CyPhy Part 3 – Breaking down CISO and CSO silos to reach Security Convergence.

By David Strickland, Vice President of Kenton Brothers

CyPhy Part 3The third of a three part series covering the Cybersecurity and Infrastructure Security Administrations (CISA) newest announcements around Security Convergence. Kenton Brothers Systems For Security hopes to help organizations understand this concept and adopt best practices for securing the Cyber-Physical Systems (CPS) currently deployed.

In part two, we discussed the size of the problem we have worldwide with the advent of 46 Billion IOT and IIOT devices. In this blog, we will concentrate on breaking down the CISO and CSO silos and the specific steps an organization can take to reach Security Convergence.

Breaking down the Walls 

In a Siloed Organization…

Convergence of Cyber and Physical SecuritySecurity functions operate independently with limited collaboration on enterprise-wide risks. Senior leaders and teams lack the visibility of interconnected physical and cyber assets. Lines of communication are unclear and impede coordination and collaboration. Organizations are unable to quickly identify, prevent and respond to complex threats.

The Solution:  

Organizations with converged cybersecurity and physical security functions are more resilient and better prepared to identify, prevent, mitigate, and respond to threats. Convergence also encourages information sharing and the development of unified security policies across security divisions. To accomplish a converged effort, you must first break down the walls that hold each siloed department back.

Cybersecurity and Physical Security Convergence

How does an organization do that? Through Communication, Coordination and Collaboration.

Cybersecurity and Physical Security Convergence

Communication, Coordination and Collaboration

COMMUNICATION

  1. Initiate a Dialogue
    1. Enable Communication with security leaders. Engage with upper management to discuss what convergence might look like. Successful convergence relies on support from leadership
  2. Review Leadership Roles
    1. Identify the leaders of this movement
  3. Establish a Convergence Team
    1. Convergence Team – Identify key players such as CSO or  CISO, Physical Security personnel, IT personnel and facility managers
  4. Enable Information Sharing
    1. Engage with team members across all security functions to identify points of convergence

COORDINATON

  1. Formalize Convergence team roles and responsibilities
    1. Establish a cadence and structure for team coordination
  2. Identify Linked Assets
    1. Coordinate with team members across security functions to assess cyber and physical assets and which ones are linked. Assess the risk of each
  3. Conduct a Vulnerability Assessment
    1. Identify gaps in security and risk mitigation and determine where gaps may be closed through convergence
  4. Determine the Baseline
    1. Leverage the information gained in your assessments and gap analysis to determine your baseline for security operations and incident mitigation

COLLABORATION

  1. Run the Numbers
    1. Determine if convergence on any scale is financially feasible from short-term and long-term perspective
  2. Prioritize Improvements
    1. Identify and prioritize improvements, including patches, software updates, virus protections, certificate management, and opportunities for automation – There are some powerful options here
  3. Craft Risk Driven policies
    1. Develop and implement risk driven policies with broad reach that reflect converged security functions. Identify best practices. There are some powerful options here as well
  4. Strategic Alignment
    1. Align strategy to shared practices and goals. Focus on improving efficiency and increased information sharing

An integrated threat management strategy reflects in-depth understanding of the cascading impacts to interconnected cyber-physical infrastructure. As rapidly evolving technology increasingly links physical and cyber assets—spanning sectors from energy and transportation to agriculture and healthcare—the benefits of converged security functions outweigh the challenges of organizational change efforts and enable a flexible, sustainable strategy anchored by shared security practices and goals.

Kenton Brothers Systems for Security is ready to help your organization take on this task. We can help facilitate conversations or simply conduct assessments that can help springboard the effort. Give us a call today.

Resources

There are many resources available to get this conversation started. One of our favorites is the table top exercise templates provided by CISA. You can find them at www.CISA.gov. The table top exercise gives you real world scenarios and asks you to use it in your planning. These are a really comprehensive tool that will have immediate impact on your discussions.

Cybersecurity and Physical Security Convergence Cybersecurity and Physical Security Convergence

This is one of the best articles I’ve read on the subject (outside our blogs)
Convergence questions answered – Control Engineering Europe

Again, thank you for joining us on this three-part series. We are standing by to help in any way.

CyPhy Part 2 – How big of a problem do we have? Why we need Security Convergence today.

CyPhy Part 2By David Strickland, Vice President of Kenton Brothers

The second of a three part series covering the Cybersecurity and Infrastructure Security Administrations (CISA) newest announcements around Security Convergence. Kenton Brothers Systems For Security hopes to help organizations understand this concept and adopt best practices for securing the Cyber-Physical Systems (CPS) currently deployed.  

