Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Physical Security

11/16/2020
09:00 AM
Fred Burton
Fred Burton
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

A Call for Change in Physical Security

We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?

Despite dedicating the majority of my life to protective intelligence in the private and public sectors, I still find it hard to believe when I see companies that have thousands of employees and dozens of offices and facilities — but a scant few physical security professionals using legacy tools and processes to try to keep the business harm-free. It's almost an exercise in futility.

Related Content:

Physical Security Has a Lot of Catching Up to Do

2020 State of Cybersecurity Operations and Incident Response

Do Standards Exist That Certify Secure IoT Systems?

In the 1980s and '90s, when I was a special agent in the counterterrorism and protective intelligence division in the Diplomatic Security Service at the Department of State, we did the best we could to organize and analyze intelligence by scouring through hundreds of cables, paper documents, and files. Decades later, physical security and safety professionals are gathering time-sensitive and sometimes life-saving insights, but still using paper records and manual processes, unnecessarily limiting their ability to more efficiently detect, link, and mitigate threats.

Sure, change isn't easy. When things have been working "just fine" and management thinks it's "good enough," getting an organization to try new processes and tools is a challenge. Adopting new ways to address physical threats may, to some, feel threatening and costly. But for far too long, although it's not intentional, corporate physical security teams have been reactive, and only after something bad occurs are they given the resources and investment they truly need. For holistic physical security programs, change must focus on augmenting and enhancing existing operations with new technology platforms that can efficiently scale the identification, investigation, assessment, monitoring, and management of physical security threats.

Protective Intelligence — Then and Now
Historically, eyes, ears, and acute observation kept physical assets safe. We would spend hours looking and watching for pre-operational surveillance to unpack the attack cycle. In gathering protective intelligence, teams would store data in command-post hotel rooms, surveillance cars, and handwritten logs. After an incident, we would record each event's specific details, which became data for future use. Detecting and vetting a threat on the street was challenging and inefficient. Institutional memory was the norm.

Information was passed via cables and memos and sometimes via the diplomatic pouch — a slow and tedious process. We got our first glimpses of digital transformation in the 1980s with Polaroid cameras, Sony VHS tape recorders, and Motorola radios and pagers. As more sophisticated technology and mobile applications were developed, the idea of transmitting intelligence via a pager headed for retirement, and a new era of physical security emerged. Physical security technologies and innovations also appeared due to catastrophic embassy attacks, kidnappings, and aircraft bombings.

Bridging Digital Transformation and Physical Security
According to Gartner, 82% of CEOs have a digital transformation program underway. And yet, physical security is still often perceived as "guns, guards, and gates." But we know today it is much, much more. The recent detection of a plot to kidnap Michigan Governor Gretchen Whitmer and the arrest of those involved was, of course, due to tremendous efforts by law enforcement. Virginia Governor Ralph Northam was also considered, which doesn't surprise me. In every case I've worked, the bad guys always look at multiple targets. While they are looking, they are usually the most vulnerable to detection. Many threatening signals were found on social media, and FBI undercover informants played an essential role.

Health and economic challenges have converged. Global workforces under hybrid office-home corporate structures have also emerged. Retail safety requirements are heightened. The scope and scale of liability for companies not actively and holistically monitoring for growing threats has increased dramatically.

We must bridge generations: those who developed, tested, and proved the value of protective intelligence, and those applying technology and data to bring a new level of expediency and effectiveness to protection. As organizations undergo digital transformations, physical security teams that embrace digitization can automate mundane work and use their creativity and insights to enhance their approaches, minimize liabilities, and usher in a new era of advancing safety.

Many corporations believe that their current security program is good enough. But I would argue that we are at an inflection point. The threats we face are dynamic, emerging, and global. We are rapidly approaching a new frontier that allows for mobile applications and massive amounts of real-time physical threat data to be structured into single, easily maneuverable platforms that are more than good enough; they are what human lives and livelihoods deserve.

Fred is the Executive Director of Ontic's Center for Protective Intelligence. He is one of the world's foremost experts on security and counterterrorism. A former police officer, special agent and New York Times best-selling author, Fred has served on the front lines of ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
jdsegovia
50%
50%
jdsegovia,
User Rank: Apprentice
11/17/2020 | 2:58:55 AM
Pending Review
This comment is waiting for review by our moderators.
sixeclog
50%
50%
sixeclog,
User Rank: Apprentice
11/19/2020 | 12:40:44 PM
Pending Review
This comment is waiting for review by our moderators.
fespon
50%
50%
fespon,
User Rank: Apprentice
11/21/2020 | 1:45:42 AM
Pending Review
This comment is waiting for review by our moderators.
diariodaamazonia
50%
50%
diariodaamazonia,
User Rank: Apprentice
11/21/2020 | 2:26:51 AM
Pending Review
This comment is waiting for review by our moderators.
Visit the Web's Most Authoritative Resource on Physical Security

To get the latest news and analysis on threats, vulnerabilities, and best practices for enterprise physical security, please visit IFSEC Global. IFSEC Global offers expert insight on critical issues and challenges in physical security, and hosts one of the world's most widely-attended conferences for physical security professionals.

COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14190
PUBLISHED: 2020-11-25
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
CVE-2020-29074
PUBLISHED: 2020-11-25
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.
CVE-2020-14191
PUBLISHED: 2020-11-25
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
CVE-2020-29070
PUBLISHED: 2020-11-25
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVE-2020-26212
PUBLISHED: 2020-11-25
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of ever...