Blog Editor’s Note: The recent INFRAGARD newsletter informed us that the President declared November as “Critical Infrastructure Security and Resilience Month.” Also that this was “Interdependencies of Cyber and Physical Infrastructure Week.”
If you are like us, you are having trouble sitting still to read this because of all the excitement.
Seriously, it is good to know that folks in the government are thinking about these kinds of things and are encouraging others to do so as well. But “thinking about” is a far cry from taking the actions needed to make our nation safer.
DHS justifies its passive leadership by pointing out that almost all the nation’s critical infrastructure is in private or state government hands. Yes, this is America and that is how we operate. Yet the federal government has long been proactive ensuring aviation, maritime, road transport, and private forays into space are conducted safely and in the nation’s interest. That’s because the implications of failure in any of these areas are often disastrous and have the potential to damage the nation as a whole. The same is true with most critical infrastructure – that’s why its critical.
Words, words, words. They quickly lose their meaning unless they are making a difference in how people act.
From InfraGardNCR E-Newsletter: November 7, 2018:
|Critical Infrastructure Security and Resilience Month Week 1: Interdependencies of Cyber and Physical Infrastructure|
The interconnectedness of the physical and cyber realms is not a new challenge. In fact, with the continually growing Internet of Things, the networked enablement of everyday business functions has forced enterprises to embrace the fact that physical security and cybersecurity must be treated in a unified manner. But why haven’t companies been able to converge? The problem has been the actual implementation of a converged security solution. Because physical and logical security systems have had little in common on any level, integrating them was seen as a costly and complex proposition. Yet, that’s changed. While some enterprises might not consider their access control or HVAC data a high-risk asset, hackers are often looking for the path of least resistance into your system and to higher-value physical prizes. That path can easily be through security technology. Traditional “physical” devices such as HVAC, lights, video surveillance, ID cards, biometrics, access control systems and more that are now IP-enabled create an entirely new set of vulnerabilities that bad actors will exploit to access a company’s network to steal business or customer information or disrupt the company’s physical infrastructure (gates, elevators, cameras) to gain physical access.
So how does this apply to critical infrastructure? The following is from Goal 4.1: Strengthen the Security and Resilience of Critical Infrastructure Against Cyber Attacks and Other Hazards: The “cyber-physical convergence” has changed the risks to critical infrastructure in sectors ranging from energy and transportation to agriculture and healthcare. DHS coordinates with its private sector partners as well as with state, local, tribal, and territorial governments to share information and intelligence regarding cyber threats and vulnerabilities, foster development of trustworthy products and services, and encourage the adoption of best-in-class cybersecurity practices. In order to continue to strengthen the security and resilience of critical infrastructure against cyber and physical threats, DHS has implemented the following strategies:
Partial content retrieved on 07 November 2018 from https://www.securitymagazine.com/articles/88847-the-unstoppable-convergence-between-physical-and-cybersecurity; originally written by Diane Ritchey and published by Security Magazine on 01 April 2018