☰ open navigation sidebar

< Back to events

Webinar on Effective Integration of Physical Security and Cybersecurity

10 June 2021 - 10 June 2021 Online, Selected Audience

Applications for this event are closed
Workshop on autonomous and remotely operated systems: Benefits and challenges to nuclear security

Background

Nuclear materials and facilities cannot be considered secure without the effective integration of interfaces between different aspects of security. Whereas physical security is concerned with provisions designed to prevent unauthorised access to facilities, and to protect personnel and property from damage or harm, cybersecurity is made up of technologies, processes and practices designed to protect networks, computers, and data from attack, damage or unauthorised access. However, because individuals in charge of security may have dissimilar backgrounds and employ different methodologies, they do not always work together as effectively as possible.

Modern physical security systems are fully digitised and often networked, to the point that they have become vulnerable to crippling attacks through cyber vectors, potentially opening the facility to physical intrusions. At the opposite end of the spectrum, some digital assets – such as control room terminals – may rely entirely on restricted physical access for their security. Many other systems are protected through a blend of physical and digital controls, requiring a careful balance and good understanding of synergies.

The effective security of nuclear materials and associated facilities also depends on understanding how physical and cyber assets are connected, and how the vulnerabilities of these assets could be exploited by both physical and cyber threats. When assessing security measures, the following questions need to be considered: what are the potential weaknesses of computer-based physical protection systems and how can they be mitigated? Who is responsible for responding to cybersecurity incidents, and how do they interface with response arrangements in case of physical intrusion? How robust is the IT infrastructure against physical attacks?

For a security programme, developing effective objectives, goals, methodologies and – even more importantly – a language that is shared across its sub-disciplines are the key elements to support the consistent integration and interoperability between its different aspects. At the highest level, all elements of security share the same goal: protecting the assets of a facility from compromise and attacks. The cultural and specific knowledge of physical and cybersecurity may differ broadly, and there are still relatively few specialists who have an in-depth understanding of both fields. Nonetheless, integration is the only path towards comprehensive security, and understanding the building blocks of both disciplines is the first step along that path.

Integration – while an undeniable challenge – should also be seen as an opportunity. It reduces costs, increases operational efficiencies, streamlines the management of security breaches in both domains, allows for more effective forensic investigations, and, crucially, puts the organisation in a stronger position to protect against current and future blended threats.

Objectives

The purpose of this webinar was to:

  • Highlight the interdependence between physical and cybersecurity;
  • Review cyber and physical threats and discuss how to develop a comprehensive threat picture;
  • Explain some potential cyber vulnerabilities of physical security systems;
  • Describe good practices for protecting physical security systems against cyber threats;
  • Support the development of an integrated and comprehensive security programme.

Agenda

The agenda for this webinar consisted of selected speakers who are experts in their field.

  1. Introduction to the interdependence of physical and cybersecurity
  2. Examples of blended cross-discipline attacks
  3. Best practices in integration
  4. Focus: access control (biometrics, physical vs logical, attacks)

Our special guests for the webinar were:

  • Paula Karhu - Principal Advisor at STUK - Radiation and Nuclear Safety Authority – Säteilyturvakeskus.
  • Paul Smith - Senior Scientist with the Center for Digital Safety and Security at AIT Austrian Institute of Technology and a Visiting Researcher at Lancaster University, UK.

Process

Date: Thursday, 10 June 2021 at 10:00 AM (CEST)

Duration: 60 minutes

Language: English

Recording: The webinar recording is available here.

Contact Information

   Yasmina Jennane
info@wins.org

   Mehri Avlyakulova
info@wins.org

Venues

Online Event

Online
Selected Audience