly-disclosed vulnerabilities and update devices—including firmware—to the latest version to ensure they are patched against known vulnerabilities that could be exploited by threat actors to gain unauthorized access to your device and/or data. If a device is unable to receive updates from the vendor, consider not purchasing or discontinuing use of the device.
  • Implement protective technologies. IT departments are advised to implement endpoint detection and response software, host-based firewalls, device and file encryption, and keep devices updated with latest security patches.
  • Remediate compromised and/or stolen devices. It is important to monitor logs for signs of access and exfiltration. When practical, wipe and reimage hard drives. Also, utilize remote administration and data wiping solutions to regain control of devices if they cannot be physically accessed.
  • Use unique, complex passwords for all accounts. Unique passwords for each account prevent password reuse attacks, in which threat actors obtain your password for one account and use it to compromise an additional account using the same credentials.
  • Enable multi-factor authentication (MFA) where available. MFA is the use of two or more factors to authenticate to an account or service. This significantly reduces the risk of account compromise via credential theft in which your password has been exposed. Even if a cybercriminal obtains a user’s username and password, they will be unable to access that user’s account without their second factor. The NJCCIC encourages users to choose authentication apps, hardware tokens, or biometrics as a second factor over SMS-based authentication due to the risk of SIM-swapping, though using any form of MFA is beneficial. The website TwoFactorAuth.org maintains a comprehensive list of websites that offer MFA.
  • Refrain from sharing login credentials or other sensitive information. Login credentials and other sensitive information should not be shared with anyone, posted in plain view, or saved on your computer or other platforms.
  • Exercise caution with communications. Before providing sensitive information, confirm the legitimacy of the message or request via a separate means of communication—such as telephone—obtained directly from official websites or welcome emails.
  • Navigate directly to websites. Navigate directly to authentic or official websites by typing the legitimate URL into the browser instead of clicking on links in messages, and refrain from entering login credentials on websites visited via links delivered in messages.
  • Use secure websites. When sharing personal or financial information, ensure you are using verified, secure, and encrypted websites.
  • Update passwords immediately following a data breach or potential compromise. Use a resource, such as haveibeenpwned.com, to determine if your information, such as an account password, has been revealed in a public data breach. Change exposed passwords for every account that uses it to protect against account compromise.
  • Invest in security awareness training. Invest the time, money, and resources to ensure users understand risks, the latest cyber threats, and best practices. 
  • Implement strategies for emergency situations. It is important to implement strategies for leaving workstations and IT infrastructure behind in the event of sudden evacuations or when human life is at risk. The strategy may include planning and tabletop exercises, preparation and training, and monitoring.

Reporting

  • Anyone with information regarding the unlawful entry and violent activity at the US Capitol Building in Washington, DC on January 6, 2021 may submit information, photos, or videos at http://fbi.gov/USCapitol.
  • You may also report cyber incidents to the NJCCIC via the Cyber Incident Report form.

    Resources

    Join & Subscribe

    Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

    Sign Up

    Featured Content

    New Jersey Cybersecurity & Communications Integration Cell

    2 Schwarzkopf Dr, Ewing Township, NJ 08628

    njccic@cyber.nj.gov

    OUR COMMITMENT

    The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

    Agency Seals of State of NJ, NJOHSP and NJCCIC

    STAY CONNECTED:

    View our Privacy Policy here.

    View our Site Index here.