Security in Depth: The Fundamentals of Physical and Cybersecurity Convergence

The exploitation of the Internet for radicalisation and research means that many abhorrent hostile vehicle terror attacks now originate in the digital realm.

This has likely been the case for several years. And although hostile vehicle threat levels are generally low, the digital component is on a worryingly upward trajectory. Understanding the interplay between physical security and digital infrastructures is vital to keep people and assets safe from vehicular attacks.

But how can physical security consultants – working in a critical specialism that demands full attention – own yet another niche? Are they accountable for a job they can’t possibly do alone?

• Do security consultants need a digital string to their bow?
• Fine-tuning our interpretation of cybersecurity
• The modern definition of security
• The fundamental objectives of security convergence
• The most valuable applications of security convergence
• Becoming the conductor of an orchestra
• Potential pitfalls of convergence

Do security consultants need a digital string to their bow?

The short (but somewhat reductive) answer is no. Although the duty of care now considers the role of digital in HVM, physical security professionals are not expected to become anti-terror cybersecurity experts. Not now, and not ever.

But – and there is a but, they need to understand the fundamentals of how physical security and cybersecurity converge. Both the basic interdependencies and the most effective ways to coordinate the two for better threat mitigation.

After all, we know that digital tools are abused for radicalisation and reconnaissance. We also know that digital communications are the fastest way to coordinate emergency help. Therefore, to successfully mitigate, manage and monitor vehicular threats, security projects and professionals need a preliminary understanding of how digital and physical vectors interact.

Fine-tuning our interpretation of cybersecurity

Before discussing this further, we will note that we use an extended definition of cybersecurity. In the context of HVM, “security” refers to physical safety, which digital components can reinforce. Therefore, we interpret cybersecurity not just as defending technology integrity, but as ways digital solutions can protect people and assets from harm.

With that said, let us explore the core strategic objectives of security convergence, its most valuable applications in HVM and how you can start coordinating physical and digital channels more effectively.

The modern definition of security

Security convergence can be briefly summarised as “the integration of physical and cyber security measures and strategies to address threats in both the physical and digital domains”. With much planning and coordination of hostile vehicle attacks happening in the digital world, security convergence enables us to better adapt to the nature of terror threats.

The fundamental objectives of security convergence

The strategic objectives of security convergence are twofold and in the interests of any security consultant or safety project stakeholder. These objectives are to:

1. Prevent hostile vehicle attacks more effectively. More data – through enhanced monitoring, integration, and data sharing – means stronger situational awareness about how and when threats are changing and the solutions that deliver proportionate and appropriate HVM.
2. Respond to hostile vehicle attacks more effectively. When digital infrastructure and communications are leveraged, emergency response can happen faster to complete the job performed by physical security measures.

Although security convergence is unlikely to result in the mass digitalisation of physical security infrastructure (especially HVM hardware), its insights can be game-changing.

Experts note that data consolidated and generated by advanced, integrated digital security tools may influence vital factors like product specifications and threat-level evaluation. As a result, physical security professionals are teaming up with specialist partners to help make sense of the challenge and set priorities.

The most valuable applications of security convergence

When done correctly, security convergence can and will aid the continued effectiveness of HVM measures. This is especially true at the risk and threat assessment stages (and subsequent VDAs and product specifications) and post-attack.

Therefore, security convergence is of growing interest amongst security consultants, project managers and public realm managers alike. Its value is immeasurable, but we are noticing an uptick in security projects uniting the physical and digital in the following ways:

• Securing space surveillance: Spaces protected by HVM are often accompanied by video surveillance and access control systems. Should these digital assets be hacked or compromised, they may be leveraged for hostile reconnaissance. Working with a specialist cybersecurity provider can reduce the risk significantly.
• Monitoring space data points: Those video and access systems are rich with data – pedestrian volume and movement patterns, vehicle near misses and irregular behaviour. Specific cybersecurity monitoring, detection and response solutions can automatically consolidate vast amounts of data and flag developing risks or potential changes in HVM requirements.
• Sharing threat intelligence: Although the latest threat intelligence is always available, it can be challenging to localise and apply in context. Enhanced security convergence can expedite threat intelligence data sharing and enable more timely evaluations of vulnerability and, therefore, HVM measures.
• Automating communications/responses: If the unthinkable were to happen, good security convergence could help reduce casualties. From rapidly coordinating emergency services to warning the nearby public, convergence is powerful for those actively managing the security of HVM-defended spaces.

Becoming the conductor of an orchestra

As discussed, those responsible for physical security are not to become cybersecurity experts or know all the details. But taking decisive action to establish security convergence is now part of the duty of care – and will undoubtedly improve HVM measures in more ways than one.

One security convergence expert put it as “needing to become a conductor of an orchestra, not a master of every instrument”. The most sensible next step is to have a conversation with a [accredited] cybersecurity consultant who specialises in your sector or space and bring your physical security consultant into the discussion too.

From here, you can work collaboratively to shore up your security convergence fundamentals and develop an HVM strategy fit for the digital age.

Potential pitfalls of convergence

In general terms, the coming together of the physical and cyber realms must surely be considered a good thing. But when there is a new approach, we cannot assume all will be plain sailing. In terms of physical and cyber convergence that is especially true.

One of the key risks the industry faces is trust, which extends to both the what and the who. There exists a relatively small pool of established market players in the world of physical HVM security and the products available are tightly scrutinised. Taking a product through an IWA, ASTM or PAS testing procedure is expensive and time-consuming – and rightly so. The output of such tests gives confidence that a product is fit for purpose.

With cyber technology, however, the risk landscape changes almost daily and solutions to combat the risks must keep pace. That means rapidly changing technology and a near-constant stream of new market entrants. Undoubtedly some of these will be outstanding, but just what solutions can be trusted? And as the cyber industry is largely unregulated, a supplier’s capability must be assessed some other way, but how?

Which leads to the who. For a purely physical scheme, risk identification and appropriate measures are identified by a security consultant. But with cyber, such a vast array of threats and potential solutions exist that security consultants will be hard-pressed to stay abreast of the best approach. Those that can, will be in high demand, potentially creating a skills vacuum ready to be filled by less able people.

All of which means a rethink. New processes are required and established industry practices and skills need to change. That could and arguably should include regulation, which all takes time. In the meantime, convergence is a hot topic and that creates a pressure cooker where mistakes can be made. We must proceed, but caution is the watchword.

Need help with your hostile vehicle mitigation strategy? Or do you require HVM solutions for an upcoming project? Talk to our team today or browse our range of HVM solutions here.