The world of information technology and electronics has produced spectacular advancements in the way we live. Technologies that once required human intervention can now be automated with the tasks to be performed hidden from view. While that has made our lives easier, it doesn’t always pique our curiosity. We have to admit that it’s usually a lot more fun to watch a demonstration where something moves, blows up, or somehow interacts with us in a physical way. While cryptography is a fascinating field, even the most die-hard cryptographers are not going to sit with rapt attention at a computer and try to brute force an encrypted file. When I speak about Smart Grid security threats, the audience is usually far more interested to hear about how a magnet, a glass of water, and a couple of wires can manipulate the mechanical wheel of an electric meter than they are about how a hacker can use his laptop to break into the grid and manipulate an electronic meter. There’s just something about being able to touch and feel that the cyber world can’t replace.
It is therefore with great enthusiasm that I look forward to Deviant Ollam and Babak Javadi’s session entitled “Why Your Locks are Weak… And Why That’s Not as Bad as You Think.” Mr. Ollam and Mr. Javadi are with the Open Organization of Lockpickers and are well known in the security community. As their session abstract indicates, they “will show you exactly how lock picking, bumping, and bypassing works... and demonstrate how simple, affordable changes can make your security nearly impenetrable.” It should demonstrate clearly that firewalls and encryption aren’t that useful if physical security controls are not effective. Despite being some of the oldest challenges, physical security weaknesses often remain the most elusive, often because it heavily depends on people. And while people are never going to exhibit strict adherence to physical security protocols, understanding the most likely attacks and applying some proven mitigation techniques may significantly reduce that risk.