Saturday, September 20, 2014

Recent Physical Security and AT/FP Items

In July, Wired posted a fascinating article about the security concerns stemming from a new company that uses 3D printing stations and pre-loaded templates to reprint your keys should you lose them. I question whether the existing security paradigm of physical keys is actually coming to an end, but there are two important take-aways from this story. First, it's a powerful reminder that the proliferation of disruptive technologies impacts both digital and physical security. Second, that extends to a reminder that physical security practitioners will increasingly require network security expertise, as reflected by the fact that many facility security management positions now call for industry standard network security credentials.

Last week, SPX published an interesting piece entitled "Ground X Vehicle Program Aims to Break the More Armor Paradigm. One of the key precepts in both the former and current DoD counterinsurgency field manuals is that "Sometimes, the More You Protect Your Force, the Less Secure You May Be". Many organizations, including the DoD, approach security from the perspective that "more is better": more armor, more concrete, and such. Less common is an enterprise risk management approach that considers the likely threat environment, or alternative approaches to security. In some cases, particularly in high profile conflicts or locations, the alienation caused by an armored separation from the local populace can pay negative dividends, as this article from March notes. (I personally consider the MRAP program to have been an overwhelming success, but it's still important to consider both the costs and benefits, and to apply those lessons to future implementation.) I've witnessed organizations that couldn't afford elaborate security technologies or massive walls of concrete, but were able to make progress with good procedures, robust awareness programs, and close coordination with affiliated security organizations. The underlying lesson is that one-size-fits-all solutions to security challenges are not the answer; instead, security practitioners should design their risk mitigation efforts with a defense-in-depth approach that considers multiple approaches to counter their own specific challenges.

Finally, leaning further into the Anti-Terrorism/Force Protection discipline, the BBC ran an interesting piece on Libyan Survival Tips which have been prominent on Twitter during recent violence in and around Tripoli.

No comments:

Post a Comment