Integrating cybersecurity into products: Leah Dodson, Nextlink Labs, ICS Pulse Podcast

Courtesy: CFE Media and Technology
Courtesy: CFE Media and Technology

Cybersecurity integration is a crucial part of making sure a company’s defenses are running at an optimal level. However, there are evolving challenges and strategic imperatives facing industries as they navigate the digital landscape.

Recently, Industrial Cybersecurity Pulse spoke with Leah Dodson of Nextlink Labs about integrating cybersecurity into products and how it will help leverage advancements. To listen to the complete podcast, click here. To read part two, click here. To read part one, click here.

The following has been edited for clarity.

ICS Pulse: Integrating cybersecurity into the product is a crucial aspect, especially given the push for automation. It’s paramount for numerous reasons, one of which, as discussed at Automate, is the need for remote management capabilities. Two decades ago, the idea of remotely accessing a plant floor was unheard of. The notion was met with resistance, the sentiment being, “You must physically be on the plant floor to manage systems.” However this mindset was already evolving, the onset of COVID greatly expedited this shift. Now, not only in manufacturing but also in critical infrastructure settings, such as water treatment plants or energy facilities, sensitive systems are accessible remotely. From a cybersecurity standpoint, this raises concerns. Knowing that critical systems are accessible from home, possibly on personal devices, leaves them vulnerable to attack.

Leah Dodson: Absolutely. We spoke with a vendor demonstrating such capabilities at the event. He showcased how seamlessly he could monitor and adjust equipment at his shop in a different state using his iPad. It was fascinating yet alarming simultaneously. COVID indeed catalyzed significant changes in manufacturing. Historically, the industry hasn’t been swift in adopting such drastic changes. Now, we’re witnessing a retrospective integration of cybersecurity into these processes and capabilities.

Manufacturing seems to be at a juncture reminiscent of where information technology (IT) stood about a decade ago. Historically, manufacturing operations were isolated, with no significant connections to external systems, hence minimal cybersecurity concerns. However, with the current trend of data collection, remote connectivity and cloud-based solutions, the landscape is shifting. Akin to the early days of IT, when cloud adoption was met with skepticism, businesses are now embracing these innovations despite initial cybersecurity apprehensions.

We now have the opportunity to parallel the growth of manufacturing with robust cybersecurity measures. By proactively integrating cybersecurity into product development, programs and overall strategic thinking, we can leverage advancements in technology securely and ensure continued progress. As new capabilities emerge each year, initiating discussions around ingraining cybersecurity from the ground up will be instrumental in fostering a more secure environment for technological advancements.

ICSP: Throughout this podcast series, we’ve emphasized the importance of communication among people. It may sound basic, even trivial, but the truth is, someone on the plant floor should be engaging with someone in the IT department. It’s within these dialogues that truly fascinating insights emerge. I recall us interviewing Dr. Jesus Molina some time ago. He shared some captivating hacking experiences from his past. One story that stood out was about a modern hotel he visited. In this hotel, there was a tablet provided in each room to control various amenities like heating, air conditioning and blinds. One evening, Dr. Molina, thought, “What else can I access through this tablet?” Over the course of the weekend, he managed to gain control over the systems in every room of the hotel. While such technology offers convenience to guests, it also introduces significant cybersecurity vulnerabilities. These kinds of conversations are crucial in identifying and addressing potential risks early in the process, before it’s too late to mitigate them.

Dodson: Absolutely. This year, we encountered a situation that perfectly illustrates this point. A visitor approached our booth and expressed that they were an OT specialist now handling IT and security responsibilities. They found themselves thrust into a role bridging the gap between IT and OT, unsure of how to navigate it. Surprisingly, this scenario wasn’t unique; we heard similar stories multiple times. With the rapid pace of change, individuals are often tasked with responsibilities beyond their usual scope. For instance, an OT specialist might suddenly find themselves responsible for implementing IT capabilities or developers might be assigned tasks outside their usual domain.

While this shift presents challenges, it also opens up new avenues for exploration. Approaching problems from diverse perspectives fosters innovative thinking. By engaging in these conversations without adding undue stress to personnel, we can develop more comprehensive and resilient security measures

ICSP: As we wrap up this podcast, we always like to ask our guests for a final piece of advice or a best practice that our listeners can start implementing today or in the future. Is there something you wish more people knew about or were discussing?

Dodson: Something that isn’t widely understood is that nothing in cybersecurity is magical. Anyone can initiate effective cybersecurity measures. Often, concepts may seem mystical simply because they’re unfamiliar. However, breaking them down into fundamental components makes them manageable and actionable. Even if cybersecurity isn’t your primary role within your organization, you can still champion it within your area. You can raise concerns and questions about security practices, fostering a culture of vigilance. Cybersecurity is about adopting a different perspective, not performing magic.

ICSP: You strike me as inherently curious. Were you the type of child who disassembled electronics, driving your parents mad while trying to understand how everything functioned in your home?

Dodson: Electronics weren’t my primary target. It was everything else. I enjoyed dismantling various objects, even if reassembly posed a challenge. Growing up, electronics were scarce in my household. Instead, I explored physical items. My father, an electrician, often brought home equipment, which piqued my curiosity. I vividly remember disassembling circuit boards to comprehend the intricacies of capacitors simply because they fascinated me visually. I disassembled benches, tables, anything that caught my interest, eager to understand connections and mechanisms. That was my approach to understanding the world. As I’ve matured, I’ve channeled that curiosity in healthier directions.

YOU MAY ALSO LIKE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES