The C-Suite Guide to Device Modernization

By Srinivas Kumar
Chief Technology & Product Officer at Mocana Corporation

blog-c-suite-guide-device-modernization

Digital transformation and convergence of information technology (IT) and operational technology (OT) behooves a modernization mindset at the C-suite level. Implementing a zero trust architecture requires a holistic approach and not piecemeal measures. It must be planned and executed as a program, and not on an ad hoc basis as a standalone product or service.

Why are OT devices different?

Fundamentally, OT ecosystems involve a broad spectrum of brownfield and greenfield devices, service workflows, and supply chain orchestration beyond the traditional IT service management (ITSM) detect, respond, and recover cycle. The IT mission is to preserve systems in a “desired state,” whereas the OT objective is to protect the “operational integrity” of mission critical systems and services. The primary focus of IT strategies is on network and endpoint-based security controls driven by intrusions, infections, and data exfiltration.

However, OT strategies require focus on risk controls driven by regulation, legislation, and insurance risk transfer – for identification and protection of functional elements. Sophisticated cyberattacks aimed at OT devices require an early warning system with indicators of risk to prevent catastrophic service outages and embedded controls for remote device recovery in the event of a security breach. Cyber resilience with controls for tamper-resistance and tamper-evidence is a design decision.

The role of device owners, operators and vendors

The OT device owners and operators need to evaluate both the total cost of ownership (TCO) and true value creation with infrastructure modernization. The transformation process will also require a paradigm shift from cyber threat intelligence and indicators of compromise (IOCs) to artificial intelligence (AI) and machine learning (ML) models for actionable risk intelligence harvested from millions of IT, OT, Internet of Things (IoT) and Industrial IoT (IIoT) devices.

Irrespective of whether the risk analysis is performed in the cloud or at the edge, installing trusted controls on brownfield and greenfield devices will be necessary. This may be accomplished as an in-field update or at the time of manufacture by the device vendor to protect devices with harvested device intelligence. Achieving cyber resilience will require condition-based device hardening using deep learning algorithms and training models with structured (and trusted) device intelligence.

The solution models

The skill sets, abilities, subject matter expertise in embedded systems, and workforce retraining required to design and implement a cyber safety and security modernization program will compel solution providers to offer two alternative models for chief information security officers (CISOs), chief technology officers (CTOs), and product security architects to evaluate.

The device owners and operators must think in terms of “life cycle automation” and not “episode driven management.” When you proactively identify, classify, and manage risks, it becomes easier to thwart evolving threats. The TCO assessment must also factor in the people, processes and technologies required to implement (build versus buy), scale (with device interoperability considerations), and maintain (update and upgrade) the solution throughout the functional lifetime of connected heterogeneous devices.

The skill sets, abilities, subject matter expertise in embedded systems, and workforce retraining required to design and implement a cyber safety and security modernization program will compel solution providers to offer two alternative models for chief information security officers (CISOs), chief technology officers (CTOs), and product security architects to evaluate.

The device owners and operators must think in terms of “life cycle automation” and not “episode driven management.” When you proactively identify, classify, and manage risks, it becomes easier to thwart evolving threats. The TCO assessment must also factor in the people, processes and technologies required to implement (build versus buy), scale (with device interoperability considerations), and maintain (update and upgrade) the solution throughout the functional lifetime of connected heterogeneous devices.

1) BOT (Build, Operate, Transfer)

The solution provider begins by architecting a turnkey solution (build); then deploys and configures the solution to onboard devices (operate); and finally trains the device owner/operator to manage the solution as an on-premises or cloud-hosted service (transfer).

2) BOO (Build, Operate, Own)

The solution provider begins by architecting a turnkey solution (build); then deploys and configures the solution to onboard devices (operate); and finally manages the solution for the device owner/operator as a cloud-hosted, subscription-based as-a-service utility model (own).

The modernization challenge

The intricate nature of OT/IoT/IIoT devices, field operations, and workflows require a plurality of certified cybersecurity operators, responders, and subject matter experts to accelerate innovative solutions that reduce operating expenses, increase operational efficiencies, and securely share data. The cost, complexity, and expertise required for public key infrastructure (PKI) buildout and scalability to remotely manage the service lifecycle of millions of headless OT devices is the foremost impediment.

The convergence of IT and OT systems is the fusion of the following six functions:


1) Network Operations Center (NOC)

2) Security Operations Center (SOC)

3) Device Management System (DMS)

4) Security Information and Event Management (SIEM)

5) Security Orchestration, Automation, and Response (SOAR)

6) AI/ML Engines for Device (and Trust) Orchestration


Network traffic introspection-based observations used for signaling anomaly and behavior detection do not provide accurate, sufficient, high precision, and qualitative datasets required for training models. Monitoring with digital twins for improvisation and quality control will require authenticated, trustworthy, and deep-state synchronization with structured data (variant and invariant) harvested on the physical asset. Protecting devices requires synergetic effort between the device vendors, owners, and operators to cost-effectively modernize without extensive re-engineering. While modernization poses some challenges, the long-term benefits and economics are tangible.

The high road to protection

Investments in AI/ML initiatives will require tuning algorithms for specialized cyber safety and security tasks with “true/natural intelligence” – for predictive analytics with reduced false positives and true negatives, and automation for preemptive risk countermeasures. The goal of condition-based maintenance and persistence of runtime operational integrity across millions of connected devices will require entropy analysis at scale (instead of deviations from a dubious baseline).

Incumbent IT detection and prevention methods will continue to be challenged by “noise in big data” and blind spots at the physical assets. The road to cyber resilient AI/ML requires “signal in trusted datasets” to pave the way for protection of digital assets.

 

Related Posts:

Download This Blog