Ensuring Cyber-Physical Security in the Digital Built Environment
2018-11-15T17:05:40Z (GMT) by
Poster presented at the 2018 Defence and Security Doctoral Symposium.
Cyberspace and physical space are increasingly enmeshed, and the need to secure the digital-built environment and its assets has given rise to the concept of cyber-physical security. Cyber-physical security concerns vulnerabilities in cyber security that can be exploited to target physical security, and vice versa. For example, insecure transmission of architectural designs can give attackers the ability to understand physical weaknesses in a building, and outsourcing of security and facilities management can provide access to an organisation through building management systems.
There is a need for organisations to develop processes that will encompass cyber-physical security, but the frequent disparity between the policies, functions and personnel involved in cyber and physical security makes this problematic.
This research will use methods from user-centred design to develop cyber-physical security interventions; example, scenario-driven interventions that could be used as part of regular table-top simulations and red team testing. Extensive engagement with key stakeholders will help to understand the problem space in order to develop interventions that are applicable, valid and usable, as well as providing an opportunity to test their impact. Investigations will adopt a mixed-methods approach (interviews, surveys, and focus groups) to understand how cyber and physical security personnel currently cooperate, including their awareness of the appropriate protective measures required from each other, the gaps between their approaches, and the barriers to collaboration.