Cybersecurity and User Accountability in the C-Ad Control System Page: 4 of 5
This article is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided to UNT Digital Library by the UNT Libraries Government Documents Department.
Extracted Text
The following text was automatically extracted from the image on this page using optical character recognition software:
did not provide individual accountability for actions taken
at the control room consoles.
CYBERSECURITY ENHANCEMENTS
The existence of group accounts in the C-AD controls
network was considered a cybersecurity risk. In January
of 2007, C-AD staff and ITD staff examined ways to
minimize the risks associated with the use of group
accounts. Several new cybersecurity measures were put
into place.Figure 1: Network Access Method for Group Accounts
Network Access
It was agreed that new restrictions would be placed on
network access to group accounts. Direct network logins
with group account are disallowed using Pluggable
Authentication Modules for Linux (Linux-PAM) [4]. A
control system user can only gain network access to a
group account by first logging in with an individual
account. The user may then 'switch user' to the group
account with the su command. A two layer authentication
is effectively required with user supplying both individual
and group account credentials. The su operation,
including originating individual account, is logged in
local system logs and forwarded to central BNL
cybersecurity logs. The history in these logs can then
identify which individuals have gained access to the
group account at any given time. The use of ssh instead
of su for the 'switch user' operation is being considered.
This has the advantage of easily preserving X window
forwarding. We need to ensure that logging of the ssh
operation is done in a way that reliably provides the
identity of the originating user.
It was also agreed that membership in a group account
would be strictly managed. All individuals given the
group account password are required to sign a log and
agree to follow safe practices when using the group
account. In addition, group accounts are limited to use
on a designated list of computers in designated locations.
The group account is not available on any other control
system computers. Group account members must use their
personal accounts for work outside the control room.
Special restrictions may be applied in network firewalls toNOT ALLOWED
ALLOWED
group account
login attempt
networkfurther restrict traffic from computers with group
accounts.
Monitoring and Controlling Console Access
The actions defined above provide risk mitigation but
they do not provide true individual accountability for
users working at control room consoles with group
accounts. Various measures were considered to monitor
and control physical access to control room consoles. The
use of card readers at control room entry points was
considered. This ,was determined to be impractical for
most C-AD control rooms. Card readers could only be
practical in locations where access routes are limited and
the area in question is used by a very limited number of
people. When the number of individuals present in a
control room at one time is large, the card reader record
can not do a good job of identifying an individual
responsible for an action taken at one of the control room
consoles.
The use of video cameras was also considered.
Operators and others who spend much of their time in the
control room raised strong objections. They viewed
cameras as an invasion of privacy. It was also noted that
in some circumstances the video record might have little
value. Someone with malicious intent could conceal their
identity or disable a camera before using the console. The
use of card readers or video cameras would also require
the installation and maintenance of significant new
infrastructure at C-AD.
Another alternative considered was the use of RFID
tags. A user wearing an RFID tag may become authorized
based on proximity to the control room console. The
RFID solution offers the possibility of transferring
console control from one user to another without the entry
of a password. Commercial RFID systems are available
that keep logs of individual access to the computers in the
system. This option was rejected due to the fact that no
commercial RFID user authorization systems were found
for Linux systems. We also recognized, however, that the
system has a serious security vulnerability if password
entry is not used along with the RFID tag. A misplaced
RFID tag can provide easy anonymous access to the
control system for anybody who finds the tag.
ScreenLock
The solution chosen to monitor and control access to C-
AD Linux control room consoles was a software screen
lock. The ScreenLock program, developed in house for
Linux systems at C-AD, requires a user to pass an
individual authentication layer to gain access to a group
account session. ScreenLock is similar in function to a
commercial product called TSL-PROTM, which is only
available for Windows systems. In order to start a group
account session at a Linux control room console, the user
first performs an ordinary desktop login with group
account username and password. Before the computer
becomes available for use, the ScreenLock program
prompts for a secondary login with individual username
and password. Group account credentials will not be
accepted by the ScreenLock program. Individual
authentication with ScreenLock is accomplished using aindividual
account login
network
Upcoming Pages
Here’s what’s next.
Search Inside
This article can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Article.
Morris, J. T.; Binello, S.; D'Ottavio, T. & Katz, R. A. Cybersecurity and User Accountability in the C-Ad Control System, article, October 15, 2007; United States. (https://digital.library.unt.edu/ark:/67531/metadc883907/m1/4/: accessed April 24, 2024), University of North Texas Libraries, UNT Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.