In the late 1960s the internet was first created, in 1991 the World Wide Web was released and in 2014 most facets of human life are connected to the internet in some way. Anyone working in the security industry will have heard about Cyber Security over the last few years. It has usually been in the context of ‘oh the computer people deal with that’ or long winded, uninspiring talks about data protection etc. The lacklustre explanations about why one should regularly change their passwords, usually delivered in training sessions in rooms that are far too hot, fail to give the full picture about the threat that many businesses face from cyber attack.
Sitting in a busy London railway station it is possible to observe many things: commuters queuing for their trains, passengers going through the ticket barriers and families watching the screens giving details of delayed services. If for some reason any one of the information networks that control train movement, or read tickets, or control the boards that provide the information, were for some reason to fail then the station would cease to function until those things were back online.
But a station ceasing to function is only a minor issue compared to a failure of the supporting infrastructure. For instance, a failure of the signal control system could conceivably lead to trains over-shooting stations and ensuing chaos as multiple trains across the capital grind to a halt. The knock on effect of an overcrowded underground would bring the whole city to a standstill. Whilst a sophisticated, coordinated attack bringing a capital city to a grinding halt sounds like the stuff of thriller novels, this is no longer in the realms of the fiction writer, it is now a distinct possibility.
The scary thing about the scenario above is that it could occur without security professionals on the ground seeing any form of physical breach.
Working within the security industry it is very easy to see Cyber Security and physical security as two completely separate entities. From those who guard doors to those who have control of entire buildings, it is very easy to think only about the bits that are in front of you, however big your view. We can no longer afford for this to be the case. In an increasingly connected world where the majority of information is shared using technology of some sort, the distinction between the physical world and the cyber domain is not as defined as it was.
The 2010 National Security Strategy highlights the four main risks to the UK, the second highest on that list is ‘Hostile attacks upon UK cyber space by other states and large scale cyber crime’. In 2011 it was believed that cyber crime cost the UK £27 billion.
By remembering the key points from those hot training rooms, such as changing passwords regularly, having good policies in place, and by developing in organisations a strong security culture that takes account of the aspects of security that are not immediately seen, we can go a long way in preventing a physical security incident orchestrated from the cyber domain.