Layered Security

Real, virtual worlds share same concerns

Cybersecurity and physical security traditionally are separate practices at most organizations. Physical security concerns have been around a lot longer than computing and networking, and the two have been characterized by separate concerns, goals and even languages.

The growing interconnection of the two worlds could be bringing this distinction to an end. Physical security controls are increasingly networked, and networks depend on physical security for their protection. Merging the two shops can bring advantages of scale to both, said Scott Borg, director of the U.S. Cyber Consequences Unit, a government-funded independent research group. But merger is not without its pitfalls, he warns.

The obvious advantages are improvements in efficiency and economy as planning and response are consolidated under a single department. Risk analysis and budgeting can be brought under a single head and handled by a single staff.

Disaster recovery and continuity of operations need to address both physical and IT problems. A disruption on one side can affect the plans for the other side, and having a single team facilitates this.

There are several potential pitfalls.

n Senior management does not understand both sides of this equation. A merger will require a change in the way they are managed.

If done properly, improved management and better reporting could create the impression that security is worsening as more problems are detected. It is like the early days of firewalls: No one had a security problem until the firewall was plugged in.

Although convergence should produce overall savings, ancillary costs of merging operations could make it appear more expensive. Document the savings and cost avoidance that have been achieved.

Physical and IT shops have different cultures and may not work and play well together. Basic training will be needed on both sides.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected