Time to Stop Defying Logical Security

Physical and logical security are going to merge; it’s not a matter of if but how quickly they will assimilate each other and work more effectively together.

Physical and logical security are converging. That was the overriding message during the second Cyber:Secured Forum.

Produced by the PSA Security Network and Security Industry Association (SIA), the two-day conference is an outgrowth of the Cybersecurity Congress PSA partnered with SSI on four years ago, and the electronic security industry’s acknowledgement, awareness, concern and action on the subject has swelled from modest to paramount during that brief time span.

As someone who has long urged cybersecurity be given its due, it is heartening to see security manufacturers and integrators alike stepping up. That said it is a bit disappointing this event has not significantly grown beyond around 200 security professionals.

It may be reflective of too many events on the calendar, the timing of late July when many vacation, the location of oppressively hot Dallas and cybersecurity still being an intimidating (and therefore unpleasant) topic for many.

And while the Cyber:Se-cured Forum’s attendees and speakers included several of the industry’s more progressive thinkers and subject matter experts, the sessions were unfortunately dominated by manufacturers and end users, with scant integrator involvement. Those caveats aside, this year’s presenters and content were uniformly solid.

Kicking it off was Booking Holdings’ Mark Weatherford with his keynote, “IoT, Convergence and Supply Chain Risk: Let’s Not Forget Cyber.” Weatherford, whose company’s clients include Priceline, Agoda and Kayak, discussed how most organizations separate the functions of IT, physical security and ICS/SCADA.

Such divisions work to hackers’ or cyber criminals’ advantage, he said, as one department seldom knows what the other is doing, and the opportunity to team up for more comprehensive security is lost.

Weatherford offered these steps for integrators to establish a vendor risk management (VRM) program:

  • Map your supply chain and identify your most important vendors
  • Identify sub-tier sup-pliers with critical IT components or software embedded in your products and systems
  • Know what info or IT systems your vendors can access
  • Review your personnel practices
  • Conduct regular briefings on the threat environment and track the reporting and remediation of vulnerabilities

Weatherford also highlighted best practices for a more secure IoT:

  • Secure product development
  • Data encryption
  • Using strong passwords
  • Following privacy policies
  • Adhering to regulations

Regarding the latter, he said there are presently more than 300 pieces of proposed legislation surrounding digital data before the federal government.

It was fascinating during the “View From the CISO’s Office” panel how all the end users — from Southern Methodist University (SMU), Comcast and McAfee — said their organizations have already combined their physical and network security operations, often with personnel working side by side.

They stated how they realized, even though the two had long been siloed and clashed personality wise, that they had much more in common than not and how much more effective they could be operating in unison.

The panel also noted that while physical security was several years behind IT in innovation, the gap was closing.

“Both of those responsible for physical security and cybersecurity are more alike than different. They are like mirror images of each other,” SMU CISO George Finney, who also led the “What Physical Security Can Learn From Cybersecurity” session. “They go hand-in-hand. It took a while to click for us.”

During the past few years that collaboration along with the guidance of SMU’s integrator Siemens, has “clicked” to the tune of a 60% reduction in campus crime. Other nuggets Finney offered included looking for blind spots in a security plan, selling through hope rather than fear, fostering a security community, sharing best practices and ideas, building security into an organization’s culture, and being accountable rather than blaming.

Finney said the biggest indicator of an organization’s vulnerability to a data breach may be its culture, with those rating poorly being three times more susceptible.

Other Forum highlights included…

  • TechMIS CEO Steven Mains, during “Integrating and Monetizing Cyber and Physical Security Offerings,” said the four steps for an integrator are 1) Find a subcontractor; 2) Start using it yourself; 3) ID potential clients; 4) Sell it.
  • In “Enterprise Technology Trends to Watch,” Pivot3 Sr. Dir. of Surveillance Solutions Brandon Reich noted that 102 million IP surveillance cameras will be sold in 2019. And while those devices make up 10% of all IoT device sales, they generate 75% of all IoT data.
  • During “Convergence: It’s More Than a Buzzword,” Verint’s Bill Eckard highlighted the rich data that can be mined by monitoring social media, which can then be used by organizations to mitigate threats to people, places or business.
  • The “Technologies Transforming Cyber-Physical Security Panel” panel included reps from Google and Facebook who urged applying ethics to the looming AI explosion.

About the Author

Contact:

Scott Goldfine is Editor-in-Chief and Associate Publisher of Security Sales & Integration. Well-versed in the technical and business aspects of electronic security (video surveillance, access control, systems integration, intrusion detection, fire/life safety), Goldfine is nationally recognized as an industry expert and speaker. Goldfine is involved in several security events and organizations, including the Electronic Security Association (ESA), Security Industry Association (SIA), Security Industry Alarm Coalition (SIAC), False Alarm Reduction Association (FARA), ASIS Int'l and more. Goldfine also serves on several boards, including the SIA Marketing Committee, CSAA Marketing and Communications Committee, PSA Cybersecurity Advisory Council and Robolliance. He is a certified alarm technician, former cable-TV tech, audio company entrepreneur, and lifelong electronics and computers enthusiast. Goldfine joined Security Sales & Integration in 1998.

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.

A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters