CYBER-PHYSICAL SECURITY CONVERGENCE
Digital Disruption Transforms Traditional Metrics
Today’s digital transformation means limitless opportunity for those who can harness the digitization of our physical world safely and effectively. But the transformation has forever altered the threat landscape, leaving no entity without risk. Cyber and physical threats have blended, the result of our new everything IP-connected environment. The growing internet of Things (loT), with billions of connected devices predicted in the coming years, is further driving an exponential explosion of cyber-physical risk. Smart cities, autonomous vehicles, drones and robotics are the next inflection point. Any system compromised can have a devastating impact on security, critical operations, profitability and reputation.
Thought leaders agree that the current approach of dealing with security in departmental silos is leading to increased risk, rising costs and a climate of mistrust on the part of regulators, who remain frustrated with recurring breaches. So what are the barriers and what will it take to break them down?
According to The State of Security Convergence in the United States, Europe and India, an ASIS Foundation Convergence Report published in 2019, organizations are often slow to adapt to change unless forced to do so. “Reluctance to converge often centers around people issues,” the report stated. Physical security, IT and OT personnel are fixed in traditional silo structures, hesitant that convergence will translate into changes that require them to diminish their roles. Yet malicious actors don’t think this way and ultimately capitalize on these functions working in isolation from each other. Later in this article, we will discuss how security convergence is not designed to eliminate roles, jobs or departments, but to strengthen their ability to secure the enterprise and enhance workforce experience with automation, integration and data-insights.
Trusted and True Security Convergence
Security is long overdue for the digital transformation and the altered threat landscape requires a change to conventional thinking and a new approach. The industry continues to come face to face with the reality that millions of dollars are being spent on halfway security measures, while breaches continue unabated and threat vectors rise. Current spending on regulatory compliance and network security too often miss a structural vulnerability: security is still imprisoned in corporate silos and needs to break free.
Cyber|IT security personnel focus on virus and malware attacks, hacker penetration of network perimeters and employee access and authorization. Corporate security personnel focus on physical access to buildings, zones and remote facilities and often, environmental systems. Operators of critical assets like pipelines, power generation, chemical plants and airports focus on control systems and whether assets are functioning within established parameters. The monitoring systems for these functions are rarely integrated and even more rarely correlated for contextual understanding of an evolving security event. Everyone is isolated. It is the very definition of halfway security and corporate irresponsibility.
Better alignment of security/risk management strategy with corporate goals
Advances in technology integraton/security operations centers
Greater efficiency in security and/or business continuity operations
Clear cost savings