Hey there, fellow Bay Area techie! Let’s chat about a hot topic in our field right now: the Industrial Internet of Things (IIoT). More specifically, we really need to discuss how threat analysis can ultimately protect this newly emerging field from potential security vulnerabilities.
In the techie world, we’re all used to navigating complex matters. One of those right now is the convergence of Information Technology (IT) and Operational Technology (OT) within the IIoT sphere. You all know OT isn’t just important for business – it’s often critical for the nation, and sometimes even life or death.
At the end of the day, everyone using IIoT wants the best security possible. The challenge? Navigating the corporate world to figure out who should shoulder responsibility for this crucial task. There’s a tension between IT and OT professionals but guess what – that tension is itself a security vulnerability!
Think about the differences between how IT and OT operate – uptime requirements, system life, patching processes, all differ significantly. And don’t even get us started on attitudes and approaches to cloud usage! These distinctions shouldn’t cause divides – in fact, they underscore the need for rock-solid IIoT security.
Ironically, the threat analysis approach to security could have been born from our learning and growth in IT through the years. Yes, OT isn’t a simple data center, we understand. The good news? Our experience can enable us to enhance IIoT security while embracing OT’s specific needs. Methods like micro-segmentation and user behavior analytics could be advantageous – more on that later!
Patching, a common IT practice, doesn’t blend with OT. While patching aims to keep our systems updated, it can disrupt revenue-generating operations. Even recent patches for Meltdown and Spectre CPU vulnerabilities caused system performance issues. To sum it up, the patch-and-go culture which works in IT isn’t a one-size-fits-all solution, especially within the nuanced IIoT world.
This leads us to “threat analysis.” This process involves taking a deeper dive into security challenges while considering each system in a far more detailed way than before. Yes, it may take time and resources, but it’s worth it for better security!
The process is simple: first, validate whether a system vulnerability exists. If so, find out how it can be exploited. Evaluate your systems – is it safer to continue operations or stop for patching? What other options can be employed to guard against threats apart from patching?
Threat analysis is not a one-shoe-fits-all concept. Each device that you run requires its own threat analysis, including a comparison of vulnerabilities versus patch benefits, and a list of security options. The key principals of threat analysis are enhancing security, ensuring OT uptime, and devising automated, efficient, and effective solutions.
It’s not an easy fix, but we techie folks have never been afraid of a little challenge. We have the resources and the vision – now let’s collectively pave a safer path for IIoT with threat analysis.
Just because the way forward is clear doesn’t mean it’s easy or close by. Let’s get there together, one step at a time. Trust the process, keep learning from each other, and remember that the spirit of innovation in the Bay Area is what’s brought us to where we are today.
by Morgan Phisher | HEAL Security
