International Association of Certified ISAOs (IACI)
International Association of Certified ISAOs (IACI)


Advancing Global Security Resilience - Physical, Cyber, and Cyber-Physical Security Convergence
​Accelerating Threat & Defensive Measures Information Sharing & Response Coordination

Foreign followers

5000

GLOBAL CRITICAL INFRASTRUCTURE


The assets, systems, networks, facilities and other elements the world relies upon, whether physical or cyber, that are so vital that their incapacity or destruction would have a debilitating impact to global security, economies, and public health and safety. 

MOVING FROM A 'REACTIVE' TO A 'PROACTIVE' SECURITY STRATEGY

Requires Informed Defenders to Enable and Sustain Security Resilience

IDENTIFY - DETECT - PROTECT - RESPOND - RECOVER

The best "PROACTIVE DEFENSE' is the collective public- and private-sector identification, analysis and information sharing of

globally trusted all-hazards "ACTIONABLE" intelligence, defense measures supported by coordinated response.

SECURITY THREATS

The 'Active' and Growing Threat Landscape Represents the Most Critical 

Global Challenges We Face - 

Physical | Cyber

Cyber-Physical Security

SECURITY RESILIENCE

The Ability to Prepare For and Adapt to Changing Conditions & to Withstand & Recover from Disruptions, Deliberate Attacks, Accidents, or Naturally Occurring 

Threats or Incidents

SECURITY RISK MANAGEMENT

The Capacity and Capability to Understand and Respond to the Multiple Layers of 

Security Threats that Must be

 Identified, Analyzed and Mitigated 

as Possible Risks

Commercial Design

COMMON OPERATIONAL PICTURE

(CoP)

Real-Time Security

Situational Awareness

(Physical, Cyber, Cyber/Physical)

Supporting a 

"TRUE" Common Operational Picture

Analysis, Actionable Intel Sharing

ALL-HAZARDS SECURITY RESILIENCE COP



SECURITY CONVERGENCE
ALIGNMENT  - PHYSICAL, CYBER, CYBER-PHYSICAL SECURITY
Mitigating Risk by Identifying, Protecting, Detecting, Responding & Recovering 
from Changing Conditions or Adverse Events

PHYSICAL SECURITY
Protection of People, Property and Physical Assets from
Actions or Events That Could Cause Damage or Loss

CYBER SECURITY
Prevention of Damage to Unauthorized Use or Exploitation of, and If-Needed, the Restoration of Electronic Information & Communication Systems and the Information They Contain to Strengthen Confidentiality, Integrity and Availability

CYBER-PHYSICAL SYSTEMS (CPS) SECURITY
Protecting Smart Systems That Include Engineering Interacting
Networks of Digital, Analog, Physical and Human Components 

PHYSICAL SECURITY

PHYSICAL SECURITY - The protection of people, property and physical assets from actions and events that could cause damage or loss.  

PHYSICAL SECURITY RESILIENCE - An organization's ability to prevent, to the greatest degree possible, the loss of, theft, or damage to assets (people, information, equipment, facilities, activities and operations) from threats and vulnerabilities. 


Physical threats include any event such as pandemics, violent civil unrest, climate change, natural disasters, hurricanes, tornadoes, floods, volcanoes, earthquakes, criminal acts, terrorism, and weapons of mass destruction.        
                                                                                  

Maintaining a strong physical security resilience posture requires continual situational awareness and evaluation of existing, new and changing risks -

Asset Management - Identification, and assessment to an asset's nature and value and the degree of impact if damaged or lost
Threat Management - Identification of threats that are indications, circumstances or events with the potential to cause loss of,  or damage to an asset or capability, and perceived imminence of environment, physical or criminal aggression

Vulnerability Management - Identification of weaknesses, characteristics or circumstances that if left unchanged, may result in being impacted by a natural event or exploited by an adversary that may result in the degradation, loss of life, or damage to mission-essential resources 

Risk Management - Once assets, threats and vulnerabilities are identified, conducting a risks analysis to determine the impact of an unwanted event and the likelihood that it will happen.

Countermeasure Management - Based upon calculated risks, countermeasures and security measures are defined to be employed to protect assets


CYBERSECURITY


CYBERSECURITY - Encompasses the technologies, activities, processes, abilities, capabilities, resources and state whereby information, communications, and cyber-physical systems are protected against damage, unauthorized use, modification or exploitation.


An Attack . . . is an Attack . . . is an Attack - Threatening All Critical Infrastructure Sectors, Communities and Government  - Cyber attacks may initially occur or originate in one sector, but can quickly cascade impacting other sectors..  While cyber defenders are focused on specific sectors, adversaries are focusing attacks on IP ranges and vulnerabilities 99% of the time.  A cyber attack on any sector must include monitoring and analyzing threat impacts across all sectors to identify attacks that will (eventually) be made against others.  


IACI Global Common Operational Picture (COP) - IACI's all-hazards global monitoring and reporting encompasses all critical infrastructure sectors, government, law enforcement and other communities. 


