Cyber Assurance of Physical Security Systems (CAPSS)

Electronic attack of physical security systems is the means of carrying out a localised cyber-attack specifically on the security system. This can be to corrupt data, open a portal or disable alarms

Last Updated 28 November 2024

View Video Transcript

A site’s physical security systems such as CCTV, access control, and intruder detection, are its first line of defence. The security systems are more powerful and interconnected than ever before, but because of this, they are at their highest ever risk of cyber attack. A cyber attack could be used to deny an authorised user access to the site, to change the site's security settings so as to allow unauthorised access, or, to steal a site's data. Physical security products such as CCTV or access control systems are likely to be deployed in secure or non-secure areas, and this leaves them susceptible to both insider and external threats, so you must protect them accordingly. For hostiles, attacking a physical security system is not only about compromising that one specific security measure, but can act as a way to compromise your wider corporate network. One compromised asset can be a gateway to your whole site.

In order to protect your site and your business's critical information, you must ensure that you are protected against any potential cyber attacks. CAPSS stands for the Cyber Assurance of Physical Security Systems. It is an assurance program designed for physical security products, and it focuses on the protective measures implemented in a product that form its defence against cyber attack. CAPSS aims to secure each individual security product on your site against a cyber attack, so that a systems on your site become more connected, there are multiple layers of cyber protection in place, making the whole system robust.

Through rigorous testing. CAPSS assures that, the mitigations a product claims to have are in place, that these mitigations have been developed and implemented properly, and that deployment guidance is provided to ensure correct installation and configuration. Through examining a product's development lifecycle, CAPSS confirms that security has been baked into the product from the earliest stage. It tests that products are focused on security as well as functionality.

Throughout the assurance process, CAPSS asks questions of various key threat areas.

Basic General Security: Is the product able to be updated securely? Is sensitive data suitably encrypted?

Physical Security: How accessible are the physical ports and any removable media? Are there tamper protection boundaries in place? Is the product still secure if there is a loss of power or network connectivity? Secure Configuration: Are the product’s configuration settings protected? Are there controls over who can change them? Is it backed up securely, so the system can be restored following a catastrophic system failure?

Network Security: How are communications between the product and other systems secured? Is data suitably encrypted? What is in place to limit the impact of a denial of service attack? Are wireless networks used? If so, are they securely protected?

Authentication Management: How are users authenticated to the system? What is the password policy? Are security privilege based on roles? And is the principle of least privilege applied?

Monitoring: What is the product's logging capability? Are incidents timestamped, and are these accurate? Are these logs protected when backed up?

Cloud Services: Does the product use any external cloud services to store information? And if so, do they meet the National Cyber Security Centre’s cloud security principles?

By testing these mitigations, and more, we can be sure that products given CAPSS assured status in the catalog of security equipment, are reliable, and protected against cyber attack. If it's not possible to purchase or deploy physical security products that are CAPSS assured, then it's essential to consult with the manufacturer or supplier, checking what cyber mitigations are in place. NPSA have developed an in-depth guidance document designed for site security managers or those involved in the procurement of physical security products. This guidance provides a range of information covering key areas, such as why sites need to be concerned about cyber threats, how to achieve senior management support, easily understandable frameworks to help identify areas of concern, and checklists of specific controls that a site can easily translate into an ask of a vendor. In today's digital, interconnected world, it's more important than ever to ensure the physical security products the site uses, are developed, tested, and deployed with cyber protection capability, at the core of their functionality.

 

A site’s physical security systems such as CCTV, access control, and intruder detection, are its first line of defence. The security systems are more powerful and interconnected than ever before, but because of this, they are at their highest ever risk of cyber attack. A cyber attack could be used to deny an authorised user access to the site, to change the site's security settings so as to allow unauthorised access, or, to steal a site's data. Physical security products such as CCTV or access control systems are likely to be deployed in secure or non-secure areas, and this leaves them susceptible to both insider and external threats, so you must protect them accordingly. For hostiles, attacking a physical security system is not only about compromising that one specific security measure, but can act as a way to compromise your wider corporate network. One compromised asset can be a gateway to your whole site.

In order to protect your site and your business's critical information, you must ensure that you are protected against any potential cyber attacks. CAPSS stands for the Cyber Assurance of Physical Security Systems. It is an assurance program designed for physical security products, and it focuses on the protective measures implemented in a product that form its defence against cyber attack. CAPSS aims to secure each individual security product on your site against a cyber attack, so that a systems on your site become more connected, there are multiple layers of cyber protection in place, making the whole system robust.

Through rigorous testing. CAPSS assures that, the mitigations a product claims to have are in place, that these mitigations have been developed and implemented properly, and that deployment guidance is provided to ensure correct installation and configuration. Through examining a product's development lifecycle, CAPSS confirms that security has been baked into the product from the earliest stage. It tests that products are focused on security as well as functionality.

Throughout the assurance process, CAPSS asks questions of various key threat areas.

Basic General Security: Is the product able to be updated securely? Is sensitive data suitably encrypted?

Physical Security: How accessible are the physical ports and any removable media? Are there tamper protection boundaries in place? Is the product still secure if there is a loss of power or network connectivity? Secure Configuration: Are the product’s configuration settings protected? Are there controls over who can change them? Is it backed up securely, so the system can be restored following a catastrophic system failure?

Network Security: How are communications between the product and other systems secured? Is data suitably encrypted? What is in place to limit the impact of a denial of service attack? Are wireless networks used? If so, are they securely protected?

Authentication Management: How are users authenticated to the system? What is the password policy? Are security privilege based on roles? And is the principle of least privilege applied?

