In the IoT space it is still common when you ask about security that the resposnse is something that is referring to safety and not cybersecurity. That is kind of on indicator how low the awareness of Cybersecurity Threads in the OT space is today.
It is still common that all industrial OT devices are just connected to one flat L2 network, without any segmentation. Obviously that has not been build with security in mind. Often you hear that we air gapped the OT network so we are safe against any attacks. Of course the reality is looking quite different , sometimes there are forgotten connections to the public internet, remote access for support vendors or attacks via devices that are connecting locally like e.g. USB sticks and Laptops that have been infected earlier.
The Thread landscape is real, recently an US port was shut down after an infection of the port industrial OT network. At the same time more cyber attacks are targeted against industrial facilities. For ATP crews this is a low hanging fruit target. The other problem is that we have devices that are more than a decade old and have of course a large list of vulnerabilities.
Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.
If you accept this notice, your choice will be saved and the page will refresh.
Tim Szigeti presented at Cisco Live Europe 2020 on his Tech Field Day Extra presentation how the Cisco IoT Group is addressing these security challenges. The new announced Cyber Vision is providing the missing visibility into IoT Networks. It understands all the industrial protocols and builds a complete inventory of devices and Software Releases that are active in the network. Based on that it builds a topology that shows who is communicating to who and the used protocols. That all forms up a baseline to get the full picture. And that is exactly what is needed to craft policies and migrate from a flat network to Macro and later to Micro segmentation. Of course this is a journey and can not be done over night.
Network Autobahn View
The Cyber Vision product provides exactly what is needed to start the conversation between Cyber Security and OT people. It is helpful if you can directly show what is ongoing right now and not assuming something that looks very different in the reality. There will be a long learning curve in the OT space similar to the migration from traditional telephony to VoIP based communication. But this needs to happen now. There will be an increase of targeted attacks against IoT networks and you are lost if you do not change your mind-set and tool set to address that.
Who wants to dig deeper into that topic should also look at the CiscoPress Book Digital Network Architecture from Tim Szegeti, David Zacks, Matthias Falkner and Simone Arena.