The boundary between physical security and cybersecurity is diminishing, which is creating a new challenge for the security teams to integrate the two solutions for a cohesive security coverage of their enterprises. With the rise of connected devices, be it an access-control device or a surveillance camera, the possibility of it being compromised by a cybercriminal has also increased. It has become imperative for the security teams now to integrate physical security and cybersecurity while designing the security architecture of the organization.
At the recently concluded IFSEC-2021 in New Delhi, Col (Dr) Gaurav Singh (Retd), Head –Automation & Projects, Security, Adani Group, elaborated on the importance of Edge Security during one of the key panel discussions. He gave interesting insights on how organizations need to gear up for integrating their network security models with physical security for holistic cyber-security. SmartStateIndia (SSI) had the opportunity to interact with Col Gaurav Singh at IFSEC-2021 and have his views on Edge Security.
Here are some excerpts from the interaction, and for the detailed interview kindly play the video below.
SSI: How important it has become to secure the edge in today’s increasing threat landscape?
Col Gaurav Singh: I would like to just say that we are heading towards a situation wherein we will be very exposed to – if not already – the dangers and the risks in a way that has never been seen before. In that regard, we need to talk about the cyber-physical space, i.e. the security on the edge. So, when we talk about cybersecurity on the networks, the market and industry has attained a lot of maturity, I would say. However, what about the space in the physical security as well as the network security including cybersecurity on the edge?
As the perimeter is exposed, we have to consider adequate physical security measures on the edge devices. And we probably need to process, analyze, and identify to mitigate those risks.
SSI: How can enterprises mitigate the threats on the edge networks and devices?
Col Gaurav Singh: I’ll talk about the Adani way of security. So what we are doing already in our company is, firstly, an end-to-end design and architecture by one team. So when we talk about the deliverables, then only one agency is end-to-end responsible. This can only happen when the design and architecture of the physical security infrastructure are designed by the same team that designs the IT security infrastructure of the company. That’s where I talk about the dove-tailing of physical and cybersecurity, so one team is end-to-end responsible for the security. I’m sure, the results would start to show up as they are beginning to show up in the Adani way of security.
SSI: What will be your top tips for security teams to consider while designing the architecture of their enterprise’s security?
Col Gaurav Singh: First and foremost is the knowledge of the design and architecture leading to the cybersecurity is compulsory. This is necessary as it is the need of the hour for every physical security professional. The physical security professionals must upgrade themselves to include knowledge on cybersecurity and IT design infrastructure. Otherwise, the physical security professionals are going to become redundant very soon. Secondly, I would like to say that it is very nice to roll out applications. It is very nice to get onboard new software, and do their VAPT and ensure that they are cyber-safe, etc., and get world-class UTMs. What matters at the end of it is the utilization and how it is leveraged. It is extremely important to execute as well the last person on the ground monitoring the network security is the key man if he fails in any of these scenarios, i.e. the steps if he doesn’t take correctly, or configures the system correctly, and monitors the system correctly, then the entire purpose is lost. Last but not least is upscaling and upskilling.
Let us make a well-integrated well-developed system right from the beginning, it may cost more so to say, but eventually, it will save costs to the industry. In the era of biometrics getting captured the government has come out with some regulations, but following only regulations will not solve the purpose. It is up to us, the industry, who are capturing that data, we are responsible for safekeeping of that data, because the reputational risk will be too high for the companies to bear.
SSI: How to secure the weakest link, i.e. human, in the entire security chain?
Col Gaurav Singh: As I covered in my presentation that 68% of attacks are by the way of emails. So, yes humans are the weakest link. You can’t exactly stop emails from coming inside the inbox. You develop a patch, a program, or even an algorithm to ensure that such kinds of emails does not enter the mailbox. But soon enough, before you blink some other kind of algorithm will come up that will defeat your defense algorithm. So, we must train, educate, and inform our employees about the dangers of cyber attacks. We have to ensure that cyber security knowledge reaches the last man on the ground. We need to educate ourselves and be on a learning curve always. We need to constantly and dynamically interact with everybody
down the chain including that last guard who’s standing on the gate with a cane. As he also needs to be educated on the importance of cyber security, because somewhere he is also entering some data of material movement or personal movement into the SAP or some other security system that is integrated with SAP. As everybody is using a computer system, so everybody needs to be educated on being cyber-safe.