Monitoring: What is the product's logging capability? Are incidents timestamped, and are these accurate? Are these logs protected when backed up?

Cloud Services: Does the product use any external cloud services to store information? And if so, do they meet the National Cyber Security Centre’s cloud security principles?

By testing these mitigations, and more, we can be sure that products given CAPSS assured status in the catalog of security equipment, are reliable, and protected against cyber attack. If it's not possible to purchase or deploy physical security products that are CAPSS assured, then it's essential to consult with the manufacturer or supplier, checking what cyber mitigations are in place. NPSA have developed an in-depth guidance document designed for site security managers or those involved in the procurement of physical security products. This guidance provides a range of information covering key areas, such as why sites need to be concerned about cyber threats, how to achieve senior management support, easily understandable frameworks to help identify areas of concern, and checklists of specific controls that a site can easily translate into an ask of a vendor. In today's digital, interconnected world, it's more important than ever to ensure the physical security products the site uses, are developed, tested, and deployed with cyber protection capability, at the core of their functionality.

Subtitled version

Introduction

Cyber-attacks are an ever-increasing threat to the UK's national infrastructure. Whether it is to deny service or steal intellectual property, the threat has never been greater. It's essential that software and hardware security systems have the full set of threat mitigations at the core of their functionality and are utilised by a site for maximum effect. CAPSS is designed to assist security managers in focussing on key areas when it comes to protecting physical security equipment against cyber-attacks.

What is CAPSS?

While NPSA is the lead authority for physical security and NCSC leads on all things cyber, there is a critical programme within NPSA that covers both physical and cyber security called CAPSS.

CAPSS is about gaining confidence in the "cyber" components of electronic security products which, while robust in the physical security domain, could potentially be compromised by a hacker using cyber means. CAPSS has been jointly written by NCSC and NPSA leveraging the expertise of both technical authorities.

The primary aim of CAPSS is to provide a mechanism by which sites can gain a good level of confidence that the software and hardware security solutions they have in place, or are considering purchasing, have strong and effective cyber mitigations at the core of their development and operation. By utilising CAPSS assured products, sites can ensure that their systems are not the "low hanging fruit", allowing an attacker to gain entry to the wider corporate network or manipulate and circumvent the physical security systems.

The CAPSS programme comprises of two main elements: the CAPSS Standard and CAPSS Guidance. 

CAPSS Standard The main document of the assurance programme where a security product's cyber-attack mitigations are independently assured against a set of Security Characteristics covering a variety of potential cyber-attack threats. The Standard is coupled with assurance of a manufacturer's development and build processes to ensure cyber defence is a key building block in any products DNA. Products that pass CAPSS evaluations are awarded the NPSA CAPSS Trademark and are placed in the NPSA Catalogue of Security Equipment (CSE).
CAPSS Guidance Wider ranging guidance and advice. It is aimed at personnel responsible for a site's physical security and covers areas such as policies to focus on, potential threat vectors, real world examples, and provides specific questions to ask a manufacturer if a CAPSS assured product is not able to be utilised.

 

CAPSS Standard

The original CAPSS standard created back in 2015 focused on physical solutions to IT problems, for example, securing devices in 'locked boxes'. CAPSS 2019 and beyond, takes a more flexible approach and looks at the impact of decisions - why secure something into a locked box if all the data is encrypted? The overall aim is to trust the CAPSS assured devices, rather than have to "lock" an entire network.

The updated standard allows individual components (or systems of components) to be tested, which will allow networks of CAPSS assured products to be built in the real world. This means end users are not tied to complete systems that must never change. CAPSS allows more flexibility and choice across a broader range of assured products.

CAPSS Focus

The new standard works on a simplified approach, focusing on six main areas:

  • physical security (we are NPSA after all)
  • secure configuration
  • network security
  • authentication management (privileges)
  • monitoring
  • cloud services

Each of these main areas will have specific mitigations specified under three main topics:

  • DEV development mitigations
  • VER verification mitigations
  • DEP deployment mitigations

CAPSS Approach

The CAPSS standard helps guide manufacturers to build better, more robust products - and also do all the good stuff in their development lifecycle and vulnerability disclosure. This is done in three ways:

  1. Ensuring that the product is developed with a design that embeds security
  2. Testing and verifying that the product functions in a secure manner
  3. Confirming that the product is deployed securely, following best practice - even the best product can end up deployed insecurely

The CAPSS guidance utilises technical elements of the CAPSS Standard to provide site managers with high level guidance about what to focus their resources on, to defend against cyber-attacks on their physical security systems. It is intended for sites who do not utilise, or are unable to utilise, products within NPSA’s CSE, and enables sites to identify the major areas of risk and apply mitigation to their own systems using a consistent framework approach.

 

CAPSS Guidance

The CAPSS guidance document (see below document link to CAPSS Guidance) provides advice covering the following areas:

  • Why sites need to worry about cyber threats
  • Organisational challenges in mitigating cyber threats
  • Recommended policies for sites to focus on to mitigate cyber threats
  • The primary security control groups a site should consider
  • Risk versus complexity, versus cost of implementing certain threat mitigations
  • A comprehensive list of security controls that a site can easily translate into an "ask" of a vendor or manufacturer to provide assurance of a product's cyber protection
  • A decision making framework that can assist in deciding where best to deploy protective controls based on the nature of a site's IT infrastructure

Cyber Assurance of Physical Security Systems (CAPSS) Evaluations

Cyber Assurance of Physical Security Systems (CAPSS) Evaluations

The CAPSS evaluation programme assesses physical security equipment against cyber mitigations. 

Did you find this page useful? Yes No