Incidents of cyber-attacks against IT networks are intensifying globally. The recent spate of ransomware attacks on the American oil pipeline system and the global meat supply chain highlights both the vulnerabilities that exist in our IT infrastructure, as well as the devastating impact these cyber breaches can have even when that breach might seem relatively innocuous. In the case of the Colonial Pipeline hack, the attack reportedly only reached the front-end business IT systems, not the IT and operations technology (OT) that actually control the pipeline itself. But, nonetheless, the attack resulted in shutting down the entire pipeline for a period of time causing alarming gas shortages up and down much of the East Coast of the United States. Long lines and panic buying became the norm for days.
This rising threat combined with the increasing adoption of IoT devices, the convergence of IT and OT networks, and the use of cloud-based management and analytic systems has led to cybersecurity being an urgent concern for edge IT owners and operators. Cyber-attack risks are worsening due to the increasingly distributed nature of IT. The edge computing trend is putting more and more endpoint devices at the edge of computing networks away from more highly secured, centralized data centers. This has increased dramatically the available attack surface for cyber criminals and hackers.
White Paper 12, “An Overview of Cybersecurity Best Practices for Edge Computing” describes 4 things to focus on and address consistently to dramatically reduce the risk of breaches. The 4 practices are:
1. Device selection criteria
2. Secure network design
3. Device setup / configuration
4. Operation and maintenance
I’ll give a brief overview of these practices here in this blog. The White Paper offers more detail and provides examples along with information on the relevant cybersecurity standards.
1. Device selection criteria
The first best practice is to select network-connectable devices that can be verified to have been developed by vendors who follow a well-implemented secure development lifecycle (SDL) process. Or, if we’re talking about industrial control devices and systems, the IEC 62443 standard should be followed. This standard is accepted worldwide for defining security standards developed by industrial control experts. The SDL process was first developed by Microsoft. A typical SDL is comprised of 7 phases that cover everything from internal training to design to verification of security protocols, to developing incident response plans. In this way, always buy from vendors who can demonstrate their commitment and focus on security and privacy concerns for all of the products, apps and services they offer.
2. Secure network design
Not only should you choose network devices developed and optimized for security and data privacy, but the network itself, of course, must also be designed, implemented, and managed with security as a chief concern. Securing access to edge IT sites begins with basics like the use of a virtual private network (VPN) that employs encrypted tunnels, implementing firewalls, and using access control systems.
Beyond those tools, the network should be implemented using a “defense-in-depth” network (DDN) design. A Defense-in-Depth Network (DDN) approach secures edge computing functions and maintains availability of those functions and communication paths. Edge computing makes use of distributed networking, computing nodes, storage, and safety control systems. The strategy of DDN for the edge is to develop security zones with different defensive elements in each zone. White Paper 12 demonstrates a layered approach (using network segmentation) by implementing zones and security links between the untrusted zone and trusted zone.
Another recommended practice related to network design is the use of intrusion detection system (IDS) appliances placed at each edge computing site. These can detect potential malevolent traffic that could potentially damage, disrupt service, and impact availability to the edge environment [1]. The paper also introduces a newer concept called, Secure Access Server Edge (SASE), which combines SD-WAN deployments with embedded security. It was specifically designed for distributed IT and Edge deployments.
3. Device setup / configuration
Before an embedded device or software-based system is used in an edge application, proper analysis should be done to understand how the device / system communicates and how the device /system functions within the use case that is required by the customer to operate at the edge. This involves things like using and applying the vendor’s hardening guide, doing port scans, and ensuring all patches and firmware updates have been applied, etc.
4. Operation and maintenance
The fourth best practice category discussed in the paper is operation and maintenance. This section begins by describing the global standards that exist to provide updated guidance on best operational practices. While specific applications might have unique and specific tactical practices to ensure security, there are certain practices that apply to all edge computing applications. Those include patch management, vulnerability management, and penetration testing. The paper goes into each of these in detail.
And finally, although outside the scope of White Paper 12, it is important to also consider and account for physical security as part of your overall cybersecurity strategy. One 2021 cybersecurity trends report said that 63% of successful attacks originate from internal sources, either from control, errors or fraud. This highlights the need for physical security measures that control who has access to IT and network equipment. Given that edge computing sites are often not staffed and are operated in a “lights-out” fashion, locks on IT cabinets and security cameras (backed up with UPSs) are recommended.
In conclusion, the highly distributed nature of today’s portfolios of hybrid IT and edge computing sites and assets makes it more challenging to secure everything from cyber criminals. Following the best practices outlined above will dramatically reduce the risk of successful cyber attacks. Read White Paper 12, “An Overview of Cybersecurity Best Practices for Edge Computing” to learn more.
Gloss