Integrating Physical and Cyber Security: Strategies that Work

What is the average age of a Chief Security Officer today? Would 50 years be a good guess? A CSO in this age range will have been working at some aspect of protection services, then since the 1980s, and at least since 1990 leading up to this current career pinnacle. Consider then the environment today’s CSO has worked through over the past 25 to 30 years. 

Considering that between 1985 and 1995 computers were more commonly associated with games, academia and entertainment, and considering security professionals were just beginning to see the emergence of computer technology into their work space, a CSO today has only begun to operate with an IT security focus since about 2004 or later. Y2K woke up many individuals to the realization that computers play a larger part in our lives than we had previously contemplated and ushered in more than world-wide terrorism for security professionals. Certainly, within critical infrastructure protection circles, information technology allowed for new security tools to be deployed and added some physical security concerns such as server room protection, but IT security has not been forefront. 

IT security in the same environment has been limited to a handful of specialists who have grown the IT security discipline within industry and taken up challenges related to critical cyber asset protection in a way that traditional security professionals could not. But IT security has typically not crossed the line into traditional protection planning in many instances. IT security professionals have often been relegated to server rooms and backrooms out of sight and not part of the traditional security team.

 In 2012, the world view is such that IT security (or cyber-security) has exploded to become the primary focus within security debates, news stories, government legislation and critical infrastructure protection initiatives. IT security has taken center stage in critical infrastructure protection. Security professionals in CSO roles now see cyber-security as central in initiatives related to regulation and standards. The traditional security professional may feel somewhat out of step as IT security professionals such as Chief Information Security Officers (CISOs) suddenly take senior posts within organizations. Even within organizations whose primary business is focused on physical assets like pipelines, dams, water systems, nuclear plants, museums, transportation systems and so on, an IT security shift is apparent. All of this creates a new paradigm. 

At a time when international espionage, nation state attacks and terrorism adopt cyber weapons, priorities for security professionals must change. In a climate where employees still use their birth dates as passwords and key vendors are still building backdoors into critical applications and defaulting factory passwords to something as mundane as, “password”, what does an organization do to protect its cyber infrastructure and also shift security culture without reducing protection across its extensive physical asset base? Does IT make business happen or simply support it? Is that question even relevant?

Today, security professionals are challenged to protect critical cyber assets as well as the infrastructure the IT serves. Not only do physical assets and their related Operational Technology (OT), like Programmable Logic Controllers need priority protection from a number of threats, access to these assets has been given network access. Assigning protection to server rooms and facilities is now only a relatively small part of the protection formula. Along with insider threats, and IT-savvy insiders at that, threat actors can reach our critical assets and their operating systems from around the world. Stealing financial records, intellectual property and personal information through hacking is scary enough. Gaining access to OT controls that assist in the operation of major dams, pipelines, railway systems, nuclear plants and the like is somewhat terrifying. Security leaders are now faced with a fully integrated problem that cannot be solved by independent security teams working in isolation from one another.

Security principles have not changed much in the past 30 years, but the application of those principles is shifting daily. Addressing integrated security disciplines to ensure a cohesive and collaborative security solutions environment in any organization requires a number of coordinated things to happen efficiently. These include information sharing, collaborative planning, new education platforms, shared risk management practices and much more where IT and traditional security experts combine resources to achieve protection goals.

The Utilities Security Council of ASIS International has partnered with security professionals from (ISC)² to draft a white paper on the topic of security integration and the challenges associated with integrating the IT and traditional security disciplines. This paper provides some important solutions for bringing traditional security and IT security into a collaborative and truly integrated partnership and directs the discussion to address security in the new paradigm. The priority concern today is that we recognize the need for an integrated approach and that critical infrastructure and security management be well served through effective security leadership. This paper will be discussed at the 58th Annual ASIS International Seminars & Exhibits, in Philadelphia, PA. 

Join us on Tuesday, September 11th, 2012 at 11:00 a.m. for session #3115 to hear Utilities and IT security professionals discuss, Integrating Traditional & Cyber-security: Strategies that Work.


  • Live From ISC West 2023: Day 1

    ISC West 2023 in Las Vegas, Nevada, has officially begun! Make sure to keep an eye on Security Today’s ISCW Live 2023 page, as well as our associated Twitter accounts—@SecurToday and @CampusSecur—for the latest updates from the show floor at the Venetian Expo. Read Now

    • Industry Events
    • ISC West
  • It Happened Again

    Just yesterday (as of this writing), it happened again. A 28-year-old woman shot her way into a Christian elementary school in Nashville, Tenn., on Monday and killed three children and three adults, according to national news. AP News reports that the victims were three 9-year-old children, a top school administrator, a substitute teacher, and a school custodian Read Now

  • Let's Get to Work

    You are standing at the conference center doors just waiting to get into the exhibit hall. I know you are because I’m standing next to you. This week at ISC West has been three years in the making. Last year was encouraging, and here we are waiting for the Big Show. Read Now

    • Industry Events
    • ISC West
  • Using Modern Technology

    Using Modern Technology

    Workplace violence is a serious and growing challenge for many organizations — including those in the healthcare industry. Read Now

Featured Cybersecurity

New Products

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • PACE® Long Range Ethernet Solutions

    PACE® Long Range Ethernet Solutions

    Altronix introduces the newest addition to its portfolio of PACE® Long Range Ethernet Solutions. 3

  • Kangaroo Home Security System

    Kangaroo Home Security System

    Kangaroo is the affordable, easy-to-install home security system designed for anyone who wants an added layer of peace of mind and protection. It has several products, ranging from the fan-favorite Doorbell Camera + Chime, to the more comprehensive Front Door Security Kit with Professional Monitoring. Regardless of the level of desired security, Kangaroo’s designed to move with consumers - wherever that next chapter may be. Motion sensors, keypads and additional features can be part of the package to any Kangaroo system in place, anytime. Additionally, Kangaroo offers scalable protection plans with a variety of benefits ranging from 24/7 professional monitoring to expanded cloud storage, coverage for damage and theft. 3