As Technology Convergence Accelerates, Device Security Has To Be Treated Like a “Socio-Technical” Issue
As our society continues to advance technologically, there’s been an increasing need for robust security. This downstream effect from technology evolution to security strategies is being exacerbated by an accelerated technology convergence between IT and OT tech, teams, and networks.
Info-Tech Research Group has released a new report emphasizing the need to merge digital and physical security in the face of evolving technological threats and further IT/OT convergence. The report highlights the benefits of an integrated security architecture, which combines various facets like physical security, cybersecurity, and HR into a unified platform. It also points to the growing convergence of security systems, driven by advanced access controls and digital transformations like IT/OT technology convergence.
However, challenges persist, including the integration of diverse technologies and potential “territorial disputes” among security managers. Experts and researchers see this as a moment to launch a complete reassessment of security at large, redefining what constitutes a security strategy, security team, and who bears responsibility for ensuring the safe flow of key IT and OT data. As groups seek to create an overarching security strategy, how can organizations, businesses, and governments approach these challenges to create a holistic methodology that works for all stakeholders in the face of accelerated technology convergence?
Marco Carvalho is the Executive Director of the L3Harris Institute for Assured Information at the Florida Institute of Technology, and sat down with MarketScale to throw his analysis and advice into the ring. He believes that security, as a “socio-technical issue,” encompasses technology, human, operational, and political facets. Recognizing each of these facets can help stakeholders avoid creating overly complex systems, even with mass technology convergence, that are prone to failure.
“You’re not trying to create a single uber security infrastructure that combines all your systems. That will be, in my opinion, a mistake. It will be extremely complex and you would just be increasing your chances of building a failing infrastructure. But you could build an infrastructure that has interfaces and has some semantic connections with other systems so they can be aware of their constraints and operate more holistically.
There has been an agreement in the security community that security, in general, is a socio-technical problem and involves multiple aspects, not just technology aspects, but human aspects, operational, policy, and many others.
So there is a great benefit in combining the different aspects of any operational business from a risk perspective to secure the operation of that business. The challenge is that you always have to balance the complexity of your system with the coverage of the system.
I believe that one of the biggest mistakes that enterprises would make in approaching this problem is to try to integrate the operations of all the systems as a unique infrastructure. There are many challenges involved with that, not just in terms of knowledge representation, but the scope, operations, and semantics of different systems. So an integration that will bring together these different systems has to be done at a meta-level.
My advice to companies seeking to create that kind of infrastructure is to try to abstract the interactions between the different systems, represent those interactions, and design the systems so they can accept and provide constraints through those interactions that can be understood by other systems.
So I think that it is, I truly applaud the mindset of trying to attach a more holistic view to this issue. This is necessary and this is not simple and there is a reason why it hasn’t been done. It’s difficult. And I think that recognizing the need for this will drive research and will drive approaches to do this more consistently and stably.
So I believe we’re on the right path and I think that moving forward with this and supporting these kinds of initiatives will be beneficial to companies and the nation as a whole.”