Capitalize on the New Convergence: Cyber-Physical System Security

Here’s the good news: Experts predict that within the next four or five years, there will be more than 40 billion IoT devices hard at work — improving the safety, efficiency, reliability and productivity of the world’s enterprises.

Now the bad news: Experts warn that most professional security and IoT edge devices are either not being managed properly, or do not have the firmware or security controls they need to protect against cyberattacks. The phrase “cyber-physical system security” comes from the idea that such devices have both a physical purpose, and a cyber dimension as well. The recent Verkada camera surveillance breach is the most recent of many examples that validate this escalating problem — hackers find cyber-physical systems to be both easy to hack and easy to pivot into the corporate network from.

As a result, there are scores of unmanaged and IoT devices already deployed that enable a situation where your security, management, control and information networks are vulnerable to penetration by cyber criminals. And after successfully penetrating your network, these bad actors can undertake a wide range of malicious activities, from data ransom to data theft, alteration or deletion, or even malicious changes in system controls.

Barriers to Remediation

It’s no secret that cyber-hygiene has historically not been a high priority at most organizations. In the case of unmanaged IoT devices, however, even diligent IT and security teams face barriers to maintaining protections as these devices proliferate. Among the challenges are:

• Most IoT devices get installed with known vulnerabilities, but lack automated firmware and certificate management to remediate those vulnerabilities.
• Because IoT devices cannot host software agents, traditional IT security solutions will not work.
• Many cyber-physical IoT systems reside on segmented LANs, which traditional IT security solutions can’t reach.

What is needed is a way to automatically locate and identify network-attached devices, determine whether remediation actions are needed, take those actions if necessary and put the devices back into useful service. This process needs to happen 24/7 and be well automated, as anything short of that will leave our globally interconnected networks vulnerable to attack. All this is no small challenge, but resolvable.

The Cyber-Physical Security Fix

Fortunately, the right solutions are available now, and they provide the necessary one-two punch of detecting and automatically remediating potential problem devices.

To achieve the first goal of knowing what devices you have and what their status is, there are easy-to-deploy options available. In many cases discovery tools have some form of threat assessment built-in, allowing you to prioritize the highest risk devices for remediation. Combined with an automated cyber hygiene and vulnerability remediation solution, that data can be further enriched with detailed device and application data to prioritize fixes, such as what firmware version or certificate the device is using.

For the second goal of automatically remediating vulnerabilities, once again the new solution makes use of an agentless automated IoT cyber-hygiene platform. This software platform examines the flagged device and triggers remedial actions such as firmware updates, configuration modifications, certificate refresh and password changes. Each of these actions helps to remediate risk. Any flagged devices that cannot be remediated are referred back to the security platform for extra monitoring — and quarantine in the case that any suspicious behavior is detected.

Together, these two elements form a powerful solution that helps make distributed, unmanaged and IoT devices both visible and secure. Going forward, it is clear that only an automated system with both of these elements working together will be able to scale up to the level that will be needed as the IoT fully realizes its potential. Don’t wait — start planning for your IoT future now.