Time to Stop Defying Logical Security
Physical and logical security are going to merge; it’s not a matter of if but how quickly they will assimilate each other and work more effectively together.
Physical and logical security are converging. That was the overriding message during the second Cyber:Secured Forum.
Produced by the PSA Security Network and Security Industry Association (SIA), the two-day conference is an outgrowth of the Cybersecurity Congress PSA partnered with SSI on four years ago, and the electronic security industry’s acknowledgement, awareness, concern and action on the subject has swelled from modest to paramount during that brief time span.
As someone who has long urged cybersecurity be given its due, it is heartening to see security manufacturers and integrators alike stepping up. That said it is a bit disappointing this event has not significantly grown beyond around 200 security professionals.
It may be reflective of too many events on the calendar, the timing of late July when many vacation, the location of oppressively hot Dallas and cybersecurity still being an intimidating (and therefore unpleasant) topic for many.
And while the Cyber:Se-cured Forum’s attendees and speakers included several of the industry’s more progressive thinkers and subject matter experts, the sessions were unfortunately dominated by manufacturers and end users, with scant integrator involvement. Those caveats aside, this year’s presenters and content were uniformly solid.
Kicking it off was Booking Holdings’ Mark Weatherford with his keynote, “IoT, Convergence and Supply Chain Risk: Let’s Not Forget Cyber.” Weatherford, whose company’s clients include Priceline, Agoda and Kayak, discussed how most organizations separate the functions of IT, physical security and ICS/SCADA.
Such divisions work to hackers’ or cyber criminals’ advantage, he said, as one department seldom knows what the other is doing, and the opportunity to team up for more comprehensive security is lost.
Weatherford offered these steps for integrators to establish a vendor risk management (VRM) program:
- Map your supply chain and identify your most important vendors
- Identify sub-tier sup-pliers with critical IT components or software embedded in your products and systems
- Know what info or IT systems your vendors can access
- Review your personnel practices
- Conduct regular briefings on the threat environment and track the reporting and remediation of vulnerabilities
Weatherford also highlighted best practices for a more secure IoT:
- Secure product development
- Data encryption
- Using strong passwords
- Following privacy policies
- Adhering to regulations
Regarding the latter, he said there are presently more than 300 pieces of proposed legislation surrounding digital data before the federal government.
It was fascinating during the “View From the CISO’s Office” panel how all the end users — from Southern Methodist University (SMU), Comcast and McAfee — said their organizations have already combined their physical and network security operations, often with personnel working side by side.
They stated how they realized, even though the two had long been siloed and clashed personality wise, that they had much more in common than not and how much more effective they could be operating in unison.
The panel also noted that while physical security was several years behind IT in innovation, the gap was closing.
“Both of those responsible for physical security and cybersecurity are more alike than different. They are like mirror images of each other,” SMU CISO George Finney, who also led the “What Physical Security Can Learn From Cybersecurity” session. “They go hand-in-hand. It took a while to click for us.”
During the past few years that collaboration along with the guidance of SMU’s integrator Siemens, has “clicked” to the tune of a 60% reduction in campus crime. Other nuggets Finney offered included looking for blind spots in a security plan, selling through hope rather than fear, fostering a security community, sharing best practices and ideas, building security into an organization’s culture, and being accountable rather than blaming.
Finney said the biggest indicator of an organization’s vulnerability to a data breach may be its culture, with those rating poorly being three times more susceptible.
Other Forum highlights included…
- TechMIS CEO Steven Mains, during “Integrating and Monetizing Cyber and Physical Security Offerings,” said the four steps for an integrator are 1) Find a subcontractor; 2) Start using it yourself; 3) ID potential clients; 4) Sell it.
- In “Enterprise Technology Trends to Watch,” Pivot3 Sr. Dir. of Surveillance Solutions Brandon Reich noted that 102 million IP surveillance cameras will be sold in 2019. And while those devices make up 10% of all IoT device sales, they generate 75% of all IoT data.
- During “Convergence: It’s More Than a Buzzword,” Verint’s Bill Eckard highlighted the rich data that can be mined by monitoring social media, which can then be used by organizations to mitigate threats to people, places or business.
- The “Technologies Transforming Cyber-Physical Security Panel” panel included reps from Google and Facebook who urged applying ethics to the looming AI explosion.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!