Cyber and Physical Security Are Different, But They Must Work Together

America's critical infrastructure faces more diverse threats than ever before.
The rapid digitalization of many sectors and the relatively analog operational environments that exist in others have led security specialists and analysts to develop divergent plans of action to accommodate the needs of both.
To better protect our increasingly connected physical and IT infrastructure, federal risk analysts should pursue a comprehensive and integrated view of the threats we face.
This includes leveraging existing risk frameworks and models and incorporating cyber-physical safeguards to accurately capture threats and kinetic consequences of cyber-initiated events.
Developing an approach that both acknowledges the differences between cyber and physical threats, but still considers them alongside one another, will likely require a significant commitment from specialists and agencies.
The process should be more of an evolution than an endeavor to be started from scratch.
The risk models that the U.S. security community currently uses for counterterrorism efforts at ports and other vulnerable sites already provides a solid foundation for the task at hand.
To start, the federal government should reframe its thinking around defining and prioritizing cyber risk.
The models we use for traditional anti-terrorism programs do a phenomenal job at capturing the physical consequences caused by kinetic adversarial actions and capture the majority of secondary and tertiary repercussions on the economy or related dependencies.
The blended assessment framework should also consider the effects on communities of things like supply chain disruptions, port closures, or data leaks in combination with more traditional physical threats like explosions or gas leaks.
This redefinition of risk will allow security specialists to build a more consolidated and comprehensive risk framework that incorporates cyber-initiated events with traditional risk models, while allowing for better prioritization and comparison of impacts.
Cyber-initiated events can now replicate incidents that were not originally related through digital means, making it even more important that risk frameworks accurately capture safeguards, mitigation measures, and other relevant information about both cyber and non-cyber systems and how they interact.
Finally, the broader security community should to come together to promote transparency about incidents, effective mitigation actions, threats, vulnerabilities, and other related factors.
Not only will access to this kind of dataset help inform more effective cyber recommendations, but it can also help businesses pursue more secure operations, more effective risk models, and more effective prioritization strategies to remediate weaknesses.
To encourage this transparency, government-level agencies should also lead the charge in developing a cross-sector, cross-organizational database of threats, incidents, and effective mitigation actions to help inform continuous improvement of available resources, in order to better protect critical infrastructure.
Agencies with responsibilities in this realm should carefully assess how other policies and priorities interfere with their ability to provide meaningful risk buy-down activities to federal and industry stakeholders alike.
The responsibility of operational cyber activities tends to vary depending on sector and level of maturity.
The role and responsibilities of CISA and other federal agencies with oversight and threat advisory responsibilities should be clearly defined, as well as processes for collaboration between these agencies and related industry stakeholders.
The above are just two practical adjustments that may support the theoretical changes that should take place in order to help the U.S. to build a better, more comprehensive OT cyber risk management program.
Ultimately, the specifics matter less than the outcome; as marrying cyber and physical homeland security programs will be an ongoing commitment to which the U.S. government, private companies, and experts in OT and IT must dedicate their time if they hope to mitigate today's cyber-physical security concerns.


This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Wed, 06 Dec 2023 15:28:05 +0000


Cyber News related to Cyber and Physical Security Are Different, But They Must Work Together

CVE-2024-26626 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
Securing Remote Work: A Guide for Businesses - This article aims to provide businesses with a comprehensive guide to securing remote work, covering the essential components of remote work security policies and exploring best practices for ensuring secure communication. By implementing these ...
9 months ago Securityzap.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
11 months ago Techrepublic.com
Cyber and Physical Security Are Different, But They Must Work Together - America's critical infrastructure faces more diverse threats than ever before. The rapid digitalization of many sectors and the relatively analog operational environments that exist in others have led security specialists and analysts to develop ...
11 months ago Cybersecurity-insiders.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 month ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
10 months ago Scmagazine.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
9 months ago Securityzap.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
9 months ago Cyberdefensemagazine.com
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
10 months ago Techrepublic.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
7 months ago Cyberdefensemagazine.com
Cybersecurity in the Age of Remote Work - The shift towards remote work has brought numerous benefits, but it has also exposed organizations to new cybersecurity risks. We will uncover key insights and best practices to ensure the safety of operations in the age of remote work. In ...
8 months ago Securityzap.com
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
5 months ago Therecord.media
What is Security Service Edge? - The contemporary work landscape is swiftly transitioning into a hybrid model, encompassing remote and office-based work for employees. This transformation introduces novel challenges in ensuring security across many work locations with diverse ...
10 months ago Cybersecuritynews.com
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Mississippi Creates New Cyber Unit and Names First Director - The state of Mississippi has recently announced the creation of a new dedicated cyber security unit, as well as the naming of its first director. The Mississippi Cyber Security Unit, headed by Director Kelly Hurst and backed by the Mississippi Office ...
1 year ago Securityweek.com
#MIWIC2024: Illyana Mullins, Founder of WiTCH - Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. Overall I consider myself a community specialist when it comes to cyber ...
7 months ago Itsecurityguru.org
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
11 months ago Securityboulevard.com
#MIWIC2024: Rosie Anderson, Th4ts3cur1ty.Company - Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an ...
8 months ago Itsecurityguru.org
Beyond Traditional Cyber Defences: The Rise of Outcome-Based Security In Modern Business - Cyber security is no longer just about keeping systems and devices safe, it's also become central in enabling business to achieve their strategic objectives. Paul Brucciani, Cyber Security Advisor at WithSecureâ„¢, has important information about ...
9 months ago Cyberdefensemagazine.com
Cybersecurity for Remote Work: Securing Virtual Environments and Endpoints - Remote work surged in popularity out of necessity during the COVID-19 pandemic but seems to be here to stay, thanks to its unique advantages. With the rise in remote work also comes an increase in cybersecurity challenges spurned by the circumstances ...
10 months ago Cybersecurity-insiders.com
New Stellar Cyber Alliance to Deliver Email Security for SecOps Teams - Stellar Cyber, a Double Platinum 'ASTORS' Award Champion in the 2023 Homeland Security Awards Program, and the innovator of Open XDR has entered inao a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this ...
9 months ago Americansecuritytoday.com
Cyber security professionals are exhausted, and it's putting firms at greater risk of attack - An epidemic of stress among cyber security professionals is putting organizations at a greater risk of cyber attack, according to a new report. A survey of 500 UK cyber security professionals by security firm Adarma found that just over half of ...
11 months ago Itpro.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 month ago Helpnetsecurity.com
Meet Your New Cybersecurity Auditor: Your Insurer - As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. Their coverage requirements and ...
11 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)