UK security vendors should look to the US for help in standardising converged security systems, according to experts, or risk their cyber defences being undermined by a lack of co-ordination and harmonisation between physical and data security platforms.
“The most interesting thing for me is the National Institute of Standards Technology (NIST) proposal,” he said during a panel discussing the evolution of physical and data security systems at today’s IFSEC International conference in London.
James Willison is vice chair of the ASIS European convergence/ESRM committee, a security strategy and risk management advisor, and associate senior lecturer in security management at Loughborough University.
“In the past we have looked at security systems separately – IT, access control, fire, health and safety – and this is a problem. Things are improving slightly in the US but I don’t know about here [in the UK].”
The second draft of NIST’s special publication (SP) 800-160 systems security engineering proposal was published in May this year. It recommends ways in which security design principles are baked into newly converged physical and data security systems such as those being built to support the Internet of Things (IoT) at every step, from concept to implementation, rather than relying on additional data security layers being retro-fitted onto devices and networks at a later stage.
“Those things [operating systems and applications ….firewalls encryption and monitoring systems] do not go far enough in reducing and managing complexity, developing sound security architectures, and applying fundamental security design principles,” said NIST Fellow Ron Ross. “Many of the engineering-related activities must be done by industry, as consumers can’t design or modify source code, or do the other tasks necessary for full-spectrum security.”
NIST’s influence in global IT and data security standards has been significant to date. It released the cybersecurity framework v1.0 for US financial, energy, health care and other critical national infrastructure (CNI) systems in 2014 and since widely copied elsewhere.
The organisation was also instrumental in establishing a universal definition for cloud computing platforms, another key element in emerging IoT platforms which presents its own data physical and data security challenges.
Subscribe to the IFSEC Insider weekly newsletters
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!