Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementCybersecurity News

The Unstoppable Convergence Between Physical and Cybersecurity

A combination of cyber and physical defense is not only inevitable, but can make enterprise security stronger.

By Diane Ritchey
The Unstoppable Convergence Between Physical and Cybersecurity - Security Magazine
April 1, 2018

In 2017 in Lappeenranta, Finland, attackers caused heating systems to go offline by targeting them with a Distributed Denial of Service (DDoS) attack, leaving residents to face the sub-zero temperatures typical for that time of year.

In 2016, the U.S. Department of Justice charged seven Iranians for hacking the control systems of a small dam in New York State in 2013. The dam was offline for repair, preventing the hackers from controlling the flow of water.

In Germany in 2014, attackers infiltrated the corporate network of a steel mill, and used the access to pivot into the production network, enabling them to manipulate the facility’s control systems. The attack led to failures in equipment and caused a blast furnace to explode.

With just those few examples, we see security convergence, where physical and cybersecurity issues overlap.

The issue has been around for more than a decade. But it has only been in the last few years that the networked enablement of everyday business functions has forced enterprises to embrace the fact that physical security and cybersecurity must be treated in a unified manner.

But why haven’t companies been able to converge? The problem has been the actual implementation of a converged security solution. Because physical and logical security systems have had little in common on any level, integrating them was seen as a costly and complex proposition.

Yet, that’s changed. While some enterprises might not consider their access control or HVAC data a high-risk asset, hackers are often looking for the path of least resistance into your system and to higher-value physical prizes. That path can easily be through security technology. Traditional “physical” devices such as HVAC, lights, video surveillance, ID cards, biometrics, access control systems and more that are now IP-enabled create an entirely new set of vulnerabilities that hackers will exploit and try to use to access a company’s network to steal business or customer information.

James Turgal, managing director for Deloitte’s Risk and Financial Advisory’s Cyber Risk Services practice, has been working with the convergence of physical and cyber for more than 20 years. He’s a former executive assistant director for the Federal Bureau of Investigation Information and Technology Branch, and a former member of the FBI’s C-suite, where he was responsible for all global applications, corporate systems, infrastructure and operations for the bureau’s worldwide information and technology needs. He also led the FBI’s efforts to transform cybersecurity areas including digital forensics and investigations, data privacy, identity management and cyber resiliency.

James Turgal - Security Magazine

According to James Turgal, who served in the FBI for more than 20 years, the FBI as an organization has embraced security convergence in order to mitigate security threats. He says, “During my tenure as the Executive Assistant Director, I drove a philosophy of security convergence with respect to our monitoring platforms. True security convergence in my mind was taking our Enterprise Security Operations Center from our Security Division and combining it with our Network and Insider Threat Center – Monitoring as a Platform (MaaP). This MaaP will allow our network operations team to monitor the networks and the physical security team to examine issues from a physical security standpoint. This philosophy and result allows for synergy of mission, but still a separation of groups who possess their own need to know concerning classified and sensitive information and a very nice example of how the convergence philosophy can work.”

Earlier, while serving as chief human capital officer and head of the FBI’s human resources (HR) division, Turgal focused on aligning staffing resources with emerging risks, streamlining systems and processes, designing a cyber skill and recruiting program, as well as maximizing HR budgets.

He will discuss how to find opportunity and risk within the converging cyber and physical security landscape at this year’s Security 500 West conference on May 10, 2018, in Santa Clara, CA.

For Turgal, due to the fast pace of technology in our personal and professional lives, convergence is an unstoppable reality, and a necessity for any enterprise to successfully mitigate security risks. IT departments at the end user level are getting more involved as the number of connected security devices expands and the rapid growth of video data and managing access control systems and video analytics continues to grow. In fact, at last year’s ISC West show, IT companies exhibited alongside physical security manufacturers.

Yet, he says, there are “some enterprise security teams who still look at the issue from a silo view because they were trained to view security that way. But technology is moving so much faster, and with a silo view, technology is going to roll past them. There are ways that you can segment the two areas in a positive way…but you cannot just continue to maintain the status quo.”

The physical security world is becoming increasingly IP-enabled – IMS Research estimates that about 22 billion devices overall will be internet-connected by 2020 – it’s really just a matter of time before most companies consider convergence. But before any enterprise can realize the potential gains – like cost savings and efficiency – it must sort out any power struggles and turf wars. Because the modern design of IP networks means that they can encompass business critical systems alongside security video and other security systems that enable physical access to a facility.

