201 Sands Avenue
89169 Las Vegas
As physical security solutions continue to make the migration from analog to IP at an ever increasing pace, the lines between the physical security and IT security worlds have also begun to blur. With enhanced capabilities that come with deploying video surveillance, access control and other systems on the network also comes increased risk in the form of cyber-attacks. As the proliferation of IP-enabled devices increases, more IT professionals are now charged with overseeing the implementation of these technologies within their organizations and thus have more power when it comes to security purchasing decisions.
Next week in Las Vegas, the inaugural Connected Security Expo will take place in conjunction with ISC West looking to shine a light on how the security industry has and continues to be reshaped by convergence and will bring together both physical and cyber security professionals to discuss the threats facing the industry. Among the conference’s keynote speakers include Herb Kelsey, chief architect at Guardtime, and Matthew Rosenquist, cyber security strategist for Intel. Kelsey has spent the bulk of his career working for large-scale enterprises, such as IBM, and has also designed and built cybersecurity programs for the federal government. Rosenquist started his career in security on the physical side conducting audits and investigations before moving into cybersecurity at Intel where he introduced and led the company’s first CERT (computer emergency response team) unit and now serves as their cybersecurity futurist.
With the Internet of Things (IoT) taking hold in physical security as more and more devices are given IP addresses, Kelsey believes the industry has opened itself up to a broader range of vulnerabilities and also introduced more access points that hackers can leverage to obtain an organization’s intellectual property.
“It’s not clear as an industry – whether it’s the IT security side or the physical security side – that they really understand the implications of that,” said Kelsey.
Rosenquist echoed Kelsey’s sentiments and said that looking at the trajectory the industry is on; it’s inevitable that physical and logical security have to merge.
“As companies embrace technology to be able to better serve customers, to better connect with new customers in new markets, to optimize and compete within their marketspace, they are using new technologies that are tremendous tools, but as a part of that, these technologies are connecting to critical resources, assets and capabilities. That then opens them up to a certain number of risks,” explained Rosenquist. “For the most part, companies don’t even understand what the scope of those risks is or how to address it.”
According to Kelsey, one of the systemic problems is that each side – physical security and cybersecurity – has been seen as less important by the other and the biggest consequence for that way thinking is increased security exposure for organizations.
“Both of these communities have a preconception that they are independent from each other and its comfortable thinking that way but it’s really not true,” said Rosenquist. “A lot of cybersecurity folks grew up in the technology space and they look at it as a technology problem and that it can be solved with technology. In reality, it’s only half. Cybersecurity is half technology and it’s half behavioral. On the flip side, physical security has always looked at the threat to be a person and approached it from that perspective. When you step back, there is this convergence that’s coming between looking at threats purely from a behavioral perspective versus a technology perspective. Both parties need to understand there are shortcomings in their view and that they really have the same objectives – protecting assets and preventing or reducing the amount of loss an organization experiences – and that the playing field is merging.”
In their ambition to realize all of the benefits that connected technology provides, Kelsey believes there has been “blindness” on the part of organizations and even security professionals when it comes to attaching mission critical systems to the Internet.
“The Internet that we see today and the Internet that we attach these devices to has to be two different things and nobody is really interested in that. It’s convenient to ignore the problem and make a lot of money,” added Kelsey.