Founder of Unified Security Ltd and Co Chair Smart Built Environment working group, IoTSF, Unified Security Ltd

Author Bio ▼

James Willison MA, is a recognised International leader in Security Convergence and Enterprise Security Risk Management. In 2020 IFSEC Global listed James #8 in the top 20 Cyber Security Thought Leaders across the world. Shortlisted in Security Serious Unsung Security Heroes Awards 2018, as a Security Leader/mentor. James is Co Chair, Smart Buildings Working Group, Internet of Things Security Foundation and a member of the ASIS International ESRM Steering Committee. He is founder of Unified Security Ltd, a Vidsys consultant, works with AXIS Communications on cyber security and advises on the IFSEC Converged Security Centre. James was awarded the Imbert Prize for an ‘outstanding contribution to the Security Industry in 2011’ for his work on convergence with ASIS Europe and the Information Security Awareness Forum. He has more than 20 years of management experience in the physical and information security industry, including posts as Advisor on Convergence to the Mitie TSM Board, Senior lecturer in Security Management at Loughborough University and Digital Security Expert with the European Union. He has co-authored three White Papers and a series of new articles with Sarb Sembhi, sponsored by AXIS Communications, on ESRM, GDPR and Smart Buildings and Cities’ Security.
June 11, 2021

Sign up to free email newsletters

Download

Whitepaper: Effective Techniques for Robust OT Security

Why the UK should adopt a converged security approach to improving resilience

James Willison, Founder, Unified Security Ltd provides an overview of his published response to the call for evidence from the UK Government regarding how the UK can become more resilient to extreme risks and emergencies. James will be speaking on these issues at the upcoming webinar, Protecting Cities, on 22nd June at IFSEC Connect.

In December 2020, The House of Lords Committee on Risk Assessment and Risk Planning published its call for evidence, inviting the public to provide their views on how we can ensure that the UK is as resilient to extreme risks and emergencies as possible.

It identified a series of topics to consider, and Professor Alison Wakefield (one of this year’s judges for the prestigious IFSEC Global Influencers in Security awards) recommended members of the security community contribute their views. I focused on two questions. The following highlights the key points, including why a converged approach to security, encompassing both cyber and physical, is vital.

The full response can be accessed here.

  • Are there types of risks to which the UK is particularly vulnerable or for which it is poorly prepared? What are the reasons for this?
  • What can be learnt from local or corporate risk management processes, or those of other countries? Are there any specific examples of practices, processes or considerations which could improve the UK’s national risk resilience? How could businesses and civil society more effectively support national resilience preparation?

CyberThreat-Attack-Security-20My responses, broken down below, can be summarised as follows:

  1. The risks to which the UK is particularly vulnerable range from fraud, £191 billion lost in 2018, to pandemic disease that has led to loss of life in the hundreds of thousands to cyber war. Fraud has now become a greater risk because of the online activities of criminals, and this is well documented. COVID-19 statistics demonstrate that the UK was poorly prepared compared to countries in East Asia and Australasia. The key reasons for this include the UK’s failure to invest in real time tracking technologies that can integrate with CCTV and other data, such as point of sales transactions. This is what is defined in risk management as IT CAPABILITY.
  2. The UK has CCTV, although it is not always reliable, and it doesn’t integrate it with these other systems.
  3. CYBER WAR is the risk that nations can target the CNI and other organisations with a view to overwhelming the IT infrastructure and combining with physical force cause significant harm. The UK is not prepared for this because siloes exist across the country, with most organisations operating in physical security and cyber security centres.
  4. CYBER ATTACKS on critical national infrastructure. It is worth noting recent advice from the United States which faces the same threat. The US Government Cybersecurity & Infrastructure Security Agency (CISA) is recommending that physical security and cyber security teams collaborate and integrate so that they are unified.
  5. In its report, “The State of Security Convergence” ASIS International lists the key six benefits as:
  • Better alignment of security strategy with corporate goals
  • Shared practices/goals across functions
  • More versatile/well rounded staff
  • More efficient security operation
  • Greater visibility and influence with C-suite/board
  • Enhanced communication/cooperation

The practical outcome of a converged security approach will be the building of CONVERGED SECURITY CENTRES. These have been showcased at the Excel Centre in the leading security exhibition, IFSEC International, since 2018. Here, a real time response to all security risks can be achieved using cyber and physical monitoring provided by advanced physical and digital systems integrating on one platform, so that a physical security officer can suspend a remote vpn connection after checking if the authorised person is on site.

In conclusion, I am calling, as an individual security consultant, for the UK Government to follow the US Government Cybersecurity and Physical security Convergence Guide and also build Unified Security Operations Centres to improve the nation’s IT and Cyber Physical capability.

James Willison will be one of the panellists discussing how we can better protect our cities and public infrastructure at IFSEC Connect on 22nd June. Be sure to join us by following the link below to register for free.

Keep up with the wireless access control market

Download this free report to find out more about:

  • The current state of wireless access control solutions in the market
  • The developing ‘move to mobile access control’ trend
  • Views on open architecture and integration
  • The growing use of the cloud and ACaaS to manage access systems
  • How important is sustainability to the industry?

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments