In our current connected operating environment, the allure of digital transformation and innovation has led security leaders to embrace digitalization as a means to enhance both efficiency and profitability. The adoption and integration of IoT and IIoT devices has led to an increasingly interconnected mesh of cyber-physical systems, which expands the attack surface and blurs the once clear functions of cybersecurity and physical security.
Megan Knodell, program lead for the United States Cybersecurity and Infrastructure Security Agency (CISA), is leading a Cybersecurity and Physical Security Convergence webinar on 26 October. Supported by the ASIS Information Technology Security Community, this webinar is presented as a free resource for security professionals as part of Cybersecurity Awareness Month.
The ASIS Blog sat down with Knodell for more insights about convergence.
Why should security professionals have convergence on their radar?
Together, cyber and physical assets represent a significant amount of risk to physical security and cybersecurity – each can be targeted, separately or simultaneously, to result in compromised systems and/or infrastructure. Yet, despite a general consensus around these interconnected risks, physical security and cybersecurity divisions are often still treated as separate entities.
When physical security and cybersecurity divisions operate in siloes, they lack a holistic view of security threats targeting their enterprise. As a result, successful attacks are more likely to occur. Organizations can overcome the potential risks of siloed security functions by implementing this concept of formal collaboration between cybersecurity and physical security functions. The benefits of this formalized collaborative approach often outweigh the challenges of organizational change efforts and enable a flexible, sustainable strategy that is anchored by shared security practices and goals.
What advice you would give security professionals interested in convergence?
CISA recommends critical infrastructure organizations and security professionals consider establishing formal collaboration between CSO and CISO departments.
A structured approach to converge security functions will enhance an organization’s ability to:
- communicate across the security enterprise;
- identify physical-cyber risk;
- align cyber and physical security policy and goals; and
- coordinate incident response.