Security convergence is the industry term used to describe the uniting of cyber and physical security into a single organizational structure. It is a point of discussion among practitioners since ASIS International and the Information Systems Audit and Control Association (ISACA) established the Alliance for Enterprise Security Risk Management an organization dedicated to this concept 17 years ago. Yet only 52.5 percent of large companies surveyed are either fully or partially converged, as noted by Megan Gates in the latest issue of Security Management. Gates also cites the Colonial Pipeline incident, which operated as a traditionally siloed cyber and physical security program and is now merging security functions in the wake of experiencing a crippling ransomware attack in May. Critical infrastructure providers, particularly those in the energy sector, cannot operate effectively with cyber and physical security information siloes in place.
With rapidly changing geopolitical risks, persistent cyber threats, enduring COVID-19 with seasonal hot spots, and violent kinetic attacks and conflicts occurring globally, companies have re-thought traditional enterprise risk management frameworks to account for all risks and hazards. The risk surface for critical infrastructure providers particularly those in the energy sector is complex.
First, energy providers that deal in the dynamic world of dispersed generation, distribution, and transmission operations often have a vast array of infrastructure located in all types of threat environments ranging from urban to isolated rural areas. These bulk-electric system sub-stations, or critical pipelines, for example, fall under varying regulatory oversight (including NERC/CIP, CFATS, and TSA Pipeline Security directives), most of which require robust cybersecurity and even physical security controls (e.g., NERC/CIP 14). Second, energy providers are increasingly susceptible to Operational Technology attacks cyber attacks that target physical infrastructure and can have a devastating physical impact beyond operational disruption.
Additionally, sophisticated cyber attacks against the grid are increasingly how state actors attempt to punish adversaries in a non-attributional or obfuscated way. Earlier this year, DHS even warned of domestic violent extremists targeting infrastructure for physical attack to create widespread chaos and undermine confidence in the government. In September, the Nord Stream pipeline was sabotaged under the Baltic Sea a stark reminder of the disruption a surgical attack can have on exposed infrastructure. Global geopolitical instability has only increased the potential for a converged attack, in which a sophisticated threat actor gains access to a critical site or location and introduces malware directly into ICS/SCADA systems a threat vector that no amount of air-gapping IT/OT systems can prevent. Worse, a coordinated cyber and physical attack, targeting disparate key bulk-electric system nodes concurrently, could have an amplifying and cascading effect.
Based on these threats, regulators are attempting to drive greater security convergence and physical-cyber coordination within the energy sector. In addition to outlining physical security requirements, TSAs latest Pipeline Security Directive, released in July, requires covered Owner/Operators to have an up-to-date Cybersecurity Incident Response Plan that includes measures to reduce the risk of operational disruption. In addition to baseline cybersecurity criteria, NERCs CIP-014-1 Physical Security also requires transmission operators to identify and protect Transmission stations and Transmission substations, and their associated primary control centers, that if rendered inoperable or damaged as a result of a physical attack could result in widespread instability, uncontrolled separation, or Cascading within an Interconnection.
NERCs Electricity Information Sharing and Analysis Center (E-ISAC) also leads the GridEx exercise biannually to offer member and partner organizations a forum to practice how they would respond to and recover from coordinated cyber and physical security threats and incidents. GridEx planners continue to anticipate a rise in sophisticated, coordinated attacks that will challenge traditionally siloed security organizations. When read holistically, these key regulatory and exercise regimes highlight converging cyber and physical risks.
The criticality of the sector, its reliance on decentralized, exposed infrastructure, and the creativity and sophistication of adversaries demand the dismantling of information siloes within security organizations. The best way to eliminate siloes is to converge security functions under a single, accountable executive responsible for security-related risk management decisions and investments. An incremental model would see physical security programs converge with OT security functions (vs. the entire IT cybersecurity ecosystem), uniting under a single chain of command critical functions that prevent, respond, and recover from hybrid threats and attacks.
To manage these tail risk security contingencies, or those risks with low probability by high consequence, a converged or dedicated cross-functional team can:
Convergence is not a panacea, appropriate for every company and every sector. Cybersecurity and physical security practitioners have specialized skillsets and experiences that have evolved over time and warrant continued specialization. Each bring unique perspectives that can illuminate how an adversary would exploit a vulnerability. However, critical infrastructure providers particularly those within the energy sector lack inherent protections afforded to other industries (e.g., co-locating high-value assets or systems, less persistent threat activity, and limited physical impacts from an attack). Instead, these organizations are the target of sophisticated threat actors, operate vast arrays of exposed infrastructure with inherent physical and cyber vulnerabilities, and provide services that directly impact societys ability to function. Now is the time for the energy sector to earnestly consider converging security functions to effectively manage an unprecedented threat landscape.
