How to overcome security challenges

IoT/OT security should focus on providing visibility into the landscape of connected devices within an organization while going by the principle, “If you do not need the device at all, do not have it!” Reduce your attack surface.

However, if you do need a device, ensure that you have an accurate asset inventory. If you do not know the assets owned by your organization, you do not know what to protect—especially in a decentralized environment with multiple IoT/OT devices:

Figure 1.4 – Approach to securing an IoT/OT infrastructure

A trusted computing base (TCB) or a security baseline approach is a basic requirement and a necessity in today’s world to harden the infrastructure. We close many exploits that could be open if we plan our baseline security well.

Vulnerabilities on devices such as ICS and SCADA need to be addressed and may require working closely with vendors to always be on top of patching. Zero-day vulnerabilities can pose a huge risk and need to be identified and mitigated immediately by looking out for indicators of compromise. Since we are talking about vulnerabilities, we can already imagine having focused patching for all enterprise-wide devices. The IoT, OT, and IT are all crucial, and taking a piecemeal approach to patching is a recipe for disaster.

Continuous monitoring is key for any security-focused organization. An organization focused on monitoring its IoT/OT assets one day that then lapses the next day will not really be effective at thwarting any attacks coming its way. With so many focused and agile attackers capable of even engaging in nation-state attacks, you need to ensure that your monitoring is always turned on and that alerts are sent to the SOC team in near real time as well.

This section provided more perspective on a holistic approach that you can take to securely manage IoT/OT devices.