Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

Mobile Security, Critical Infrastructure Issues Drive Physical, Logical Security Together

At opening of (ISC)2 World Congress and ASIS International, the walls between traditional security and cybersecurity come down

PHILADELPHIA, PENN. -- (ISC)2 World Congress 2012 and ASIS International 2012 -- In most organizations, those who guard the fences and those who guard computer networks still work in separate departments. But at the co-resident annual meetings of the world's biggest physical security professionals' association and the world's biggest cybersecurity professionals' association, there is more interaction between the two groups than ever before.

Here at the co-resident (ISC)2 World Congress and ASIS International meetings, nearly 20,000 physical and logical security pros will attend sessions and exhibits together. Their interests aren't always the same, but issues such as mobile security and protecting critical infrastructure are increasing the overlap, leaders say.

"Protecting critical infrastructure is probably right on top of the stack of issues that are driving the physical and logical sides together," says Hord Tipton, executive director of (ISC)2, an association of more than 80,000 IT security professionals. "For years, critical infrastructure has been about protecting the physical plant, but with Stuxnet and other attacks, there is a lot more concern about the cyber side."

Eduard Emde, president of ASIS International, agrees. "Stuxnet, attacks on nuclear facilities, on the smart grid and smart meters mean that both physical and logical defenses have to work together. Incident response is a key for both groups."

The merger of physical and logical security organizations -- sometimes called "convergence" -- has been predicted for years. But according to an InformationWeek Reports study on convergence, only about half of organizations have any plans to merge the two departments.

"I think for many enterprises, convergence is more of a philosophical shift than an organizational one," says Emde. "Rather than combining the two functions into one department, they are seeing themselves as two parts of a common strategy to protect both infrastructure and data."

Tipton concurs. "They may not be in the same organization, but the physical and logical sides are communicating now more than they ever have."

The growing use of mobile devices is making the integration easier, experts say. Companies can now use mobile devices as a physical means of authentication, or even to geo-locate users as they move in and out of corporate facilities. At the same time, the move toward bring-your-own-device (BYOD), which allows users to bring physical storage devices onsite that can also act as cameras or recorders, affects both physical and cybersecurity.

"I'm not sure people understand how powerful some of these BYOD devices are," Tipton says. "They introduce all sorts of new risk on both sides."

The co-resident conferences will also deal with a number of other issues that demonstrate the overlap between physical and logical security. Physical video surveillance systems are increasingly being driven by IP-based cybersecurity systems. IT systems are increasingly being accessed via physical biometrics, such as fingerprints or keystroke identification. And both organizations are being called upon to provide a common view of overall enterprise security posture.

"If you're entering the security profession today -- or even if you're in management -- there's a need to have an understanding of both the physical and logical threats and issues," Emde says.

But while 18% of enterprises have integrated the physical and logical functions in the last five years -- and 26% have had those functions integrated for more than six years -- 50% of enterprises have not integrated the two sides and have no plans to do so, according to the InformationWeek Reports study.

"I think there will continue to be specialization," Tipton says. "What's important is that there's more communication going on between the two sides, and we expect to see that happening even more this week."

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...