How IoT represents the intersection of cybersecurity and physical security - IoT global network

Blogs

How IoT represents the intersection of cybersecurity and physical security

September 19, 2019

Posted by: Anasia D'mello

John Dames of Coolfire Solutions

As the Internet of Things comes to scale, security leaders need to consider both physical and cybersecurity to safely implement new technologies. 

In an era of increasingly sophisticated security threats, says John Dames, CTO of Coolfire Solutions, CIOs and CSOs face a whole host of new challenges. Security leaders (both physical and cybersecurity) must be more vigilant than ever to safeguard their data, facilities, and teams. From unauthorised personnel attempting to gain entry to your facilities to cybercriminals looking to breach your network, private security and public safety stakeholders these days need to be everywhere at once.

This is only becoming more challenging as digital infrastructure becomes more advanced. The Internet of Things (IoT) in particular represents a new area where cybersecurity and physical security are converging in meaningful ways. With organisations relying on IoT technology for a greater share of their physical security — the number of IoT-connected devices projected to reach 75.4 billion by 2025 — physical and IT security leaders need to defend a larger attack surface than ever before. 

The reality is that IoT networks pose unique opportunities as well as new threats for CSOs and CIOs prepared to invest in them. For example, IoT technology has led to more advanced physical security systems than ever before, but the network-connected hardware behind them offers a new entry point for bad actors looking to access vulnerable data, or even threaten physical security. IoT networks must be managed with an understanding of the emerging relationships between cybersecurity and physical security in order to maximise benefits and minimise potential risks. 

For instance, imagine a hacker successfully breaches an IoT network in a smart building. The hacker could then use that access not just to access information, but to remotely disable security or monitor video surveillance feeds over that network. Despite having gained access through a cyber attack, the threat becomes a physical security issue. On the flip side, a physical breach of the same smart building could allow bad actors to capture IoT assets for cybercriminal activity. In both cases, vulnerabilities in one space bleed into vulnerabilities in the other, with IoT technology representing the critical link between the two. 

How the IoT merges cyber threats and physical threats

As IoT technology comes to scale, stakeholders across a wide range of industries can turn to smart sensors and IoT-connected devices to quantify critical aspects of their operations. From gathering data from the factory floor to connecting operational systems in smart buildings, IoT technology makes it possible to collect, analyse, synthesise, and act on information that was previously invisible. 

However, organisations investing in IoT technology to reap these benefits need to understand how cyber threats now pose a risk to both their IT infrastructure and physical assets. For one, IoT-connected sensors and devices at key points of industrial or office operations represent valuable targets for bad actors looking to disrupt organisational processes. And more simply, the sheer number of network endpoints available for cybercriminals to breach is exponentially higher in IoT systems with dozens, hundreds, or thousands of sensors and devices. 

Because the enterprise-grade implementation of IoT technology is relatively recent, cybercriminals are hoping to catch organisations off-guard. With IoT technology being new and exciting, it’s understandable that IoT vendors as well as IoT users might be more focused on new features and capabilities than cybersecurity. However, this attitude leaves critical vulnerabilities in IoT devices to be exploited by hackers, like in the case of the Mirai botnet that orchestrated several devastating distributed denial-of-service (DDoS) attacks on Dyn servers in 2016. 

How IoT technology can improve physical security

Despite the cybersecurity risks associated with IoT networks, CSOs and CIOs should look for strategic opportunities to leverage this technology for advanced physical security measures. These measures have unique use cases in multiple industries, including the shipping and logistics sector, smart building design, and public safety — just to name a few rapidly developing areas.

For example, IoT sensors installed across logistics supply chains and throughout distribution centres have the potential to improve operational efficiency, while also boosting physical security. RFID tags connected to an IoT network can provide a clear picture of where assets, orders, and shipments are in the logistics pipeline. This level of end-to-end visibility can help supply chain managers improve tracking operations — and when paired with IoT-enabled video surveillance and alarm sensors, it can also be used to help prevent thefts.

Outside of the logistics sector, IoT technology has a major role to play in smart building security. Physical security teams can set up digital perimeters with IoT sensors, controlling who can and cannot enter sensitive areas. Assets such as door locks, CCTV cameras, and more can be connected with IoT networks, allowing staff to analyse real-time data across their facilities and act accordingly with total operational control. 

IoT and the convergence of cybersecurity and physical security

As IoT technology represents a key area of convergence between cybersecurity and physical security, CSOs and CIOs need to consider what steps should be taken to develop a more comprehensive modern security strategy. To do so, leaders must think of cyber-physical security in a unified way when designing, implementing, and executing IoT projects and systems. The first step should be to invest in the IoT technology that can make facilities safer and more efficient. To do so effectively, it will be imperative to simultaneously address the vulnerabilities that IoT networks present.

This means that organisations will have to make the necessary changes when developing IoT projects to bring cybersecurity and physical security planning together. Moving forward, leaders must facilitate collaboration between facilities staff and IT professionals in order to successfully counter the cyber-physical threats unique to IoT networks. 

Ultimately, private security and public safety decision-makers must work with stakeholders across cybersecurity and physical security teams to determine the best path forward when it comes to IoT technology. While this will look different from one organisation to the next — and from one IoT deployment to the next — it’s essential that security professionals work together to secure the physical and digital assets that comprise all modern institutions. 

The author is John Dames, chief technology officer, Coolfire Solutions

About the author

John Dames is chief technology officer for Coolfire Solutions, a software company specialising in platform development and technology to deliver actionable intelligence. Dames has spent the past 8 years helping conceive and develop solutions for customers such as Enterprise Rent-A-Car, U.S. Military Special Forces, and municipal public safety and security teams.

Comment on this article below or via Twitter @IoTGN