|Cybersecurity is a critically important aspect in today’s increasingly IP-driven world of physical security
The physical security market tends to dismiss issues of cybersecurity as outside its area of expertise, but cyber-threats are a problem that has been ignored for too long. The fact is, cybersecurity is a critically important aspect of the systems our industry provides in the increasingly IP-driven world of physical security.
And the risk isn’t just reserved to sophisticated, high-end systems. Even small business and residential burglar alarms are increasingly accessed via the Internet and are therefore vulnerable.
“The more you study it, the scarier it gets,” says Bill Bozeman, president and CEO of PSA Security Network, the world’s largest electronic security cooperative. The for-profit organisation encompasses more than 200 electronic security systems integrators, aligning them with over 150 vendor partners.
PSA Security Network is seeking to raise awareness of cybersecurity in the physical security world, and to highlight possible business opportunities for security integrators in cybersecurity. Goals include getting the communities together and making sure physical security integrators know the risks and the solutions that cybersecurity has to offer, says Bozeman. Another goal is to make sure cybersecurity companies understand the physical security integrator’s needs. “Physical security cannot just sit there and do nothing,” says Bozeman.
In the new year, PSA Security Network will take on the topic of cybersecurity in the physical security space in a big way. PSA Security Network's Cybersecurity Congress, Jan. 20-21, 2015, is designed to teach member integrators how they can take real action against cybersecurity threats in their own business. The two-day congress will enable senior leaders in the IT and physical security industries to learn about the risks and liabilities they face, how to establish policies to defend against or respond to threats, and how to adopt security control standards for their organizations.
Issues to be addressed include liability and insurance, how to provide a host of services from a variety of partners, and stimulating partnerships and networking.
Later in 2015, PSA Security Network will also host the PSA Cybersecurity Congress @ TEC, a two-day training track during its annual conference, May 7-8, 2015, designed for multiple roles in the physical security and IT disciplines. [More information on the upcoming programs available at www.buypsa.com.]
Bozeman quotes a McKinsey and Company report that surveyed senior executives about whether the risk of a cyber-attack is a significant issue that could have a major strategic impact on their companies over the next five years. The percentage of respondents concerned about the impact was especially high in the banking field (80 percent), but various levels of respondents in healthcare (45 percent), high-tech (47 percent) and insurance companies (50 percent) also acknowledged the concern. “If you’re the president of the company, are you going to buy another camera or card reader or are you going to make sure you have the best level of cybersecurity?” asks Bozeman.
PSA Security Network aims to get the communities together and make sure physical security integrators know the risks and solutions that cybersecurity has to offer
An executive committee of network integrators, and cybersecurity and physical security professionals is guiding PSA Security Network’s cybersecurity initiative. A long list of cybersecurity companies – about 20 in all – are participating in the program. Physical security manufacturers supporting the program include Brivo and Bosch.
The drive to improve cybersecurity is coming from corporate corner offices as the “C-level” managers are being alerted to the problem by risk management, says Bozeman. A company’s board of directors might ask the security manager: “What is the cybersecurity plan for your physical security system?” In an industry that largely denies the problem, physical security integrators and their customers will increasingly need to be able to answer the question. End users today seek a complete protection plan, not just for physical security, but the entire “package” of security needs.
Bozeman says pressure to comply with cybersecurity requirements will push more integrators – and by extension, manufacturers – to consider how systems can be protected moving forward. “This will be forced on our community; it’s 100 percent, and laggards will lose business because of it,” he comments.
"In some cases, a physical security integrator could offer cybersecurity products directly to customers; in other cases, meeting cybersecurity needs might involve a partnership between a physical security integrator and a cybersecurity company," says Bozeman.
"Cybersecurity will be a cat-and-mouse game going forward, a tremendous problem, but also a tremendous opportunity"
“There are products and services to reduce the cybersecurity risk, but I don’t see them implemented in the physical security world,” adds Bozeman, who does not, however, expect the cyber-risks to encourage integrators to return to a strategy of closed systems. “You can’t fight the Internet,” he says. “There may be some limited, private, closed systems, but the world is on the Web. You don’t see people going back to closed systems. Cybersecurity will be a cat-and-mouse game going forward, a tremendous problem, but also a tremendous opportunity.”
In addition to the need for cybersecurity of network-connected physical security systems, there is also a business opportunity for integrators. Bozeman said a friend of his, a former Goldman Sachs investor, highlighted the need for our market to “follow the money” to the cybersecurity side of the business. The topic of cybersecurity first came up two years ago at PSA, which considered whether it should address the issue. “But no one else was doing anything, and we have the resources here. Education is one of the things we are geared up to do,” says Bozeman.
Resistance to the new cybersecurity initiative has been minimal. In fact, integrators are more interested in the program than, for example, when PSA started to educate them about the analogue-to-IP technology transition several years ago. “They’re more open-minded this time,” Bozeman says. “The vast majority just don’t know where to start, and that’s what we’re giving them.”