A hacker breaks into a Florida town’s water supply and tries to poison it with lye. That’s not a fictional tale from a Hollywood script – that’s an actual news story in the Washington Post from a year ago. Fortunately, an operator was watching the attack unfold from his desk at the water treatment plant, and was able to stop it before any serious damage occurred. Citizens living in Western Ukraine were not so lucky in 2016, when a highly coordinated attack targeting the power grid knocked out power for nearly a quarter-million residents.
The ideal incident response to such an attack, known as a Human Machine Interface Hijack, is to disable remote access so that the industrial control system on the plant floor can only be operated using the embedded HMI. Such a response could be orchestrated using D3’s SOAR platform.
The environment of increasing internal and active threats is pushing security leaders to pursue convergence strategies. Organizations need to make sense of security data from physical security sensors, video management systems, and incident reports. In fact, 41% of enterprises in a recent Gartner survey aim to converge parts of their cyber and physical security operations by 2025, up from 10% just one year prior. The report cites D3 Security as an example of a security vendor that can support physical security convergence by integrating sensor feeds into its SOAR platform.
This 2021 report published by the US Cybersecurity & Infrastructure Security Agency (CISA), titled Cybersecurity and Physical Security Convergence, helps illuminate the reasons behind this push to converge security functions. It provides an excellent view of scenarios of hybrid attacks. Some adversarial techniques explored in the report include:
- Exploiting a gap in access controls to insert malware into the company network from a USB device or other removable hardware.
- Rendering network servers inoperable by overriding HVAC systems to increase temperature.
- Using unmanned aerial vehicles (UAVs) to gain access to an unsecured network using wireless hacking technology.
While using UAVs to get access to networks might sound outlandish, consider this: nine percent of all data breaches are due to physical security compromise as an initial attack vector, according to IBM’s Cost of a Data Breach 2021 report. Threat actors exploit the gaps between physical and cybersecurity, as siloed solutions fail to provide full visibility and real-time situational awareness of active threats.
“Physical security and cybersecurity divisions are often still treated as separate entities. When security leaders operate in these siloes, they lack a holistic view of security threats targeting their enterprise. As a result, attacks are more likely to occur and can lead to impacts such as exposure of sensitive or proprietary information, economic damage, loss of life, and disruption of National Critical Functions,” the CISA report concludes.
SOAR closes the gap between the physical and cyber
Such security gaps can be closed by utilizing a platform like D3 NextGen SOAR, which can generate a unified and centralized operating picture from siloed solutions, including physical and cybersecurity-oriented solutions. Our SOAR platform provides customers with an open, standardized interface with the flexibility to ingest data from, and integrate with, access control, building management, video surveillance, intrusion, visitor management, mass notification, IoT and OT systems, and more.
By integrating physical and cyber tools on D3, security teams can monitor security threats from a single queue of alerts, instead of siloed queues. Centralization improves focus, helps the SOC team prioritize on what’s important, and improves response times. Another benefit of centralization is that investigators can correlate incident artifacts (or IOCs) from one type of event against another. So for example, if an employee is implicated in a physical incident, the security team could see if their user ID, email, laptop, etc. was involved in past cyber incidents.
One of the main reasons our customers love D3 NextGen SOAR is its ability to integrate with a multitude of open and closed-source and security software vendors. Our platform’s flexible API-based architecture helps clients avoid high switching costs and make the most out of their legacy investments, utilizing assets until the end of their product lifecycle. Converging physical security and cybersecurity doesn’t just enhance your organizational security posture, it also reduces costs by streamlining security operations.
D3 Security brings over 15 years of award-winning, global leadership in incident response and management. Our unmatched expertise can help your team develop a business case for security convergence. Schedule a one-on-one demo with one of our cybersecurity experts today.
