From a risk management perspective, it’s not unusual to be distracted by the complexity of digital network security. But some of the most gaping security holes can be in your physical premises. Businesses need to ensure that risk management personnel are on the ground exploring the premises with physical security concerns in mind. It’s time to examine the relationship between physical security, cyber risks, and industrial control vulnerabilities.
If a cybercriminal enters a facility and steals a laptop, or hackers unleash a worm to take control of your manufacturing plant, they can destroy expensive equipment and put you out of business for months, your reputation, your brand, your market share, and your shareholder value.
Theft of financial, medical, password or other sensitive data seems to be the cyber risk businesses fear most, and indeed such crimes can be catastrophic. Like physical property, data is also an operational asset with a distinct value in terms of keeping the business running. Destruction, corruption, or alteration of, for instance, logistical data, orders, or GPS information can cripple your business.
When hackers go beyond stealing credit card numbers and damaging data, they can take command of your industrial controls, potentially shutting down power stations, permanently freezing multi-million-dollar turbines in mid-cycle, blow up chemical vessels or cause molten metal to harden midway through fabrication.
This complex cyber security challenge is similar to the commercial property vulnerabilities engineers address every day in their loss-prevention duties as they gird against fire and natural catastrophes. Their first step is understanding the risk.
Risk to the physical premises
Although it is often overlooked, a company’s physical premises can expose it to cyber-attacks. Without proper physical security in place, a person with malicious intent could walk right into your building, office, or cubicle during or after working hours and plug an infected thumb drive into the first computer he or she comes across. This is just one reason that physical security measures like access control, a visitor management system, surveillance cameras and other forces are important for protecting your data, your property, and your entire supply chain.Managing physical security
Enhancing physical security requires management of visitor traffic, contractor traffic, and employee access throughout your facility and sensitive areas, including areas to which they have access. This may involve controlling physical access to network rooms and equipment, secure logins for computer access, and implementing timed lockout and password protection on network devices. Employee security awareness training is another must.
Industrial control system risks have become increasingly prominent on risk managers’ radar. The C-suite needs to understand the risks as well.
The Internet of Things (IoT) is generally understood to be interconnected smartphones, cars, fitness trackers, thermostats, and household appliances. But the reality is, connected plants and power grids are part of the IoT as well. There are more than 6 billion “things” connected to the IoT, and more than 5 million things getting connected every day, according to Gartner Research.
Companies need to take measures such as vulnerability audits, backup power systems, overrides of electronic controls, and even redundant IT systems that could take over in the event of a cyber-attack.