Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Physical Security

11/16/2020
09:00 AM
Fred Burton
Fred Burton
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

A Call for Change in Physical Security

We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?

Despite dedicating the majority of my life to protective intelligence in the private and public sectors, I still find it hard to believe when I see companies that have thousands of employees and dozens of offices and facilities — but a scant few physical security professionals using legacy tools and processes to try to keep the business harm-free. It's almost an exercise in futility.

Related Content:

Physical Security Has a Lot of Catching Up to Do

2020 State of Cybersecurity Operations and Incident Response

Do Standards Exist That Certify Secure IoT Systems?

In the 1980s and '90s, when I was a special agent in the counterterrorism and protective intelligence division in the Diplomatic Security Service at the Department of State, we did the best we could to organize and analyze intelligence by scouring through hundreds of cables, paper documents, and files. Decades later, physical security and safety professionals are gathering time-sensitive and sometimes life-saving insights, but still using paper records and manual processes, unnecessarily limiting their ability to more efficiently detect, link, and mitigate threats.

Sure, change isn't easy. When things have been working "just fine" and management thinks it's "good enough," getting an organization to try new processes and tools is a challenge. Adopting new ways to address physical threats may, to some, feel threatening and costly. But for far too long, although it's not intentional, corporate physical security teams have been reactive, and only after something bad occurs are they given the resources and investment they truly need. For holistic physical security programs, change must focus on augmenting and enhancing existing operations with new technology platforms that can efficiently scale the identification, investigation, assessment, monitoring, and management of physical security threats.

Protective Intelligence — Then and Now
Historically, eyes, ears, and acute observation kept physical assets safe. We would spend hours looking and watching for pre-operational surveillance to unpack the attack cycle. In gathering protective intelligence, teams would store data in command-post hotel rooms, surveillance cars, and handwritten logs. After an incident, we would record each event's specific details, which became data for future use. Detecting and vetting a threat on the street was challenging and inefficient. Institutional memory was the norm.

Information was passed via cables and memos and sometimes via the diplomatic pouch — a slow and tedious process. We got our first glimpses of digital transformation in the 1980s with Polaroid cameras, Sony VHS tape recorders, and Motorola radios and pagers. As more sophisticated technology and mobile applications were developed, the idea of transmitting intelligence via a pager headed for retirement, and a new era of physical security emerged. Physical security technologies and innovations also appeared due to catastrophic embassy attacks, kidnappings, and aircraft bombings.

Bridging Digital Transformation and Physical Security
According to Gartner, 82% of CEOs have a digital transformation program underway. And yet, physical security is still often perceived as "guns, guards, and gates." But we know today it is much, much more. The recent detection of a plot to kidnap Michigan Governor Gretchen Whitmer and the arrest of those involved was, of course, due to tremendous efforts by law enforcement. Virginia Governor Ralph Northam was also considered, which doesn't surprise me. In every case I've worked, the bad guys always look at multiple targets. While they are looking, they are usually the most vulnerable to detection. Many threatening signals were found on social media, and FBI undercover informants played an essential role.

Health and economic challenges have converged. Global workforces under hybrid office-home corporate structures have also emerged. Retail safety requirements are heightened. The scope and scale of liability for companies not actively and holistically monitoring for growing threats has increased dramatically.

We must bridge generations: those who developed, tested, and proved the value of protective intelligence, and those applying technology and data to bring a new level of expediency and effectiveness to protection. As organizations undergo digital transformations, physical security teams that embrace digitization can automate mundane work and use their creativity and insights to enhance their approaches, minimize liabilities, and usher in a new era of advancing safety.

Many corporations believe that their current security program is good enough. But I would argue that we are at an inflection point. The threats we face are dynamic, emerging, and global. We are rapidly approaching a new frontier that allows for mobile applications and massive amounts of real-time physical threat data to be structured into single, easily maneuverable platforms that are more than good enough; they are what human lives and livelihoods deserve.

Fred is the Executive Director of Ontic's Center for Protective Intelligence. He is one of the world's foremost experts on security and counterterrorism. A former police officer, special agent and New York Times best-selling author, Fred has served on the front lines of ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jdsegovia
50%
50%
jdsegovia,
User Rank: Apprentice
11/17/2020 | 2:58:55 AM
Chinese Security Solutions
Curious if you deem Chinese security systems (Dahua, etc.) as a growing threat to businesses, and even more so to critical infrastructure networks?
Visit the Web's Most Authoritative Resource on Physical Security

To get the latest news and analysis on threats, vulnerabilities, and best practices for enterprise physical security, please visit IFSEC Global. IFSEC Global offers expert insight on critical issues and challenges in physical security, and hosts one of the world's most widely-attended conferences for physical security professionals.

Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-2322
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
CVE-2021-20019
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
CVE-2021-21809
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
CVE-2021-34067
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34068
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.