It’s every homeowner’s worst nightmare: a fire or explosion that rips through the walls, threatening lives and reducing the structure and its owner’s possessions into a pile of rubble.
That’s the nightmare that visited three towns in the Boston area recently. Excessive pressure in a Columbia Gas line destroyed some 80 homes. The incident led to one death and at least 25 injuries. Not only was it the worst nightmare for the customers who were impacted, but also for Columbia Gas and the municipalities.
A few years ago, there would have been no way to use real-time data reporting to prevent or respond to such a tragedy. Today there is, but it doesn’t happen, because — and here’s the frustrating part — too often companies have not invested in innovative solutions to protect their physical assets like they have in their digital assets. The cyber and physical worlds have been treated a separate silos – but they shouldn’t be viewed that way. Because physical security technology is about 15 years behind cyber security, businesses have had difficulty in trying to integrate the two.
No longer separate
In 2018, incidents like the Boston gas leak should not occur. A gas system that featured innovative solutions in the network – like those found in cybersecurity for prevention, orchestration and incident response – would have made this a much less severe event. While the increased pressure (12x normal) was detected, the valves in the system could not be controlled remotely to release the excess pressure, before any explosions happened. And from an incident response perspective, gas customers would have been notified and evacuated as the pressure built before any fatal explosions could occur, and the post-incident response plan would have gone much more smoothly. Having had close friends of mine live through this incident, the response and evacuation process was utter chaos due to the lack of innovative detection, prevention and response technologies in place today.
What’s interesting about the lack of sophistication of physical security systems is that when incidents like this occur, many people point to a potential cyberattack. Think about that for a second: We take for granted that criminals can use tech savvy to breach physical systems, but we haven’t thought to create a robust layer of cybersecurity forphysical systems.
These days, the lines drawn between the physical and the virtual worlds are being erased. In fact, in 2017, Darktrace revealed that a digitally-controlled fish tank had been compromised to launch a hack on an unnamed North American casino.
Infosecurity North America will take place on 14 – 15 November at Javits Convention Center, New York. Register today!
The Common Thread
Physical security breaches aren’t always that dramatic. ATM skimmers are an example of a fairly common physical security breach. Ten percent more debit cards were compromised in 2017 versus the year before because of ATM skimmers, which use hidden electronics to obtain consumers’ card numbers and PINs, sending this information to criminals who then sell this compromised data or hack the financial accounts themselves.
For businesses, the common thread between physical and cyber security is that both exist to protect people – their customers and employees. And while the industry has innovated dramatically in cyber of the past 15 years, physical security has been largely untouched by the digital age. I know a sales exec who recently asked the head of security for a major institution if he needed any new technology for real-time physical incident response. “I don’t need a new real-time solution,” the man said. “I’ve got one already.” When asked what he meant, the man replied that his walkie-talkies, used by security guards, were all the real-time he needed.
Revenge of the Nerds
Such thinking explains why the realms of physical and cybersecurity have been disparate to date. Physical security has too often been perceived to be about using brute force while cyber has been more about out-thinking and predicting the enemy. Obviously there are exceptions with some of the advanced detection and facial recognition systems used in airport and other high-value targets around the world, but the mass market of physical security has lagged cyber.
But the nerds are starting to be included in the physical security discussions. Technologies like facial recognition, motion detection and predictive analytics can offer an additional line of defense to guards with walkie-talkies. Facial recognition technology can be applied by law enforcement to find those on watch lists in crowds. RF-based technologies can be used to secure a physical perimeter and signal when those borders have been breached. Sensors linked to deadbolts can automatically lock/unlock doors when an incident occurs.
Innovative organizations looking to close the gap between their cyber and physical security posture are helping ensure they are as prepared as they can be for any eventuality.
The topic of Cyber Physical/IoT will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Cyber Physical/IoT here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.