Speaking to IFSEC Global in advance of the event. Hanselman, who has broad experience in network security, data security and information management, surveys the risk landscape and dispenses advice on combating cyber threats.
451 Research focuses on “enterprise IT innovation within emerging technology segments and provides timely insight to end user, service provider, vendor, and investor organizations worldwide.”
IFSEC Global: Hi, Eric. You’re bring a wealth of experience to IFSEC…
Eric Hanselman: I’ve been in the security field for probably far long than is good for me, but especially with everything that’s been going on, and continues to go on in security.
That’s one of the main reasons I find security so engaging. It is a field that continues to evolve rapidly – both from a technology and the human engineering side.
IG: So what have you got planned for your presentation, the Cyber Security Crash Course?
EH: Attendees can get a deeper understanding of the ever-deepening intertwining of physical and information technology security.
Historically, physical and technology infrastructure security have been reasonably independent. The physical infrastructure was really the 4 Gs: guns, guards, gates and dogs.
Now there’s a much greater reliance from the information security side to be aware of the physical environment we’re protecting. And the same thing is true on the physical side.
It’s about bringing in visibility on what is taking place on the technology side to better understand and enhance security of the physical infrastructure.
IG: Which parts of the supply chain can benefit from your presentation would you say?
EH: I’m looking to provide a fairly broad background in terms of an overall approach to technology. The reality today is that physical infrastructure is relying ever more on technical underpinnings to both interconnect and in more important cases actually manage the environment.
I’ll be touching on what is really happening with IP protocol. We are in the midst of a transition in both versions of IP. And also even approaches to back-end network capabilities and the environments they happen to host.
This transition is more about extending our understanding of managing the physical in the security world to ensure there is also the ability to have a deeper understanding of those technical implications.
IG: How has the nature of the cyber threat changed in the time you’ve been in the industry? And how is it changing now?
EH: I would actually make the case that the fundamentals of security have always been reasonable constant. The goals and challenges of both the security practitioner and those of our adversaries have been relatively constant.
What’s shifted is really two pronged: a constant evolution in the technology available to both sides, and the race to keep up with evolving technical capabilities.
It’s a technology arms race in the face of what really are the same problems tackled over and over again. It’s questions you have to answer with each new wave of technology.
IG: How can the industry or governments do better at anticipating and combating threats?
EH: One of the biggest ones is the attitude to information, and that’s one of the reasons why attendees at IFSEC are really hopefully there to learn more. In security there’s always been a tendency to try to constrain interesting information. I think we’re probably all better served by allowing a much freer interchange of not only the understanding of technology but also its use.
‘Security by obscurity’ has always been one of those things security practitioners held in their back pocket. Well that’s always been a losing game if we think about not only the specifics of security implementation, but really the broader view of understanding technologies and our overall environment, the overall threat environment.
We’re all better served by a much more open discussion and understanding of all facets of what is a very complex environment.
IG: Thanks Eric. Anything else to add?
EH: Security is an area in which there’s both rapid technological change and a set of core fundamental approaches that I think are really quite critical. Over the last decade there’s been a fundamental shift in the challenges we face as security professionals.
For some time now there’s really been a fully developed criminal infrastructure that is a parallel path to what we see in the physical security world.
Security, both on the attacker side and on the practitioner side, has really become a full-time job. We all have to take a much longer view in terms of what that means, how we establish a protection posture, and how we defend the whole range of assets that these security practitioners are charged to manage.
If you’d like to hear Eric Hanselman share more insights on cyber security in person then click here to register for IFSEC International 2015. Eric Hanselman is presenting the Cyber Security Crash Course at the show, which takes place at London’s ExCeL, at 3pm on 16 June
Listen to the IFSEC Insider podcast!
Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.
Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.
