IFSEC International is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
At IFSEC 2018, the first converged security operations centre for a security event is being built to bring together security professionals from the cyber and physical arenas to witness, ‘in real time’, what the latest technology can do and discuss how to manage cyber and physical attacks.
Why now and what is the point? As those who have followed the course of security management since the early years of this decade will know well, cybersecurity has gradually become of key importance to ensuring an organisation is resilient.
Many security professionals have urged greater collaboration between physical and digital security teams and a few organisations have successfully formed cross-functional teams. Some of these have built converged security centres to manage their security incidents more effectively.
But for most this is not the case even if it is thought that multi-disciplinary teaming is the best way to ensure a holistic risk approach such as Enterprise Security Risk Management and maintain the cybersecurity of physical security systems.
It works equally well on the other side as there are many ways physical security is vital for a robust cybersecurity programme. Although this all makes sense it is still probably just 27% of large companies that have a single function.
But why should the security industry change the status quo? Some will argue it is better to carry on building separate Security Operations Centres as they have been. There are others who have already started on the journey and Barclays is a notable example.
A key driver for this has been the digitalisation of organisations brought about by the 4th Industrial revolution with the increase in volumes of data that need to be protected. This, combined with the exponential growth in internet of things devices has significantly impacted the physical security industry.
Hence we see a great interest in cybersecurity, the GDPR and privacy from colleagues who until recently preferred to focus on physical security. It is important to work closely with all those involved in securing people and their data and it is virtually impossible to separate them now, as our smartphones prove!
The converged security centre can also be likened to a concert hall with a symphony orchestra composed of many different instruments and voices
So, one approach is to discuss together how to secure our technologies with experts. This makes sense! It works in other areas of life very well.
In an operating theatre, there are teams of surgeons who specialise in different areas of medicine and who work closely with other doctors, anaesthetists, nurses and support staff to perform a successful operation.
But they can’t do this without each other or be expected to. The converged security centre can also be likened to a concert hall with a symphony orchestra composed of many different instruments and voices, but all brought together in harmony to produce inspirational music.
There is normally a conductor often with soloists who specialise in an instrument or voice but on their own, they cannot produce anything like the beauty achieved by the whole. Similarly, teams of diverse security professionals with different specialisms now need to help one another to understand the range of risks to cyber and physical devices and systems.
In one centre it is obvious that this can happen faster. The cost savings of one instead of two locations are many and clear, including the benefits of sharing systems, technologies and equipment, less space, lower rates and so on.
At IFSEC 2018, Vidsys, Unified Security and our partners are building such a centre which will look at how technologies can be used now to prevent, identify and respond to cyber attacks on CCTV and other physical security systems.
It has become widely known that CCTV cameras and systems often have many vulnerabilities and are not easily patched. In this way, they can be the weakest link in a network and so it is important to protect them from external attacks in cyberspace.
Cybersecurity technologies can be used to connect cameras to intrusion prevention, identification, SIEM and other real time response systems and in this way the whole corporate network is given a higher level of resilience than the normal level which does not have this functionality.
Typically, a separate security centre manages incidents for physical security which will not prevent, identify or respond to such attacks. And since the cameras are not normally connected to cybersecurity protection systems the attack is not mitigated by the Digital Security Centre either. It is these kinds of issues which must be resolved.
Converged Security Information Management (CSIM) Operationalises Security: CIO’s face complex “operational trade-off’s” – and the solution is to converge disparate technologies. It offers these benefits:
Rules & use cases that look across both physical and cyber sub-systems
Use micro-segmentation solution in enterpris
The compromised endpoint can be forced off the network and the network re-keyed (new crypto keys for each endpoint) basically making a new network
Faster assessment and response to situations
How to respond to insider threats through a converged security platform
Blended threats – monitor across connected disparate systems
Secure access to certain systems should only happen form certain locations
Have they entered the building?
Have they entered the room?
Network log details, SIEM log details
Prof. Paul Dorey (Chair of IoTSF), Martin Gill (Director, Perpetuity Research), Mike Hurst (CPP, HJA Fire and Security Recruitment ASIS International UK Chapter), Brian Sims (Risk UK, Editor), Barrie Millett (Head of Group Security, Wesleyan), Letitia Emeana CPP PSP (Board Member Women’s Security Society – Physical Security), Danny Dresner (Co Founder IASME), Alan Jenkins (former ASIS UK Cyber Convergence Lead) and Steven Kenny (Industry Liaison – Architecture & Engineering, AXIS Communications).
Authors : James Willison MA MSyI, Founder, Unified Security Ltd and Sarb Sembhi CISM, CISO Virtually Informed Ltd.