The 9/11 attacks fundamentally changed our security environment in the United States and, in my opinion; it was the catalyst for the convergence of physical and cybersecurity. Although synergy began more than a decade ago, it has only been in the last six or seven years that the networked enablement of daily business functions has compelled organizations to accept the fact that physical security and cybersecurity should be operationalized as one comprehensive team, using a layered security approach.
"Successful implementation of a converged physical cybersecurity model is dependent on corporate executive leadership understanding their own company culture and how to operate in and navigate through it"
In the layered approach, the first way to protect critical systems is to keep those with harmful or criminal intent away from them. Perimeter security is the initial phase of the layered security approach, and it is the best way to prevent or mitigate numerous crimes. Preventing crime is a much better strategy than managing incident response and the subsequent far-reaching impact and ramifications of a significant security breach.
The second way is through access control, which allows users to control who can or cannot gain access to your critical IT infrastructure or critical data. It can also provide an audit of who accessed those areas and when. A lack of physical security is always a threat to cybersecurity. If an unauthorized person gains access to a building and ultimately to the IT systems, they can use this physical access to hack the system to steal information or launch an attack. Cyber warfare is a growing risk globally and through the main intent is the disruption of physical civilian critical infrastructure; no enterprise is immune whether healthcare, government, financial institutions, or academia.
The physical security world is becoming more IP enabled. Research estimates approximately 22 billion devices will be internet connected by 2020. What this means to us is the convergence model needs to be adopted so companies can realize potential value, such as efficiency and cost savings.
In the convergent model, a variety of smart devices, such as RFID tags, sensors, and actuators, smartphones, or proximity sensing technologies, are leading to the emergence of an integrated and dense infrastructure for monitoring the physical world and collecting information related to end-user behaviors, their requirements, and dynamics. The management of such a complex infrastructure demands the development of scalable policies for handling the coordination among the devices and adapting their behavior to the rapidly changing physical and social contexts from which the digital services are invoked.
Although this trajectory seems rational and efficient, what is preventing it from materializing, in my experience, is company culture: people. Successful implementation of a converged physical cybersecurity model is dependent on corporate executive leadership understanding their own company culture and how to operate in and navigate through it. I believe “Tone at the Top” develops, maintains, and leads “company culture” and it is imperative that organizational culture aligns with the core business and security philosophies.