BT Cyber and Physical Security Operations

BT Cyber and Physical Security Operations: Co-ordinated security protects both virtual and physical corporate assets

Contact us


With cyber criminals resorting to ever more sophisticated attacks, and the rise of blended threats using a combination of physical and data security intrusions, the task of protecting one of the largest physical and logical estates in the UK is no mean feat.

That’s why Luke Beeson and his team at BT are creating a co-ordinated security model that’s regarded as an example of industry best practice. And the bad news for criminals is that they’re offering their expertise to anyone who needs it.

If I’m in London but someone uses my laptop to log onto the network in Hungary, we’ll know about it. And we can use this sort of information to proactively stop what could be a serious security breach.”
- Luke Beeson, General Manager, Cyber and Physical Security Operations, BT Security

Lifting gear

The telecoms industry is increasingly under siege. While facing ever more sophisticated attacks from hackers, a burgeoning black market for stolen goods means buildings are at risk too. Top of thieves’ lists are high-end routers and switches. BT is only too aware that the theft of such equipment presents a significant financial loss and, much more importantly, could impact service.

One incident in particular put BT on course to develop a new way of dealing with corporate security. Criminals lifted millions of pounds worth of networking gear from a London telephone exchange, leaving thousands of local homes and businesses without internet service. “There was a lot of media attention,” recalls Graeme Cleland, head of Secure BT, who took charge of the company’s physical security operations after the event. “It brought about a complete reappraisal of our security approach.”

Rethinking BT protection policies

BT had already started planning improvements to its IT security. The year before, a well-known global brand had been hacked, and 77 million consumer account details had been stolen. BT didn’t want to suffer a similar fate. “We take very seriously the security of data in transit and at rest,” says Luke Beeson, general manager of Cyber and Physical Security Operations in BT. “We decided to review our ability to defend against the increasing threat of cyber-attack.”

The incident recounted above showed physical security should form part of the defence strategy, too. At the time, BT was protecting its assets in the traditional way: one department shielded its IT systems and another guarded the company’s physical assets. The latter included 1,500 office buildings and 6,000 other sites. BT realised that in today’s connected world the physical and virtual assets of a business are interdependent and would benefit from a co-ordinated security approach.

The upshot was a decision to bring BT security together under one management umbrella. Now, a single Cyber and Physical Security Operations unit sees Secure BT handling physical security through field-based staff, a central control centre and an access control team. Cyber Defence Operations, meanwhile, acts as the front-line against IT threats using a security operations centre, a computer emergency response team and a unit dealing with abuse over the BT network. Meanwhile, Specialist Cyber Operations acts as a nerve centre for proactive network defence, monitoring incoming threats and devising strategies to stop information assets from being compromised.

Not only advising BT internally on network security, Specialist Cyber Operations also acts on behalf of the company’s customers. “We see all sorts of threats and are able to pass cyber-intelligence and best practice example on to our customers,” says Damien Childs, head of Specialist Cyber Operations.

Enter the Games

It wasn’t long before the new setup was put to an extreme test. BT was the official communications services partner to the London 2012 Olympic and Paralympic Games. The number of attacks on the London 2012 website, which was hosted by BT, quickly rose to a peak of nine million a day, with one early attack seeing 11,000 malicious attempts a second. But the BT defence systems stood firm. “We learnt a lot of lessons,” says Kieran Ingram, head of Cyber Defence Operations. “Few organisations in the world can claim to have fought such sustained cyber threat levels and lived to tell the tale.”

The lessons did not end with the Games, however: the nature of business threats has continued to evolve. According to the Index of Cyber Security – measuring perceived risk to corporate, industrial and government systems – online threats have increased steadily. And BT has continued to develop its security practices to stay ahead. Since the new strategy was enacted there have been no serious physical security breaches. Meanwhile, high profile websites protected by BT products, services and best practice processes have time and again resisted the worst that wrongdoers have thrown at them.

Focusing effort where it’s most needed

One of the problems in traditional security setups is to know exactly what assets one has and what level of protection each needs. “We’ve realised we can improve security by focusing our efforts on the parts of the business that really need it,” says Graeme Cleland. “We have some buildings that have critical equipment, but that doesn’t mean the whole building has to be like Fort Knox. We just ensure valuable assets are behind their own three-inch-thick steel door.”

This approach also helps reduce costs, since BT now devotes fewer resources to non-critical incidents. As an example, the number of field security advisers has dropped from 30 to just eight. So BT has gained in security and efficiency at the same time. And that’s just the start.

The bringing together of physical and logical security will ultimately allow the team to assign every asset, including people, with a dynamic risk rating based on combined cyber and physical security intelligence. This means, for example, that if the entrance to a particular building registers the arrival of a bunch of badges corresponding to the company’s top brass, security systems will automatically uprate the site to a higher risk category.

Similarly, if thieves break into a location where people are working, as has happened in the past, the security team can give staff instructions on how to act until police are on the scene.

BT is willing to share its expertise with customers in the interests of making this protection model – never before seen in the industry – widely available.

Luke Beeson concludes: “People naturally associate BT with network security, but the fact is few other companies have the all-round experience we have. We’ve been doing this since before the first days of computers.

Core Services

  • BT Cyber and Physical Security Operations


Case study