- March 18, 2005
- 518 views
A casual Google search on the word security will generate thousands of hits on cyber security as well as discussions such as homeland security. However, there is minimal general information available when one seeks to research the integration of physical and cyber security.
Increasingly, the two are intertwined. We can all relate to the use of technology driven security efforts such as electronic door locks and ATM cards. These are common and everyday events for the greater society.
While organizations are fond of creating C level positions, e.g., Chief Marketing Officer, Chief Governance Officer, Chief Information Officer, etc., fewer have Chief Security Officers and in many cases, the CSO is focused on information technology security issues. Securing information is vital, and at least on par with securing physical facilities and assets. Is it time to integrate the two?
Organizational policies and procedures recognize security requirements of all kinds. In a world increasingly real-time, information management is becoming more closely aligned with asset performance. Cyber terrorists can negatively impact a physical plant just as effectively as old fashion physical intrusion. (1)
Clearly, the responsibility for a major physical asset such as a manufacturing plant, power generating facility, or offshore oil & gas production platform should not lie with those tasked with corporate information management, e.g., CIO. The overall responsibility for asset performance and its security logically and rightly belongs elsewhere, albeit with information security playing a major role just as it does with real-time asset management.
Perhaps the role of the CSO should be expanded to include responsibility for overall organization security. Those responsible for physical security as well as the CIO and his or her team would address cyber security issues under this umbrella in much the same way asset based information management is handled in conjunction with plant management teams. This approach will provide the focus and accountability necessary to assure that the firm is current in security best practices and has maximized the return on security investments.
Not a Radical Approach
Integrating physical and cyber security into a single effort is not as radical as it may seem at first. Information management has been dispersed into the organization for decades now. The advent of the first mini-computers, years before personal computers, was fostered by the need of the global organization to manage key information locally. The real-time economy places information management at the heart of the revenue stream.
Against this evolution, it is in reality, a small step to restructure the overall security efforts of the firm. Indeed good governance practices may demand it. Nice to think there is an easy to do step to better governance.
Is there any more important IT Business Alignment requirement?
(1) NRC Issues Information Notice on Potential of Nuclear Power Plant Network to Worm Infection. (2003, September 2). U.S. Nuclear Regulatory Commission. No. 03-108. http://www.nrc.gov/reading-rm/doc-collections/news/2003/03-108.html