Cybersecurity and Physical Security Conjunction

Today’s threats are a result of hybrid attacks targeting both physical and cyber assets. The adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices have led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security. Meanwhile, efforts to build cyber resilience and accelerate the adoption of advanced technologies can also introduce or exacerbate security risks in this evolving threat landscape.

A successful cyber or physical attack on connected industrial control systems (ICS) and networks can disrupt operations or even deny critical services to society. For example:

• A security gap in access controls, such as unauthorized access to facilities or system permissions, can allow an individual to use a universal serial bus (USB) device or other removable hardware to introduce a virus or malware into a network.
• Heating, ventilation, and air conditioning (HVAC) systems can be virtually overridden, causing a rise in temperature that renders network servers inoperable.
• A cyber-attack on telecommunications can impair communication with law enforcement and emergency services, resulting in delayed response times.
• An unmanned aircraft system (UAS) can compromise sensitive information by gaining access to an unsecured network using wireless hacking technology.
• A cyber-attack exploiting healthcare vulnerabilities can compromise sensitive data or cause a connected medical device to malfunction, resulting in injury or loss of life.

When Does Physical Security become a Cybersecurity Concern?

Physical security is a vitally important business practice, to prevent unauthorized persons from entering your business and causing harm, to protect your intellectual property from corporate espionage, and to mitigate workplace violence, among other concerns. Today, organizations must consider physical security as a primary pillar of cybersecurity.

There are three differing perspectives on this reality, each of them paramount to maintaining overall security.

1. Physical Breaches Can Facilitate Hacking

For many threat actors, the easiest way to obtain your data is to access it in the physical world. While strong firewalls and other cybersecurity best practices may thwart hackers outside your business from entering the network, very often hackers will simply find a way into your building and plug into any IP connection or grab a laptop or server and walk out with it. They may use social engineering to bypass security guards, slip in behind an employee who politely holds the door open for them, tailgate through an access-controlled entrance, or use stolen credentials to get into your facility. Deploying the strongest-possible physical security measures is the best way to mitigate against this danger.

2. Hacking Can Create Physical Threats

If IP-connected physical security solutions are not hardened adequately to cybersecurity threats, they can be compromised via the network. A threat actor outside the building can access enterprise networks through unsecured WiFi networks, a vulnerable Internet of Things (IoT) device, or another weakness and can disable physical security devices such as surveillance cameras, access control systems or alarms. This can put organizations at risk in a number of ways. Terrorists could enter buildings, putting your personnel in direct danger. In a healthcare facility, criminals or employees, could steal prescription medications from protected storage rooms. Unauthorized individuals could enter restricted areas of critical infrastructure facilities and put themselves or the general population at risk.

3.Physical Security Devices Can be Used as Attack Surfaces

Any device on the IoT – from a smart temperature control system to a car charging station could be used by hackers as an entry point to the network. Similarly for physical security products from surveillance cameras to WiFi locks. The moment a smart device is connected to the network, it becomes a potential attack point for a hacker to use to reach the network, from which they can implant malware, steal data or cause many other sorts of mayhem that disrupts business operations. Every IoT-connected device used in organizations must be properly hardened for elevated security.

Is Convergence the next step?

Convergence is formal collaboration between previously disjointed security functions. Organizations with converged cybersecurity and physical security functions are more resilient and better prepared to identify, prevent, mitigate, and respond to threats. Convergence also encourages information sharing and developing unified security policies across security divisions.

BENEFITS OF CONVERGENCE (Source: CISA.GOV)

An integrated threat management strategy reflects in-depth understanding of the cascading impacts to interconnected cyber-physical infrastructure. As rapidly evolving technology increasingly links physical and cyber assets—spanning sectors from energy and transportation to agriculture and healthcare—the benefits of converged security functions outweigh the challenges of organizational change efforts and enable a flexible, sustainable strategy anchored by shared security practices and goals:

Getting Started

A culture of inclusivity is vital to successfully converging security functions and fostering communication, coordination, and collaboration. Organizations of all sizes can pursue convergence by developing an approach that is tailored to the organization’s unique structure, priorities, and capability level. The CISA Cybersecurity and Physical guidelines provide good guidelines for a convergence approach.

References

CISA.GOV