Cyber And Physical Security Unite

The passion is coming back to the on-again/off-again romance between cyber-security and physical security. Three drivers are putting the excitement back in the relationship: technology, policy and economics.

TECHNOLOGY — Increasingly physical security devices are being computer-enabled. They are also being networked together to provide automated results of physical security status to centralized databases for analysis. Often these devices communicate with each other via wireless circuits. All of this physical security information must be protected, forcing an integration of the cyber- and physical security disciplines. Computers and networks must be protected from both cyber- and physical compromise, of course, which reinforces the connection.

POLICY — In some situations, IT security is run by one organization, personnel security by another, physical security by another, and network operations by another. Each may have its own budget, priorities and processes. This results in seams that adversaries can exploit. Patching these seams requires policies that reinforce coordination and cooperation.

ECONOMICS — Managing the two together can result in more efficient use of budgets and staff time. Integrating physical and cyber security is not without challenges. The disciplines have always been related, but both require different expertise.

No organization should force its physical security guard force to be the computer network response team (or vice versa). Trying to do so is a recipe for failure for both missions. How, then, can organizations find the right balance in integrating physical and cyber security? Here are five suggestions:

• Respect the expertise requirements and training needs of both disciplines.

• Allow leaders in both disciplines to have insights into and input to each other’s emergency reaction plans.

• Ensure coordination prior to acquisition of physical or cyber security devices.

• Ensure senior management is well versed in the needs of both disciplines.

• Periodically exercise the entire security force using multiple, realistic scenarios.

As director of computer network operations and Homeland security technologies for TRW Systems, Reston Va., Bob Gourley tracks technological developments that impact upon computer network defense and Homeland security.