INSIGHT
What the private sector can learn from militaries about the convergence of cyber and physical threats Physical security and information security teams don’t traditionally play that well together. In the face of evolving converged security threats, writes chief editor Nicholas Dynon, that needs to change. I’ve written about security convergence for some time, but it’s not a topic that seems to elicit waves of engagement from the business world. It’s as if corporate security and risk managers (CSOs, CISOs and the like) have some awareness that the threats they’re increasingly facing are not just cyber or physical but both… but they’re struggling to make sense of it.
NZSM Chief Editor Nicholas Dynon is a frequent commentator on New Zealand’s defence, international security and private security affairs.
28
NZSM
Conversely, many militaries and national security apparatuses have been positioning themselves to compete in hybridised cyber-physical battlespaces for some time. Maybe private sector organisations can draw some cold inspiration from what’s been happening in the geopolitical space. Militaries and the hybridisation of threats In the world of geopolitics and international relations, the emergence of hybrid digital-physical security threats is widely acknowledged. Most of us know something, for example, of the 2010 Stuxnet attack, the 2015 Ukrainian power grid hack, ISIS online propaganda, and interference in the 2016 US elections by statebased interests.
What these examples have in common is the deployment of digital or cyber capabilities in order to achieve physical – or real world – objectives. And it can go the other way too: physical capabilities can be deployed to wreak havoc on IT platforms, to destroy telecommunications infrastructure, or to extract digitally stored information. These hybridised threats reflect a shift in the way that states (and some non-state actors) compete with each other; how they engage in conflict. It is now widely understood by strategic and military affairs scholars that the emergence of digital-physical threats has led to a new era of conflict no longer defined by open declarations of war or traditional rules of engagement. In the emerging era of ‘smokeless battlefields’, ‘soft conflict’, and ‘hybrid war’, states engage within a continuous state of hybridised kinetic/ non-kinetic conflict. As a result, in addition to the traditional military domains of maritime, land and air, several militaries have recognised that the ‘information domain’ is now a space within which they must operate. Accordingly, a number of countries’ militaries have established information or cyber forces to complement their existing (physical/ kinetic) warfighting units. June/July 2021
