Converged Security Centres and Crime Prevention
Blending the cyber and physical threats together in one integrated platform...
IFSEC 2023 once again played host to the Converged Security Centre, powered by Advancis. Advanced technologies where on display, which can bring large volumes of data together to prevent and identify crime before its impact is realised.
Quite a claim, but the power of integration can make this difference.
We are all too aware of events in recent years where technology has failed to be used effectively to monitor and prevent a criminal succeeding in their attack. The Manchester Arena attack in 2017 plainly demonstrated this.
But what of a converged security centre? In such a location it is possible to bring cyber and physical together – for instance, the evidence found on the dark web to bear on an escalating physical threat, providing the location of bombers based on their social media footprint and uncovering plans.
Most organisations operate a separate cyber security and physical security operations centre and so cannot easily identify blended attacks, which causes a problem. If they are of cyber origin, such attacks can be fast, scaled and devastating.
Although some police forces use such investigative tools, they are not common. The more sophisticated software remains out of the reach of many.
However, there are levels of maturity in a converged security centre which we explored at IFSEC this year, such as how technologies can be integrated across an enterprise and thereby achieve a real time response to criminal activity.
To take a ‘real life’ example, transport systems can be monitored for unusual behaviour and suspect packages tracked using a mixture of CCTV and ticketing information.
Then there are highly connected environments, also known as smart cities, which are even more difficult to monitor and manage given the sheer volume of incidents and data the disparate systems are gathering.
As cities become smarter, mobile devices are increasingly used to realise benefits such as health, transportation, retail shopping, leisure, and entertainment.
On the positive side this use of mobile makes it is easier for a city to know the location of its citizens. But what does this mean for people’s privacy?
Again, the answer is better with a converged approach. Certainly, it can result in a more effective identification system, greater prevention of crime and improved management of health and safety issues.
As an example, during the height of the pandemic, countries like South Korea used converged technologies to locate cases and treat people before the virus was able to spread – resulting in fewer deaths. Crucially, privacy was also considered, with the data collected only being kept for 30 days.
This converged capability achieves the necessary speed of response and so data is less likely to be stolen.
So, what are the other issues which a converged security centre can prevent and respond to?
Ransomware has been a major concern to CISOs and organisations in recent times, with large organisations and even major hospitals having fallen victim.
In the United States, the most senior security leaders are now expected to take control of all areas of security risk and can no longer argue it is not their responsibility.
“Senior leaders set the vision and tone for organisations and are key to instituting cultural change. "Because the current siloed security model cannot efficiently mitigate today’s complex threats and attack vectors, organisations must begin to evolve their senior-most security leadership to assume responsibility for all aspects of enterprise security.”
What better way for a senior leader to manage these complex risks than in a converged security centre? It can monitor cyber-physical attacks and use common patch management processes for all systems to ensure they are kept up to date. Providing a physical system is maintained and monitored, it is less likely to stop working and keep people in buildings safe.
HVAC systems, once the sole domain of facilities, are now carrying out more sophisticated functions, such as monitoring air quality to ensure disease is contained. But given their likely connectivity and remote access, the potential to be affected by a cyber-attack is increasing.
Unless they are monitored by the cyber and facilities team, lone attackers or even nation states will take the opportunity to spread a chemical or biological weapon, potentially causing widespread deaths.
While this might sound like the worst possible scenario, this remains a future risk which must be prepared for.
Presentations across the show took attendees through how a converged security centre caan provide a centralised cyber-physical threat picture.
Converged security centres are the key to identifying more risks in real time compared to siloed centres because they can monitor cyber and physical threats together, escalate them and prioritise the risk. They can use advanced analytics to identify unusual behaviour because they recognise anomalies in a range of different systems.
In our connected world, systems are reliant on many other systems across complex environments. While not all might appear to be vulnerable, an attacker only needs one poorly configured device to access and control a whole building – or even an entire organisation or city.
If a lighting system is exploited, for example, there could be catastrophic consequences as the risk develops into a major event if other attacks are also used either for financial or military gain.
It is this hybrid or blended threat which is harder to defend against in siloed centres because once a risk is identified in one area, the team has to understand, respond and advise the other. Timing is key, when every second counts and hence the case for one, unified security operations centre (SOC) is strong.
Aside from the obvious energy savings of one location for security operations, there are rental savings, environmental benefits, enhanced communications and increased systems capabilities for the end-user, too.
Watch our interview with James Willison and Sarb Sembhi below to find out more about converged security centres.
