Page 58 - Institute Quaterly 5 Final
P. 58
Cyber Updates
Converged security building
evidence based practice
By Emma Boakes, Student Member
The boundary between cyber security and physical security
is increasingly blurred. As organisations adopt technologies
such as building management systems and Internet of Things
devices, they are able to more effectively and efficiently
manage their physical space. Yet this increased connectivity
can also introduce new opportunities for cyber attackers,
which could potentially have a real world impact. As Gartner
stated, “incidents in the digital world have an effect in the There are many articles in industry publications which share
physical world, as risks, threat and vulnerabilities now exist in a high level insights from interviews with those experienced
bidirectional cyber-physical spectrum”. in adopting a converged approach. An internet search will
return several articles written by prominent individuals in the
Whilst the number of attacks on cyber-physical systems, and the convergence arena, such as James Willison. There is even a
number of groups interested in targeting them grows, so has book written on the topic by Dave Tyson where he shared his
the idea of convergence. Convergence brings together the skills experiences and thoughts on what an organisation needs to do
from different security resources to help identify and mitigate to adopt the approach.
these risks. So if you want to adopt a converged approach what
can you do? What do you need to consider? Where can you get Preliminary indications from my email interview research,
help? And what might you do first? however, suggest that when organisations are deciding whether
and how to adopt a converged approach they look to learn
Where can you get help? directly from people who have experience of convergence. Not
only does this approach rely on organisations having access
There are plenty of industry guides that provide a good to appropriate contacts and information, but it also provides
foundation for the more technical aspects of the security of only a single perspective, with limited qualification of the
cyber-physical systems. Although this is undoubtedly important, information itself. This is perhaps why some respondents have
it could be argued that this only provides part of the picture. indicated that the move to convergence requires a “leap of
faith”.
Surveys of security professionals give some indication of what
the security industry thinks of convergence as an approach. Considering convergence has been advocated for so many
They help to establish, amongst other things, how many years, the amount of published academic literature is rather
organisations are converged, what organisational structures limited. Even more scarce are articles in peer reviewed journals
have been adopted, and what size of organisation tends to that report empirical research on convergence. Consequently,
adopt this approach. This provides a good snapshot of how it is questionable whether organisations have enough detailed,
adoption of convergence is slowly increasing, but it doesn’t give easily accessible, evidence based information available to help
organisations a clear route to convergence, or help them on them go about implementing a converged approach. This is
their journey. something my research aims to address.
58
