The Convergence of Physical and Cyber Security

By Bernhard Mehl
May 21, 2018
Physical and Cyber Security Convergence

Cyber security is increasingly becoming an important aspect of physical security, as both of these security solutions begin to converge. Here's what you need to know about the benefits (and drawbacks) of this integration.

Incorporating the internet into the physical world initially began as a slow shift. It has since gained unprecedented momentum with the emergence of the Internet of Things (“IoT”). Multiple “smart” tools with computing capabilities have become smaller and cheaper, resulting in broader availability and utility. Large budgets were required for an industry to computerize a process just a decade ago. Today, it takes far less money and time. Moreover, it’s substantially easier for individuals to perform a majority of daily tasks on the web. All that’s required is a smartphone app and users can control home appliances or set office temperature.

Sophisticated sensors also play a major role in the convergence of physical and digital worlds. New sensor technologies, such as proximity, infrared, image, optical, temperature, smoke, and pressure sensors have surfaced. They facilitate the automation of numerous processes.

Agile software development brought together the devices—the sensors—and the web into a broader ecosystem that includes more vulnerable access points. In terms of security, the boundary between the physical and the cyber world is getting thinner.

What Led to the Convergence

Late May 16, 2018, homeowners found their Nest security systems no longer accessible, as their cloud service was down. The cause of this remains unknown, but the result was clear: many security system features were either reduced or entirely removed.

Physical and cyber security have been entwined since the very first security system was disabled remotely. The convergence of physical and cyber security is not a new one, but rather a growing threat. As the Internet of Things grows and more security solutions operate through virtualized systems, it becomes necessary to take a look at how physical and cyber security are interacting with each other. Consider a modern building, in which the HVAC system, video surveillance feeds, and access control systems are all network-enabled and network-accessible. A single security breach could compromise the entirety of the building's physical infrastructure, from the motion-activated cameras to the sprinklers that take care of the lawn.

Businesses (and even homes) are now laced with Internet of Things devices; network-capable devices that provide better comfort, convenience, and security through technology. Unfortunately, many of these devices are poorly secured, both on a hardware and software level. There are few security standards that these devices need to meet -- and a single device being compromised could compromise the entire network.

What Does Convergence Mean for Businesses

For the modern business, what does it mean when physical systems and cyber security converge? Businesses today are more vulnerable than they may believe. Small to mid-sized businesses are increasingly being targeted by criminal attackers. Businesses need to be aware that a security flaw in their network could lead to a physical security breach. Access systems, security cameras, and even telephone systems are now often controlled through the organization's network. If the appropriate steps haven't been taken to secure that network, the business could very well be vulnerable.

Why Pay Attention to This Convergence?

Responsible IT personnel are justifiably concerned about new security challenges developing in the interconnected grid of physical devices. Multiple IT roles play a part in addressing the weaknesses. Hackers have more ways than ever to locate vulnerabilities in IoT devices.

A strong emphasis on IoT cybersecurity expertise arose recently due to the proliferation of enterprise applications and cloud-based platforms. Their practical application blurs the line between what’s required (security-wise) from a CIO, an internal IT security manager, a cybersecurity expert, a cloud service vendor, and an IoT solutions provider. Who is ultimately responsible and for which portions of the overall system of systems that is IoT? If a company deploys an IoT solution, do they also need to hire an IoT cybersecurity expert?

Traditional roles may become clearer and new security roles may develop as a result of the IoT revolution. Nonetheless, everyone included in the process must bear a certain portion of the responsibility for tightening security. Physical and digital security are integral to corporate security policies. And with the dawn of IoT, a binary distinction between physical and digital security is virtually impossible. All securitization procedures concern both physical and digital processes and spaces.

How is IoT Cybersecurity an Overall Security Challenge?

Smart devices offer ample opportunities to simplify business processes. They also expose new weaknesses in those same processes. If an intruder has more touchpoints to access a security ecosystem—encompassing both physical and digital objects—the risk grows exponentially as the number of connected devices, apps, and sensors increases.

The result is a much messier definition of security in a world of interconnected systems. If you think of IoT as one big system of systems, within which thousands of intersections are formed as new devices, users and apps are added, it’s easy to imagine the implications of a single security failure—e.g. a DDOS attack. Chain reactions—think botnets—occur.


Benefits of the Convergence

It's important to note that the physical and cyber security convergence is not incidental; rather, it has developed over time as the most convenient and effective means of managing security. Flaws exist in this system only insofar as the systems are not appropriately protected and maintained.

When physical security and cyber security are connected, both can operate more effectively. Physical security systems are now augmented with advanced smart features, such as the ability to use two-factor authentication through the network, or biometric scanning for physical access. Something as simple as connecting motion-activated cameras to a network can add value to the security system, by automatically recording videos to the cloud and sending out alerts when motion is detected.

Cyber solutions give physical security access to a tremendous feature set -- but also increase the risk of the system being compromised. If the system is properly protected, these risks disappear, leaving behind only the benefits.

Physical and cyber security convergence is only going to become a more serious issue, as the boundaries between physical security and virtual systems continue to blur. Organizations need to take proactive steps to protect themselves, by locking down their cyber security and ensuring that each of their physical systems is appropriately installed, updated, and maintained. Business owners need to be vigilant: many physical systems are now internet connected and internet capable, subjecting them to the same amount of risk as any other device on their network.

Strengthening Security With IoT

If used in an efficient way, however, the multiple vulnerability points IoT exposes could also become a source of strength. Security participants in the IoT ecosystem can play a role by using these connectivity points to solve the real-world problems of members who communicate over the network. In this way, IoT is creating growth opportunities.

The main task confronting responsible IT security providers is to create barriers and checkpoints between the newly-converged physical and cyber worlds. You can now find many providers of combined security solutions that pay attention to both aspects.

If we can overcome these inherent IoT cybersecurity challenges, then the sky is the limit. The logistics industry is using asset tracking in the logistics management lifecycle to cut down on costs and amplify labor potential. Automotive industries have improved engines and other vehicle parts and accessories by tracking their performance in the overall system.

Real estate and facility management companies have automated building management. They’ve reduced maintenance and operational costs by implementing IoT solutions. Drones are used to improve citizen safety by accessing dangerous areas.

These are just a few examples of how IoT can be used to overcome current enterprise problems. Since we’re not moving back in time to isolated security environments, we must look strategically into a future of making IoT work for enterprise growth rather than against it.

Bernhard Mehl

Bernhard is the co-founder and CEO of Kisi. His philosophy, "security is awesome," is contagious among tech-enabled companies.