The Marriage of Cyber and Physical Security is Not a
Match Made in Heaven
Megatrend #2 from Security Megatrends, The 2018 Vision for the Security Industry, produced and published by the Security Industry Association (SIA) is, “Cyber Meets Physical Security, Threats Magnify with Digital Innovation” hits the proverbial nail on the head. With the connectivity of electronic devices to the internet, more and more of the different technologies we use in our daily lives are susceptible to compromise. I read an article about a year back that talked about how in theory your new toaster could get hacked by someone with nefarious intentions and through that connectivity could steal your personal identifying information (PII). While I believe that scenario to be a little far-fetched, I do believe the point was made. The point being, that my smart phone, smart TV and even my smart refrigerator, especially if I had it set up to automatically order milk or bread for me directly with the store, is highly susceptible since I would most certainly have payment information in my stored profile.
The connectivity to the IoT is inherently vulnerable. Since there’s an electronic connection, eventually given enough time, a “bad guy” will figure out a way to breach whatever security systems are in place. Just ask Equifax, Sony Pictures, Target, etc.
The only absolute way to keep a breach from happening is not to connect to the IoT. Unfortunately in today’s world that is just not possible. We cannot function without being connected. Now even my wife’s Jeep’s telling her she need servicing, before it was, “Hey, Honey, there’s a red light on on the dashboard. What’s that mean? “ Now, she gets a message on her phone that tells her the tire pressure’s too low.
This convergence of cyber and physical means that physical security must be much tighter than it’s been in the past. We can’t rely on the good guys to build a strong enough firewall, while vitally important, equally important is the physical security piece. We need to teach our folks and ourselves how to spot vulnerabilities and how to protect those vulnerabilities from being exploited in a language they can understand. I know a software engineer and whenever I talk with him, I have no idea what he’s talking about. Listen if it’s a burden – I can’t understand it – I won’t do or use it.
The vetting process, to ensure the right folks are working on our systems has to be comprehensive and continual. Just because a person gets the job, it doesn’t mean the vetting process stops. The vetting process must be continuing. Physical security measures must also make sure that only people that have been cleared can physically access systems that they’ve been cleared for and not have a general run of the place. I believe the DIY days are over. Sure, there are some things any person should be able to do, like follow the tutorial on setting up a TV but other things that are in the Settings should probably be left up to an expert to change. There is a tremendous assumption that just because I can read I can also understand the code being spoken.
Cyber security focuses on cyber-threats and the ability to detect and mitigate ransom ware attacks, especially as they’ve become a popular mechanism to extort businesses, will become more and more important. I’m beginning to understand less and less about computers, how they work and what they can do to make my life simpler, because I have to do more and more of what use to be done by that weird guy down the hall.
I’m not sure I’m ready to have a micro-chip make all of the decisions of my daily life for me. I have a feeling, it’s going to be a “rocky” marriage because I can't divorce her.
Next month: If Data is the New Currency of the Modern World Then Why Is My Account Overdrawn?
 Security Megatrends 2018 edition is available here https://www.securityindustry.org/report/security-megatrends-2018-vision-security-industry/