Cisco Blogs


Cisco Blog > Internet of Everything

Drop the IT-Centric Mindset: Securing IoT Networks Requires New Thinking

October 8, 2014 at 5:00 am PST

The Internet of Things (IoT) has become a popular topic of discussion amongst security company executives, analysts, and other industry pundits. But when they begin discussing the technical details, it quickly becomes evident that many of the most experienced security professionals still approach IoT with an IT-centric mindset. That’s because they believe IoT is mostly about the billions of new connected objects. While the dramatic increase in the number and types of connected objects certainly expands the attack surface and dramatically increases the diversity of threats, they’re only part of the IoT security challenge. In addition, the convergence of the organization’s existing IT network with the operational technology (OT) network (e.g., manufacturing floors, energy grids, transportation systems, and other industrial control systems) expands the depth of security challenges and makes threat remediation remarkably more complex.

While IT and OT were once separate networks, they’re now simply different environments within a single extended network ‒ but by no means are they the same! The architectures, operational needs, platforms, and protocols are vastly different for each of them, which drive radically different security needs for each of them. As a result, security architectures, solutions, and policies that have proven effective for years in the IT world often don’t apply in OT environments, so attempting to enforce consistent security policies across the extended network is doomed for failure.

Protecting data confidentiality is IT’s primary concern, so when faced with a threat, their immediate response is to quarantine or shut down the affected system. But OT runs critical, 24x7 processes, so data availability is their primary concern. Shutting down these processes can cost the organization millions of dollars, so the cost of remediation may be greater than simply dealing with the aftermath of an infection. In addition, because OT is a human-based operation in what can be dangerous working conditions, their focus is on the safety of their operation as well as their employees. As a result of these main differences, the two groups approach security in completely different ways. While IT uses a variety of cybersecurity controls to defend the network against attack and to protect data confidentiality, OT views security more in terms of secure physical access, as well as operational and personnel safety.

Securing IoT networks must go beyond today’s thinking. Rather than focusing on the individual security devices, they need to be networked, so that they can work together to produce comprehensive, actionable security intelligence.  By combining numerous systems, including cyber and physical security solutions, IoT-enabled security can improve employee safety and protect the entire system from the outside, as well as the inside. As a best practice, IT should maintain centralized management over the entire security solution, but with a high level of understanding of the specific needs of OT. Based on that understanding, they need to enforce differentiated security policies to meet those specific needs, and provide localized control over critical OT systems.

At the end of the day, IT and OT need to work together for the common good of the entire IoT implementation – thereby driving truly pervasive, customized security across the extended network.

Want to learn about the part Big Data plays in your overall security plan, and how Cisco can help organizations deliver the security they need to succeed in the IoT and IoE eras? Join us for a webcast at 9 AM Pacific time on October 21st entitled ‘Unlock Your Competitive Edge with Cisco Big Data and Analytics Solutions.’ #UnlockBigData

Tags: , , , , , , , , ,

October is Cybersecurity Awareness Month: Marking the 11th Annual #NCSAM

NCSAM banner 96x70October 1st marks the beginning of the 11th annual Cyber Security Awareness Month (NCSAM), sponsored by the U.S. Department of Homeland Security. Throughout the month the Department of Homeland Security and other government agencies will be hosting various events throughout the country to discuss new cybersecurity issues, our cybersecurity infrastructure and our ability to prevent and mitigate national cyber threats.

NCSAM is not just about cybersecurity practices for the government but also to educate adults and children about online safety. It is our shared responsibility to ensure we are safe online whether at home, at work or at school. I encourage everyone to check out The National Cyber Security Alliance’s valuable resources available at www.staysafeonline.org. Read More »

Tags: , , , , ,

Security Must Mature to Protect Against Threats

As we discuss in the Cisco Midyear Security Report, cybersecurity is becoming more of a strategic risk for today’s businesses, creating a growing focus on achieving “security operations maturity.” That’s why Cisco has developed the Security Operations Maturity Model – to help organizations understand how security operations, technologies, and products must evolve to keep up with the pace of change in their environments and increasingly sophisticated attacks. The model plots a journey along a scale of controls that moves from static to human intervention to semi-automatic to dynamic and, ultimately, predictive controls.

Every day I see evidence of why we need to evolve our security capabilities. A perfect example is the Kyle and Stan malicious advertising attack that our Talos Security Intelligence and Research Group discovered and continues to analyze. Ongoing research now reveals that the attack is nine times larger than initially believed and began more than two years ago. The expansiveness and extended period of the campaign reflects the ability of this attack to continuously morph, move quickly, and erase its tracks leaving nearly indiscernible indicators of compromise. To effectively detect and protect against attacks like this, organizations need dynamic controls that see more, learn more, and adapt quickly. Relying exclusively on static controls and human intervention puts defenders at a significant disadvantage and allows attacks to run rampant.

Read More »

Tags: , ,

CyberPatriot Prepares Students to Protect the Internet of Everything

Students arrive in Washington, D.C. wearing embroidered leather jackets with logos and names stitched in bright colors on their sleeves. They’re members of different teams, but not sports teams. They are at the nation’s capitol for CyberPatriot’s National Youth Cyber Defense competition, the largest high school cyber defense competition in the United States.

By volunteering as mentors, we as Cisco employees can impact the future generations of network professionals who will protect the Internet of Everything from breaches and threats that are becoming more common as people, processes, data, and things become more connected.

CyberPatriot’s competition was created by the Air Force Association (AFA) in 2009 to inspire high school students to pursue careers in cybersecurity. Bernie Skoch, CyberPatriot National commissioner, stresses the importance of cybersecurity training as the number of breaches become more common on the Internet.

“There are 15,000 attacks per second in the United States,” he said. “We have a dire need for cybersecurity professionals in the United States, but we frankly aren’t drawing enough young men and young women” to the field.

Read More »

Tags: , , , ,

Cisco 2014 Midyear Security Report: Security Services and Risk Management

More organizations are starting to view cybersecurity as a strategic risk. They have to—it’s becoming unavoidable. Technology and the business are so intertwined. Regulators are issuing more compliance measures that include information security directives. And all the while, adversaries are relentless in their campaigns to compromise defenses to steal information, money, or otherwise create disruption.

Read More »

Tags: , , , ,