GSX: Integrate All Security

Tuesday, September 25, 2018 @ 07:09 PM gHale

By Gregory Hale
Disagreements often arise over the manufacturing IT-OT security discussion, but in a world where digital transformation continues to evolve, the idea of IT security or OT security converging may turn into all forms of security integrating into one entity.

This integrated security will involve more than just IT and OT, but also physical, electronic and human security.

RELATED STORIES
Yokogawa: Digital Future; Security Backbone
ICSJWG: Solid Solutions ‘Not Rocket Science’
ICSJWG: ‘If it Isn’t Secure, it Isn’t Safe’
Black Hat: Breaking Down Safety System Attack

“There is no way we are going to be able to secure any property or asset unless we integrate security across the board,” said Scott Klososky, founder of TriCorps Technologies, during his Tuesday keynote address, entitled “Digital Transformation and Security: Managing at Breakneck Speed,” Tuesday at the Global Security Exchange (GSX) in Las Vegas, NV. “The more we innovate, we build a world of capabilities, but we create a world of security issues. I have seen wonderful things technology can do; I have also seen the heinous things technology can do.”

With the movement toward a stronger digital footprint, it means technology will become even stronger.

“Movies often paint technology to be a dystopian world,” Klososky said. “I am an optimist where I live in a world of technology being part of a utopian world.”

When it comes to technology, everything needs to work in a proper environment. Why have a human view a screen to find potential bad events happening when technology can scan a camera view and find incidents happening in real time much quicker.

“We routinely put humans in position to do things they can’t do,” Klososky said.

Klososky mentioned seven change drivers in the security space:
• Global rules in flux
• Transparency battles, “The more we know the better we are.”
• Shifting values and valuables
• Complexity at high speed
• Tomorrow’s Internet, “We are moving to an Internet of Things (IoT) world where more devices are connected to the Internet than people.”
• A predictive world
• Machine intelligence

As far as the digital transformation goes, we are getting closer to the point where we are integrating humans and technology, something Klososky called augmented humanity. That would occur when we get to what he said was Web 5.0 – and it will happen sooner than anyone thinks.

“Humans and technology are integrating more than ever before,” he said.

One problem right now is security is at a more manual human standpoint with not as strong a technology perspective.

“Security right now is at the H3 level and it will shift (The scale Klososky gave was H5 being purely human to T5 where it is purely technology-centric).” H3 is mainly human facing and more manual than not. Yes, there is security technology, but attacks are often the cause of human error.

One Step Ahead
“We still allow humans to open the door for attackers,” Klososky said. “From a security standpoint, criminals are sitting around trying to figure out how to exploit more technology. As we connect more things, the vectors of attack will change.”

That means edge security is getting much more difficult with IoT devices, SCADA, cameras, controls and smart equipment. It increases the attack surface where millions of devices are being added to the edge.

This will force organizations to use machine intelligence to secure the perimeter.

“The industry will shift over the next decade to T1 where more technology takes over the human element,” Klososky said.

While the idea of machines or technology taking a larger role may frighten end users, there actually may be some solid use cases for it.

Why do we need machine intelligence? Klososky asked. One thing is to take over jobs that are dangerous for people like fighting fires with robotics. Another case would be to take over decisions that require access to large amounts of ever changing data no one human could ever handle.

Integrated Security
That is why a total integrated security solution, and not segmented security through an organization, is the wave of the future.

With integrated security, you have to look at risk tolerance, governance, audits and assessments, security team skills and constant security strategy evolution.

“We have to understand integrated security is the only path for the industry, not just physical or cyber or human or any one element,” Klososky said. “It must all tie together.”



Leave a Reply

You must be logged in to post a comment.