Cyber-physical security, like healthcare tech, must carefully manage PII. Experts highlight privacy-preserving biometrics, user-controlled consent, and anonymous face matching. Regulatory compliance, such as GDPR, drives standardization and innovation. As laws vary by region, adaptable and consistent global system architectures are essential for scalable, secure, and compliant operations.
As cyber and physical security continue to merge, proactive, multi-layered strategies are essential to safeguard critical assets in interconnected environments. Secure data practices, including encryption for data in transit and at rest, during compute, and ensure compliance with high security standards. Architectural resilience is crucial, integrating cybersecurity from the outset rather than retrofitting outdated systems. Correlating physical and cyber events provides valuable context. Finaly, digitizing workflows streamlines response efficiency, minimizing the window of vulnerability during attacks.
Target Audience Titles:
Chief Technology Officer, Chief Security Officer
Chief Information and Security Officer, VP of Cybersecurity
Director Cyber Physical Security, Security Analyst
Cybersecurity Engineer, Incident Response Analyst
Key Takeaways
Data must be encrypted at rest, in transit, and during execution.
Cyber Physical security requires a securely designed architecture from the start.
Cyber and physical threats must be correlated.
Only a digitized workflow can respond with the required speed to cyber physical threats.
As with all security, cyber physical security must also be concerned with, “ data security and encryption … that’s data in the device, data in transit, data in rest at the servers, and so all of those things we have the highest level standards and we also meet more advanced requirements, “ Bioconnect’s Edsel Shreve. The solution should be flexible enough to enable any data protection requirements that come into play. Edsel Shreve went on to further explain, “for example you need to do certificate rotation for things like TLS encryption So we can do those things not every customer wants them but those are the things that we’ve actually got in our system for the folks that have those higher level requirements so it really is the combination of how do we make sure that they’re cyber secure sitting on the network and then how do we make sure that they’re physically and the data is secure on the on the readers and devices themselves.” In addition, TBW Advisors LLC recommends confidential computing architectures for protection and privacy during computations. For additional information see Industry Whispers: Public is Private – Confidential Computing in the Cloud.
Taking a 1968 mustang and updating it to 2025 safety standards would be quite the challenge and likely land up with an ugly beast that is neither safe nor resembling of a mustang. Cyber physical security is no different than safety. It must be thought of and integrated from the very beginning. As LVT’s Steve Lindsey explained, “it starts with architecture if we can rethink our architectures and we can start building for cyber security in mind.” The challenge of physical cyber security is that, “for the longest time in the physical security space we’ve been using on premise systems and as we’ve lifted and shifted those into the cloud .. what complicates that is as we’re deploying these systems it’ not just cloud to end User, it’s Cloud to IoT (Internet of Things) device which is going through usually public cellular or satellite infrastructure itself and there’s other things that need to be done to address that” Steve Lindsey.
The real power of cyber physical security is the two areas working together to correlate events. Through correlation, context and a greater understanding is realized. An example shared by Advancis’ Paul Shanks demonstrates this best. “Someone loses their badge and falls out of their pocket and they’re logged into the network from home and their badge is used at the building. Those two events by themselves are benign but we take that together and create a an alert for the operator to look into whether is it a Cyber attack or is it a physical attack.”
As early as 2019 TBW Advisors LLC has been advising clients to automate security responses when possible for the simple fact you must. Ransomware attacks were already taking place within a 35-minute window. In 2025 the cyber physical attack vector also calls for automation or a digitized workflow at the very least. As Advancis’ Paul Shanks communicated, “we can take that and make that workflow digitized so that all they have to do is read click and go. Simple as that.”