In our last blog, we discussed what Security Convergence is and why it’s so important. In this blog, we will discuss how large the problem is and how many systems and verticals are affected by not having a converged security plan.

CISA Explains a Connected Environment

Convergence of Cyber and Physical SecurityCISA Explains that the adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices have led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security. 

Juniper research reports that there are at least 46 billion IOT and IIOT devices on the connected network across the world. This number is expected to reach 125 billion by 2030. 18,788 are added every minute across the globe. There are approximately 6 IOT and IIOT devices per every human being on the planet. This will grow to approximately 12 per person (every man woman and child) by 2030.

The average number of devices per American household in 2021 was 10.

IOT Devices

Convergence of Cyber and Physical SecurityBeecham research provides a very useful look at the nature of IoT devices. (See graphic.)

This trend makes up a large part of the world’s economy. However, for every device on a network there is a vulnerability introduced. This presents a unique problem for commercial, government and critical infrastructure entities. Each physical security device that is connected to the network is also an IoT device.

Every cell phone that connects to the network is also a vulnerability. Every surveillance camera, video doorbell, IP telephone, television and computer present there own unique threats and risks.

IoT and IIoT to be considered secure on a network will normally have updated firmware, current certificates, have default username and passwords changed, have an updated OS and have at least dual authentication. As you may deduce with 46 billion devices out there, this is quite the task. Especially when each of these devices may have different manufacturers and communication protocols to let organizations know that there is a new vulnerability or a patch that needs to be applied.

46 Billion Devices

Convergence of Cyber and Physical SecurityThis 46 billion device reality, coupled with the fact that most organizations have siloed Physical and Cyber Security offices, has led to the vulnerabilities you hear about on the news every night. When the vulnerabilities affect critical infrastructure, such as energy or supply chain, the ramifications are far reaching.

In our next blog, we will concentrate on breaking down the CISO and CSO silos and the specific steps an organization can take to reach security Convergence.  Organizations with converged cybersecurity and physical security functions are more resilient and better prepared to identify, prevent, mitigate, and respond to threats. Convergence also encourages information sharing and the development of unified security policies across security divisions.

Kenton Brothers Systems for Security can help your organization understand this initiative and begin to help you close the gap. Please reach out with any questions.

CyPhy Part 1 – Have you heard of Convergence Security?

CyPhy Part 1By David Strickland, Vice President of Kenton Brothers

The first of a three part series covering the Cybersecurity and Infrastructure Security Administrations (CISA) newest announcements around Security Convergence. Kenton Brothers Systems For Security hopes to help organizations understand this concept and adopt best practices for securing the Cyber-Physical Systems (CPS) currently deployed.  

CISA defines Security Convergence as the formal collaboration between previously disjointed security functions.

The Convergence goal is to bring together the physical security leadership with the IT leadership to identify risks in their physical and cyber infrastructure. These departments normally hold two very different roles in an organization.

Convergence of Cyber and Physical SecurityConvergence seeks to bring together these two leaders to better understand the ways Physical and Cyber security depend on each other and its importance for protecting critical infrastructure including Healthcare Systems, Transportations Systems, Energy Systems and Industrial Control Systems. Today’s cyber-attacks are more developed and strategic than in the past. They also include hybrid attacks that combine cyber attacks with physical breaches.

CyPhy: The Convergence of Cyber and Physical Security

Convergence of Cyber and Physical SecurityTogether, cyber and physical assets represent a significant amount of risk to physical security and cybersecurity— each can be targeted, separately or simultaneously, to result in compromised systems and/or infrastructure. Yet physical security and cybersecurity divisions are often still treated as separate entities. When security leaders operate in these silos, they lack a holistic view of security threats targeting their enterprise. As a result, attacks are more likely to occur and can lead to impacts such as exposure of sensitive or proprietary information, economic damage, loss of life, and disruption of National Critical Functions (NCF).

Today’s threats are a result of hybrid attacks targeting both physical and cyber assets. The adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices have led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security. Meanwhile, efforts to build cyber resilience and accelerate the adoption of advanced technologies can also introduce or exacerbate security risks in this evolving threat landscape.

Convergence Vocabulary Infographic

Convergence creates a framework for discussion and identifying ways these two departments can support each other. The goal is to have good communication, coordination and collaboration. To seek out any vulnerabilities and attack them together.

Over the next three blogs, we will discuss the following topics:

  1. How big of a problem do we have? Why we need Security Convergence today.
  2. Security Convergence – The first steps.
  3. Security Convergence – Tools and resources to continue the collaboration.

The Security Convergence Initiative

The Security Convergence Initiative by CISA is important and has a long reach. Kenton Brothers Systems for Security can help your organization understand this initiative and begin to help you close the gap. Please reach out with any questions.