Cyber resilience is on everyone’s mind. But security threats don’t just come from cyber actors. There’s been a noticeable increase in so-called blended threats, requiring integrated security incident management software and solutions to address.
And so, in the following article, we detail the threat and how to protect your organization.
Indeed, today’s security threats come from everywhere. And that’s simply because modern infrastructure systems and modern security systems both consist of physical and cyber components interacting with each other in very complex ways.
Cyber security and risk management security systems, in particular, are composed of physical barriers and detectors, many of which are under computer control, thereby vulnerable to attack.
Interactions between these physical and security components are extremely common, creating what experts in the field refer to as blended security threats. These are potential attacks that involve the use of both physical and cyber-attack tactics in the same scenario.
Protecting organizations from blended threats require physical security teams to know about cyber-attack tactics and cyber security teams to know about physical vulnerabilities that can compromise the digital systems for which they’re responsible.
So, what are physical attacks and cyber attacks, respectively?
Physical attacks typically refer to the unlawful gain of physical access to a physical asset in the infrastructure system in order to damage it, disable it, steal it, or use it in an undesirable way.
In physical attacks, an adversary uses force, stealth, or deception to disable or bypass access controls, completing the attack either by manipulating the system or by causing physical damage to its components.
Cyber attacks, in contrast, involve cyber manipulation of a system without ever gaining physical access to the affected component.
Hence, protection against cyber attacks, often via means such as user authentication, access control, encryption, monitoring, integrity checking, redundancy, and disaster recovery planning, focuses either on ensuring that unauthorized users cannot access the system, that authorized users’ capabilities to cause damage are limited, or that system restoration can be accomplished quickly.
But there’s more? In the essay, Identifying and Defeating Blended Cyber-Physical Security Threats, scholars affiliated with Sandia National Laboratories argue for a class of blended cyber-physical attack types. They define the attacks thusly:
This blended attack pathway uses cyber-attack tactics to manipulate or disable cyber-controlled elements of the physical protection system (e.g., detectors, alarm annunciators, or locks) to enable physical attack to be accomplished more easily.
This blended attack pathway may use a physical attack to access cyber control or entry points (e.g., network terminals or control rooms) from which cyber attacks are then launched.
The following scenarios, furnished by the Cybersecurity and Infrastructure Security Agency (CISA), demonstrate how if successful, the blended attacks (described above) can disrupt operations or even deny critical services to society.
Attacks that can occur over such an extended threat terrain are difficult enough. However, the way physical security, cyber security, and risk management are all set up in most organizations tends to make the problem even more difficult to solve.
How so? Although security personnel have determined that their systems are vulnerable to both physical and cyber attacks, physical security and cyber security remain very separate and independent disciplines within the enterprise.
For instance, cyber security risk management and physical security risk management analyses are performed by separate teams and documented in separate reports. Similarly, cyber security incident management and physical security incident management remediation plans are developed and implemented by separate teams.
The teams in question have different cultures, too, leading to siloed procurement decisions. Cyber security management software buying decisions have little to anything to do with decisions for purchasing solutions for physical security management, e.g., security workforce management software or security guard management software.
Worse still, it’s rare that security teams share common security information management software or security risk management software, despite the obvious benefits.
As a result, senior leaders and teams lack visibility of interconnected physical and cyber assets, leaving the organization unable to quickly identify, prevent, and respond to blended threats. And when there is a blended attack, lines of communication haven’t been established, impeding coordination and collaboration.
The solution then? Organizations need to get serious about converged security functions.
What do we mean by convergence, though? The industry definition is the formal collaboration between previously disjointed security functions. Convergence tends to encourage information sharing and the development of unified security policies across divisions, making companies more resilient and better prepared to identify, prevent, mitigate, and respond to threats.
Benefits of convergence include:
But how to achieve convergence? Well, organizations of all sizes can pursue convergence by developing an approach tailored to their unique structure, priorities, and capability level.
Getting started is key, though. To that end, CISA recommends developing the following framework for aligned security functions:
Another step to take when prioritizing convergence is procuring the right security management software that covers all security incidents – not just cyber or physical incidents.
Such solutions help organizations proactively safeguard their people, assets, and reputation with actionable threat intelligence, enhanced situational awareness, and robust incident reporting.
What specific capabilities to look out for? To incentivize convergence, we’d recommend:
Finally, the rapid uptick in blended threats means organizations can’t rely on cyber and physical security management solutions working alone. That same threat picture is radically affecting the type of resources physical security teams have to work with, as well.
Physical security information management (PSIM) has, therefore, emerged as a solution. But what is PSIM? Check out our article on the Importance of Physical Security Information Management for a deeper dive.