IFSEC 2019

Unifying physical security and cybersecurity at the Converged Security Centre

Adam Bannister

Editor, IFSEC Global

Author Bio ▼

Adam Bannister is editor of IFSEC Global. A former managing editor at Dynamis Online Media Group, he has been at the helm of the UK's leading fire and security publication since 2014.
June 26, 2019

Sign up to free email newsletters

Download

Understand the true cost of your video solution

Chaired by security journalist Frank Gardner OBE, a panel of five security professionals discussed the notion of the Converged Security Operations Centre: combining various sources of data – physical events and cybersecurity – to manage a situation in real time.

Sarb Sembhi CISM started off proceedings in the IFSEC Keynote Arena at IFSEC 2019, London ExCeL. The CTO, CISO & DPO for risk and security company Virtually Informed warned presciently as far back as 2005 that networked CCTV systems were vulnerable to hackers, who would use them to attack other systems.

He illustrated that point by saying the scene in The Bourne Ultimatum where CCTV cameras follow Matt Damon around Waterloo Station was “all quite possible”. Indeed, there was “some truth” in many fictional security scenarios on film.

Sembhi said that change in the sector was forcing the two distinct parts of security operations together, having traditionally worked in silos. “Hackers don’t work in silos” he warned and suggested to those working in the security sector that they needed to question why they worked this way, addressing issues of multiple entry points. “If we want to realise the potential of smart buildings and smart cities, a better approach is needed.”

“Filter out the noise”

Next up was Maurice Singleton, president of Vidsys, who provide a Converged Security Information Management (CSIM) software platform to public and private organisations, enabling them to assess risks in real time and “filter out the noise”: the huge volume of data generated by security metrics.

Singleton gave a demonstration of the split-screen software that gives the user access to a number of incident control data and, for example, can identify someone using a building pass that doesn’t belong to them by identifying that the genuine pass holder is out of the building.

Illustrating the gravity of the threat, Singleton said the average amount a business pays to recover from a security incident is $551,000.

The ‘Internet of Recognition’ describes “how diverse sensors interact with each other – it fuses data from sensors, for example video from various angles.”

Steven Kenny, industry liaison at Axis Communications (a Swedish manufacturer of networked security cameras), raised a number of issues around vulnerability of security systems, including simple issues such as having a password strength indicator or prompts for password changes and leaving remote access enabled.

One question that arose: “How do manufacturers communicate any vulnerabilities to protect the end user?” Secure by Default (where the most secure settings are the default ones) is one response.

Among other issues raised was the training and upskilling required to merge the two silos of physical and cybersecurity, including the essential role that the manufacturer’s hardening guide plays in supporting those deploying systems.

David Humphrey, worldwide director for Micro Focus’s unstructured data and file analytics products, IDOL and ControlPoint, took to the podium to illustrate the scale of converged security across physical security, video, audio, human intelligence, open source intelligence and cyber intelligence. He noted that converged security was already fairly common in defence establishments and agencies and was poised to break into the commercial arena – “we now need to get it out wider.”

AI

To give an idea of how AI was helping to bring together data, Humphrey described the concept of the ‘Internet of Recognition’: “This is how diverse sensors interact with each other – it fuses data from sensors, for example videos from various angles.”

Humphrey went on to describe the large surface area across which security threats could be predicted and understood – eg social media, security reports, intelligence reports, websites, emails etc. He explained that avoiding cyber-attacks means “being ahead of game and using algorithms to understand what’s going to happen next.”

He ended his session referring to a slide [see picture below] with a number of key security analytics questions.

James Willison MA Msyl, founder of Unified Security Ltd and Vice Chair of the ASIS European Convergence/ESRM committee, was the final speaker. During his time in a security control room he had often wondered how an attack on their CCTV would be noticed and so was very pleased to be talking convergence.

One of Willison’s main takeaways was encapsulated by a joke:

Did you know the ‘S’ in IoT stands for security?

There is no ‘S’ in IoT?!

Exactly!

Willison underscored his joke with the findings of the World Economic Forum 2014 that 76% of business believed that cyber-attacks on them were likely.

By way of a benchmark of how a business might integrate its security, Willison referenced the discipline of enterprise security risk management (ESRM), defined as managing all security risks cross-functionally – ie all departments working together. He said there were about 80 questions to be answered for a company to understand its ‘maturity level’ in respect to ESRM and doubted that many businesses reached the higher standards, even though many multinationals were starting to take this journey.

A little later during the Q&A he was asked if integrating both sides of the security equation was making everything vulnerable, but responded that “one side won’t see the other if they’re too split or siloed.”

The Seagate Surveillance Storage Survey Report 2018

IFSEC Global Exclusive: The State of Surveillance Storage

From the growing quantity of data to new innovations like Artificial Intelligence and machine learning, the surveillance and security landscape is changing.  Download the eBook to identify the accompanying challenges - and to discover just what storage solutions need to offer to meet the evolving needs of security industry professionals, installers and integrators.

Related Topics

Leave a Reply

avatar
  Subscribe  
Notify of
Topics:

Sign up to free email newsletters