Often touted as the “next big thing,” edge computing has started to become common practice in many industries, thanks to the introduction of new technology such as the Internet of Things (IoT) and its various devices, as well as 5G networks. With IoT devices driving an exponential growth in data and hyper fast 5G networks creating a bottleneck upstream, there are a myriad of exciting possibilities for edge solutions.
In recent years, the edge has helped many businesses increase efficiency for many daily processes, as well as keeping their infrastructure and employees connected internally and with customers at unprecedented speeds. The ability to leverage edge and IoT technologies to enable remote management of critical infrastructure and eliminate on-site visits was a key area of investment in 2020 in addition to of course enabling employees to work from home (WFH).
Unfortunately, along with the spread of edge solutions including remotely-managed infrastructure and remote workers comes the necessity of breaking down the silos of traditional firewalled networks. In turn, this comes with a potential increase in volume and sophistication of cyber attacks.
The number of data breaches publicly reported so far this year has already exceeded the total for 2020, putting 2021 on track for a record year, according to the Identity Theft Resource Center (ITRC). The all-time high of 1529 breaches was set in 2017, but with phishing and ransomware leading the way in driving volumes up this year. Figures for Q3 breach volumes came in at 446 incidents, making the total for the year-to-date now 1291, versus 1108 in 2020. Specific to the edge, we saw major incidents in 2020 with both the Mirai and Colonial Pipeline breaches.
Defending against such a vast array of possible cyber threats is no easy task for companies, especially when trying to leverage as much new technology as possible to keep up with competition. Considering all it takes is one small access point for a cybercriminal to exploit, and that edge deployments are typically outside of datacenters in remote locations without traditional physical and network perimeters, many organizations are struggling to solve the challenges of edge security.
This topic was discussed in detail during a panel presentation at ZEDEDA Transform 2021, an event earlier this year which brought together experts from across the edge computing and IoT landscape.
Titled “Cybersecurity at the Edge” the discussion was led by Harry Forbes, Research Director for Automation at ARC Advisory Group, and the panel consisted of Maria Krovatkina, Software Security Engineer, Schlumberger, Edgard Capdevielle, President and CEO, Nozomi Networks, and Erik Nordmark, Co-Founder and Chief Architect, ZEDEDA.
Forbes started by simply asking the panelists the difference between IT and OT security.
“The way you define an OT network versus an IT network has to do with the endpoints. If the endpoint is a supercomputer with a full stock operating system that can handle an IT vulnerability scan, then clearly you’re talking about an IT network,” said Capdevielle. “The nature of those two is just radically different, which makes a lot of the cybersecurity tools in it useless in OT.”
“I think the biggest difference in terms of cybersecurity is priorities for IT. Confidentiality is kind of the top, and then availability and integrity are secondary,” explained Krovatkina further. “For OT, availability and integrity are on top, and confidentiality could be quite secondary, because of the different history and different use cases.”
Forbes then moved on, taking the first audience question, and asking the panelists about the false sense of security that air gapping gives to those who attempt to leverage the practice.
“So that’s why, air gap, for it to work really has to mean there is no cable or wireless. There needs to be zero connectivity, but that’s not how people think of it,” said Nordmark. “When you combine IT systems there’s a little gap somewhere where you can get in. That’s where the air gap is, and people don’t realize.”
Forbes then pivoted to recent events, asking the panelists if they could offer a summary of recent OT breaches.
“I think that the ones that have been more publicized are the ones that affect consumer equipment because they become more visible,” said Nordmark. “And I didn’t think that there’s that much publicized other than the recent pipeline shutdown type thing, where people can see that something is broken because it affects the whole large-scale infrastructure. But some of the consumer known breaches, it’s driven by the fact that these things were designed with default passwords for passwords. “
Forbes then questioned if during these attacks and breaches, there is type of accountability over whose fault the breach was, or if these are simply just headlines in the news.
“I think OT getting breached and the causality of that breach, relies on whether it’s negligence and bad operations versus I just happen to be the victim,” said Capdevielle. “However, when it comes to cyber, we do have compliance provided by the likes of NERC and NIST, which traditionally lacked teeth. However, over the years the penalty capability has improved.”
Forbes transitioned to his next topic then, asking the panelists about in what way end users should work to secure their supply chain, to which Nordmark discussed how amazed he was at the tools that have been built for this very problem.
“One of the things I’ve seen that sort of impressed me is in the open source world where people have actually realized that this is a problem. And they said, okay, let’s build tools for this so that you can see not just, oh, I’m running this application, but it’s actually running using this middleware, using this operating system, using these device drivers,” said Nordmark. “I can actually see through the whole thing and make that easier because these tools are actually also open source. It actually makes open source IT a bit easier, easier to get visibility.”
Forbes then asked about best practices for cybersecurity defense, both for IT and OT.
“Having a secure perimeter is important. Having proper segmentation done initially and audited over time is important. Having anything that looks like a PC or has a standard operating system secure with endpoint security is important,” said Capdevielle. “Having ongoing training is important and having a fresh inventory of assets and vulnerability status is important.”
Forbes then asked his final question, pertaining to monitoring OT, and making sure the equipment is always in a usable state.
“I think the days of ‘setting it and forgetting it’ are gone. Real time monitoring does not just provide cybersecurity benefits. There’s also operational visibility, which has cybersecurity aspects, but also operational optimization aspects,” said Capdevielle. “Being able to monitor your network in real time and having a real time map of your network is something that people want to have and want to do.”
“We do want to get to the point where we can send all this data and analyze it in the cloud and have the dashboards monitor it. And our priority should be to integrate it with our security monitoring and operation center,” said Krovatkina. “But we have to work on a lot of customization, sometimes at the edge to get the right information, maybe use AI, some kind of machine learning so that we know what’s the good posture of the devices and what’s an unusual accident.”
To view the full event of demand, click here.
