The explosion of connected devices is happening at breakneck speed. By 2020, Gartner predicts 20 billion connected devices and more devices mean more security threats.
In a keynote address at RSA, Matt Watchinski, Cisco VP of the Talos Threat Intelligence Research Group, said that everything from cameras, to audio equipment, to parking meters connect to our networks. “We have entire generations that look at the world, and swipe it, and touch it, and talk to it,” Watchinski said. It’s this connected world that exposes people to security vulnerabilities.”
One of the most notable and recent IoT security attacks was the VPN filter, which the Talos Group helped to expose last May. Talos researchers, working with public and private-sector threat intelligence partners and law enforcement discovered malware infecting at least 500,000 home office networking devices. Law enforcement believes it was a state-sponsored attack. What made this attack so dangerous was that it had the capability to scan for specific operational technology (OT) traffic.
The VPN filter attack is proof that hackers are out to exploit OT, and we can only expect attacks like this one to grow. That’s why connecting information security with operational technology is critical. “These technologies will make it into our critical infrastructure, they’ll make their way into how we deliver water and power,” Watchinski said. “We have achieved so much in IT security, we are now going to have to learn a completely different world of OT security.”
Liz Centoni, SVP of Cisco’s IoT Business Group, joined Watchinski on the RSA stage and outlined the focused need on OT security. Centoni says security is the reason IT teams and OT teams were forced to work together. “The number one thing customers talk about when they discuss bringing IoT to scale is security,” Centoni said.
Building the bridge between OT and IT may be challenging for information security professionals, but it also offers immense opportunity to protect hundreds of millions of people by protecting critical infrastructure. “The OT world cares about people safety, equipment safety, and what rolls off the production line,” Centoni said. And that’s what’s at the heart of the intersection of IT and OT.
Centoni explained the need for security to be baked into the DNA of OT. Once implemented, OT systems usually don’t get upgraded for decades, so security has to be a fundamental part of the original design.
The time is now for InfoSec to start building relationships and partnerships to help secure this new world.
While some see challenges with this, Centoni sees opportunity. She saw it done with IT, and she believes the same lessons can be applied to OT. Centoni wrapped up her keynote with this simple request: “Be the bridge between IT and OT.”
Read more about Liz Centoni's Biography