Convergence Q&A

Responsible disclosure and physical security risk


The details of this particular disclosure reveal another important big-picture fact. The technology helps customers use IT to automate and remotely control tasks that used to require manual procedures. That can provide significant new cost savings for building operators, partly because the product is designed to seamlessly interact with larger power grids. IT, corporate security and safety managers take note: with Smart Grid coming, threat models require updating to include the related new risk scenarios. The Smart Grid actually reduces many risks that are currently unacceptable in our current power infrastructure. Here are three sources of information: the "Smart Grid" topic in Wikipedia, http://galvinpower.org for an introduction to many new smart grid concepts, and the Department of Energy's introduction to the rationale behind the Smart Grid initiative at http://www.oe.energy.gov/DOE_SG_Book_Single_Pages.pdf

One final note: if you don't already have a cross-functional risk committee or risk council, it is a best practice worth considering.

If you have convergence experience you want to share, e-mail your comments to me at ConvergenceQA@go-rbcs.com or call me at 949-831-6788. If you have a question you would like answered, I'd like to see it. We don't need to reveal your name or company name in the column. I look forward to hearing from you!

Ray Bernard, PSP, CHS-III is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities. Mr. Bernard has also provided pivotal strategic and technical advice in the security and building automation industries for more than 23 years. He is founder and publisher of The Security Minute 60-second newsletter (www.TheSecurityMinute.com). For more information about Ray Bernard and RBCS go to www.go-rbcs.com or call 949-831-6788. Mr. Bernard is also a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).