What comes to mind when you hear the words “Product Security”?
This can be a confusing topic, and to help lay a foundation of understanding, here are some of the basics. Product security primarily focuses on smart devices and has 2 lenses that it typically identifies with:
- Secure devolvement lifecycle of a product or system – this involves items such as testing, secure by design , and ensuring a product is made and tested in a secure way before it is turned on in a live environment. Items such as penetration testing, secure reference architecture, static analysis, dynamic analysis, source code analysis are also areas within the development lifecycle. Designing security and safety into the product from the beginning is the key. The result is a product shipped with the most capability, has a solid fit for function, and will meet the needs of the environment it will live in.
- Actual product design – secure boot, runtime protection, utilization of trusted platform modules, event logging. Key security features should be baked into the product before it is shipped.
Industrial IT/OT Convergence
In the industrial environment, product security is generally centered in the OT environment. As OT and IT begin to converge, industrial users will find more opportunities to use cloud capabilities to drive better decision making. When you begin this journey, product security becomes even more pivotal in keeping your facility and process operational.
As technology evolves product security will continue to cross paths with cyber security. This is important to recognize as each industrial user wants to create the most robust systems possible. This starts at the device level.
Understanding the core areas of impact are critical.
Why should industrial users care about product security? Think hackers! Some environments could have devices that are connected to the internet and that could be a potential entry point for the bad guys. Keeping the door locked and at bay is vital. Sophisticated hackers can enter through tactics such as phishing, and once they get in the enterprise network, the entire infrastructure is at risk. Depending on their motivation they could move from IT to the OT network and this is where processes are impacted. Some of the most vulnerable devices for attackers are HMI workstations.
Here are some steps you can take to get started understanding your exposure to risks associated with product security.
- Do I have anything directly connecting to the internet? Gaining a solid understanding of your structure is key to controlling the steps forward. Partner with the right experts to reduce the exposure.
- Design proper segmentation into your network will also provide great protection.
- Intrusion detection systems are utilized and provide early detection
- Design robust remote connectivity systems and protocols when accessing data remotely is needed.
Secure Remote VPN Connectivity Made Easy Guide
The purpose of this guide is to help plan, build, and implement a fixed or mobile industrial VPN appliance within an IACS network
Now that you are armed with information now is the time to act. Begin asking questions and it could be your asking that prevents a security breach in your facility in the future.