In today’s interconnected world, security must start with a well-informed strategy that addresses all potential angles — including cybersecurity. To navigate the digital landscape and the convergence of OT and IT effectively, there are several steps you should take as a systems integrator to set your customers up for success and protect them from potential disruption.
From the foundational principle of knowing precisely what you have, to understanding the threats you face, tailoring solutions to meet customer-specific needs, and maintaining a proactive approach through diligent documentation and planning, there’s a lot to keep in mind. These four key tips will help you on your journey to implementing and maintaining the most secure systems possible.
Tip No. 1: Know What You Have
It’s impossible to achieve the right level of protection if you don’t know what needs protecting. Though it may sound basic, you first need to compile a comprehensive view of not just the devices and systems themselves, but also all of their requirements and statuses. This starts by looking at your full system and asking the following questions: what’s on it, exactly? Are there devices on the system that aren’t active but still present? Who is overseeing the system and the devices on it?
Once you’ve established a thorough list of all devices and accompanying details, you then need to determine the current state of every device. This isn’t just active versus inactive status; it’s about knowing that you are running firmware and software that has the latest security patches and bug fixes.
To perform this kind of evaluation, there are a variety of tools to assist, usually from the device manufacturers themselves. This is also an important part of the initial compilation process: what level of support is your manufacturer providing for your devices? What patches will they provide, and when? This helps determine what the end of your device cycle will be — if it’s end of life, or if it’s end of support. Though this step may seem time-consuming and unnecessary, it establishes a solid foundation for your overall cybersecurity needs and efforts.
Tip No. 2: Know the Threats Against You
Once you know what your devices are, where they’re connected, and what their status is, you can move on to identifying potential threats against your system and the devices on it. It’s impossible to defend against every threat — especially as attacks grow more sophisticated — but it’s smart to be prepared for what’s most likely to come your way.
New implementations will open you up to an expanded threat landscape, but by establishing a list of your devices and systems, you can better understand the details of potential threats. You should be asking questions like if your devices are truly air gapped, which networks your devices are on, and if those networks are shared with any other production systems. In addition, you have to be sure that your devices are in sync, even if they’re separated from each other. Synchronizing the time across all devices has multiple benefits from making it easier to trouble shoot any issues between devices and servers to allowing for encrypted communications. If your devices are even seconds apart in their synchronization, it can potentially lead to a domino effect of issues.
Your device list will also give you insight into not just where devices are, but why they’re there and who can access them. Originally, all device networks were shared, and if you didn’t maintain every device on a network, the whole system was in danger. This is because anything that has an internet connection — even for just a second — can be compromised and then impact all other devices on the network. This led to the use of segmentation, but that eliminates visibility into other devices, leaving those devices vulnerable anyway. After all, you’re only as strong as the weakest link in your network, so you should ensure that all links present a unified, connected front against potential threats.
Tip No. 3: Determine Customer-Specific Needs
The first two tips are generally applicable across any industry, but, dependent on your customer, you’ll need to narrow your focus to meet their specific needs.
To determine those unique needs, you must have an honest conversation with your customers around cybersecurity and associated threats before integration begins. They know their business the best, so they have the most thorough information around what they’re currently facing, what issues they’ve had in the past, and their anticipated future needs. In this conversation, be sure to discuss any previous threats, existing IT policies, and their current device management systems.
By having that transparent conversation, you can make the appropriate recommendation for them — if you’re building a system that’s brand new versus building a system involving existing pieces, for example. When the system is mapped out, a suitable device management tool can then be deployed, which can help with flexible protection and further adapt to the needs of the customer. During the ensuing installation process, you get the opportunity to set your customer up with a clean slate and a system that makes sense for them — both now and in the future.
Tip No. 4: Document and Plan
After you’ve followed the first three steps by laying the foundation, doing your research, and implementing the right system and devices for the job, there’s more work to be done to ensure a secure system. Your responsibility as a systems integrator extends to documenting everything that happens in and to your systems, and thoroughly planning for events like device failures, system upgrades, and cyber-attacks. There are a few ways to do this to make your job easier:
- First, shut off any protocols that you don’t need or aren’t actively using. This extends to things like discovery protocols. If your devices have already been added to the video management systems and everything is working fine, it is not necessary for the device to be easily discovered on the network.
- Second, if you have systems that are capable of creating backups of their configurations, make regular use of that feature and ensure those backups are stored separately.
- Third (though this may seem obvious), use strong passwords for each device and limit access to all devices. It’s tempting to put simple passwords in place for easy internal access, but easy internal access also translates to easy external access. In addition, the more people you have with access to a device, the higher the potential for human error and ensuing disruption.
- Finally, as an extra layer of protection, everything needs to go through your device management system to further eliminate the potential for issues caused by human error.
No matter the threat — whether it be a malicious cyberattack or the potential for a simple human mistake — having a well-informed strategy is the cornerstone of digital safety. By following these four tips, you can fortify your defenses and navigate the ever-evolving digital landscape with confidence, safeguarding your systems from emerging threats.