Cyber Security
Mr Leonard Sng CPP, FCiiSCM Regional Vice President, ASEAN ASIS International (Singapore Chapter) presenting on the topic of Physical and Cyber security convergence at the SMART Facilities Management Solutions Exhibition 2017.
an event of a breach? - “it is everyone’s responsibility” stressed Commissioner Liboror. He underscored the importance of data protection in the Internet age – and with so many services online, and the majority of Philippines’ citizenry participating in Social Media, users also have responsibilities in self-education of the potential impacts of loss and/or alteration to their personal information, whether accidentally or unlawfully. These questions and dialogues reinforce views across the public and private sectors, that data is gaining recognition as a key asset in today’s digital world. With the advent of Internet-of-Things (IoT), as data is increasingly gathered from “physical” objects (i.e. F1 cars, CCTV, printers, mobile phones) in performing value-add analytics to gain a competitive edge, the challenge therefore, for security professionals is to rethink the environment which accesses, stores, processes, and transmits data. A rethink of “assets” in today’s interconnected era
System: Growth and Opportunities” panel, Raymund Liboro, Chairman and Commissioner of the Philippines National Privacy Commission, highlighted the Data Privacy Act, complemented by The Republic Act No. 10175 “Cybercrime Prevention Act of 2012”, which are directed towards enforcing a culture of treating the security of data seriously. These form a vital foundation for data protection as the Philippines embarks on revolutionizing its digital infrastructure. As with GDPR, the Philippines’s approach addresses financial and criminal penalties, and accountability of data controllers and processors (though the details vary). Commissioner Liboro pointed out, with more than 50% of data security breaches originating from internal users, whether negligent or malicious, the Data Protection Officer (DPO) has an important role to play in facilitating the organisation’s compliance with the Acts. This includes regular and relevant user awareness and compliance training for the organization, to instill a sustainable, resilient mindset towards data protection and privacy. To the question – and this is not unique to Philippines - will the DPO be held financially and criminally liable in
32 | Asia Pacific Security Magazine
Viewing security through two lenses: the cyber and the physical lens – is necessary in today’s digital world. At the SMART Facilities Management Solutions Exhibition, Mr Leonard Sng, Regional Vice President, ASEAN ASIS International (Singapore Chapter) presenting on the topic of Physical and Cyber security convergence, stressed the need for a re-think of Facilities Management, as “Manager of Assets”. That is, the term “assets” is not limited to the obvious physical objects such as static infrastructure assets of the building (such as doors, windows, gates), but rather, is a holistic system including people, computer centres, IoT devices, air-conditions, computer-controlled generators and pumps, and third-party dependencies. To effectively address the security concerns across these groupings, Mr Sng emphasized that cross-departmental communication is vital. “For example, we see this with The Shangri-La Makati and its lamination of its glass facade”. While a focal point of each guestroom is the floor-to-ceiling glass windows, this feature also presented twin challenges to the Security team and the Engineering team: the former with minimizing bomb-blast impact, and the latter with reducing the air-conditioning costs of 28-storey 5-star hotel. The approach both teams arrived at solved both challenges: a lamination layer on the glass not only reduced the “greenhouse” effect which contributed to lower air-conditioning costs, it also minimized the threat posed by an explosion or bomb-blast and shattered sharp fragments resulting in potentially lethal situations. … and a rethink of the security perimeter … Conversations at these events leave no doubt that data is increasingly considered as an asset in its own right which demands appropriate Cyber Security treatment. At the same time, it is also necessary, as the attack surface undergoes continuous expansion with the exponential growth of assets being added to the internet, for security professionals to continuously re-evaluate and re-draw the “security perimeter” of the organization they need to protect and defend.