A Definitive Guide to OT/IoT Modernization
By Srinivas Kumar
Chief Technology & Product Officer at Mocana Corporation
Band-aids may serve as a dressing on open wounds but do not heal infections. Don't put a band-aid on your network to cover fissures on your device instead of providing treatment to the device. Whether you are a CISO, CTO or product security architect, the difficult decisions you must make to deal effectively with sophisticated cyber risks from supply chain compromise to ransomware requires strategy.
Resist the temptation to settle for a solution based on popular brand names, a vendor’s annual revenues, or the vendor’s stock price after a high-profile breach. In the long term, untreated fissures will break open.
Holistic solution engineering
Simply stated, information technology (IT) is a mesh and operational technology (OT) is a maze. The collaborative and innovative nature of digital transformation for IT/OT convergence requires holistic solution engineering. The strategic initiative to fighting and winning cyber warfare is not a last mile detection or prevention outpost, but a deeply rooted supply chain protection platform. The four fundamental factors to evaluate a protection platform are: technology, workflow, total cost of ownership, and operational efficiency.
The technology from a cybersecurity perspective may be partitioned based on the underlying methods into detection, prevention, and protection. How does the technology combat emerging and evolving attacks? Is the technology scalable to thousands, perhaps millions, of geographically dispersed devices? Does it provide agility to incrementally fine tune protective controls without service disruption? Is the solution ubiquitous across a plurality of device types? Does it help achieve a high bar on compliance objectives? Is it extensible across device platforms? Is the technology providing adequate immunity and plugging gaps in incumbent solutions for protection against the sophisticated tools and methods in the arsenal of cybercriminals?
Unified approach for IT and OT operators
The workflow must dovetail into established corporate policies and processes, and procedures that administrators, operators, and users observe (or are accustomed to with awareness training). It must offer a unified approach for IT and OT operators to optimize administration with zero or one-touch provisioning, authenticated self-service capabilities, and scripted automation.
The total cost of ownership must identify any implicit capital and operational expenses from infrastructure build-out, to additive cost of components, hands-on training and incremental resources required with OT subject matter expertise. Can the per-device incremental cost of protection be amortized over the serviceable lifetime of the device? Do the gains in operational efficiencies significantly reduce operational expenses in the long term for the modernization program or project under consideration?
Protecting OT and IoT devices
It takes a multiverse (multiple universes) to achieve digital transformation. The operational efficiency metric must address the cycle of deployment, configuration, maintenance, and support tiers – from the primary solution provider to the ecosystem of partners, collaborative services, and supply chain. Digital transformation embodies the prospect for optimization and automation of operations for scalability and sustainability.
Protecting OT and IoT devices will require a higher degree of cadence than traditional IT service cycles, from reactive patch management and security countermeasures on IT-managed assets based on published CVEs and threat intelligence, to on-device risk monitoring and remote remediation actions to alleviate service outages.
- Cyber Paralysis By Ransomware Stings
- Ransomware: Critical Infrastructure Is the New Hostage
- The Digital Supply Chain is Not a Trust Chain