Seven capabilities to look for when partnering with a cybersecurity firm

By Brandan Lickey posted 06-21-2018 10:54


This is the second in a three-part series on the imperative and value-add opportunity for system integrators to add cybersecurity to their toolkits when servicing the industrial and manufacturing sectors.

Industrial control systems (ICS) are central to the operation of mission-critical infrastructure such as energy and utilities. Yet the increasingly complex and interconnected nature of today's ICS has rendered them vulnerable to malicious attackers who seek to compromise them for political and economic gain.

However, as we discussed in the first article in this series, very few SIs are integrating cybersecurity into their offerings even though doing so creates a lucrative opportunity to expand their company’s role. In the same article we go on to explain how SIs can take advantage of cybersecurity and add it to their toolkit, even if cyber isn’t a sweet spot for them. As we explain, partnering with a cybersecurity specialist to augment your offerings is the most seamless route to take, particularly if that firm offers solutions that are easy to deploy, can be offered as managed services, don’t require invasive changes to the customer infrastructure and don’t affect operational processes.

However, the marketplace is saturated with cyber firms and solutions each touting the latest shiny object that will help vulnerable organizations ride the cybersecurity wave. Oftentimes, these solutions fall short in meeting the unique needs of your ICS clients. So, where do you start?

Below are seven key capabilities to look for when partnering with a cybersecurity specialist to serve your ICS clients.

Seek solutions that minimize operational impact
Most cybersecurity firms work with the enterprise sector where technology upgrades are the norm and keeping pace with innovation is key to service delivery and beating the competition. In operational technology (OT) markets, the legacy hardware and software that run today’s mission-critical sectors such as energy, nuclear and manufacturing have a 20-plus-year lifecycle. Highly specialized, these systems are the workhorses behind critical operations. Downtime is out of the question. Ripping and replacing is unthinkable. However, these once standalone and air-gapped systems are now connected and inter-connected across the internet. With that connectivity comes the risk of exposing these networks and systems to possible attacks which could lead to system breaches and downtime.

SIs can help in this regard but only if they partner with a provider who can deliver a solution that secures ICS with minimal changes to the current operational environment. The best approach is commonly known as a network overlay. This type of solution doesn’t require the reconfiguration of legacy devices or current systems, operates on any transport (wired, WiFi, wireless broadband, satellite) and eliminates the need for the installation of agents onto controllers or Industrial Internet of Things (IIoT) sensors. It also reduces any risk of affecting the system’s compliance status.

Enable the benefits of a phased, evolutionary approach
In addition to minimizing the operational impact of securing legacy systems, an overlay approach brings the added benefit of being deployed in stages. Initial deployments can focus on protecting legacy devices with known vulnerabilities and other system segments can be scheduled based on the client’s needs. If the solution is being embedded into next generation components, they can plan to add them to the system as they are available or during a planned upgrade. This phased approach or evolutionary deployment means your client remains in control of their software and devices, rather than be driven by a set of policy or infrastructure changes that alter how tried-and-tested systems operate and can have significant impact on system support personnel who find themselves reallocated to security rather than focusing on core operations.

Most security solutions on the market require lengthy pre-deployment policy definitions and configuration setup prior to the introduction of any security improvements. The overlay approach can enable almost immediate benefits that grow with scheduled rollouts. With an overlay approach, your customers stay in control.

Security solutions must be compatible with industrial network protocols
Industrial systems use unique network protocols designed for localized communications. In his way, they differ from enterprise IT networks which widely communicate with other parties of all types. These industrial protocols conflict with typical enterprise security solutions, which require substantial and costly modification to support an ICS environment. Look for a cybersecurity solution that doesn’t impact your current system protocols. Even better, one that is operationally compatible with all industrial IEEE 802.3 protocols.

Ensure the authentication of both M2M and user-to-machine connections
A key characteristic of security in industrial and manufacturing environments is that devices must authenticate both to each other (machine-to-machine/M2M) and to dedicated remote users (such as vendor support and maintenance teams). This dual authentication is often lacking in cybersecurity solutions that focus solely on user authentication but is critical to securing ICS. Partner with a trusted provider who delivers strong authentication to both types of connectivity.

Avoid the need for external components
Enterprise security solutions typically require the addition of external components (hosted software or computing services) that can drive up the cost of securing ICS. Public-key cryptography is the “gold standard” for M2M authentication, but it requires X.509 certificates, which are costly. The associated certificate revocation checking also involves multiple servers and complexity. Help your clients control costs and manage security with a solution that has built in all the required infrastructure for authenticated connections.

Protect devices against tampering
Many ICS assets, such as pipelines and sensors, are located in the field leaving them vulnerable to tampering or even replacement with clones that can be used to hack the network. ICS security solutions can also fall prey to the same attackers. Look for security solutions that ensure device and solution integrity. The ability to monitor components of the security solution and confirm local and remote security attestation is key to establishing trusted systems and is proof of system compliance with security standards.

Look for ways to enhance system availability
ICS environments are known for maximizing availability, or uptime. System changes are not applied unless necessary, and as system components age, maintenance schedules must be adjusted, and some failures are inevitable. An overlay solution for security can also add fault tolerance to system segments by sensing component failures and securely linking to backup networks.

There is a growing interest in predicting ICS maintenance requirements and monitoring system performance, but these analytical tools should be secured so that system data is protected and projected failures are not exposed to hackers.


Want to learn more about what cybersecurity capabilities to look for when protecting the unique mission and needs of your industrial and manufacturing clients? Visit