The Department of Homeland Security (DHS) Interagency Security Committee (ISC) published Security Convergence: Achieving Integrated Security on February 23, 2022. This comprehensive document focuses on best practices for achieving integrated security through planning, promoting, and implementing unity of effort across disciplines, including physical security, information security, cybersecurity, and information technology.
Attack surfaces continue to expand and become more complex due to the increasing proliferation of Operational Technology/Internet of Things (OT/IoT) devices into the operational/business and security functions. The OT/IoT advances have connected individual security devices to the vast virtual ecosystem, expanding the potential attack surface of facilities and making traditional physical security and safety systems more vulnerable. In this interconnected, cyber-physical ecosystem, a successful attack in one environment could impact the other. The goal of Security Convergence: Achieving Integrated Security is to promote the integration of security disciplines to address the escalating threats to our security.
This latest publication from the Interagency Security Committee provides a number of best practices, recommendations and methodologies for achieving integrated security. The document offers concrete examples of how to merge parallel risk management processes and optimize organizational alignment, as well as recommended training and performance management.
The authors note that in many organizations a major challenge is security controlled by separate authorities resulting in a siloed approach lacking formal collaboration and reducing overall protection. In response, the guide promotes coordinated defense in depth between traditional security countermeasures, information system security controls, personnel security vetting and multifactor authentication. It encourages merging processes for assessing and managing physical security and cybersecurity risk. The publication also offers several ways an organization might align functions to support and sustain a converged approach to security while acknowledging that this will take deliberate steps to foster the cultural adaptation to succeed. Other topics of note include workforce training, the potential for converged operational technology assessments and the importance of supply chain risk management.
This certainly isn’t the first publication on security convergence; many have noted the importance of convergence for years. However, it is one of the few works on the subject that goes beyond the imperative for integrated security by offering real solutions. Readers will also benefit from the resources listed in the publication from linked documents to online training. The federal government professionals from 12 departments and agencies representing various security domains have produced a product that achieves its goal of promoting the integration of organizational security disciplines to address the convergence of IT and security functions.