From a major airline and engine refurbishing plant to a communication protocols organization, there have been a few topics that have surfaced again and again in our recent conversations with cross-industry clients. This inspired us to round them up in what we’re calling “Industry Insights,” a look at where our network’s collective head is at.
Protection Rather Than Detection:
We start with protection versus detection. As we work with clients, no matter what industry they are in – this is one of the key points that we emphasize. What sets DYNICS apart is our absolute laser focus on protection. While others tout detection as their sales value, that is just a part of the process. While detection alerts you when a vulnerability or exposure may be present, what then? going on. Ultimately protection is the goal. By prioritizing protection from the beginning, you’re not letting that flaw unfold. Therefore, our approach is protection, visibility, and control.
Visibility and Control:
That brings us to the second part – visibility and control. Why have visibility without the control? The worst thing is to be told that something is out there that requires attention but then are left without access to it in order to address and fix the issue. Therefore, we emphasize both because you can’t have one without the other, and you can’t make one meaningful without the reaction and strategy the other allows.
Deny by Default:
In considering the elements of overall cybersecurity, a phrase that frequently comes up is ‘deny by default.’ At its most basic core, this means “To block all inbound and outbound traffic that has not been expressly permitted by firewall policy,” according to NIST’s Computer Security Resource Center. This tactic has really gained traction with the rise of zero trust as chronicled by Security Intelligence.
While there are best practices for firewall implementation (see this MarTech Series article), here is a preview of our advice when it comes to this subject and ‘deny by default’:
Zero trust, a term frequently tossed around, often relies on subjective interpretations. Achieving true zero trust, especially with today’s networking technology, may be an elusive target. However, we assert that while absolute zero trust might remain beyond reach, we can approach it closely at the network layer. Our commitment is to demonstrate that DYNICS’ and Veracity Industrial Networks’ OT Cybersecurity products, when deployed together, can bring us closer to genuine zero trust than any other OT offering we are aware of.
One pivotal principle that underpins our cybersecurity products and strategy is ‘deny by default.’ In the past, concerns about disrupting production led to a default ‘allow’ stance in out-of-the-box security solutions in the industrial sector. This approach achieved the immediate goal of preventing production shutdowns but did so at the expense of undermining security efforts and fostering a false sense of system safety. The root of this problem lies in many companies’ failure to grasp the nuances of the industrial environment, where downtime and maintenance play crucial roles. As a result, policies inherited from IT were often applied indiscriminately, when in reality, they needed thoughtful adaptation to suit the unique requirements of the OT landscape.
Manufacturing Communication Protocols:
Having control over access and an awareness of industrial needs brings us to communication protocols, an area that we hinted at in the opening. In settings such as manufacturing, communication protocols are used to connect systems, interfaces, and machines that make up plant floors or other operations. They’ve become even more crucial in today’s Industry 4.0 environment where connectedness and real-time data are elemental. Because they are so important to the success of current productivity, they must also be subject to the utmost security measures.
MQTT and OPC UA have become integral in modern manufacturing, facilitating efficient data exchange. However, the critical factor lies in their configuration, where security can either fortify or jeopardize the entire communication ecosystem. Regrettably, the convenience of opting for unsecured setups often prevails, primarily due to the intricate nature of protecting these protocols, causing a vulnerability risk. To ensure the reliability of these technologies, it is imperative for vendors to prioritize user-friendly and streamlined security configurations, enabling end-users to seamlessly implement these protocols with confidence in their data integrity.