Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Separating Man from Machine: KVM Reduces Security Threats

Modern keyboard, video, and mouse (KVM) systems are not just a way to improve efficiency and flexibility into an operation. Sophisticated KVM technology also provides an additional step toward protecting against cyberattacks. KVM systems build the backbone of information technology (IT) and operational technology (OT) supported processes in organizations. By separating man from machine, they provide an optimal basis for seamless interconnection of all used systems and seamless IT integration in industrial process automation.

Simply put, KVM removes computers from the workplace and stores them in a dedicated technical area free from the noise, clutter, heat, and dust of a production floor or control room (along with latency-free remote access). Further, it allows an individual user to operate several processes simultaneously. Each workstation can consist of multiple screens, and each screen can show individual computer sources that operators can survey and operate all at one time. KVM allows the right system availability at the right time. The user can easily switch between computers and handle complex consoles with many screens, but with just a single keyboard and mouse.

KVM Helps Mitigate Cybersecurity Risks

Cybersecurity is an important aspect that KVM solutions allow to make installations more secure. Removing the computer from the desk is a core strategy for protecting its access. For starters, you cannot directly connect a USB drive or plug in a USB drive to a computer anymore. Data shows that most cyberattacks originate internally—either by human error or on purpose—as opposed to outside factors.

Externally, modern KVM systems allow an organization to achieve “network separation.” With different security classifications of the networks (dedicated networks where all the critical processes run, and a separate network that may even have access to the public internet, which would make it more at-risk of an external attack), the risk of cyberattacks can be minimized. KVM systems provide the basis for flexible system access and help to harmonize computer technology across systems.

GD_graphic for ISAEnsuring cybersecurity with separate computers connected to different networks, operated from a single user interface.

With KVM, users only access the computer interfaces, not the computers themselves. Several systems are accessible at the same time, but without a data connection between the systems. Organizations can separate critical internal applications in the data flow from external applications like web surfing or external video conferencing. For example, they can keep the critical processes on the internal network and everything that is connected to the outside world can be kept separate.

Ensuring Security Through Redundancies

KVM systems offer numerous options for creating redundancies for mission-critical applications. Depending on the complexity and requirements of individual applications, the respective redundancy concept can be either rather simple or quite sophisticated and complex. Redundancies back up either only the KVM system, the computer side, the console side, or the entire application. For smaller applications, redundancy can already be ensured by using a local switch.

Don Hosmer
Don Hosmer
Don Hosmer, VP Sales Americas & General Manager G&D North America Inc., has more than 30 years of experience in video, audio and data transport applications. He has extensive expertise in control rooms and application design for KVM extension products, switching systems and compression technologies over both copper and fiber cabling infrastructures.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM