Internet of things Security

The blurred line and growing risk between physical and digital supply chains

The blurred line and growing risk between physical and digital supply chains
Written by ga_dahmani
The blurred line and growing risk between physical and digital supply chains

The worlds of IT, operational technology (OT), and industrial control systems (ICS) are converging, increasing attack surfaces and exposing vulnerabilities. At the same time, the lines between digital and physical supply chains are blurring, and organizations must take steps to ensure their security posture remains strong.

As the pandemic and remote work have expanded access points to critical infrastructure, IT and OT cyberattack surfaces have grown significantly. An organization’s vital data now often passes through multiple workloads in a matter of seconds. The increasing use of 5G and the Internet of Things (IoT), which significantly increase the IT footprint, as well as the general lack of security in the supply chain also pose significant challenges. 5G networks use edge computing, where the applications, storage, and control functions required to run them are hosted relatively close to end users and IoT endpoints, or both. That’s a change from the centralized architectures common to 4G and earlier, and it creates a much larger compute footprint.

This proliferation of software is another big concern for the supply chain. Embedding threats into components provided by telecom providers is one way to infiltrate 5G networks.

Vulnerabilities in the increasingly intertwined physical and digital supply chain
Cyber ​​violations are not static; their tactics and capabilities are always evolving. Many organizations don’t even know when they’ve been attacked.

Hackers often look for unsecured ports and systems on industrial systems connected to the Internet. IT/OT/ICS supply chains in continuous integration (CI) are particularly vulnerable as they offer attackers many entry points, and legacy OT systems were not designed to protect against cyber attacks.

Protecting critical systems from cybersecurity threats is, of course, a difficult task. They all have unique operating frameworks, access points, and a variety of legacy systems and emerging technologies. And the lack of trained skilled labor is an ongoing problem in the industry.

The explosion of connected devices is challenging hardware and software integration trends. This, combined with an increase in networked sensors, is creating attack opportunities for hackers across all digital infrastructures.

Protecting physical and digital supply chains
To mitigate threats and address vulnerabilities, critical infrastructure operators must apply a comprehensive risk framework that includes security by design, defense in depth, and zero trust.

Security by Design monitors, manages, and maintains the security process. Defense in depth enables layers of redundant protective security measures to help prevent data breaches. Zero trust focuses on protecting resources through strict identity and access management enforced by proper authentication and authorization.

It is especially important that the public and private sectors coordinate, apply and enforce industry security protocols, especially those related to Supervisory Control and Data Acquisition (SCADA).

Following industry and government protocols derived from lessons learned is essential to protecting vital infrastructure. Infrastructure vulnerability was clearly illustrated by the Colonial Pipeline ransomware attack, and the threat remains high. The details of a security approach may vary depending on the circumstances, but the common threads are situational awareness and information sharing between the public and private sectors. Elements of risk management guidance are provided in the The mantra of the National Institute of Standards and Technology for the industry: Identity. To protect. Detect. Reply. Get it back. In an ecosystem of both physical and digital connectivity, there are Will be vulnerabilities, and a breach or failure could be catastrophic.

Infrastructure-hardening cybersecurity technology is developing in the areas of cloud security, authentication, and biometrics. Automation is an especially effective cyber security pathway, with the assimilation of emerging technologies such as artificial intelligence and machine learning helping to automate detection and trigger cyber defenses.

Innovations in networking, payloads, endpoints, firewalls, antivirus software, and encryption can also harden critical assets against attack. When security by design, defense in depth, and zero trust are combined, the overall cybersecurity posture increases significantly.

It is imperative that CIOs, CTOs, and other IT decision makers collaborate with their technology and service providers to create a roadmap for infrastructure changes and hardware upgrades, while keeping an eye on both security like compliance.

As supply chain manufacturers expand into uncharted territory, it is in organizations’ best interest to ensure proper cybersecurity measures are in place throughout the supply chain. Protecting all connected assets is a critical component of supply chain security, going a long way in preventing organizations from becoming another cyberattack statistic.

About the author


Leave a Comment