The people aspect of the issue is one where Turgal also places importance: The cooperation between IT, cyber and physical security in an enterprise needs to happen to keep pace with rapidly changing technology. “All three parties and their collaboration rolled up into a strategy creates a holistic security view that can help organizations thrive. Without it, you are duplicating efforts which can create vulnerabilities and cost money. Running a network for cybersecurity and physical security are also two networks that you’ve got to continue to patch. And if you create a vulnerability on one network, you create a vulnerability across the organization. So the synergy [of physical and cyber] is being driven by the increase in technology [in enterprises] and how fast that systems and new technology is moving.”

“This [movement] is all about leadership, accountability and execution. Leadership has got to embrace this. Historically, and even now, you have a tremendous number of leaders in the CIO role and the C-suite that are all about the business operations. And because of the last [few] years, those conversations have been about the cyber world. There are vulnerabilities out there they never have had to deal with before. So now, they’re talking about those issues, but still not looking at it in a holistic [strategic] viewpoint. For that to happen, senior leadership has to embrace the desire to do it, but success hinges on the accountability and execution pieces. It was difficult in the FBI, and it’s difficult everywhere.”

From the accountability piece, Turgal says that there’s a large cultural aspect involved. “These are people’s positions that they’ve held sometimes for decades. Every enterprise has a culture. One of the most important conversations to have before an integration is to discuss the culture of that organization, including a security leader’s ability to assess their people, their strengths and their motivations in order to understand the individual organization culture. Understanding what the culture is and how to operate in it plays a critical role in the success of any type of implementation. A misaligned organizational culture can have a tremendous impact on both the business and the security aspects. You could potentially be changing the philosophy that the enterprise has had for years, not just combining networks.”

According to Turgal, costs could be reduced during the convergence process and personnel could be realigned, which only can add to the hesitation for people to embrace convergence, as employees fear for their jobs. “Employees might think in the beginning that they’re losing their jobs, when really, they aren’t. Because if you’re doing it correctly, you need to have the same personnel, particularly with physical security. You’ll still need teams with subject matter expertise who understand the physical security piece of the network.”

Turgal believes that video surveillance is one driver of a converged state of mind. “I ran cases in the FBI where an organization had a great CISO, secure networks, policy, and governance on network patching and making certain that they were always up to date and protected their endpoints. But they lacked that same rigor on the physical security side. And someone found that they had no security cameras, and they weren’t locking their doors. They literally entered the back door into one of the facilities and accessed the network directly while sitting in a lawn chair. So, that’s a perfect example of needing to have all of it – physical and cybersecurity.”

Another driver, says Turgal, is insider threats. “At the FBI, we were very concerned about insider threats. As an example, the FBI was involved in a case with a manufacturer who has a lot of intellectual property, and who was recruiting at a local university. They posted the recruiting event on their Facebook pages and through social media. One nation-state planted individuals at the university where the career fair was held to be hired by that company. After just 18 months, that employee began exfiltrating information from the networks and stealing company secrets. In my opinion, that’s a convergence of not only the insider threat and external threat, but also a cyber and a physical aspect. Bottom-line, both had a substantial economic impact for that company.”

Overall, Turgal stresses the fact that a CSO needs to drive the security philosophy to the C-suite, that convergence is inevitable and the benefits that it will provide to the enterprise. “A CSO must take a leadership role, build their systems and get their own team to understand it and to buy into it. So you’re not just bolting on security. You are living it every day. And then you create that relationship piece with the CIO and CISO, enabling them to become symbiotic friends and neighbors with the same philosophies. You can have your leadership at the top believe [in convergence], but the implementation is also important, and that has to occur at the lower levels. It has to happen from the mailroom to the boardroom.”

KEYWORDS: cyber risk management cyber risk mitigation fraud prevention security convergence

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Diane 2016 200

Diane Ritchey was former Editor, Communications and Content for Security magazine beginning in 2009. She has an experienced background in publishing, public relations, content creation and management, internal and external communications. Within her role at Security, Ritchey organized and executed the annual Security 500 conference, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • It’s the Business Basics with ID Convergence

    See More
  • Jeri Teller-Kanzler, director of cybersecurity for AVANGRID, Inc

    Breaking the Cybersecurity Glass Ceiling

    See More
  • Insider Threat: Why Physical Security Still Reigns - Security Magazine

    Insider Threat: Why Physical Security Still Reigns

    See More

Related Products

See More Products
  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

  • The-Complete-Guide-to-Physi.gif

    The Complete Guide to Physical Security

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!