Earlier this summer the Center for Cyber and Homeland Security (CCHS) at Auburn University in conjunction with the International Security Management Association (ISMA) released a new survey that reflected how the C-suite views the evolving roles of cyber and physical security risks and mitigation strategies within their organizations. As October is National Cybersecurity Awareness Month, the timely findings of the research highlight the fact there has been a seismic shift in how organizations approach the relationship between the cyber and physical security threats they face.
If you’re responsible for physical security, then you might be familiar with the concept of “mean time to innocence”. It’s an IT term that highlights how the network is often blamed for problems, and how the IT team needs to quickly get to the real root cause in order to show that the network is “innocent”. Same thing happens in physical security; for example, if video is not recording properly it often is blamed on the camera device when the root cause may be an issue with storage.
As the physical security industry has transitioned from analog to IP-based systems, several advantages have been realized. Yet many organizations still use approaches from the old analog days to manage the lifecycle of physical security devices. Perhaps the reason is that at the device level the benefits of moving to IP are more easily realized (for example, self-test health checks by cameras, storage, VMSs, and others). But for something system-level (like lifecycle management) there have been more hoops to jump through to gain these benefits. With the advent of automated service assurance for physical security systems like Viakoo many (if not all) of these barriers are now removed, paving the way to more cost-effective and comprehensive lifecycle management.
Physical Security competes with other industries for talent, and there is (right now) a giant opportunity for the industry to be a career magnet for people at the forefront of technology and innovation. To be deeply involved in IoT, cyber-security, machine learning, and cool-as-could-be drone technology and robotics is a giant draw for the best new talent. And those are exactly the leading-edge needs facing the physical security industry.
As with most things in life that develop at a rapid pace, the Internet of Things (IoT) may have early adoption issues but ultimately will function smoothly over time. Both the personal and enterprise benefits of living in a fully connected world where everything has some connection to a network will ensure that IoT adoption continues to expand. The current issues around cyber secure and functionality of systems are being addressed, paving the way for future IoT growth. But with today’s reality no CSO or CISO wants to be responsible for IT and/or physical security operations when they don’t have control of what’s connected to the network; they don’t know which security systems were offline or not working; and can’t easily determine which devices were impacted by downtime, data breaches, or compliance issues. No one wants to be that person.
As time marches on in physical security, sometimes there are clear markers along the way that fundamental changes have happened. We are all aware that IP-based physical security has taken hold, and the nature of managing and maintaining physical security networks has changed along with it. Is there a line we can draw in the last couple years to say “this is when it all really changed”? I would argue that 2017 is when a distinct change happened organizationally, specifically on how IT is sharing more responsibilities than ever before regarding physical security.