By David Strickland, Vice President of Kenton Brothers
The first of a three part series covering the Cybersecurity and Infrastructure Security Administrations (CISA) newest announcements around Security Convergence. Kenton Brothers Systems For Security hopes to help organizations understand this concept and adopt best practices for securing the Cyber-Physical Systems (CPS) currently deployed.
(Part 1 | Part 2 | Part 3 | Part 4)
CISA defines Security Convergence as the formal collaboration between previously disjointed security functions.
The Convergence goal is to bring together the physical security leadership with the IT leadership to identify risks in their physical and cyber infrastructure. These departments normally hold two very different roles in an organization.
Convergence seeks to bring together these two leaders to better understand the ways Physical and Cyber security depend on each other and its importance for protecting critical infrastructure including Healthcare Systems, Transportations Systems, Energy Systems and Industrial Control Systems. Today’s cyber-attacks are more developed and strategic than in the past. They also include hybrid attacks that combine cyber attacks with physical breaches.
CyPhy: The Convergence of Cyber and Physical Security
Together, cyber and physical assets represent a significant amount of risk to physical security and cybersecurity— each can be targeted, separately or simultaneously, to result in compromised systems and/or infrastructure. Yet physical security and cybersecurity divisions are often still treated as separate entities. When security leaders operate in these silos, they lack a holistic view of security threats targeting their enterprise. As a result, attacks are more likely to occur and can lead to impacts such as exposure of sensitive or proprietary information, economic damage, loss of life, and disruption of National Critical Functions (NCF).
Today’s threats are a result of hybrid attacks targeting both physical and cyber assets. The adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices have led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security. Meanwhile, efforts to build cyber resilience and accelerate the adoption of advanced technologies can also introduce or exacerbate security risks in this evolving threat landscape.
Convergence creates a framework for discussion and identifying ways these two departments can support each other. The goal is to have good communication, coordination and collaboration. To seek out any vulnerabilities and attack them together.
Over the next three blogs, we will discuss the following topics:
- How big of a problem do we have? Why we need Security Convergence today.
- Security Convergence – The first steps.
- Security Convergence – Tools and resources to continue the collaboration.
The Security Convergence Initiative
The Security Convergence Initiative by CISA is important and has a long reach. Kenton Brothers Systems for Security can help your organization understand this initiative and begin to help you close the gap. Please reach out with any questions.