8th February 2021

The Hot Topic – Is a Physical and Cyber Security Convergence on the Cards?

On Wednesday the 6th of January 2021, an act of insurrection was committed when rioters stormed the Capitol building in the US for the first time in almost 200 years.

Hoards of rioters flooded through the entrance, past Capitol police in a bid to disrupt the confirmation of Democrat Joe Biden as their new president. Understandably with the worry and fear of evacuation, many US officials were whisked away leaving computer systems and documents unlocked for prying eyes. According to Tech Crunch, “As politicians and their staffs were told to evacuate or shelter in place, one photo of a congressional computer left unlocked still with an evacuation notice on screen spread quickly on the internet.” When the physical security had been breached by the rioters, should cyber security have then prevented a potential breach in sensitive information? This has posed the question as to why physical and cyber security industries have been working as separate fields for so long and whether it’s time for a convergence of these two sectors?

With many individuals seeing cyber security and physical security as two individual entities, we wanted to know how exactly cyber security impacts the physical security industry and vice versa?

With the scenes from the Capitol building and the breach on site, we can clearly see how physical security can impact cyber security. If appropriate physical security measures had been implemented and held up against the masses, then sensitive information wouldn’t have been left open as protestors wouldn’t have gained access.

But how does cyber security impact physical measures put in place?

Many offices and factories nowadays are secured using physical access control systems such as smart card identification and other technologies for convenience as well as safety. For example, being a card holder can allow you access into restricted areas or just allow you access onto a highly secure site. This being said, many of these systems are connected to the internet, meaning there is potential for a hacker to grant access to unauthorised personnel, which could result in robbery, vandalism and many other crimes. Cyber-attacks on physical access controls can result in a breach of security, and with many companies embracing new technologies, the need for a cyber security and physical security convergence has never been greater.

According to the Security Magazine, “In 2019, the number of active Internet of Things (IoT) devices reached 26.66 billion, up from 7 billion IoT devices in 2018. Every second, there are 127 new IoT devices connected to the Internet, creating a larger attack surface, which threat actors can leverage to take control of and exploit.” This vast increase of devices isn’t just computers and smartphones, it incorporates sensors, security cameras and devices used for protection on site, so not having a clear union between cyber and physical security, opens up sites, offices and factories to potential threats and attacks.

As more technology is being utilised and incorporated into the physical security world, the more likely it is to open the door for an increase in attacks if cyber security and physical security remain independent. So, we ask; do you think there should be a convergence of these two industries?