Industries in every sector are bringing critical infrastructure online, enabling remote access. While this step undoubtedly enables greater operational efficiency and innovation, it nevertheless exposes operational technology (OT) systems to a greater range of cyberthreats.

If this digital transformation is to continue in the industrial space, security solutions must do better at future-proofing this infrastructure. OT cyberthreats will continue to increase. The question becomes: What can be done without exposing ourselves to greater risk?

Since the beginning, the ways industrial operators have accessed or allowed access to cyber infrastructure has been problematic. Relying on perimeter-based security models is only half the battle, thus is insufficient. This model assumes that once someone is successfully connected to the corporate, or the industrial control network, that individual should be trusted. In practicality, however, that is not necessarily true and poses a significant risk to insider threats.

A unique, preventive approach to filling the gap in the security market is needed to allow industrial operators to effectively defend themselves against threats: by implementing zero trust security to authenticate the user and device/system, even though someone may have already gained access to either of the (formerly) trusted networks.

A “zero-trust” model of security provides new tools to digitize operations while maintaining security. Through our partnership with a security technology company called Xage, 1898 & Co. is accelerating zero-trust security adoption within critical infrastructure sectors.

The zero-trust, identity-based security model gives critical infrastructure operators granular control over the extent and time of access to systems, creating a trusted foundation for every interaction — human-to-machine, machine-to-machine or edge-to-cloud.

In a typical electrical substation, multiple parties require varying degrees of control and access — for instance, the operating organization and contracted equipment vendors have different needs when performing maintenance on installed systems. Xage’s zero-trust solutions allow for finely tuned remote and local user and access management, utilizing identity to verify and authorize access based on individual roles. In this scenario, participating parties each receive access tailored to their needs while seeing that access management is secure, convenient, and error-free.

That kind of control and access becomes even more important when talking about entities with large territories, such as oil and gas, solar and wind operators. Zero-trust solutions allow operators within these entities to add, remove and control resources without compromising security.

Too many approaches to access control and remote access leave vulnerabilities for attacks to penetrate and proliferate through operations. By applying advanced security solutions that integrate a zero-trust approach, you can bolster your first line of defense by blocking and/or isolating attacks.

Blending the zero-trust approach with the comprehensive cybersecurity and infrastructure experience of 1898 & Co. will deploy solutions to help industrial enterprises optimize operations and mitigate risk.

 

Successful application of risk management and compliance practices means integrating critical models into all facets of your organization.

Learn More

by
Carmen Garibi is a director for 1898 & Co., part of Burns & McDonnell, where she leads opportunity development efforts for the Critical Infrastructure Cybersecurity, Risk and Compliance team. A cybersecurity executive with nearly 15 years of experience, Carmen is experienced in launching operational technology cybersecurity solutions in markets around the world.