Dan DunkelConvergence is your strategy to combat new “blended” security threats

by Dan Dunkel - President, New Era Associates

Published in SDM

Some security professionals still don’t collaborate effectively with IT in deploying a security policy? I believe the fundamental issue is the fact that many physical security practitioners do not understand the history of information technology deployment. As a result, many dismiss the convergence concept, even though it actually enables the new integrated security solutions required to protect global businesses. Looking forward, failure to understand the fundamental nature of convergence and how physical security integrates with new technology models will be a fatal error for this industry. In 2009 new threats are evolving faster then our ability to defend ourselves.

There are two issues that need to be corrected quickly if we are to move forward: (1) Convergence is not static. In fact, it continuously evolves in tandem with innovation, and (2) the IT department does not want the physical security responsibility. Some folks fall into two “convergence” camps. One group limits convergence capabilities, thinking video surveillance or access control solutions on IP networks means “we are converged”, game over. Others feel that a “cultural” merger must occur between the physical security and IT camps, both are mistaken. Unfortunately, confusion and politics dominate this critical period when global e-crime flourishes and new threats go unchallenged.

“The theft of intellectual property from U.S. companies is occurring at a rate of $200 billion a year. American industry and government are spending billions of dollars to develop new products and technology that are being stolen at little to no cost by our adversaries. Nothing is off limits – pharmaceuticals, biotech, IT, engine design, weapons design.”

                        -The Center for Strategic and International Studies (CSIS)
                                     Commission on Cyber security (2008)

Technology advancements aside, the IT department is responsible for increasing the productivity of the business, period. Business is information; the ability to share it in real time across geography increases productivity, time to market, and competitiveness. The benchmark to embrace IT and advances in network technology was the finance department. Product design and software development divisions automated to share information utilizing common development platforms (software) and global IP to advance the 24-hour digital workday. As the IT department created this infrastructure for these departments, and continued to automate others, did they ever once want responsibility for those business functions? No. THE IT DEPARTMENT DOES NOT WANT THE PHYSICAL SECURITY JOB. The physical security department is the CUSTOMER. The CSO demands the same level of support and open interoperability that departments across the company utilize. IT supports security. We need to put our politics behind us and collaborate faster to focus on the new threats we face.

Our intelligence agencies, law enforcement community, and the military see emerging security trends several years ahead of commercial markets. Recently, the military engagements in both Estonia and the Republic of Georgia were alarming from the standpoint of blending electronic (cyber) and physical attacks. Security professionals realize we live in a new era where a cyber attack can result in the destruction of a physical device (power generators, barriers, etc.) and where both assaults can happen simultaneously to cause destruction and impede emergency responses. This blended threat is a major concern for our nation’s critical infrastructure and real time global supply chains. The new threats to the business are a combination of human, physical, and cyber elements. Security professionals reaching the executive ranks understand these critical intersections, and partner with their IT colleagues. They expect the same behavior from their integrators. As the Internet connects thousands of worldwide networks, Web 2.0 evolves, and wireless handheld devices multiply - the answer to security policy is not he same old thinking and 10-year old proprietary product cycles. The solution is using convergence cycles and innovative solutions to your advantage.

In the face of this global threat, why is the physical security industry so slow to deploy new technologies like PSIM, IP Storage architectures, and identity management (“the most critical and under utilized technology in the security industry”)? Where are the leaders in the physical security industry in “deploying” new technologies, and creating best practices examples for the rest of us?  “Deploying… not endlessly evaluating”.  The cultural change that the physical security industry lacks is on the pace of its execution. Our industry acts as its own worst enemy by delaying (and fighting) the historic, and inevitable convergence of technologies with new security solutions. 2009 is the timeframe when this blended threat; the e-crime tsunami hits the fan. Integrators can swim with the tide or against it, but unfortunately, some will never even see it coming. Convergence lives!