The Internet of Things (IoT) has become a popular topic of discussion amongst security company executives, analysts, and other industry pundits. But when they begin discussing the technical details, it quickly becomes evident that many of the most experienced security professionals still approach IoT with an IT-centric mindset. That’s because they believe IoT is mostly about the billions of new connected objects. While the dramatic increase in the number and types of connected objects certainly expands the attack surface and dramatically increases the diversity of threats, they’re only part of the IoT security challenge. In addition, the convergence of the organization’s existing IT network with the operational technology (OT) network (e.g., manufacturing floors, energy grids, transportation systems, and other industrial control systems) expands the depth of security challenges and makes threat remediation remarkably more complex.
While IT and OT were once separate networks, they’re now simply different environments within a single extended network ‒ but by no means are they the same! The architectures, operational needs, platforms, and protocols are vastly different for each of them, which drive radically different security needs for each of them. As a result, security architectures, solutions, and policies that have proven effective for years in the IT world often don’t apply in OT environments, so attempting to enforce consistent security policies across the extended network is doomed for failure.
Protecting data confidentiality is IT’s primary concern, so when faced with a threat, their immediate response is to quarantine or shut down the affected system. But OT runs critical, 24x7 processes, so data availability is their primary concern. Shutting down these processes can cost the organization millions of dollars, so the cost of remediation may be greater than simply dealing with the aftermath of an infection. In addition, because OT is a human-based operation in what can be dangerous working conditions, their focus is on the safety of their operation as well as their employees. As a result of these main differences, the two groups approach security in completely different ways. While IT uses a variety of cybersecurity controls to defend the network against attack and to protect data confidentiality, OT views security more in terms of secure physical access, as well as operational and personnel safety.
Securing IoT networks must go beyond today’s thinking. Rather than focusing on the individual security devices, they need to be networked, so that they can work together to produce comprehensive, actionable security intelligence. By combining numerous systems, including cyber and physical security solutions, IoT-enabled security can improve employee safety and protect the entire system from the outside, as well as the inside. As a best practice, IT should maintain centralized management over the entire security solution, but with a high level of understanding of the specific needs of OT. Based on that understanding, they need to enforce differentiated security policies to meet those specific needs, and provide localized control over critical OT systems.
At the end of the day, IT and OT need to work together for the common good of the entire IoT implementation – thereby driving truly pervasive, customized security across the extended network.
Want to learn about the part Big Data plays in your overall security plan, and how Cisco can help organizations deliver the security they need to succeed in the IoT and IoE eras? Join us for a webcast at 9 AM Pacific time on October 21st entitled ‘Unlock Your Competitive Edge with Cisco Big Data and Analytics Solutions.’ #UnlockBigData
The inter-connection among society, the economy and environment, enabled by Internet of Everything (IoE) technology, was a central theme at the recent M-Smart City Summit hosted by the City of Hamburg.
It is no coincidence that the Summit was incubated here and its public and private sector leaders advanced the overall theme of connecting the
unconnected. Collectively, Hamburg’s leadership is driving a visionary strategy to digitize the entire metropolitan region, virtually connecting government, port, business, citizenry, healthcare, academia, public safety and other key organizations.
After just a few years, historic Hamburg has burst into the 21st century as not only a modernized Smart City, but also as a Smart + Connected Community, or, as some call it, a futuristic Seatropolis, anchored by the economic powerhouse of Hamburg‘s port operations.
Essential Application Centric Infrastructure
Today, we are thrilled to release a new video starring Hamburg. In “Internet of Everything Transforms Hamburg into a Smart City,” we showcase how leaders started with an ICT master plan to incorporate a single platform for collaboration, that leverages essential Application Centric Infrastructure. This integrated network stretches across departments and organizations throughout the urban landscape, seamlessly connecting people, processes data and things — a single digital overlay to existing physical infrastructure.
When you walk outside and notice dark clouds gathering, or a cheerfully bright sun, little may cross your mind except to grab an umbrella or your shades. But chances are, the team at The Weather Channel knew about these weather conditions days in advance thanks to Fast IT. And with this advance information, The Weather Channel offers what is relevant to you in the moment.
In our Internet of Everything (IoE) world, more consumers and employees are demanding more relevant content now. As such, organizations must keep pace. The Fast IT model built to transform and simplify IT operations is the way to evolve in today’s environment.
For many CIOs, including The Weather Company’s Bryson Koehler, a Fast IT model has resulted in more accurate, relevant and timely data with unprecedented and unlimited uses. Consider his insights in this video:
“When I look at network programmability, I see the same capability enablement that I see from all of the other things that have preceded it,” he said. “Which is how do we leverage technology to be more flexible, how do we free up engineers and developers to innovate quicker and how do we get the traditional shackles of rigid technology unlocked so we don’t have to be nailed down to a specific piece of infrastructure.”
Over the past year-and-a-half, The Weather Company, parent to The Weather Channel, has rebuilt their entire data platform, moving their forecasting over to the cloud, allowing them to ingest data through an extremely rich set of application programming interface (API). In doing this, the organization is able to improve the accuracy of their forecast, collecting data from across the globe and analyzing it at lightning fast speeds – essential when dealing with an unpredictable variable like the weather.
IoE demands constant innovation and to keep pace companies must access creativity wherever it may arise. According to The Wall Street Journal, more than 34 percent of today’s workforce comes from outside our organization, and their fresh perspective can support innovation. Indeed, cross-pollination of industries is a key to innovation.
This scenario was illustrated in the below story shared by physicist David Matheson last week at the Frost & Sullivan’s GIL 2014: Silicon Valley conference, which I was honored to attend as a presenter.
Decades ago, a group of engineers were working late in the research lab run by their Silicon Valley employer when they noticed a cleaning man doodling his way through a dinner break. But these weren’t just ordinary doodles. The man had enormous artistic talent. Just the sort of talent the engineers — and the company — needed to depict their technology solutions on the printed page.
Excited at their discovery, the engineers rushed to their bosses the next day Read More »
No doubt, these are exciting times for service providers. With the massive transformations that are happening nowadays in the industry and marketplace, being at the center of it all presents a huge opportunity. Well, this is exactly where service providers find themselves today: at the center of how enterprise businesses and consumers can transform through innovation.
At Cisco we are well-positioned to drive profitable growth for our service provider partners. We have made a number of significant changes intended to help service providers globally earn more, reduce cost to serve while improving their agility.
We created an SP Segment and I have been asked to lead the overall business and strategy for Development, Nick Adamo will lead Sales, and Cedrik Neike will lead Services. Together we are partnering to simplify our engagement model and at the same time leverage the entire Cisco portfolio of solutions and products to bring to our customers the capabilities they need to achieve their business objectives.
We believe service providers are centered on transformation through innovation. We believe that, with Cisco, they can: Read More »