Building a Resilient World:

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

The Problem with Platform Ascendency for Cyber-Physical Integrations

Integration is the buzzword of the year for technology in 2021. Application programming interfaces (APIs) promise to answer a myriad of interconnectivity questions with ease, connecting consumers with sensors and devices, and connecting businesses with cloud infrastructure and container applications. Organizations are increasingly implementing new data and connectivity to bridge the cyber-physical divide, despite very few having a unified platform or location for central command in terms of leadership, management tools, or security. Companies are also rapidly deploying technologies in cloud storage and cloud computing environments, as retrieving and aggregating data and insights becomes just one click away.

However, these environments now often deploy more platforms than they know what to do with, and since no one-size-fits-all system exists for every organization, integration is the tapestry of platforms, software, and services. Many organizations compete to tie-in multiple integrations with other infrastructures to become the central point of command and control for facilities, services, operations, and fleets.

Dashboards continue to be deployed in a single pane of view to offer visibility for subsystems. For example, APIs power the tools that connect customers to multiple airplane flight databases for different routes and tickets, while apps display arrival and departure times for other public transportation. Here, traffic patterns in a city can be visualized by emergency response personnel in another platform.

Beyond dashboards, applications increasingly provide customers and consumers with digital control over physical processes, such as temperature control and autonomous vehicles. In one use-case, a public smart building might connect smart lighting deployments; heating, ventilation, and air conditioning (HVAC); electric vehicle (EV) charging; solar energy nodes; and smart meters to the main building automation system (BAS). The BAS system and its many connecting nodes include multiple hardware components, internet connections, and potential web applications. Utilities connect to these systems to provide power, using the data to understand the environment and explore distributed energy resources (DER). Additional city services might have access to these data platforms and insights for things such as emergency planning and response.

This tapestry provides three things:

  • A large amount of systems event and state data
  • Increasing digital control over physical processes
  • A larger attack surface for cyber intrusions.

The ascendency of the BAS platform might be a natural progression for an end user, but this move requires thorough planning and consideration.

The need to secure these dashboards and cyber-physical controls seems obvious, though whether they will be implemented with security in mind becomes the optimal question. As cyberattacks increase, threat actors continue to target and adapt tactics, techniques, and procedures (TTPs) to exploit data, systems, and cyber-physical technologies.

Cloud infrastructures are not immune to these security risks, as they’re complex ecosystems with existing vulnerabilities that may lead to intruder access and data breaches. The top two vulnerabilities to cloud technologies are insecure APIs and misconfigured cloud storage. Indeed, in 2018, Symantec reported that misconfigured cloud storage led to nearly 70 million records being stolen or leaked. Other risks to cloud infrastructures include breaches of intellectual property or sensitive data, compliance violations, and contractual breaches.

Where to centralize data and security, and for what purpose, also becomes a key question for many organizations. There are many centralization hurdles to tackle to truly integrate business and security operations and manage risks:

  • Centralizing business data from multiple business segments and use-cases in a central location, either on-premises or in cloud environments, with the appropriate security controls for accessing and sharing data internally and externally. Business data centralization should meet specific user requirements to reduce the amount of frivolous data from moving around without supporting any given use-case.
  • Centralizing security data from cybersecurity tools used to capture data on device configuration, user access, and network behavior. Large organizations manage nearly 40 different cybersecurity point solutions, on average. Centralization is the first step to dealing with the daily barrage of security alerts to automate and enhance response capabilities.
  • Centralizing security policy despite decentralized management, budgets, and operations; security requires centralized security management. All the information relevant to security needs to be routed through a single touchpoint for enforcing a comprehensive security strategy for mission critical systems.
  • Understanding the cloud, which has become a catch-all for computing power, data storage and integration, and security services:
    • Cloud storage: Virtualized data stored in cloud computing environments, accessible over the internet.
    • Cloud computing: Virtualized computing power and processes to run and deliver software and applications over the internet—including those for cybersecurity solutions and services.
    • Cloud security: Virtualized policies, controls, technologies, and applications deployed to protect cloud computing and cloud storage infrastructure.

Integration requires understanding every layer of connectivity and the utility derived from increased digital complexity. Bottom line, owners of complex interconnected data and cyber-physical systems must define, analyze, document, and share data flows and access requirements based on functional business needs and priorities.

These steps should be taken before integrating new technologies, and not after. Layers of integration and technology adoption, along with their security risks, should be spelled out for every customer and end user. Thus, stakeholders can prioritize platforms based on need and the appropriate use-cases.

Danielle Jablanski
Danielle Jablanski
Danielle Jablanski is an OT Cybersecurity Strategist at Nozomi Networks.

Related Posts

AI and Machine Learning in Automation: The Security Imperative

As artificial intelligence (AI) and machine learning (ML) continue to revolutionize industrial automation...
Vaibhav Malik Jul 12, 2024 7:00:00 AM

Top ISAGCA Blog Posts of 2024 (So Far)

Here on the official blog of the ISA Global Cybersecurity Alliance (ISAGCA), we're dedicated to sharing i...
Kara Phelps Jul 5, 2024 7:00:00 AM

Importance and Challenges of OT Patching in Line with ISA/IEC 62443-2-3

In the realm of Industrial Automation and Control Systems (IACS), effective patch management is critical,...
Muhammad Musbah Jun 28, 2024 11:00:00 AM