Telstra’s director of global security solutions Neil Campbell addressed patrons at the Security Exhibition & ASIAL Conference in Sydney today, stressing that the electronic and cybersecurity worlds will become entwined, but every organisation will take it at a different pace.
In 1992, Campbell joined the computer crime team, knowing nothing about the area. Back then, policing was an analogue discipline, such as paper, typewriters and tape, he explains.
“Back then the kind of places were hacked were universities. I’d go to a system administrator and ask what happened.”
The IT administrator would respond in such technical terms that he wouldn’t have a clue where to start, or how to relay this information back in court. Campbell is now at Telstra, which is about to launch two security operations centres in Sydney and Melbourne this year.
“Going to the digital world was where everything changed on a large scale. The electronic security industry is going through a similar transition.”
As an example, the NBN network will bring on board alarms and other systems that can’t work in an analogue world – those devices must go towards internet protocol, otherwise known as IP, Campbell says.
“We have analogue lines, which won’t be for much longer because of the NBN. It has to go digital.”
He also says there is a clear advantage to the dual approach to electronic and cybersecurity.
Video monitoring can be placed alongside cybersecurity and computer systems in user and entity behaviour analysis, which means systems can track entries and exits.
“It means you only bother notifying security analysts about important events,” he says.
While Frost & Sullivan analysts predict that every facet of a holistic security system will be digital, Campbell believes it is an optimistic claim.
Every firm has its own journey, and some of those journeys may not involve the convergence between electronic and cybersecurity.
However, as a general direction, all aspects of security are going towards convergence. Organisations should take on board electronic, logical, information, physical and personnel security as part of the new converged future.
Campbell also says that business continuity, disaster recovery and risk management also play an important part in any organisation’s security strategy.
The Internet of Things (IoT), misunderstood by some, is often nothing more than digital sensors attached to the internet. Any analogue technology that has a digital internet sensor is part of IoT.
Campbell believes that cyber threats posed by IoT devices are a major issue: There is a rush to the market and manufacturers not taking appropriate security considerations.
“One of the things we’re always told by Windows is to update. For Apple, we’re told to update. When it comes to IoT, quite often there’s no mechanism to update.”
This leads to insecure sensors and devices, which can put electronic security – whether video surveillance or access tracking – at major risk.
Before embarking on a journey to convergence, Campbell says there are a number of issues organisations should consider when considering electronic and cyber convergence:
- Systems (what do I have & need, and what information do I have/need)
- Suppliers (do they understand cyber requirements and are they patch-ready?)
- People (owners, decision makers, collaboration and communication
- Issues (executive buy-in, decision-making structures).
The Security Exhibition & ASIAL Conference continues on July 27 & 28 at the International Convention Centre, Sydney.