At a recent industry event I attended, end-users were sharing opinions about fostering productive vendor relationships. In a panel discussion directed at security integrators, the end-users recommended to the integrators how to go about becoming a trusted advisor. One particular corporate security director said he was looking for his physical security integrator to provide him with specific advice to address his concerns regarding cybersecurity.
In response to this request, today's physical security integrator is faced with a formidable challenge. Physical security professionals may hesitate in this response as they grapple with the complexity of the situation. Many have come to realize that the discipline of logical security and physical security may not merge naturally into a mutually beneficial relationship. The two areas of expertise are, in many ways, considered to be different animals in form and function. Little or no direct crossover in practice areas within the company culture cultivates communication and strategic disconnect. This resultant lack of knowledge and appreciation for the contribution of each does nothing to encourage a collaborative effort for a comprehensive security program; yet, the message endures from industry experts — to protect a company’s assets, a cooperative effort must be established.
To the integrator, the peril lies in the charge — move forward or risk being left behind; however, in the face of the unknown, some integrators choose to avoid the topic altogether. To move toward collaboration between logical and physical security disciplines, education on both sides must be promoted; and the programs, devices and disciplines employed for information and physical security be brought together to form a symbiotic relationship.
Experts Weigh In
In his experience in IT security in high-risk environments like the Federal Reserve Bank and the Department of homeland Security (DHS), Darnell Washington, CISSP, president and CEO of SecureXperts, observes a divide between IT and physical security. To him, it appeared as if the IT personnel had claimed authority over their physical security counterparts.
In response to this phenomenon, Washington’s most sobering message to the IT security teams aimed at addressing the vulnerability of physical data centers that house and store federal information and data. “If you cut a cable or systematically attacked an environment where perpetrators go undetected from the perimeter or lack proper security controls, there is no predictable limit as to the potential consequences an attack may have”, Washington told the IT professionals. “If you cannot protect the physical environment of your information, you cannot protect the data.”
Lloyd Uliana, a Business Development Engineer with Bosch Security Systems who is currently working on a major project with the DHS Federal Protective Service, adds that “physical security professionals have a depth of knowledge and training in observing patterns and threat sources. IT staff often lack the vigilance to conduct security operations on a 24/7 basis, and have a misconception that life safety and physical facility protection strategies are not constantly changing like cybersecurity. Why do we have Information Security staffs if a thief or insider can enter a facility and walk out with data undetected?”
Washington and Uliana agree that interoperability and compatibility issues plague physical security when the systems are connected to IT networks. It is extraordinarily complex to design a solution when IP addressing, security, bandwidth, latency and system loads need to be calculated in concert with IT administrators’ requirements.
Both insist that without the proper education on information security process and practices, the integrator will struggle to address customer scenarios and concerns in this complex environment.