Read the original post:
- Middle East & Africa (MEA) Colocation Data Center Portfolio Report 2024-2028: Detailed Analysis of 255 Existing and 157 Upcoming Data Centers -... - November 9th, 2024
- FERCs AWS, Talen Energy ruling not the final word on nuclear, data center colocation: Constellation CEO - Utility Dive - November 9th, 2024
- A growing coffee company is bringing a new shop to a busy Midlands road. Heres where - The State - November 9th, 2024
- REI Co-op to open first Buffalo area location next year - WBEN - October 27th, 2024
- REI Co-op is opening a new outdoor gear store in Sacramento area. Heres where and when - Sacramento Bee - October 27th, 2024
- First State Brewing Co. to open 2nd location on Coastal Highway in Rehoboth Beach - The News Journal - October 27th, 2024
- Canada Data Center Colocation Market Supply & Demand Analysis Report 2024-2029: Coverage of 111 Existing and 12 Upcoming Facilities Across 21... - October 18th, 2024
- Upper Michigan Today visits the new Keweenaw Co-op - WLUC - October 18th, 2024
- Ziply Exec Expects Colocation Offering to Be Popular in Rural Areas - Telecompetitor - October 18th, 2024
- Popular Southcoast bagel shop slammed on opening day in Taunton. What makes it special? - Taunton Daily Gazette - October 18th, 2024
- Global Colocation Edge Data Center Market Overview 2033 : Forecasted Market Size And Growth Rate - openPR - October 18th, 2024
- Keweenaw Co-op expands with new location - WLUC - October 18th, 2024
- Craveworthy Brands announces new co-branded location in Newark, NJ - Verdict Foodservice - October 10th, 2024
- Colocation Center Market Business Insights, Key Trend Analysis - News in Assen - October 10th, 2024
- Data Center Colocation Market Investment Opportunities and Forecast 2024-2031 - openPR - October 10th, 2024
- Data Center Colocation Market Massive Growth Opportunity Ahead As Revealed In New Report - EIN News - October 10th, 2024
- Natural Grocers Invites Highlands Ranch, CO Community to Grand Reopening at New Location on October 10, 2024 - PR Newswire - October 1st, 2024
- SEBI Closes Co-location Case Against NSE Without Further Action - NDTV Profit - September 15th, 2024
- Sebi clean chit to NSE, ex-MDs Ramkrishna, Narain and 5 others in co-location case - The Times of India - September 15th, 2024
- SEBI closes co-location case against NSE, former officials - The Hindu - September 15th, 2024
- SEBI closes proceedings against NSE, others in co-location case; decision clears path for IPO - Business Today - September 15th, 2024
- Chopt Creative Salad Co. to Open First Ohio Location at Eton Chagrin Blvd. - Cleveland Scene - September 15th, 2024
- Sebi disposes of case against NSE, its former employees in co-location case - Business Standard - September 15th, 2024
- SEBI disposes of co-location case against NSE, 7 others - BusinessLine - September 15th, 2024
- Sebi Reverses Stand On Co-location Scam - BW Businessworld - September 15th, 2024
- Sebi disposes of case against NSE, its former employees in co-location case - ThePrint - September 15th, 2024
- SEBI disposes of co-location case against NSE and others without any further action - ThePrint - September 15th, 2024
- Data Centre Colocation Market In-Depth Analysis with Booming Trends Supporting Growth and Forecast 2024-2034 - Future Market Insights - September 15th, 2024
- Cornish Pasty Co. to Open its First Tucson Location in a Historic Downtown Building - Tucson Foodie - September 3rd, 2024
- Are colocation data centers the right partner for universities to meet their sustainability goals? - DatacenterDynamics - August 23rd, 2024
- Identifying the Top 20 Markets and Locations for Hyperscale and Colocation Data Centers - Data Center Frontier - August 23rd, 2024
- Hudson Valley Seed Co. keeps flourishing in new Accord location - Times Union - August 23rd, 2024
- Minnesota's first Baskin-Robbins and Jimmy Johns co-location opens Saturday - Bring Me The News - August 23rd, 2024
- Ellensburg, Kittitas Co. announce new location for temporary cold weather shelter - AppleValleyNewsNow.com - August 23rd, 2024
- Co-location Scam: NSE Withdrawing Plea Against Sebi Order - BW Businessworld - July 28th, 2024
- Another Foxtail Coffee Co. Location Brewing in Georgia - What Now Atlanta - July 28th, 2024
- Data Center Trends: Industry Report Reveals Shift Towards Hybrid IT, Colocation - Data Center Knowledge - July 20th, 2024
- Data Center Colocation And Managed Hosting Services Market size is set to grow by USD 163.36 billion from 2023-2027, Rising demand for data center... - July 20th, 2024
- SONIC Drive-In to open co-located outlet in New Jersey, US - Verdict Foodservice - July 20th, 2024
- Tracking the Growth of the Edge Colocation Data Center Market - Data Center Knowledge - July 20th, 2024
