When I was in grade school, my best friend had a favorite saying whenever he disagreed with somebody’s observation that two things were really similar. “It’s the same, only different,” he would quip. Though this phrase was mostly intended to be flippant and evoke an emotional response from the recipient, I’ve finally found a topic where his phrase is 100 percent legitimate; IoT security. That’s because when it comes to securing IoT, we’re not talking about a single, homogeneous network, but rather the extended network which comprises both Information Technology (IT) and Operational Technology (OT) environments.
While existing IT networks have included cloud and perimeter security for many years, OT environments have traditionally been air gapped from the Internet, and therefore only required physical security components to ensure a high level of secure access and safety for plant personnel. And since IT and OT networks were completely separate, the radical differences in their approach to security didn’t make much of a difference – users of each simply lived in blissful isolation. But IoT is changing all of that!
In the IoT paradigm, IT and OT are necessarily conjoined and connected to the outside world. As such, IT and OT professionals will need to work together to drive pervasive security across the extended network. Since OT gains its connectivity through the existing IT environment, IT should retain control by applying a consistent level of security across the extended network, using many of the same tools it has traditionally employed for the IT environment. However, though the tools will be the same, IT must also recognize that OT environments are inherently different; therefore, security policies will need to be applied differently in each of the respective environments, even for the same specific threat, to reflect their differentiated needs.
In other words, the security solution across the extended network needs to be the same … only different!
Join me at Cisco Live 2014 which will be held May 18th-22nd in San Francisco, California. I will be discussing the security ramifications of IoT, providing practical advice and guidance on how you can embrace IoT without sacrificing security, and how IoT can even help you improve your security posture. You can join me for an informal table topic I will be hosting during lunch on Monday, May 19th, or you can register for my technical breakout session on Thursday the 22nd, BRKSEC-2005 – The Internet of Things: a Double-Edged Sword. How Can You Embrace it Securely? Or better yet join me for both! If you want a more personalized conversation, you can also schedule a one-on-one session throughout the week through Cisco’s Meet the Expert program. I hope to see you there!