With the internet of things (IoT), the convergence of physical security and internet security is inevitable. This will force security leaders across industries to accept responsibility for the protection of life, which may not have previously been in their purview. In his keynote session, Cybersecurity Scenario 2020 at the Gartner Security & Risk Management Summit in National Harbor, Maryland, Christian Byrnes, managing vice president at Gartner, says digital business requires the addition of a new fourth element to the Gartner CIA model for security: Safety. Joining Confidentiality, Integrity and Availability as an essential component of security programs, safety becomes essential to managing security in the IoT. “There’s a deep change in security practice due to the transition to IoT,” Byrnes says. “Safety now becomes a major issue.”
- Physical infrastructure complexity/automation increase risk
- Hazard recognition and control now include cyber needs
- Cyber attacks can have physical impacts
“Your job will be to protect the organization from things that can kill,” Byrnes says. He recalled a meeting with a hospital CIO who shared that the chief medical officer asked him to be prepared in two years for the “fact that networked devices will be administering pharmaceuticals to our patients.” The computers will be responsible for determining how much of a drug to put into a bloodstream. “The IoT doesn’t just sense what is going on. It changes what is going on. It changes the physical world,” he adds.
Cybersecurity Scenario: Race to the Edge
Byrnes also highlights additions to the Gartner Cybersecurity Scenario 2020 and the need for organizations to add transparency as well as safety in their “race to the edge.”
For security professionals, this means moving from the lower left quadrant of managing technology at the core of the business in a closed fashion, to adding transparency as you manage technology that lives closer to the edge of the organization and personal use.
Guard the Jewels
This is where you are now and it is the home state for most organizations. It’s characterized by an aversion to sharing with the government, use of trade secrets to compete and more of a “walled gardens” mentality.
Expand the Empire
This is where many organizations are going by default. It often is an unmanaged “race to the edge” and may or may not be the right place for you. It is characterized by critical infrastructure organizations, physical security or many ‘dumb’ devices with secure wrappers, and organizations with uncoordinated IoT projects.
Share the Wealth
The social media providers will be here, Byrnes notes, where there’s no approach to safety. Organizations that are slow to the edge may still be under pressure for transparency. This quadrant could make your life easier if you can effectively manage the risk.
Lead the Revolution
For organizations willing to push in this direction, such as high volume consumer markets, transparency and safety become leadership issues. Enterprises gain high leverage from contextual data. “If you can live in this quadrant, it’s ideal,” Byrnes says. “This is the home quadrant of the IoT revolution.”
Moving forward, Byrnes urges security professionals to find where they are in the scenarios today and determine where they are going (if anywhere). Remember the necessity to assess your existing and future role in securing the physical as well as the digital world and address safety issues early. Finally, don’t let yourself play “catch-up” to your business. Plan cybersecurity with them rather than after them.