It's easy for me to say that effective cybersecurity must be always on and always aware, as I did in this issue's "Don't blink on security" cover article. However, the other shoe falling is that knowing about vulnerabilities, probes and intrusions is only useful if you can do something to stop them.
Unfortunately, because most cyber-threats, viruses and malware change and multiply so quickly, any useful response must follow up and evolve just as fast. Of course, this challenge is only getting tougher as more machines join their human users on the Internet, and their collective networks grow more interdependent. Of course, the prescription for cybersecurity in these cases is greater internal cooperation and more external assistance when needed.
"We already know that deep connections need protection, but the Internet of Things (IoT) is further increasing the need for more security layers," says Andrew Kling, director of cybersecurity and software practices at Schneider Electric. "As a result, our message shouldn't be that we're the best at cybersecurity, but instead that we're taking each user's security situation seriously."
Kling states that cybersecurity experts can also help users understand and employ the security standards that are most appropriate for their application, including ISA99, IEC 62443, ISO 27001 or others. "IEC 62443 and its specialized sections can help users develop processes for establishing protection layers," explains Kling. "These sections include Embedded Device Security Assurance (EDSA), System Security Assurance (SSA), Application Security Assurance (ASA), and Security Development Lifecycle Assurance (SDLA)." The standard and its certifications are managed by ISASecure.
Beyond adopting and benefiting from the recent coalescence of these national and international cybersecurity standards, Kling reports that users can also seek advice from the working groups within the various standards bodies and from other supportive organizations. "We also have a large and active community at Schneider Electric, and it helps because many people are facing the same security concerns or issues about how to participate in the standards, and the community can help them find some common strategies and goals."
Kling adds that users are also getting some cybersecurity relief from suppliers, who are designing and developing solutions that are more often secure by design and secure by default. Basically, this means that more devices have security built-in, instead of added later. "For instance, when we ship our Foxboro Evo DCS, it's already pre-hardened with security functions, so it's not vulnerable when it's turned on," says Kling. "All kinds of security by design and default are helpful because any users don't realize their systems and facilities have experienced a breach until an average of six months after they've happened. This is also why network monitoring techniques are crucial for recognizing breaches as early as possible.
"More recently, we've seen some people come up with the idea of using machine learning methods for cybersecurity, which involves using heuristic observations of network traffic, and then applying rules and algorithms to it. We're looking at this, too, because it could simplify applying cybersecurity, and help recognize normal versus abnormal activity."
In general, Kling explains that additional tools are needed to find and help mitigate unknown vulnerabilities, but applying layers of defense is still a good strategy because no single protection is impenetrable or able to catch everything. "This is why we apply 122 different software practices as part of our Secure Development Lifecycle (SDL)," he says. "These include secure code review, static code analysis, checking for cross-site scripting, and SQL injections. The SDL process can even be adapted for particular needs or industries."