In the race to digitally transform, many companies are adding a serious number of IoT sensors, meters, and high-definition video into their operational processes. Think proximity sensing and contact tracing for public transportation, IoT soil sensors in agriculture, or IoT sensors communicating withrobots in manufacturing.
More sensors equal more data, which will most likely be processed byedge computing. But adding exponentially more devices on a network exponentially adds more “windows” to open for a potential cyber-attack. These windows of vulnerability are keeping information technology (IT) managers and operational technology (OT) managers up at night.
Converging of IT and OT presents a new challenge to security practices
In the past, IT and OT have maintained a clear distinction, never overlapping their boundaries. The distinct separation between IT and OT departments has been characterized by organizational silos and ingrained into the company culture. Historically, IT systems have been used for managing business applications in the front office. OT was usually made up of fully complete and proprietary systems in operations. In today’s operations like factories, IT and OT are converging — propelled by the need to automate for higher productivity and flexibility. OT managers are excited by the possibility of increased automation and terrified about the disabling consequences of a cyber breach.
This converging of IT and OT systems with the increased use of IoT in industrial environments presents a new challenge to existing security practices. The focus expands from protecting a centralized, single entity to protecting many distributed edge sites with tens, hundreds, or thousands of attached IoT devices.
Securing edge computing installations and endpoint devices
Operation and maintenance: patch management, vulnerability management, penetration testing
These practices reduce the risk of breaches. The white paper provides examples for these practices along with associated cybersecurity standards. The paper also discusses how Microsoft introduced the Security Development Lifecycle (SDL) and IEC 62443, which is accepted worldwide in defining security standards developed by industrial control experts.
One of the most overused and abused phrases It is true that one of the most overused and abused phrases is IT and OT convergence. But it’s really starting to happen when adding edge computing and IoT sensors into OT applications, presenting new cybersecurity challenges.