At IFSEC 2019 the Converged Security Centre returned. This time it was bigger and better than last year with hundreds of visitors coming to see what was on offer, throughout the event. The first outing in 2018 proved its value but the second clearly demonstrated that the importance of people meeting together and using the converged technology is the way forward for organisations which face the growing challenges of cyber attacks on physical systems and physical attacks on the corporate network. Hence the teams demonstrated how the people in a centre could see these new attacks, quickly respond and recover from them.
The build-up to the event was significant in its own right with all of the partners (Informa, Vidsys, Unified Security, Micro Focus, AXIS Communications, Ipsotek and Salam Technology) devoting considerable planning and preparation to ensure its success. The excitement for the centre which was generated by the amazing volume of social media articles meant that when we arrived at IFSEC on June 18 there was a really great atmosphere and positive feel. The words ‘awesome’ and ‘fantastic’ were being heard all around! Certainly, it merited this especially given all the planning and discussions which preceded it. It wasn’t something which ‘just happened’.
So what did we see? At a special launch, we were honoured to be invited by IFSEC and Frank Gardner OBE (BBC Security Correspondent) to kick off the Keynote Arena conference at 1100 on Day 1. Leaders from the Centre each gave their perspective on the value of a Converged Security strategy and co-locating physical and cybersecurity teams in one operations centre. Sarb Sembhi, CISO Virtually Informed Ltd, stated, “Change in the sector is forcing the two distinct parts of security operations together, having traditionally worked in silos”. Maurice Singleton, President of Vidsys, described how Converged Security and Information Management solutions enable organisations to assess risks in real-time and filter out the noise from the huge volume of data generated by security metrics. Steven Kenny, Industry Liaison - Architecture & Engineering (A&E) at Axis Communications, added that training and upskilling was required when merging the two silos of physical and cybersecurity and stressed the essential role of the Manufacturer’s hardening guide in supporting those deploying systems.
David Humphrey CTO Rich Media at Micro Focus indicated that converged security was already fairly common in defence establishments and agencies and was poised to break into the commercial arena, emphasising that “We need to get it out wider”. James Willison Founder, Unified Security Ltd, highlighted findings from the World Economic Forum that suggest 76% of businesses believe a cyber attack on their IoT devices and systems is very or highly likely. Hence an operational response is essential. He was delighted to launch the ASIS International Enterprise Security Risk Management Maturity Model and briefly described its foundational principles such that ESRM is managing all security risks, cross-functionally. He also explained that to achieve the highest levels of the maturity model an organisation had to form one security department and work in cross-functional teams, communicating effectively together on all security risks. He then outlined five steps to building a Converged Security Centre as an example of operational ESRM.
At the Centre itself, we welcomed many hundreds of visitors over the three days and the partners presented their technologies to audiences of about thirty or forty people with some others stopping by to listen in to the discussions. We looked at three topics which a Converged Security Centre’s team can much more effectively address than analysts working in two or three centres which would be in different locations sometimes a great distance apart. Until recently the technologies used to monitor events have been siloed and focused on either physical or cybersecurity attacks but with the increasing use of IP based physical systems and social media, the attacks have blurred. The proliferation of the Internet of Things has added many more physical security devices to the corporate network and hence the need to protect these from attack. Even if a manufacturer demonstrates good cybersecurity and offers hardening solutions it is important to monitor the network on which they sit and respond effectively to any threats. On the first two days, we covered three topics.
How Converged Security Centres respond in real-time to physical and online threats?
This session demonstrated how technologies can be integrated into one centre, to prioritise emerging security risks from high volumes of data and respond in near real-time. The solution partners provided a view on how large events and campuses can be managed in a fast-moving and dynamic environment. The benefits were outlined as the ability to understand the key threats and with guidance from Artificial Intelligence recommend the best course of action with follow up reports generated for further improvements. Prof. Martin Gill Director Perpetuity Research & Consultancy International gave some very perceptive insights from a criminological perspective arguing that some criminals will work out how to circumvent these technologies and asking what could be done to counter this. Alan Jenkins Head of Advisory Services at 2|SEC Consulting joined us on the second day and applauded the integration of technologies, encouraging us all to take security convergence to the next level. He also stated that he wished that he had had this kind of technology when he worked in the military fifteen years ago as its rapid response and enhanced situational awareness capability is particularly beneficial at the operational and tactical levels.
On day 3 Iain Macpherson, Security Systems Manager at the Crick Institute joined us to give his thoughts. We were sorry to miss David Clark, Head of Security for the Crick Institute, who couldn’t make it but Iain did a brilliant job so David should be proud! Iain works in a Smart Building and raised important concerns over the added responsibilities placed on physical security operators and the costs of the technologies. James emphasised the need for a cross-functional team to work in the centre which consists of a good number of people given the proposition that either two or three centres will merge into one. Steven Kenny from AXIS Communications warned us that the CCTV could be switched off by a virus and then what would we do? That certainly made us all wake up! But we would hope the SIEM technology would really help on that one! We were delighted to see the good humour generated at the talk as we all learned from each other (see the picture below)!
