The convergence of physical and logical security has been gaining traction ever since the introduction of network-enabled security devices.
The convergence of physical and logical security has been gaining traction ever since the introduction of network-enabled security devices. That physical and logical security have converged at a technological level is old news, but what is still amazing, unfortunately, is how far behind managements are when considering this convergence. Despite the obvious fact that convergence improves security as well as operational efficiency, organizations, and to a significant extent their systems integrators (SI), continue to consider the two as though never the twain shall meet.
Industry experts are aware of this issue as they stress the importance of convergence. Jon Stanford, Global Director for Industrial IoT Solutions and Services at
Cisco Systems, pointed out that when it comes to unauthorized access to systems and data, the “last door” becomes cyber access. This means that no matter how well you protect your logical computing environment with security controls, once a malicious actor (whether a trusted insider, a trusted third party or an intruder) passes through the final physical barrier, it’s game over.
“In order to effectively mitigate risks across the board, you need to address both physical and logical security together,” Stanford said. “Today’s advanced threat agents exploit vulnerabilities in both domains. In the industrial base, cyber-physical security attacks are of grave concern to critical infrastructure operators, because, if successful, their effects could be catastrophic. The damage or disruption resulting from combined cyber-physical events can be far-reaching. It’s crucial to ensure that security investments encompass both cyber and physical security protections.”
What’s Seen in the Field now?
Convergence has made inroads into various sectors of security. Perhaps the most obvious example seen among these is in the access control industry where the use of keycards is prevalent. These increasingly rely on combining electronic systems and communication networks to operate.
“Proximity card readers, PIN pads and badge readers at entry points, all rely on this type of automation,” said Stanford. “Some building automation systems regulate integrated security access control, camera systems and HVAC controls all in one platform, which can communicate over a common IT network.”
Mohamed Benabdallah, Director of Professional Services for
Convergint Technologies, pointed out an important aspect in this regard. Physical and logical security have one thing in common — employee databases. These databases must have an authoritative source that can feed both systems in a synchronized fashion.
Speaking of points at which the two systems converge, Andrew Howard, CTO of
Kudelski Security, said that their clients integrate data from physical and logical systems in their Security Incident and Event Management (SIEM) systems. These systems basically collect data from various sources, look for anomalies that could indicate threats/issues, and take the necessary action.
“Given current technology capabilities, this is the easiest convergence point,” Howard said. “I anticipate that purpose-built convergence or orchestration systems will begin to appear in the market as a SIEM can only analyze and correlate data, not actively impact change on devices.”
Then there is also the arrival of new technologies such as artificial intelligence (AI), which, according to Benabdallah, has a lot of potential in this sector. “The more AI technology learns, the more it adjusts functions while being invisible and non-intrusive,” he said. “Eventually building management controls, as well as IoT devices, will be managed by AI technology, not only to control facility settings but also to flag any unusual behavior.”
But what more is needed? Matthew Wharton, President for the Security & Technology Consulting Division at
Guidepost Solutions, believes that convergence is automatically happening in the field as IP-enabled devices are connected to the customer’s network, what really needs to happen is convergence at the monitoring level of security incidents and events because you can have alerts that could have been just physical security in the past but now have bigger ramifications to the client’s overall security integrity.
“So, when it comes to ISO 270001 standard, which is about the physical protection of IP assets, a door held-open alarm or a door forced-open alarm on a sensitive data repository is no longer just a physical event but an information security event because you have just discovered a breach or potential breach, not necessarily of their network, but of their regulatory protocol,” Wharton said. This means having the knowledge and sensitivity to understand the bigger information security picture is crucial.