Key tips for cybersecurity protection at your critical site
It goes without saying that a cybersecurity attack in critical infrastructure could cause a catastrophic impact. Making sure you are constantly thinking about your critical site’s cyber plan and asking the right questions is a key component of securing your site.
In this blog, I continue my conversation with Ryan Zatolokin, Business Development Manager, Senior Technologist, Axis Communications, Inc. as we dive into possible threats and key factors to look for when evaluating your cybersecurity plan. In our most recent blog, we discussed why cybersecurity is vital in critical infrastructure, potential risks and how organizations can mitigate risks in these networks.
From a technology perspective, any device connected to a network could be a potential entry point for hackers. When evaluating solutions for critical infrastructure locations, what key factors should organizations look for to reduce the risk that they will not be the “weakest link” on the network?
Ryan: Look for products that offer a variety of features that can fit into the organization’s security policy. Axis offers encryption and the ability to specifically restrict who can talk to that device using IP address filtering. This year we’re taking it to another level by protecting devices as they go through the distribution channel. We’re also providing signed firmware to protect what is running that product. These are just additional layers of protection Axis is implementing to take device protection to the next level.
Joe: Along with what Ryan noted, it’s essential to understand what’s in a hardening guide. End users need to evaluate what’s in that guide that can help mitigate (and hopefully prevent) cyberbreaches. We’ve worked hard to make sure the Axis hardening guide outlines the features and benefits that we provide. Looking forward, we have to be aware of the next generation of tools used to hack into networks.
Partnering with the right provider is vital for cybersecurity. What traits should organization look for and what questions should they ask of a prospective partner?
Ryan: A main factor in cybersecurity is working with partners that have a good reputation, follow best practices, and are open and transparent. Axis devices are just one part of the solution. We offer a certain level of security at the edge, but we also have to communicate with many other devices across the network. We have partners that help us protect that network traffic and even hide devices that are on the network so there’s very little chance of them being compromised.
Joe: If we’re using a partner’s software as a system component as a solution, we want it to be reliable and the best in the industry. We look for partners that offer cutting-edge solutions and the flexibility to come up with a patch or a solution in real time. The ability to adapt and overcome potential problems like malware is important as Axis seeks to partner with providers within our ecosystem.
While technology is certainly integral in cybersecurity, even the best solutions could be undermined by one person’s actions. How can organizations create an environment where the “human factor” is less likely to compromise cybersecurity?
Ryan: That’s a great point because the human factor is almost always the weakest link in cybersecurity. As I mentioned earlier, policies play an integral part in overcoming this. The other factor is having tools that make it easy to maintain consistency when deploying cybersecurity features in products. On the other hand, device management solutions can build templates that enable operators to push out the exact configuration to all devices. This ensures that as new devices are added, you can make sure they offer the same level of security as those that are already deployed.
Joe: Something else to consider is how cybersecurity is headed toward an artificial intelligence (AI) or machine learning process that will eventually allow everything to be handled through the cloud. A sensor will detect or discover malware or a breach attempt, and it will shoot up to the cloud, where there will already be a solution in place to instantly send out patches to all devices simultaneously. Once that type of solution is developed, it will take the human aspect completely out of cybersecurity.
Cybersecurity is about the depth of your defense.
The potential fallout of a network breach at a critical infrastructure facility or location could be catastrophic, with effects that could be felt across a number of critical segments. When it comes to securing devices and networks used in critical infrastructure, one of the biggest factors is to source equipment from companies that have committed to adhering to the highest level of best practices.
A key to ensuring end-to-end cybersecurity of all interconnected devices and systems is forming strong partnerships with like-minded companies that offer complementary technologies and are equally committed to securing their products. Effective cybersecurity is about constantly assessing risks and taking appropriate steps to mitigate those threats. It’s about working with the right people, using the right products, taking advantage of the appropriate technology and implementing (and adhering to) the correct policies. By keeping these in mind and cybersecurity in focus, you can be in better position to protect your critical site and its assets.
|Ryan Zatolokin is the Business Development Manager, Senior Technologist for the business development team of Axis Communications. His primary focus is cybersecurity as well as positioning and promoting Axis technology in conjunction with the hardware and software technologies of eco-system partners. Ryan joined Axis in 2011 as a field sales engineer, bringing more than a decade of experience in network engineering on the systems integrator side of the industry. Ryan earned his Bachelor’s degree in Business Administration with a specialty in computer information systems from Eastern Michigan University.|