Why cybersecurity is critical to physical security
I realise that given Axis is best known for making clever products that help with physical security in the ‘meat’ world, why would we be talking about cybersecurity? Well, one only has to take a look at the world of Hollywood to see a whole gamut of spies, secret agents, thieves planning a casino heist and even super heroes using or abusing security cameras, smart doors, biometric keypads and lots of other shiny kit with flashing lights to save the world/get the girl/run off with the loot.
But, however farfetched the user interfaces might be (I would *LOVE* to have some of those computers that M16 or the CIA seem to get in the movies), and however overly simplistic the technical skills required might be (“Press this button to hack the Pentagon”), there is more than just a grain of truth in them.
Cybersecurity is critical to physical security
In this and a few following posts, I want to explore why cybersecurity is critical to physical security in the 21st century, what are the basic parameters of cybersecurity in that context, and some of the general cybersecurity concepts you should keep in mind when planning any physical security system for your business or organisation.
The main thing to keep in mind is that cybersecurity is a process, not a product. Threats must be managed on a system level, and the responsibility to secure the network, its devices and the services it supports falls across the entire vendor supply chain as well as by those who manage the network and the users themselves. Technology is important, but will never eliminate all risks or threats.
At a basic level cybersecurity is about risk management, and it is impossible to eliminate all risks.
[As an aside, you can do a little mental experiment – try to list ALL the possible risks you have faced since you woke up this morning. Not just things like tripping over the dog, or getting scalded in the shower – but what about your house being hit by a meteorite, or a sudden deluge of frogs? You will quickly see that some risks are completely unpredictable and there is little or no way to plan for all of them].
And even then, protecting against some risks can be extremely expensive [meteorite-proofing your house can cost a few dollars], so you need to start thinking about what is important to you and your organisation. Identify your crown jewels and guard them fiercely (this is only a metaphor – unless you are actually working at the Tower of London). You need to work out what your acceptable level of risk is, figure out how to mitigate the impact of some, and transfer other risks via forms of insurance.
In my next post I will start to look at how you can analyse the risks to your physical security system, what mitigations actually work, different types of attack and what different sized organisations should be doing about them.