A New Approach to IIoT Security
As more operational technology (OT) devices and industrial control systems (ICSs) are connected to information technology (IT) systems over the Internet, the attack surface expands to billions of insecure devices, many of which cannot be patched. That in turn creates a massive population of new attack vectors against physical infrastructure – from power and water plants to factories, hospitals, office buildings and even cruise ships. The stakes of digitization are high. Ambitious IIoT goals – performance optimization, cost efficiencies, better/faster decision-making at the network edge – will be compromised if these systems are not secure.
In “Securing Critical Infrastructure against Cyberattack”, TechTonics advocated for OT/IT convergence to facilitate IIoT initiatives. That paper discussed the unique characteristics of these previously air gapped systems, including their vulnerabilities, and warned of the potential catastrophic consequences cyberattacks can have on them.
The paper suggested that a new security paradigm is needed for IIoT, and laid out the criteria that an IIoT security solution must have. “Securing Critical Infrastructure against Cyberattack” concluded that traditional firewalls and VPNs – which were architected for a time of simpler network connections and malware – are no match for modern cyberattacks against converged OT/IT infrastructure.
This paper expounds on the risks of an expanded attack surface and the concomitant threats posed by the growth in attack vectors. It avers that only a purpose-built architecture – call it a virtual air gap firewall – with advanced IIoT capabilities can address the growing threat against critical infrastructure.
The paper also takes a deeper dive into why internal firewalls cannot defend effectively against today’s sophisticated IIoT attacks. Lastly, the paper suggests two deployment options for a virtual air gap firewall, and recommends that organizations replace their internal firewalls and VPNs with an air gap firewall.
This white paper is written by Gabriel Lowy from TechTonics Advisors and sponsored by Tempered Networks.