Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Mobile Security, Critical Infrastructure Issues Drive Physical, Logical Security Together

At opening of (ISC)2 World Congress and ASIS International, the walls between traditional security and cybersecurity come down

PHILADELPHIA, PENN. -- (ISC)2 World Congress 2012 and ASIS International 2012 -- In most organizations, those who guard the fences and those who guard computer networks still work in separate departments. But at the co-resident annual meetings of the world's biggest physical security professionals' association and the world's biggest cybersecurity professionals' association, there is more interaction between the two groups than ever before.

Here at the co-resident (ISC)2 World Congress and ASIS International meetings, nearly 20,000 physical and logical security pros will attend sessions and exhibits together. Their interests aren't always the same, but issues such as mobile security and protecting critical infrastructure are increasing the overlap, leaders say.

"Protecting critical infrastructure is probably right on top of the stack of issues that are driving the physical and logical sides together," says Hord Tipton, executive director of (ISC)2, an association of more than 80,000 IT security professionals. "For years, critical infrastructure has been about protecting the physical plant, but with Stuxnet and other attacks, there is a lot more concern about the cyber side."

Eduard Emde, president of ASIS International, agrees. "Stuxnet, attacks on nuclear facilities, on the smart grid and smart meters mean that both physical and logical defenses have to work together. Incident response is a key for both groups."

The merger of physical and logical security organizations -- sometimes called "convergence" -- has been predicted for years. But according to an InformationWeek Reports study on convergence, only about half of organizations have any plans to merge the two departments.

"I think for many enterprises, convergence is more of a philosophical shift than an organizational one," says Emde. "Rather than combining the two functions into one department, they are seeing themselves as two parts of a common strategy to protect both infrastructure and data."

Tipton concurs. "They may not be in the same organization, but the physical and logical sides are communicating now more than they ever have."

The growing use of mobile devices is making the integration easier, experts say. Companies can now use mobile devices as a physical means of authentication, or even to geo-locate users as they move in and out of corporate facilities. At the same time, the move toward bring-your-own-device (BYOD), which allows users to bring physical storage devices onsite that can also act as cameras or recorders, affects both physical and cybersecurity.

"I'm not sure people understand how powerful some of these BYOD devices are," Tipton says. "They introduce all sorts of new risk on both sides."

The co-resident conferences will also deal with a number of other issues that demonstrate the overlap between physical and logical security. Physical video surveillance systems are increasingly being driven by IP-based cybersecurity systems. IT systems are increasingly being accessed via physical biometrics, such as fingerprints or keystroke identification. And both organizations are being called upon to provide a common view of overall enterprise security posture.

"If you're entering the security profession today -- or even if you're in management -- there's a need to have an understanding of both the physical and logical threats and issues," Emde says.

But while 18% of enterprises have integrated the physical and logical functions in the last five years -- and 26% have had those functions integrated for more than six years -- 50% of enterprises have not integrated the two sides and have no plans to do so, according to the InformationWeek Reports study.

"I think there will continue to be specialization," Tipton says. "What's important is that there's more communication going on between the two sides, and we expect to see that happening even more this week."

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-16
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused att...
PUBLISHED: 2021-05-16
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the othe...
PUBLISHED: 2021-05-16
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
PUBLISHED: 2021-05-16
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
PUBLISHED: 2021-05-16
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.