Convergence of physical and cyber security
by Aviv Siegel - CTO at AtHoc - Tuesday, 6 May 2014.
The companies using GSOCs today take advantage of a number of different delivery models for their alerting communications network. Some choose to use only on-site alerting systems, where all of the data and all of the functions operate on the company’s network. Some companies choose to operate their communications completely off-site via cloud-based or hosted systems. Others use a hybrid approach, so that they can keep sensitive data, such as personally identifiable information, on-site while choosing to have the function of the alerting process hosted off-site via the cloud in case their own internal networks are impaired or have been shut down to remediate the effects of a cyber attack.

An example where a company needs a unified response to a crisis using a GSOC deploying an interactive crisis communications network might be when a cross site scripting vulnerability has been exploited and online customer support functions have been disrupted. Such a scenario might involve the participation of a number of business units, such as representatives from the c-suite, IT personnel, customer support, public relations, legal, product managers, and maybe even law enforcement. The response process can be impaired due to the unfamiliarity across business units.

The scenario presents a number of crucial questions that have to be answered:
  • Who needs to be notified and brought together as a team?
  • Who is going to contact the team and assemble the team in an organized communications process?
  • Who is in charge of addressing the situation and managing the response process?
The situation is complicated by the fact that many companies still rely on the antiquated model of distributing crisis response handbooks in hard or soft copy form and hoping the right personnel are trained to use the handbook and follow the correct process for a given scenario – this is assuming they have followed procedure and have the handbook on-hand and easily accessible.

Having a single point of coordination like a GSOC would put the company in a much stronger, stable position to respond to a crisis. It would be the GSOCs responsibility to maintain an updated list of personnel and contact information for representatives from the different business units. The GSOC would also be responsible for deploying the alerting function and making sure the right combination of people were contacted to respond to the crisis and communicating effectively as a group. Most importantly, the GSOC would be responsible for monitoring the status of the company’s operational functions throughout the process, identifying what devices and processes – physical and cyber – that might be impacted by the crisis.

The use of GSOCs and mass notification systems are one of the ways companies are dealing with the challenges posed by the convergence of security today. Other use cases include integrating cyber monitors with alert notification functions. The event of a breach or cyber attack is captured by multiple monitors and the notification system would automatically activate to immediately alert security responders by utilizing out-of-band communications. In case the network has to be shut down, an organized response could still take place and information could still be exchanged between responders to address the situation.

In addition, embedding crisis communication notification systems with alerting networks would also support the dissemination and confirmation of IT security advisories by cyber teams in organizations. Lastly, organizations could leverage IP-based notifications as a unified response tool for both cyber and physical security safety drills conducted for compliance purposes to certify a company’s crisis response operations for auditors on behalf of the company’s customers.

In today’s landscape, it is not a question of if you will be hit by a combined cyber and physical crisis that will impact your organization’s operations, but when. Having a unified response to both processes won’t prevent you from getting hit, but it will allow you recover faster and resume business operations.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th