Day by day, as we see progress and advancements to technologies and connectivity, people and industries are increasingly depending on smart infrastructure to make our lives easier and faster.
“The interconnectedness provides better decision making, awareness and offers timely services. However, it has many security, public safety and privacy concerns”, said Bernd Konig, Senior Cyber Security Strategist for Fortinet, at the Fortinet Secure OT 2020 virtual conference. Bernd spoke during the virtual event and highlighted several key trends and security challenges in the Smart Infrastructure industry.
He mentioned that today’s cybersecurity practices have to exist in what he calls the “smart universe”. Since almost everything is now connected, cyber threats are increasingly finding their way into Industrial Control Systems (ICS), Operation Technology (OT) and IIoT networks. According to Bernd, this results in new challenges, especially since OT environments differ significantly from the often more familiar IT infrastructures.
In addition, growing threats have also been found in the emerging critical information infrastructures such as in social media, cloud computing and smartphone technologies. As such, there are attackers that adapt very quickly, leveraging the features of the smart infrastructure. For companies, this means that they rapidly implement security patches but are often prevented due to operational requirements and regulations.
“Reliable cyber defence can only succeed if sufficient experts and talented staff are recruited in actively shaping and anchoring cybersecurity”, added Bernd. With that, he cited some of the elements of the smart universe that are contributing to these challenges today.
Firstly, as a result of the sudden increase in remote working, employers have to provide their employees with devices at home, enabling connectivity and a smart business. This disruption in the way we work and the new acquisition of end devices for numerous employees present companies with financial and logistical problems.
For example, as organisations operate online, all data traffic is usually routed through the company network, which quickly leads to an overload of the available bandwidth, paralysing services and applications and reducing employee productivity.
Bernd said it is essential that employees be provided with company-owned and IT-standard compliant hardware securely connected to the corporate network via a sustainable VPN to avoid this problem. “In any case, the employees must be trained in security awareness. Training them [with] courses specially tailored to their needs are more important than ever”, he added.
Consequently, this setup in businesses results in smart working, wherein employees are provided more solutions, combining in-house infrastructures and various cloud offerings. This translates to even harder monitoring and overviewing of the workloads in the standpoint of the IT department.
With that, Bernd showed the importance of a multi-cloud environment, which ensures the integration and central management of all systems with automation. Workloads can be standardised and easily enriched with public cloud services on demand.
“If the IT department needs a development environment quickly to test new services, for example, hundreds of virtual machines can be employed in the future cloud infrastructure within minutes”, he added.
There is also the emergence of smart traffic, which describes the intelligent control of traffic flows based on automatically-collected data on traffic density, weather conditions and environmental pollutions.
This smart infrastructure can also be applied to intelligently managing public transportation using data, which, in turn, can offer huge savings potential from costs lost to traffic jams. Nevertheless, there are also concerns in privacy here since data comes from various sources, including personal information of the drivers and commuters. To solve this, different entities implementing smart traffic solutions should allow users to control their data.
Lastly, in what Bernd described as a very critical trend, is the convergence of the IT-OT security, wherein organisations are urged to integrate their isolated production active directories into the corporate directory, which Bernd said to never do.
“We have to isolate these servers from each other. Never share active directories but trust between corporate and control networks should be observed. IT and OT convergence creates new risks; that is why the importance of security is growing rapidly”, explained Bernd.
Moreover, Bernd cited the other key trends for cybersecurity in smart infrastructure, including the rise of legislation worldwide that results in increased fines and penalties when something goes wrong with the infrastructure and compliance. Bernd added, “As a society, we have to get more cyber-resilient including our global supply chains. We have to establish a new way of thinking, more important than ever the cybersecurity by design and by default”.