Turn Fear into an Advantage

Monday, October 22, 2018 @ 11:10 AM gHale

By Eric Ehlers
It is the season for scary Halloween movies, and the most terrifying ones are often about the unknown. It’s easy to grasp a frightening ghost, monster, or some lunatic chasing after a group of folks whose van broke down in the wrong town. However, the unknown allows for another level of paranoia because you never know what’s coming next.

To quote H.P Lovecraft: “The oldest and strongest emotion of mankind is fear, and the oldest and strongest kind of fear is fear of the unknown.”

When it comes to industrial security, that fear of the unknown is a common thread for manufacturers.

RELATED STORIES
Security, Yes, Cameras Provide Other Value
Magnifying Visibility in OT Environment
Know Your Vendor before a Partnership
IIoT is Here, but Learn to Secure

Increasingly, manufacturers are learning many of their legacy systems are inherently insecure. Older PCs on the plant floor are no longer supported and are vulnerable to viruses and ransomware. Employees and contractors come in and out, carrying with them laptops, mobile devices, and thumb drives infected with threats that could shut down operations. Malicious hackers are continually looking for exploits to get inside industrial systems.

Make Fear Your Advantage
There’s always risk involved with the unknown. However, there are ways to turn that fear into an advantage.

One of the first things to do is to accept the anxiety and recognize that it’s there for a reason. The next step is to prepare so your organization can overcome fear and then use it to anticipate potential threats.

So, how can you mitigate the concern of these security risks? Deploy a combination of trusted best practices, new technologies, and strategies:

Conduct a security assessment: This is the first step in understanding where any potential vulnerabilities are within critical infrastructure. It’s also crucial for an organization to know what needs to implemented in places in regards to access, as well as current understanding of procedures and how to enforce policies.

Use a defense-in-depth strategy: Modern, advanced threats require a holistic security strategy. That’s why manufacturers should turn to a defense-in-depth approach. “Defense-in-depth” strategies incorporate layers of independent security controls (physical, procedural, and electronic).

Follow trusted best practices: In the modern landscape of Industrial IoT, some old best practices still apply. Device segmentation remains an essential first step, and it’s always important to create specific policies that define device access. Robust firewalls are still critical.

Include technologies that play an indispensable role: Modern networks need to operate as a security extension. They need to provide context into the system and identify traffic patterns and the flow of data.

Don’t let fear of the unknown overtake your organization. The right security strategy is key to avoiding things that go bump in the night.
Eric Ehlers has focuses on the manufacturing vertical for Cisco. Ehlers works across all Cisco lines of business including IoT, networking, security and collaboration solutions.



Leave a Reply

You must be logged in to post a comment.