JamesWillison-20

Project & Engagement Manager, IoT Security Foundation

Author Bio ▼

James Willison MA, is a recognised International leader in Security Convergence and Enterprise Security Risk Management. In 2020 IFSEC Global listed James #8 in the top 20 Cyber Security Thought Leaders across the world. Shortlisted in Security Serious Unsung Security Heroes Awards 2018, as a Security Leader/mentor. James is Co Chair, Smart Buildings Working Group, Internet of Things Security Foundation and a member of the ASIS International ESRM Steering Committee. He is founder of Unified Security Ltd, a Vidsys consultant, works with AXIS Communications on cyber security and advises on the IFSEC Converged Security Centre. James was awarded the Imbert Prize for an ‘outstanding contribution to the Security Industry in 2011’ for his work on convergence with ASIS Europe and the Information Security Awareness Forum. He has more than 20 years of management experience in the physical and information security industry, including posts as Advisor on Convergence to the Mitie TSM Board, Senior lecturer in Security Management at Loughborough University and Digital Security Expert with the European Union. He has co-authored three White Papers and a series of new articles with Sarb Sembhi, sponsored by AXIS Communications, on ESRM, GDPR and Smart Buildings and Cities’ Security.
May 18, 2016

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Security Convergence and the Internet of Things: What is Happening?

I am looking forward to participating in two panels at IFSEC International 2016 with friends and colleagues from across the Physical and IT/ Cyber/Information Security areas.

The questions before us focus on the relationship between these different specialisms and the ‘Internet of Things’. In fact one can’t now be discussed meaningfully without the others.

I have worked in and studied the two domains for about twenty years and it is clear that the Internet of Things and the related cyber security issues is now the main driver for collaboration. In the past the silos of Corporate and Digital Security were often the norm and only leading Telcos, Energy providers, Financial Institutions, Govt and IT companies tended to converge all their resources and consider blended cyber physical attacks.

Our surveys and conferences in the first decade of this century pinpointed that between 20 and 30% of leading organisations worked together in a single security function and another 10 – 20% collaborated on projects such as the implementation of IP video and access control systems. This however still left about 40 – 60 % who had little if anything to do with each other. It is not surprising then to read the alarming success of criminals who continue to hack into companies because they find gaps in the security defense whether those be in physical or cyber.

But what has changed in recent years? It is arguable that the silos still exist in force.

For example the job market seems to now favour the cyber security market and many well paid positions are to be found in this field. Whilst the importance of physical security is undoubted, organisations perhaps rely on the police and a smaller guard force to maintain this and focus their concerns on cyber defenses.

However, many Information Security leaders emphasise the importance of the human factor, education and effective physical security measures – such as the prevention of tail gating. This has led some enterprising companies, such as Mitie in the Physical space to form partnerships with Cyber Security providers, in their case, Fujitsu and offer converged security services and technologies to their clients. These can be very effective in identifying increasing cyber physical attacks.

Cyber and Physical Security Integration 

What else has changed? If you look at IFSEC and the sister exhibition, Infosecurity Europe, both have evolved over the last ten years so that recently they have included leaders from the ‘other’ fields in their Keynote Theatres.

The growth in the SMART and Convergence Theatres and this year the offering of Cyber Security training for Physical Systems at IFSEC is particularly significant and really exciting. It has also been very encouraging to see some leading Physical security systems providers recognise the cyber security threats they face and invest resources to finding solutions to these both at the hardware/software and user levels. Several of us on our panels at IFSEC this year have highlighted our concerns in these areas for many years and this evolving approach is great to see.

I would draw your attention to the following statements in the last year to demonstrate that there is a new shift in thinking to show the need for greater integration and breaking of the existing silos. Bruce Schneier, the leading Cyber security expert and author explained at Information Security Europe in June 2015, Sony was hacked ‘because they had no incident response plan… and the team cohesiveness fell apart immediately because there wasn’t any team response’. He called for greater ‘co-ordination and resilience’ to protect the Critical National Infrastructure.

In January 2016, at a press conference on ‘Confronting Cybercrime’ at the World Economic Forum, Eugene Kaspersky stated, “Cyber is physical. It’s everywhere around us. Even the cameras which are recording us, they are cyber” (WEF 2016).

We have to face the facts that as our physical systems connect to the Internet they become digitalised and so vulnerable to cyber attack and cyber crime. It is fantastic that such a well known Cyber Security speaker and advisor to Govts made this point to in Davos. It was inspirational.  But what are you doing about these risks? The World Economic Forum advocated ‘integrating physical and cyber management and leveraging technologies’ to combat cyber crime (WEF, 2016, p 18) in its Global Risks Report 2016.

In March the three leading International Security Membership Associations for Security professionals across the world, ASIS, ISC(2) and ISACA announced that they were collaborating on a new Security Awareness Standard. This is new because it demonstrates a vision to work together on shared security concerns. They wrote, “This guidance standard will address the intersections of physical, cyber and information security management to help organizations of all sizes maximize protection of people, property, and assets.

In an increasingly complex and interconnected world, the public and private sector are faced with growing physical and electronic challenges to protect personal information, business transactions, and critical infrastructure. Given the convergence of risks and fading boundaries between physical, cyber, and information security, it is essential that organizations of all types and sizes have the best tools at their disposal to promote security awareness from a holistic perspective” (ASIS, 2016).

Lastly but most importantly the Executive Chairman of CISCO, John Chambers, indicated at the Internet of Things World Forum, in December 2015, that few companies have really developed a digital strategy and that only those which had a ‘single security ecosystem/umbrella without silos and competing groups’ would be able to identify and mitigate the new and increasing threats. s your organisation ready to change, as he asked, to become a digital company? How will you use the IOT to undergird this innovation and digitisation? What will you do about the silos and competing groups which threaten the existence of your organisation?

I am looking forward to discussing all these issues and more in June and encourage you to join us to determine how to move forward in this Digital world in which we live.

Hear more from James Willison when he joins thee the panel ‘How is the relationship between physical security and IT evolving?’ at IFSEC International 2016. This will take place on 22nd June, 10:20 – 11:10 in the Security Management Theatre at ExCel London. Register for your ticket here.

 

Below is a webinar James Willison has recently delivered, here he discusses the same issues as above in more depth:

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

VideoSurveillanceReport-FrontCover-23

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments