Last Updated on May 24, 2022
As technology advances, there will always be new threats from malicious actors seeking to exploit these advancements — whether that be in the digital realm or physical.
Yet, today’s technologies are increasingly blurring the lines between the two.
And that’s why it’s time to converge them.
Today’s guest, Chris Ciabarra, Co-Founder and CTO of Athena Security, is one of the physical security experts leading the charge on this front and he joins the show to share his insights into the inevitable security convergence in our future.
Join us as we discuss:
- Why the lines between physical security and cybersecurity are increasingly blurred
- The technologies Athena Security are advancing in the physical security domain
- How Athena accidentally made a COVID-19 detector
Converging Physical Security & Cybersecurity
It’s an interesting time to be in the information security field. After all, it’s an era of consolidation. Areas that were previously adjacent to information security — like privacy — are getting integrated into information security.
And now, we’re starting to see the same thing happen with physical security.
This convergence is driven, in part, by the Critical Infrastructure Systems Agency (CISA), the agency in charge of administering the security of the 16 critical information sectors of the US economy. Recently, the agency published a report they called, “The Physical and Cybersecurity Convergence Guide.”
This push to converge physical security and cybersecurity makes sense to Chris. Nowadays, the tools used in physical security are much more connected than they used to be.
Whereas the metal detectors of yore were self-contained pieces of hardware, the metal detectors of today are IP-based and IoT-enabled.
“The typical physical infrastructure personnel didn’t have a clue about cyber. They just plugged it in and it worked and they didn’t worry about the security side. Well, that needs to get fixed, because there are a lot of holes that physical security people aren’t aware of.” — Chris Ciabarra
Most physical security personnel are not trained to handle those added layers of cyber and physical risk from IoT devices. Consequently, there are many holes in these hybrid environments. And with the continued increase in threats from malicious actors, it’s critical to properly handle your physical security in addition to your cybersecurity—especially at the interface between the two.
It makes sense, from an expertise standpoint, to converge the two domains and place someone with cybersecurity bona fides in charge.
As Chris says, “I think it’s just personnel specialties. It just makes sense to plug everything into the internet and converge the two groups together.”
“Over the next four years, the two sectors of physical and cyber security will be combined.” — Chris Ciabarra
The Benefits of Convergence
There are many additional benefits to bringing the two groups together.
- Speed and efficiency: In situations where you’re implementing a new product or integrating a third-party program, it’s simpler and quicker to work with one team as opposed to two.
- Better security: Applying more cybersecurity expertise to IP-enabled physical security infrastructure will improve overall security and reduce risks from hacks on physical security devices.
- Unified view or risk: Converging security domains down to one can give you a unified view of risk across the organization. The more you can communicate risk using the same language, the better it is for the risk management of the organization as a whole.
- Framework compliance: Security frameworks — like ISO 27001— are increasingly placing responsibility for physical security controls on the teams in charge of the information security program. Following best practices set forth by security frameworks provides peace of mind and streamlines compliance.
Improving Physical Security Through Connectivity
Athena Security sells a next-gen metal detector that allows people to simply walk through without having to remove their keys or cell phones, or take everything out of their bags. The device uses 300 antennas (compared to 30 for your average metal detector) and multiple sensors (thermal, induction, and metal detection) to detect minute differences between guns and other objects that might be on your person.
When it detects a suspicious item, it alerts security personnel and sends a picture of the individual to one or more tablets or phones.
Without the advancements of IoT connectivity, this streamlined metal detector would not exist. And without it, we would have never gotten a COVID-19-detecting device.
Because Athena Security’s new metal detectors already had a thermal sensor, they were able to reconfigure the software to detect body temperature, and in doing so, they were able to flag individuals with fevers who might be a risk to the public.
A COVID-19 detector was born.
By converging different security domains, we are giving different security sectors the opportunity to communicate and share best practices across teams, resulting in more innovation and in greater protection against security threats.
“Companies need to be foreseeing physical security threats, instead of just waiting for something to happen to do something about it. These things can be prevented if they have systems in place to protect them, their employees and their guests.” — Chris Ciabarra
To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.