Security Excellence: what can cyber professionals learn from physical security experts and vice versa?
It has long been argued that the knowledge domains of cyber and physical security professionals differ markedly, in some cases complicating converged activities. At the same time there has been a great coming together, not always harmoniously. So where are we now? In terms of outstanding performance what can each group of professionals learn from the other? How do they perceive each other? When are they collaborators and when are they foes? This webinar will discuss:
- The ’distinct’ fields of expertise of cyber and physical security professionals
- The comparative of hierarchies of the CSO and the CISO
- The future of collaboration, or is that one group taking over the other?
Chair: Professor Martin Gill
Martin Simpson argues that security is security, whatever the domain; it is always about understanding the threat and establishing where it emerges from. He discusses hybrid attacks which are becoming more common, where an adversary combines an attack on the physical with one on the virtual. For good reasons then he argues the benefits and the need to think in an integrated way, that the requirements for physical and virtual security are consistent; they both protect and seek to stop bad things happening.
Rather than think physical or virtual Martin invites a focus on the motives of the adversaries, do they want to steal, ruin reputations? Knowing that should dictate the type of response put in place. It is important to remember that organisations differ markedly and so then will the organisation of the response. The key is that there is one chain of command, he argues that if the cyber security people don’t understand physical measures then there is a gap, and that has to be avoided (with parallels vice versa). There is an interesting discussion about other areas of overlap. This includes physical security measures providing key opportunities for cyber offenders; and the main risk being insiders either accidentally, negligently or criminally creating security weaknesses.
While China is a worry, so is North Korea (which provides hacking as a service), and interestingly so are democratic states. If you are being targeted by a nation state, you are in trouble! There is a genuine reason to be concerned about Huawei.
It is true that some cyber security professionals look down on their physical security counterparts, although in reverse cyber security people can be seen as nerdy. But the point is to think about the threat and respond to that, not leave gaps between physical and cyber and avoid doing so by educating all security people in all spheres. Security associations have a bigger role to play in this. At senior levels Martin argues that the COO is the key position, uniting security in the interests of operational needs, whether the security function is led by a CISO or a CSO is incidental. Meanwhile, the whole security sector needs to tackle its image problem, that does not currently discriminate between spheres, perhaps that can be a uniting factor?
Professor Martin Gill
22nd November 2022