Safeguarding the Enterprise in the Cyber Physical World
Traditionally, physical and cyber security battles have been fought on separate fronts. However, because of new and converging technologies, they have become inextricably linked with cyber threats that have the ability to affect our physical environments.
The physical environment has become saturated with computing and communication entities that interact among themselves, as well as with users. Virtually everything people interact with has -- or will have very soon -- the ability to source information and respond to appropriate stimuli.
In this technology-rich environment, real-world components interact with cyberspace via sensing, computing and communication elements – commonly termed, the Internet of Things (IoT). Information flows from the physical to the cyber world, and vice-versa, adapting the converged world to human behavior and social dynamics.
This all sounds wonderful, but the reality is slightly more precarious, especially when the “stimuli” that the converged world is responding to is adversarial and malicious.
Faster, more intelligent and pervasive networks are connecting everything from smart cities to industrial control. The Internet of Things is linking together everything from street lighting to automobiles. The physical world has never been more accessible to cyber threats than it is now.
IT managers are trying to secure an enterprise networks. Government employees are locking down a smart city’s traffic light system. Utilities are looking to safeguard a connected electric meter. It is more important than ever that steps are taken to ensure stringent policies and controls are in place to protect against an increasingly hostile threat environment.
Convergence - The Uneven Cybersecurity Playing Field
In this new cyber world order, technologies have developed at different rates, as have the cyber defense capabilities that support them.
Take the venerable PC. It has been under a constant barrage of all manner of attacks for the better part of 20 years. The result: cybersecurity policies, best practices and cyber defense companies have emerged to protect them.
Now take the mobile phone, a similar product that has evolved quickly over the last 10 years. It has more compute power than the first manned space shuttle mission, and it is up against similar threats as today’s PC. However, when it comes to securing mobile phones against cyber threats, many companies employ defenses that are equivalent to those that were available for PCs decades ago.
Given that mobile phones are essentially mobile PCs; this is the cybersecurity equivalent of bringing a knife to a gunfight. Consider the number of cell phones linked to the corporate enterprise, and this is a potential disaster waiting to happen.
Similarly, take into account all of the IoT initiatives, including intelligent buildings, smart metering, automated traffic signals, CCTV cameras and Industrial Control Systems, to name a few. These are being exposed because of their connection to the enterprise and often, the Internet.
Many of these “things” have never had cybersecurity defenses. It is easy to see where this scenario could lead. The potential outcomes and consequences could have serious implications for businesses and organizations.
Get the Basics Right
As overwhelming as this state of affairs might seem, it is not a lost cause.
The reality is that when it comes to ensuring the integrity of this new cyber-physical world, getting the basics right when implementing security policies and following best practices, goes a very long way.
So what are these simple measures that businesses can take to safeguard themselves?
The first step is to educate and up-skill the workforce. Increasing awareness among employees, so that they are more cybersecurity savvy, is an effective means of fighting the cybersecurity battle.
Many organizations have found that creating a series of workshops and seminars that focus on increasing awareness and understanding of malware attacks and phishing scams can help their employees avoid falling victim to them. This, in turn, can better protect the enterprise.
A second recommendation is to ensure that the appropriate security policies and processes are in place. That includes making enterprises’ infrastructure robust enough to manage user interactions with various systems. This means allowing employees access to only the information they need.
Third, have a suitable security posture, which incorporates a mix of skilled IT and security professionals to help prevent and address threats. This important team can help establish appropriate levels of IT security. Threat hunters can identify and distinguish whether an attack is a malicious piece of malware, a hacker in the system, or a malicious insider.
Getting these basics right will hold a business in good stead. To protect today’s valuable business assets, organizations must stay ahead of bad actors. To prepare for the future, businesses must be aware that the threat landscape will continue to evolve and attack surfaces will increase.
How to Partner in Safeguarding IoT Security
As the Industrial Internet of Things (IoT) continues to deliver value from connecting plant-floor devices to the enterprise, security remains top of mind. Today, IT systems leverage firewalls to monitor security risks on the IT network. These IT firewalls may not be aware of industrial protocols used on the plant floor – limiting the ability to minimize risk throughout the entire network.
In response, Cisco and Rockwell Automation, the world’s largest company dedicated to industrial automation and information solutions have collaborated to develop a deep-packet-inspection (DPI) technology for use in industrial security appliances.
An industrial firewall with DPI technology extends visibility down to the plant floor. It can enable logging of traffic patterns, and it can inform decision-making following a set of security policies. Users can log a range of data for any network connection or protocol. This can include Ethernet/IP, and “see” where the traffic is coming from, where it is going to, and with which applications it is associated. While previously only IT managers had this visibility, now both plant and IT managers can use this technology to more securely manage network traffic from the plant to the enterprise.
Used between industrial and cell/area zones, the collaboratively developed Cisco and Rockwell Converged Plantwide Ethernet (CpwE) architecture, a plant-floor application using DPI technology, has the ability to instruct a firewall to deny firmware downloads to a controller. This guards against tampering with firmware and helps protect the integrity of the operation. Only an authorized user would be able to conduct the download.
Cisco is further collaborating with Rockwell – as well as FANUC, the world’s leading supplier of robotics and factory automation, and Preferred Networks, a leading provider of Artificial Intelligence solutions. Together, they are developing and deploying the FANUC Intelligent Edge Link and Drive (FIELD) system. The FIELD platform connects not only Computer Numerical Control machines (CNCs) and robots, but also peripheral devices and sensors. The goal is to deliver analytics that optimize manufacturing production.
The CpwE industrial security framework is being applied to support the intelligent factory floor robots and to further drive improved security, connectivity, flexibility, and scalability. This allows connection from a single, small cell to a large factory with hundreds of cells.
Those involved in the development of these new digital technologies have only just scratched the surface with what they can do to improve operations and provide businesses with new avenues for growth. Understanding how to bring together the physical and cyber environments and the tremendous benefits that can be derived will result in huge gains for those working in this new frontier.
Just as important is to learn how best to protect these new technologies that will lead us to innovations in ways we can only dream about now.
About the Authors: John Reno manages product and solutions marketing for Cisco IoT. Previously John directed the product marketing group at Silver Spring Networks, drawing on over fifteen years of experience in software applications, infrastructure management and system design. For the past ten years John has launched and led go to market initiatives for network and data security companies such as Securify (acquired by Intel/McAfee) and EMC/RSA. Prior experience includes responsibility for Java computing solutions at Sun Microsystems and product line management at Synopsys. John holds a B.S.E.E. (Computers and Digital Signal Processing) from U.C. Davis.
Marc Blackmer is a technologist, blogger, and cybersecurity professional who has spent more than 15 years assisting some of the world's top energy producers, financial institutions, and governments worldwide defend their critical assets from cyber threats. His technical background in information technology engineering, ICS cybersecurity, and IT governance, risk, and compliance, brings a unique perspective to addressing the threats facing critical infrastructure today and the coming Internet of Things.