The recent shift toward edge computing has allowed for more efficient processing and near-real-time insights, but it has also opened up a new world of cybersecurity threats. Edge computing is a distributed, open information technology (IT) architecture that features decentralized processing. It works by moving data, applications and computing power away from centralized networks, or the cloud, to extreme places, such as a local computer or edge server. And, by all indications, it’s much more than a fad.
According to research giant Gartner, around 10% of enterprise-generated data is created and processed outside of a traditional centralized data center, or cloud. By 2025, Gartner expects the figure to reach 75%. In order to protect this new threat landscape, cybersecurity can no longer be just the responsibility of the IT department; it is essential operational technology (OT) teams do their share. This is especially true because the move to edge computing creates a markedly different data landscape than traditional IT departments are used to, said Rick Peters, chief information security officer (CISO) of operational technology North America at Fortinet.
“We’re typically talking about technology that looks a lot different than what you run into for IT,” Peters said. “The legacy technology hardware, software that you encounter almost looks a bit more primitive, yet much of it is being modernized. This whole concept of digitizing at the edge is changing, and growing, what we consider to be or what constitutes the OT enterprise.”
The Internet of Things (IoT) and Industrial Internet of Things (IIoT) create an expansion of the digital attack surface that’s changing the game for industrial cybersecurity.
“The security strategy, which was founded on well-understood cybersecurity best practices, means we’re thinking about visibility control and automated awareness differently,” Peters said. “So we have to start thinking about a framework to get our head around it.”
These days, everyone is looking for access to more data. One of the major network changes in recent years is the number of devices now on the network that need to be defended. Each of these edge OT devices — ones that exist outside of the traditional on-prem concept — is a potential entry point for hackers.
“Today, it’s all about increased bandwidth and increased appetite for data,” Peters said. “It really is the commodity of interest. Unfortunately, it’s the commodity of interest from two parties: the company that’s trying to make decisions to be able to pivot their decisions quickly, to be able to optimize their business processes, maybe even maintenance processes, but at the same time, you’ve got a whole other layer of activity that we’ll characterize as the bad actor who’s also interested in that data for a variety of purposes.”
Peters said CISOs often struggle with the shortcomings of the on-prem solutions they have in place. Some organizations that modernized just a few years ago are already hitting the ceiling of their capacity. While safety is the primary governing principle for OT professionals, operational availability runs a close second. When things start to slow down, that costs money.
The good news is protecting the edge does not require industrial manufacturers to start over from a cybersecurity perspective.
“It starts with the adoption of what we’ll call core values or best practices in cybersecurity,” Peters said. “And they’re not a departure from what we’ve known for a long time in IT. It’s figuring out how to make them work in the OT domain. So when we talk about complete visibility, device visibility, we’re just talking about being able to earn trust. You hear ‘zero-trust network access’ thrown around a lot as a term that sounds great, but what we’re really talking about is insisting on earning trust, so that when a device or an entity, even an application, touches my environment, it does so in a very controlled and trusted way.”
The goal is to build in infrastructure that provides protection from layer to layer. From the enterprise level up at the cloud all the way down to the plant floor, each layer must be treated with great discretion and care. Peters also touted the idea of automated awareness.
“We can’t possibly turn to human beings to manage the problem,” he said. “In fact, we know it can be the weak link in the chain. The insider attack still prevails. So if we build actionable intelligence, or intelligence services, into the business model, it becomes a huge asset in our ability to be situationally aware from moment to moment..”
Keep an eye out for Part 2 of our interview with Rick Peters, where he will discuss what hackers are looking for and how they attempt to access your systems. And check out our Industrial Cybersecurity Pulse YouTube page to view previous installments from our expert interview series.