The Layer 1 gap in cyber resilience

Most cyber resilience frameworks focus on logical security — firewalls, endpoint protection, identity management, patch management, and SIEM. These are necessary. They are not sufficient. The physical network layer — the cabling, switching, pathways, and access infrastructure that carries all network traffic — is rarely addressed with the same rigour.

You cannot fully secure what you have not fully documented. An undocumented physical layer is an unaudited attack surface.

How physical infrastructure creates security exposure

Undocumented cabling runs create unknown network access points. A run that does not appear on any drawing, terminating in an accessible location — a meeting room, a corridor cupboard, a plant room — is a potential physical intrusion point that no logical security control addresses. Network access control systems protect known ports. They cannot protect ports nobody knows exist.

Undocumented cross-connects and patch panel configurations create uncertainty about network segmentation. VLAN segmentation is only as reliable as the physical infrastructure it runs on. If the physical topology is not accurately reflected in documentation, segmentation that appears correct in the logical design may not be enforced at the physical layer.

Physical layer resilience and availability

Cyber resilience is not only about preventing breaches — it is about maintaining operations during and after an incident. Redundant WAN connections are only redundant if the physical paths are actually diverse. A primary and secondary fibre link sharing a common pathway, or terminating in the same unprotected cabinet, do not provide the redundancy the logical design assumes.

The practical starting point

Most organisations do not need to rebuild their physical infrastructure to address this gap. They need to understand what they actually have. A comprehensive brownfield audit producing accurate as-built documentation is the first step. From that baseline, security and infrastructure teams can identify gaps, validate segmentation, and build a physical layer that the logical security controls can actually rely on.

Frequently asked questions

How does physical layer documentation relate to frameworks like ACSC Essential Eight or ISO 27001? Most frameworks reference physical security controls and asset management. Accurate infrastructure documentation is the foundation of both — you cannot apply access controls to infrastructure you have not inventoried, and you cannot demonstrate asset management compliance without current documentation.

Can AAA integrate with our existing CMDB? Yes. As-built documentation deliverables can be structured to integrate with your existing documentation systems or CMDB format. We discuss your documentation requirements during scoping.

How often should physical layer audits be conducted from a security perspective? At minimum: following significant infrastructure changes or contractor engagements, before any merger, acquisition, or facility handover, and as part of your periodic security review cycle. For high-security environments, annual audits of critical pathways are recommended.