How converged technologies ease prevention and response to unauthorized physical/logical access to corporate facilities and networks?
This session demonstrated how one converged team can identify and respond to fraudulent activity on a corporate network, in near real-time with the power of Vidsys, Micro Focus and AXIS solutions. The teams considered:
- How the logical and physical id of an employee does not match
- The operators look at the office CCTV footage of the employee physically badging on the access control device in the morning
- The screenshot captured is matched with the access card information
- Vidsys and SIEM technologies correlate all this data and determine a case of Insider or Outsider Threat
Once the partners had explained how criminals can be monitored in both the digital and physical space the guest speakers were invited to comment and ask questions. On Day 1 Prof Paul Dorey, Chair Emeritus of ISSP and InfoSecurity Europe member of the Hall of Fame, stated that he was very pleased to see how technologies had advanced to a level which truly enabled teams to respond to fraudulent activity and urged the audience to consider how they could make use of them in their organisations. He said that he had been a converged CISO/CSO in a previous role and would have loved to have had these solutions such as CSIM, SIEM and a mature AI monitored CCTV solution at the time. On Day 2, security convergence evangelist, Alan Jenkins, joined us for his second outing and as ever engaged with the panellists and the audience seeking to encourage us to do more to adopt convergence to benefit the enterprises that we protect. He urged us to reach outside our immediate audience and to break down our own silos. On day 3, Dr Daniel Dresner FInstISP, a lecturer at the University of Manchester, sparked a lively debate over the topic raising concerns for the SME and their needs and vulnerabilities which are all too often forgotten. He answered questions from the floor from a variety of people and engaged brilliantly and entertainingly as we have come to expect including an enthusiastic discussion with James and Sarb!
How Chief Security Officers can benefit from data analytics and converged platforms to understand the complex physical and cyber risks posed to Transport systems?
This session explored how CSOs can benefit from deploying multidisciplinary teams in one security operations centre and use converged technologies to identify and respond to fast-moving events in transport systems. The teams from Vidsys, Micro Focus and AXIS Communications considered:
- Visual displays of various incidents related to UK Transport (Highway Accidents, Broken streetlights, Systems down, Networking issues, cyber-attacks, insider threats, property damage, protests, Broken vehicles)
- Event is identified and a report is sent to the CSO with actions outlined
- Upon detecting a drone within 1 km of the airport perimeter an event gets created automatically
- Operators monitor the presence of a drone and use counter-drone systems if possible
It was clear on Day 1 that the centre had generated a lot of interest as a good number of people joined us at 4 p.m. The technologies can make a great difference to a CSO. We also heard from Lucas Young, the Transport Lead, Network Video Surveillance - BDM Northern Europe at AXIS Communications. He gave some excellent insights into the power of Video Analytics in assisting CSOs and this combined with the other partners gave a very realistic feel to the presentation. Mike Hurst CPP, HJA Consult, Vice-Chair, ASIS International UK Chapter, then added his wealth of experience in the Security Industry to emphasise the overall importance of ESRM and that security is security in case we focus too much on physical or cyber technologies and lose track of the business focus, to which we all agreed.
On Day 2 we were delighted to welcome Godfried Hendriks, ASIS International, President-Elect, Business Development Director Europe @ Revolution Retail Systems, who enthusiastically encouraged all the partners and the audience to move forward with a convergent approach which he believes will be universally adopted in the next five years emphasising that security will just be security in the near future and that ESRM is a central global strategy of ASIS International which has seen significant adoption across many organisations and will inevitably only increase in its impact and relevance. He concluded, “The ASIS International Global Board of Directors selected advancing ESRM as a strategic priority initiative in July 2016, and over the past few years the ESRM principles have been infused in all ASIS products, services, and culture. ASIS has taken the lead to enable our members to be more effective risk and security leaders, and it is great to see that many other organisations globally are following because we want to, and we need to, work together as an industry to be successful”.
In summary, we were so pleased to see such good numbers at the Centre and in the Keynote Arena. We thank our colleagues at Informa especially Gerry Dunphy, Rachel Eaton, Annelise Bright and Adam Bannister, Jasmeet Kapoor (Vidsys Inc) and our partners for all the considerable work and effort they put in to making the Converged Security Centre, in the words of our very good friend, Brian Sims, the Centre of attention!
Gerry Dunphy, Strategy Director IFSEC International says: ‘’The Converged Security Centre is what IFSEC is all about- a high-quality interactive feature area which showcases state of the art technologies in a fully integrated setting. The use of complementary systems and products across the Vidsys platform reveals tangible solutions in a variety of situations to help and assist security professionals assess and respond to threats and incidents. In addition, the levels of resilience are immeasurably increased through the correct use of converged security procedures, so the customers will experience how this deeply integrated approach will add immediate levels of additional security. IFSEC is committed to addressing the core problems at the heart of the security challenges and the Converged Security Centre is a focal point for displaying excellence and guidance in making full use of complementary hardware and software to enhance the customers’ approaches to security.’’
James Willison MA, Founder, Unified Security Ltd.
Sarb Sembhi CISM, CISO Virtually Informed Ltd.