White Paper

CYBER-PHYSICAL SECURITY CONVERGENCE

The digital transformation couldn’t come at a better time for physical security. It ushers in an era of true convergence – where connecting cyber/IT, security and OT data across the enterprise leads to heighted situational intelligence, reduced risk and the integration of critical business processes.

Digital Disruption Transforms Traditional Metrics

Today’s digital transformation means limitless opportunity for those who can harness the digitization of our physical world safely and effectively. But the transformation has forever altered the threat landscape, leaving no entity without risk. Cyber and physical threats have blended, the result of our new everything IP-connected environment. The growing internet of Things (loT), with billions of connected devices predicted in the coming years, is further driving an exponential explosion of cyber-physical risk. Smart cities, autonomous vehicles, drones and robotics are the next inflection point. Any system compromised can have a devastating impact on security, critical operations, profitability and reputation.

Thought leaders agree that the current approach of dealing with security in departmental silos is leading to increased risk, rising costs and a climate of mistrust on the part of regulators, who remain frustrated with recurring breaches. So what are the barriers and what will it take to break them down?

According to The State of Security Convergence in the United States, Europe and India, an ASIS Foundation Convergence Report published in 2019, organizations are often slow to adapt to change unless forced to do so. “Reluctance to converge often centers around people issues,” the report stated. Physical security, IT and OT personnel are fixed in traditional silo structures, hesitant that convergence will translate into changes that require them to diminish their roles. Yet malicious actors don’t think this way and ultimately capitalize on these functions working in isolation from each other. Later in this article, we will discuss how security convergence is not designed to eliminate roles, jobs or departments, but to strengthen their ability to secure the enterprise and enhance workforce experience with automation, integration and data-insights.

Explosive growth in technology and data over the next decade will obliterate barriers between cyber, physical and virtual worlds, ratcheting up the complexity and scale of cyber and privacy risk management worldwide. Digital data and devices will be increasingly embedded in critical infrastructure, consumer products, vehicles, daily life and even in humans, in a world in which the physical, cyber and virtual merge.
- U.S. National Security Telecommunications Advisory Committee

Trusted and True Security Convergence

Security is long overdue for the digital transformation and the altered threat landscape requires a change to conventional thinking and a new approach. The industry continues to come face to face with the reality that millions of dollars are being spent on halfway security measures, while breaches continue unabated and threat vectors rise. Current spending on regulatory compliance and network security too often miss a structural vulnerability: security is still imprisoned in corporate silos and needs to break free.

Cyber|IT security personnel focus on virus and malware attacks, hacker penetration of network perimeters and employee access and authorization. Corporate security personnel focus on physical access to buildings, zones and remote facilities and often, environmental systems. Operators of critical assets like pipelines, power generation, chemical plants and airports focus on control systems and whether assets are functioning within established parameters. The monitoring systems for these functions are rarely integrated and even more rarely correlated for contextual understanding of an evolving security event. Everyone is isolated. It is the very definition of halfway security and corporate irresponsibility.

38%

Better alignment of security/risk management strategy with corporate goals

28%

Advances in technology integraton/security operations centers

38%

Greater efficiency in security and/or business continuity operations

38%

Clear cost savings