If your enterprise lives in the kind of retro-analog-world in the picture, you have nothing to worry. For the rest of us, enterprise mortals, the edge in all its glorious innovations is helping us with new experiences, new models of service etc., etc.,
BUT, behind the scenes are operational and security folks working hard to keep their enterprise infrastructure working, safe and secure!!! AND many of you do not have the time to catch up on and/or implement whatever experts like NIST/CISA etc., are recommending.
This five-part series explores how the NIST Cybersecurity Framework (CSF) 2.0 can be effectively applied to secure OT assets in edge and IoT environments. To help folks struggling with 000s of edge components to deliver excellent service, safely.
Imagine your “edge” as all the devices and places that generate data outside of big data centers. This includes important systems like electricity, traffic control, airports, stores, offices, and schools. Basically, anywhere in your daily life that uses technology could be considered the edge.
NIST CSF 2.0 provides a voluntary, risk-based approach to managing cybersecurity risk, making it a valuable tool for organizations of all sizes.
Briefly, this is how each NIST CSF function can be adapted for your edge & IoT security (we will dive deeper into each part, in subsequent parts of this post):
- Identify: Basically, a catalog of all your edge devices, sensors, and controllers, along with the data they collect and transmit (let’s call this visibility). There’s more here that we will cover in later parts of this series.
- Protect: How can you start with lightweight security controls on edge devices and around vulnerability management, encryption etc.,
- Detect: What does anomaly mean when you own 000s of devices, and different edge types, at your edge? What are basic anomaly detection rules you can define to monitor for unusual device behavior or data patterns that might indicate a security incident. This is a solved problem in the IT world, but “detection” at scale is a challenge in today’s edge world that has come a long way from our erstwhile analog world!
- Respond: What does “respond” really mean? In your organization’s risk terms, in terms of your customer impact, in terms of “quality of service”, from an edge-viewpoint? And looming in the background, is the regulatory aspect of how your enterprise domain is regulated. This will be covered in later series, as it applies to your edge assets. Capturing logs, sharing summary information on impact and likely procedures like quarantining.
- Recover: Close on the heels of the prior stage is the last step of “recovery”. Edge components to be patched, to restore prior configurations / settings etc., What backups should you have had to restore to a last known good state? What does it mean to “backup” the edge?
In subsequent parts of this 5-part series, we will delve deeper into each NIST CSF function and explore specific security controls and best practices for edge and IoT security!
If you have any comments or queries, please reach out to us.