CYBERSECURITY RESILIENCE - An organization's ability to continuously deliver critical services services, operations and outcomes despite the occurrence of incidents 

or events via:

  • Asset Management - Identification, documentation and management of critical assets during their lifecycle ensuring sustained critical services 
  • Control Management - identification, analysis and management of controls enabling critical services operations
  • Configuration & Change Management - Processes to ensure the assets integrity, using change control and change control audits
  • Threat & Vulnerability Management - Identification, detection, analysis, reduction and deterrence to ensure critical services integrity and availability 
  • Incident Response Management - Response, resiliency and recovery policies, processes and activities to identify and analyze events, detect incidents, and determine activation of response protocols.
  • Service Continuity Management - Enduring the continuity of essential operations of services and associated assets if a disruption occurs
  • Risk Management - Strategy, policy, standards and Identification, analysis and mitigation of risks to critical assets that could adversely affect service operation and delivery
  • Situational Awareness - Encompassing access to global public- and private-sector discovery and analysis of timely and actionable threat and defensive measures intelligence from trusted sources related to immediate operatioal and service stability, reliability and security
  • External Dependencies Management - Processes to manage the appropriate level of controls to ensure sustainment and protection of services        and assets dependent on the actions of external entities
  • Best Practice Adoption, Training & Awareness- Development of skills and promoting awareness for people with roles that support critical services and operations


CYBER PHYSICAL SYSTEMS (CPS) SECURITY


SMART SYSTEMS - INTERACTING PHYSICAL & CYBER COMPONENTS

These highly interconnected and integrated systems and services provide new functionalities 

to improve quality of life and enable technological advances.


CPS SECURITY - The ability to ensure CPS capabilities are not compromised by 

malicious agents, and that the information used, processed, stored and transferred 

has its integrity preserved and is kept confidential where needed, and that CPS 

architecture is resilient to interoperability, scalability, and changing situations. 



CYBER-PHYSICAL SYSTEMS & CONNECTED SERVICES (INTERNET-OF-THINGS)

  • Buildings                                                                                                                                                                                                                                                    Commercial/Institutional (Office, Education, Retail, Hospitality, Healthcare, Airports, Stadiums, Government); Industrial (Process, Clean Room, Campus); Devices ( HVAC, Transport, Fire & Safety, Lighting, Security, Access, etc.)
  • Consumer & Home                                                                                                                                                                                                                                        Infrastructure Infrastructure (Wiring, Network Access, Energy Management); Awareness & Safety (Security/Alerts, Fire Safety, Environmental Safety, Safety for People with Disabilities, the Elderly, Children, Power Protection); Convenience & Entertainment(HVAC, Climate, Lighting, Appliance, Entertainment); Devices (Digital Cameras, Power Systems, MID, eReaders, Desktop Computers, Appliances, Meters, Lights, TVs, Audio, Games, Consoles, Lighting, Alerts
  • Energy                                                                                                                                                                                                                                             Supply/Demand (Power Generators, Transportation & Distribution, Low Voltage, Power Quality, Energy Management), Alternative (Solar, Wind, Co-Generation, Electrochemical); Oil Gas (Rigs, Derricks, Well Heads, Pumps, Pipelines); Devices (Turbines, Windmills, UPS, Batteries, Generators, Meters, Drills, Fuel Cells, etc.)
  • Healthcare & Life Sciences                                                                                                                                                                                                                                Care (Hospital, ER, Mobile POC, Clinics, Labs, Doctors Offices); In Vivo/Home (Implants, Home Monitoring Systems); Research (Drug, Discovery, Diagnostics, Labs); Devices (Medical Devices, MRI, PDAs, Implants, Surgical Equipment, Pumps, Monitors, Telemedicine, etc.)
  • Industrial                                                                                                                                                                                                                                                              Resource Automation (Mining, Irrigation, Agricultural, Woodland); Fluid/Processors (Petrochemical, Hydro Carbon, Food/Beverage); Converting/Discrete (Metals, Paper, Rubber/Plastic, Metalworking, Electronics, Assembly/Test); Distribution (Pipelines, Material Handling, Conveyance); Devices (Pumps, Valves, Vats, Conveyors, Pipelines, Motors, Drives, Converting, Fabrication, Assembly/Packaging, Vessels/Tanks, etc.
  • IT & Communication Networks                                                                                                                                                                                                                           Public (Services, E-Commerce, Data Centers, Mobile Carriers, Fixed Carriers, ISPs); Enterprise (IT/Data Center, Office, Private Networks); Devices (Servers, Storage, PCs, Routers, Switches, PBXs, etc.
  • Retail                                                                                                                                                                                                                                                                    Specialty (Fuel Stations, Gaming, Bowling, Cinemas, Nightclubs/Dancing, Sports, Concerts, Special Events); Hospitality (Hotels, Resorts, Theme Parks, Restaurants, Bars, Cafes, Clubs); Stores (Supermarkets, Shopping Centers, Single Site, Distribution Centers); Devices (POS Terminals, Tags, Cash Registers, Vending Machines, Signs, etc.)
  • Security Public Safety                                                                                                                                                                                                                         Surveillance (Radar/Satellite, Environmental, Military Security, Unmanned Systems, Fixed); Equipment (Weapons, Vehicles, Ships, Aircraft, Gear); Tracking (Human, Animal, Postal, Food, Health, Packaging, Baggage); Public Infrastructure (Water Treatment, Building, Environmental, Generators, Environ, Surveillance); Emergency Services (Equipment & Personnel, Police, Fire, First Responders, Regulatory); Devices (Tanks, Fighter Jets, Battlefield COMS Jeeps, Cars, Ambulances, Breakdown/Lane Worker, Homeland Security, Fire, Environmental, Monitoring, etc.
  • Transportation                                                                                                                                                                                                                                                    Non-Vehicular (Air, Rail, Maritime); Vehicles (Consumer, Commercial, Construction, Off-Highway); Transportation Systems (Tools, Traffic Management, Navigation, Public Transportation); Devices (Vehicles, Lights, Ships, Planes, Signage, Tolls, etc.)

© 2023 IACI

International Association of Certified ISAOs (IACI)

IACI-CERT, Center for Space Education

NASA/Kennedy Space Center, FL