Post

Security Integration

Security has never been higher on the managerial agenda. The global enterprise is addressing a host of perils ranging from exposure of its hard asset infrastructure to criminals and terrorists to the perpetual assault by viruses, worms, and other cyber organisms. Significant expenditures are required on an ongoing basis. As with all spend, firms must seek to maximize the return on security investments.

A casual Google search on the word security will generate thousands of “hits” on cyber security as well as discussions such as homeland security. However, there is minimal general information available when one seeks to research the “integration of physical and cyber security”.

Increasingly, the two are intertwined. We can all relate to the use of technology driven security efforts such as electronic door locks and ATM cards. These are common and everyday events for the greater society.

While organizations are fond of creating “C” level positions, e.g., Chief Marketing Officer, Chief Governance Officer, Chief Information Officer, etc., fewer have Chief Security Officers and in many cases, the CSO is focused on information technology security issues. Securing information is vital, and at least on par with securing physical facilities and assets. Is it time to integrate the two?

Organizational policies and procedures recognize security requirements of all kinds. In a world increasingly real-time, information management is becoming more closely aligned with asset performance. Cyber terrorists can negatively impact a physical plant just as effectively as old fashion physical intrusion. (1)

Clearly, the responsibility for a major physical asset such as a manufacturing plant, power generating facility, or offshore oil & gas production platform should not lie with those tasked with corporate information management, e.g., CIO. The overall responsibility for asset performance and its security logically and rightly belongs elsewhere, albeit with information security playing a major role just as it does with real-time asset management.

Perhaps the role of the CSO should be expanded to include responsibility for overall organization security. Those responsible for physical security as well as the CIO and his or her team would address cyber security issues under this umbrella in much the same way asset based information management is handled in conjunction with plant management teams. This approach will provide the focus and accountability necessary to assure that the firm is current in security best practices and has maximized the return on security investments.

Not a Radical Approach

Integrating physical and cyber security into a single effort is not as radical as it may seem at first. Information management has been dispersed into the organization for decades now. The advent of the first mini-computers, years before personal computers, was fostered by the need of the global organization to manage key information locally. The real-time economy places information management at the heart of the revenue stream.

Against this evolution, it is in reality, a small step to restructure the overall security efforts of the firm. Indeed good governance practices may demand it. Nice to think there is an easy to do step to better governance.

Is there any more important IT – Business Alignment requirement?

Notes:
(1) NRC Issues Information Notice on Potential of Nuclear Power Plant Network to Worm Infection. (2003, September 2). U.S. Nuclear Regulatory Commission. No. 03-108. http://www.nrc.gov/reading-rm/doc-collections/news/2003/03-108.html

Scott Shemwell's picture

Thank Scott for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

Scott Shemwell's picture
Scott Shemwell on March 24, 2005
Sue, Thank you very much for your kind comment. I think we both agree that a synergistic approach to overall security will be more effective than that of the cyber police and the guard dog silo model. I sincerely appreciate you interest and input. Scott
` `

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »