Tackling cybersecurity can often feel like trying to complete an overly complex jigsaw puzzle. Figuring out how all the pieces connect is often a frustrating step. In the worst cases, however, the cybersecurity jigsaw puzzle doesn’t even have edges. And when that happens, it’s hard to even know where to start.
Alexandre Peixoto addresses this complex journey in a recent interview at Control magazine. Peixoto shares how truly successful companies are rethinking the traditional approach to cybersecurity by collaborating with their automation suppliers.
Start at the beginning
Often, the first step companies need to take—especially when trying to secure operational technology—is to figure out where they already are. Teams need to identify the solutions they have in place and evaluate their efficacy. With that information in hand, they can see where they have gaps. Peixoto explains,
“We conduct assessments and vulnerability checks with an OT focus, define their goals and appetites, and find ways to get from A to B. Assessments and front-end engineering design (FEED) studies for cybersecurity enable each user to plot a way forward that makes sense.”
Knowing the starting point and any gaps in coverage helps teams prepare effective plans to submit for budgeting. But more importantly, it also helps them develop a roadmap. Cybersecurity is not a one-and-done project. Just as cyber threats constantly change, so, too, must a company’s cybersecurity posture. This planning lets them move away from the “block-and-tackle” strategies of old and focus more on comprehensive solutions that work together.
“For example, threat monitoring software, can connect passively to switches, and compare OT-specific data flows to existing threat intelligence. These capabilities can also be aided by machine learning (ML) and artificial intelligence (AI) to tell more about what input is good or bad.”
Credentials are key
Peixoto further expands on his encouragement that users evolve from simple block-and-tackle policies by explaining the value of new, “always-on” security solutions like zero trust. There are so many connections these days, Peixoto explains, that it is extremely complex to differentiate legitimate connections from impostors. He elaborates,
“The zero-trust concept could add policies to switches that require participants to show credentials or digital certificates before they can join the network.”
Peixoto also recommends moving toward two-factor authentication as a now well-known and significantly more secure connectivity solution. And those are just two of the many different forms of credential improvement available today.
Peixoto goes into much more detail in the full article over at Control, including sharing five steps to use zero-trust to secure communications and authenticate devices. Be sure to head over and read the article in full. It is never to early to start evolving your OT cybersecurity infrastructure!
