ÃÛÌÒTV

In the context of digital transformation, what are 7 habits of trustworthy devices and the 5 pillars of device protection?

The digital transformation of traditional original equipment manufacturer (OEM) offerings requires hardening connected and edge devices with a horizontal platform that provides a single pane of glass for operations technology (OT) security.

Deploying greenfield devices in traditional network silos alongside legacy brownfield devices in OT environments introduces major risks and exposes a huge attack surface for cyber warfare.

The imminent threats posed by the cybercrime syndicate and nation-state actors targeting critical infrastructure and unprotected devices warrant establishing a trust chain for supply chain risk management. This should be a collaborative effort between OEMs, brand name device vendors and managed security service providers (MSSPs).

The primary goal of digital transformation should be to manufacture devices at scale for supply chain risk management and operational resilience with visibility and control for tamper-resistance, anti-cloning and condition-based monitoring. The transformation must begin at the device. The passage to digital transformation requires all stakeholders to recognize the following realisms:

• The IIoT/IoT is an ecosystem that requires a horizontal platform.
• OEMs, brand name device vendors and MSSPs must take a collaborative approach for cost-effective cyber protection as a service.
• OT/IT convergence requires a paradigm shift.
• The integration of emerging and emerged technologies will create an epical (economical, political, intellectual, commercial) story.

With this as the context for digital transformation, the seven habits of highly trustworthy devices include:

1) Establishes a persistence of trust

• Establishes and preserves device trustworthiness throughout the lifecycle.
• Ensures that data harvested and processed by artificial intelligence (AI) and machine learning (ML) engines is trustworthy for secure, mission-critical decisions and outcomes.

2) Reduces lifetime costs

• Reduces the OEM’s and enterprises operational expenses.
• Scales and automates manufacturing, deployment and lifetime monitoring of heterogeneous connected and edge devices.

3) Manages supply chain risks

• Manages supply chain risks with tamper-resistant content delivery.
• Tracks and traces along the supply chain from the developer, through providers and publishers, to the target OT device.

4) Recovers to a trusted state

• Remotely orchestrates field device recovery and mitigates service outages.
• Remotely rolls back images and/or configurations to a trusted baseline.
• Remotely rotates cryptographic artifacts (keys, certificates) to minimize exposure to potential exploits.

5) Protects data in custody

• Protects data (at-rest, in-process and in-transit) in the custody of mission-critical native and/or containerized applications.
• Uses a secure element as the hardware, firmware or software-based root of trust.

6) Protects digital assets

• Prevents theft of intellectual property and/or mission-critical data by untrusted devices.
• Prevents cloning of trusted devices.

7) Achieves compliance

• Provides security controls required for compliance with emerging standards and certifications for cybersecurity and multi-vendor field device interoperability (e.g., IEC 62443, NIST 800-53/800-63-3, NERC CIP, FIPS 140-2, FCG).

5 pillars of device protection

Device protection is based on five pillars of risk: device identification, device authentication, key protection, data protection and operational trustworthiness. Implementing risk countermeasures in trustworthy devices will far outweigh the cost of innovation for key players in the IoT ecosystem.

Transforming device management with applied data sciences and subscription-based cloud services offers key revenue drivers and a return on investment for rapidly emerging IoT segments, such as smart buildings, smart factories, smart cities and smart energy.

Within the next two years, emerging 5G and secure element-enabled services (e.g., TPM, SIM) will lead to a proliferation of heterogeneous connected and edge devices in traditional enterprise-managed ecosystems. That will present new challenges in OT/IT convergence and integration with cloud platform providers without vendor lock-in.