Initially security of computer systems was categorized as physical security and cyber security. Physical security dealt with physical measures of ensuring computer gadgets are secure. For example, having security personnel in place, use of surveillance cameras, access control like locks among other physical measures. On the other hand, cyber security was more of internet security. That is, restricting misuse of the internet. But, cyber and physical security (CPS) can no longer work distinctly (CISA, n.d.).
Why the term cyber and physical security?
The Internet of things (IoT) and Industrial Internet of Things (IIoT) has converged the two areas of system security. The integration of computer systems with the internet has created cyber physical systems. There is no way physical security will never again be dealt with as a standalone area. This integration comes with benefits as well as challenges. The critical infrastructures like supply chain, healthcare, smart grid, military and industries are connected for efficiency. But, this interconnection makes these infrastructures a target of cyber-attacks (Kube, 2015).
Cyber physical security deals with security of network devices and software’s (applications) that facilitate computer components to work on the cloud. The area also handles people who manage and use this cloud based systems. The devices connected to the internet are not only exposed to threats like floods, terrorism, fire and theft, but also cyber-attacks. Networked devices can be attacked remotely and result to compromised system and data, disruption of operations and the denial of critical services (O'Brien, 2022).
The Department of Homeland Security (DHS) mandate is to ensure safety of the American people and their properties. This includes dealing with both physical and cyber threats. Therefore, CPS is very relevant to DHS. DHS role is not only tied to physical border protection, security of government buildings and important assets, but also cyber security. Thus, DHS duties are cyber physical in nature (DHS, 2022).
The connection between cybersecurity and physical security
The connected and embedded devices and sensor’s that make IoT and IIoT contain software that enable these devices to work together. This software’s are nothing else but the lines of code written by programmers and they may be having mistakes, which make these them to have vulnerabilities. Vulnerabilities are loopholes that can be exploited by the enemy. They are like a point in the Southern border without security personnel or surveillance cameras. Such a point can give attackers a path not only to compromise that device but also other devices connected to that network (IFSEC Global, 2022).
Take a case of SolarWinds hack in 2020, the attackers accessed SolarWinds cloud based system. Using that point, the hackers were able to have access of systems of SolarWinds clients. The system the SolarWinds clients had purchased made even other systems to be exposed to attack (Oladimeji, 2022). This means a cyber-attack can affect surpass physical security. In this case, the affected entities that included federal, state and local governments as well as notable corporate entities had security personnel in their premises but the attacker was able to enter to systems that held data and compromise them. Cybersecurity and physical security are connected in that both are measures of securing systems and personnel. The goal is same; security.
Education in cyber and physical security
The rate at which security threats are flourishing, especially cyber threats, education institutions are not able to copy with it. The courses of computer security offered in academic institutions are not up to date. The problem starts with programme designers and instructors. If the programme is not revised from time to time, then learners are taught outdated concepts. The same for instructors, if they do not upgrade their knowledge they are left behind. Therefore, it is very clear that the education system is not well positioned to handle current cyber threats. The blame may be the shortage of computer security experts and research funds. If the institutions are not heavily funded, then research is ignored and thus threats continues to increase without skilled people to handle them (Viveros, 2013).
Cyber-attacks are carried out by seasoned hackers. Some of these individuals are well funded or paid. For example, state sponsored attackers. These individuals may be having tools that education institutions may not have. This makes the attackers to be always ahead. But, education systems should be producing computer security professionals who are able to prevent, respond and provide recovery of the affected system. But this is not the case all the time. That is why institutions pay ransom to regain their systems. For instance, CFA Financial Corp, the Chicago based insurance company, paid $40 million as ransom (Mehrotra, 2021). This is because their cyber security personnel could not restore. Therefore, what educational institutions is churning out as cyber security professionals are not able to tackle the challenges in the real world.