- Wavepiston to study offshore wind, wave energy co-location with rsted - Renewables Now - July 12th, 2024
- Colocation Data Center Trends, Predictions, and Opportunities for H2 2024 - Data Center Knowledge - July 12th, 2024
- Leveraging AI with colocation and edge computing - Edge Industry Review - June 26th, 2024
- Leading co-working hub Huckletree set to unveil new location in the heart of the City - City A.M. - June 26th, 2024
- No New Co-Locations, a Victory Years in the Making - United Teachers Los Angeles - June 13th, 2024
- Mitra Chem and Sun Chemical Announce Joint Development of United States Iron Phosphate with Lithium Iron ... - PR Newswire - June 13th, 2024
- rsted invests in battery energy storage system co-located with Hornsea 3 Offshore Wind Farm | REVE News of the ... - REVE - June 13th, 2024
- ALX Community To Open Fourth Co-Working Office Location - Patch - June 13th, 2024
- Data Center Colocation Market Innovations Investigated by Size, Growth Forecast- Industry Outlook to 2028 - WhaTech - June 13th, 2024
- BarrieHaus Beer Co. wins World Beer Cup gold medal, announces plans for location in Pasco - Creative Loafing Tampa - June 13th, 2024
- Co-Locating COVID Vaccines, Infection Testing With Syringe Services Shows Success - Medpage Today - June 5th, 2024
- This Week In Food: Pasta Supply Co. Arrives In the Mission - SFist - June 5th, 2024
- - Launch of ASEAN Stone to provide for the rising demand from the commercial, residential, industria - AD HOC NEWS - May 27th, 2024
- Virginia's Aslin Beer Co. to open 1st location in Hampton Roads - 13newsnow.com WVEC - May 27th, 2024
- Messe Munchen Singapore announces the co-location of two-dedicated tradeshows for Southeast Asia's USD450+ ... - JCN Newswire - May 27th, 2024
- Hamlin Bank and Trust Co. celebrates opening of St. Marys location - St. Marys Daily Press - May 19th, 2024
- Shreve & Co. closing Union Square location after over 170 years - NBC Bay Area - May 19th, 2024
- Data Center Colocation Market Worth USD 58.4 Billion to 2031 - Exclusive Report by InsightAce Analytic Pvt. Ltd. - PR Newswire - May 19th, 2024
- HighGrain Brewing Co. will open second location in Springfield Township - WLWT Cincinnati - May 8th, 2024
- Why companies are turning to colocation now more than ever - DatacenterDynamics - May 8th, 2024
- Garsnett Beacon Candle Co. to open Saugatuck location Thursday - HollandSentinel.com - May 8th, 2024
- Solar, wind and storage co-location: Electricity cost reduction - Energy Live News - Energy Made Easy - April 24th, 2024
- Window and door company JELD-WEN to close Rusk Co. location, affecting over 300 jobs - WSAW - April 14th, 2024
- NHS Trust 'over-egged' think tank's support for new cancer centre - Nation.Cymru - April 6th, 2024
- Single-cell and spatial analyses revealed the co-location of cancer stem cells and SPP1+ macrophage in hypoxic ... - Nature.com - March 28th, 2024
- Data Center Colocation Market size is set to grow by USD 66.57 bn from 2024-2028, American Tower Corp., AT and T ... - PR Newswire - March 28th, 2024
- Mighty Squirrel Brewing Co. is opening a Fenway location this week - The Boston Globe - March 20th, 2024
- Fastrack Technology's three keys to making the most of colocation - IT Brief Australia - March 20th, 2024
- Co-location agreement between the EU Delegation and Spain - EEAS - March 20th, 2024
- Browns Doughnut And Pastry Co. Opening Second Location In Bucks - Patch - March 12th, 2024
- Where District 5 Board of Education candidates stand on the charter school co-location issue - The Eastsider - March 4th, 2024
- Data Center Colocation Market to Reach $46.30 Billion by 2028, More than 5,175.6 MW Power Capacity to be Added in ... - Yahoo Finance - March 4th, 2024
- Rittal Announces Colocation Rack Initiative to Meet the Growing Demand for Colocation Market - PR Newswire - March 4th, 2024
- Sheetz to host grand opening of new Montgomery Co. location - WHIO - February 22nd, 2024
- Sheetz to host grand opening of new Montgomery Co. location - Yahoo News - February 22nd, 2024
- Pasta Supply Co. is opening a second SF location in the Mission - San Francisco Chronicle - February 22nd, 2024
- Educators and Families Win Limits on Co-Location - United Teachers Los Angeles - UTLA - February 22nd, 2024
- Co-working members' club The Malin opens wood-filled Nashville location - Dezeen - February 22nd, 2024
- Poplar Avenue retail location of Whimsy Cookie Co. closed; property to be demolished - Memphis Business Journal - The Business Journals - February 11th, 2024
- Data Center Colocation Market projected to hit USD 178.7 billion at a 15.3% CAGR by 2030 according to a new... - WhaTech - February 3rd, 2024