Why the collaboration between cyber and physical security is crucial in modern building design

For too long physical security has sat on one side of the fence and cyber security on the other. The two have been treated as separate domains with distinct teams responsible for each aspect.  

Yet, as our world has become more interconnected and complex, the traditional division between physical and cyber security is now proving inadequate and the integration is essential for robust protection against evolving threats.  

In our latest blog, Gavin Wilson, Toro’s Director of Physical Security & Risk discusses the importance of using a blended approach and adopting an attacker's mindset when addressing your organisation’s security needs.   

Consider the design of a new building as a prime example where the collaboration of physical and cyber security is crucial. Often, organisations overlook the interplay between these domains, leaving potential vulnerabilities unaddressed.   

Inadequate consideration during the security design phase can result in physical devices becoming unwitting tools for cyberattacks. Insecure IoT (Internet of Things) devices, if not properly secured, can be hijacked, and harnessed by attackers to easily access and infiltrate both the building's networks but also to physically break into the building, often undetected.    

Picture the scenario where you install a security system and do not rigorously test it, an attacker then breaches the system, has control of your cameras data, is able to breach a door control undetected, or is able to take full control of your security system, the outcome is likely to be critical.   

Despite the blended threats increasing daily it is still common for organisations to just rely on a security system installers recommendation when installing new security products without comprehensive vulnerability and assurance testing in the environment it is being installed.   

I feel this oversight is akin to buying a keyless car and expecting the car to be theft-proof. However, what the salesperson has failed to inform you is the vulnerabilities of a keyless system and the steps you should take to protect this system. 

Merely having security systems in place is not sufficient; rigorous testing and adopting an attacker's mindset must be implemented as they are essential components to have a resilient security strategy. It is vital that you fully understand the technology that you are putting in place to protect your organisation and think about how the technology could also be used against you in an attack.   

I would recommend putting in a clear strategy for cyber-physical security integration starting with the following steps:  

1. Promote a Collaborative Design Process by integrating security considerations early on. You need to ensure there is a clear collaboration and line of communication between the engineers, security experts, architects, and IT professionals. Ensure that both departments share common goals and strategies and have defined Operational Requirements to achieve their objectives. This approach will help to ensure the development of a comprehensive security plan and design package that will cover all aspects.    
   
   
2. Conduct regular security risk assessments to identify potential vulnerabilities and threats to both cyber and physical systems. Do not leave these gaps to be discovered by a penetration test that you perform months after installation or worst when they are breached by a threat actor. Technology systems need to be tested before being installed and the vulnerabilities identified. Attackers won’t wait to attack; they will target you when they spot a sign of weakness.   
   
   
3. Once everything has been installed implement continuous monitoring and testing of all systems to detect potential security breaches. It is also important to develop and maintain incident response plans that address both cyber and physical incidents, ensuring a coordinated response to minimize the impact.   
   
   
4. Provide ongoing training and awareness programs for all stakeholders to ensure they understand the importance of cyber-physical security integration and their role in maintaining a secure environment. This awareness empowers employees to proactively prevent security breaches and incidents, contributing to your overall security posture. Afterall, the biggest weakness in security is often the people themselves. 

The convergence of physical and cyber security not only enhances threat management and incident response capabilities but will also save you money. Organisations can streamline resources and bolster their overall security posture by treating physical and cyber threats as interconnected challenges.    

To find out how Toro can support you to improve your security and help you design more robust buildings security systems, then please contact the team.