Physical security housed at UNSW Canberra Cyber
UNSW Canberra Cyber has designed and built an education tool that develops knowledge and stimulates thought around how individuals interact with "cyber" in their everyday life.
Called a Multiple Exploitation Domain Environment (MEDE), the tool demonstrates how cyber security works as part of a network and how one domain can be used to deliver an exploitation to another domain.
Designer Sebastian Grayson said that the tool will show the physical security (which includes activities like lockpicking and bypassing), which can then be used to identify and highlight the similarities between physical and cyber security.
“It is important for people to learn about vulnerabilities in physical security so that they are aware of weaknesses which can be exploited. This tool can then show that there are simple ways in which they can mitigate the risk,” he said.
What is the difference between the physical and cyber security?
“A spear phishing attack, or email scam, is an example of cyber security. It is a cyber delivered manipulation as it is the individual that is being exploited but the course of attack came through via email which is in the cyber domain,” Mr Grayson said.
“The physical is systems such as the lock on your door, or the security camera or your home internet connection. It’s the things we can see and touch that can be exploited.”
Mr Grayson is at UNSW Canberra as part of a Defence Force Veteran Program being run by the University.
“The idea came about in the first week of my internship and has been developed throughout my time at UNSW Canberra,” he said.
The MEDE takes the form of a model house using a central character called Bob Johansson. It is used to demonstrate the weaknesses in our physical environment that have the potential to be open to cyber-attacks.
“There are elements of weaknesses in each of our homes. However, when asking how weak our homes are, we also need to ask how likely are we to be targeted?
“If you are never attacked then you could leave your front door unlocked or even open every day and convince yourself that it is safe, but if you ever were attacked then you would be extremely vulnerable.
“On the other side of that scale companies and even defence organisations that spend much more money on their defences are still attacked, and successfully. So, the weakness of a system is always comparable to the attacker's ability,” Mr Grayson said.
Mr Grayson said that the vulnerability of a system can be measured by taking the most secure and least secure aspects and plotting a path between the two with a grading system based on the presence or lack of security features.
For example, the front and side door locks he used on the MEDE were around $20 each from a local hardware store, and even though they are the more secure version of a standard door lock, most people would be able to learn to pick the lock within a short amount of time.
“This makes these locks very vulnerable. How many people do you imagine would have installed these or similar locks as a weekend DIY project?” he said.
Mr Grayson also points out that security is advancing every day, which is why we are reminded regularly to update our technology devices. However, when it comes to physical devices, we continue to use outdated systems until they break, or we deem them to need fixing.
“Most people will use their internet for banking, emails and Netflix but they have never actually changed the password that came with the internet when they first received their modem.
“The vulnerability of these devices and helping individuals better understand their risks so that they can take appropriate steps to reduce that risk is what the MEDE is able to demonstrate.”
So, what steps can we take to better protect ourselves?
“Knowledge is always the best way to protect ourselves, learning how you are vulnerable, how you could be attacked, and what to do about it are key to keeping ourselves and our families safe. In our homes, at our computers or anywhere really!” Mr Grayson said.