How does one define “smart” in the digital age? It can be argued that the term represents a creative solution driven by a precise mission. To another, it’s defined by the latest machine learning (ML) algorithms and artificial intelligence (AI)-guided decision-making features in the newest release of a tool. While its meaning varies for each stakeholder, the public sector – smart government – is evolving toward a unified architecture that encourages integration, agile innovation, and information sharing across platforms and Agencies.
The definition of “endpoint” has evolved beyond a typical operating system (OS) to a myriad of routers/switches, platform technologies, industrial control systems (ICS), and Internet of Things (IoT) devices. It is forecasted that the number of connected IoT devices will surpass 25 billion by 2021. This transformation, combined with the rapid adoption of mobility and cloud, creates a complex environment and expanded attack surface at a time when threats are more sophisticated than ever before.
ICS and IoT present unique challenges as weak security controls and lack of asset visibility give attackers the advantage. A fundamental difference also exists between traditional Information Technology (IT) systems and ICS/IoT; IT is information-focused, while ICS is focused on the physical process with its own set of network protocols. For example, an exploit which creates Level 2 (Control) access of the Purdue Model is a prime target for cyberwarfare on critical infrastructure. Most ICS/IoT challenges can be boiled down to three primary categories: Asset Discovery and Tracking, Threat Detection, and Risk Management.
Asset Discovery and Tracking
How can you protect what you can’t see? Comprehensive security requires full visibility of each asset, its status, and its communications within the environment. Configuration change control is crucial. Proper authentication and validity of the PLC commands must be monitored to ensure there are no disruptions to the physical processes.
Ransomware is a growing threat and is expected to target an increasing number of IoT devices. Embedded security controls paired with the latest threat intelligence combat threats that may be prevalent on the network and/or specific devices. With critical infrastructure, zero-day malware is a top concern and highlights the importance of vendor integrations that share a common message bus. The ability for one tool to identify a previously unknown threat, simultaneously inoculate the enterprise, and share the indicators in real-time across Agencies sends a powerful message.
It only takes a single compromised device to infiltrate the network. Understanding vulnerable devices, patch levels, and misconfigurations is a crucial step in reducing the attack surface. Comprehensive reporting and behavior analysis help lesson the environment risk profile and answer some common questions: What has exceeded the baseline? Is this unauthorized use? What changes were made to the system configuration?
As the public sector continues to innovate, adopt new technologies, and embark on the journey to cloud, integration becomes the “smart” path to mission success. Convergence creates simplicity. Security solutions must be unified to create an efficient and consistent security management experience that adapts to dynamic and hybrid environments. Today’s cybersecurity challenges require an open and collaborative approach to reduce risk and combat the adversary; no single vendor can satisfy every requirement of the enterprise. Interoperability provides a cohesive ecosystem which maximizes the value of existing security investments.
As environments evolve and become more complex, ensure your security vendors share the same passion and tenacity for your mission. Constant innovation should be the norm as we face our adversaries together as one team. With our partners, we can provide a holistic and unified architecture that breaks the traditional silos and ushers in a new era of cybersecurity prowess. We are better together. Challenge your security vendors to work together with you in support of reaching the desired outcome and mission objectives.
source: Mcafee blog