Aldo Di Mattia, Senior Manager Systems Engineering at Fortinet, tells us about the evolution of the concept of cybersecurity, in relation to IoT, cloud and privacy.

– The integration of sensors and the aggregation of the IoT world implies the massive transfer of data, even towards the cloud. How to carry out this operation safely? What critical issues?

The command, management and control of the physical devices and processes at the base of a production chain are certainly made more efficient by an intelligent collection of field data and their normalization and correlation. In fact, this makes it possible to optimize the company processes themselves, such as those of predictive maintenance, for example, the reduction of waste and downtime with an increase in company productivity. But in order for the data chain to become virtuous, pre-processing as close as possible to the source (edge ​​computing) is often appropriate, thus responding to the requirements of many “IoT” applications which often have to deal with problems of latency, lack of bandwidth, reliability, not addressable through the conventional cloud model. Aggregated and non-time-sensitive data can instead be transmitted to the cloud infrastructure or to the company’s data centre, to allow for more complex processing.

However, it should be remembered that the cloud offers a model of shared responsibility where it is always the responsibility of the user/customer to protect his data and identities, as well as the local resources and cloud components he manages. It is therefore necessary to adopt security solutions similar to the on-prem ones also in the cloud and it is always necessary to evaluate which storage solution is to be preferred, whether on-cloud or on-prem.

The transfer of this enormous amount of data must then take place in safety and can be direct (sensor to cloud/broker) or indirect (site to site). In the first case, one of the protocols used is the MQTT which guarantees the authenticity and authentication of the client (SSL with X.509 certificate exchange) but also any encryption of the content (TLS with payload encryption). In the case of indirect transfer, the connection must be mediated by an intelligent and secure solution, such as Secure SD-WAN where the edge is an NGFW (Next Generation Firewall) type device.

– OT infrastructures are a favorite target of cybercriminals, why? What is the degree of security of these architectures?

Although OT systems do not contain personally identifiable data, the compromise of a critical infrastructure system has enormous appeal. Motives may include, for example, wanting to hold a system hostage (ransomware), manipulate the share price (short selling), deny access to a public service or production system, have a political impact or facilitate a system of corporate malfeasance and fraud. Other areas of interest are industrial espionage and intellectual property theft. These cybercrime actions on critical national infrastructures could also put citizens at risk or even cause deaths.

Legacy OT environments were thought to be inherently secure as they were isolated and lacked encryption, authentication and authorization mechanisms and were immune to obsolescence. In recent years, very often for business reasons and speed in adopting new technologies (digital transformation), the logical/physical separation gap between IT and OT systems has narrowed and the convergence between IT and OT has posed new risks for security. Hence the presence of a European directive: NISUE 2016/1148, now NIS2 which outlines objectives and technical and organizational measures suitable for strengthening the security levels of information systems and networks, as well as improving the management of cyber incidents but does not dictate requirements specific ICS approaches or frameworks in a prescriptive manner. The latter are left to the individual operators who can leverage codified segmentation models such as Purdue, and standards such as: ISA/IEC 62443, IEC 62351, NIST SP 800-82, NISTIR 7628 and NERC CIP .

– Workloads and data stores have concentrated on company servers and in the cloud, how can we guarantee smooth and secure work for everyone?

On the one hand, the digitization of data and the ever-increasing use of cloud services and on the other hand smart/remote working impose new connection strategies with the aim of keeping constant the quality of use of the service and access to the data by the user wherever it is. The solution adopted by companies today to guarantee “fluid” work is the SASE (Secure Access Service Edge) which is declined in the SD-WAN and ZTNA components. On the other hand, since these solutions use direct Internet connections, without centralizing traffic to a control data center, those connections must be able to be protected from a growing series of opportunistic attacks. And this especially if the environment to be protected is sensitive as are the OT environments.

Cybersecurity, securing data, the company and employees.

To address all these critical issues, organizations need a solution that combines dynamic transport capabilities (application aware) with the OT-native security features of a Next Generation Firewall (NGFW). The NGFW therefore becomes fundamental both in the role of Access Proxy for ZTNA solutions and in the role of termination device for overlay connections to give security to the SDWAN solution. The adoption of this type of solution then extends the visibility and control necessary to constantly monitor security and detect those anomalies which can then be managed by a corporate SOC.

– Workloads are rapidly moving to “the cloud”, how can data visibility and access control be achieved? How to enable effective cybersecurity?

Access to data and its management must be mediated by a cybersecurity solution that provides secure local or remote access based on clearly defined control, authentication and authorization rules. According to NIST Special Publication 800-192, access policies must be application-specific and governed by user context (operating unit, skills, role, etc.).

There are also access and data retention requirements regulated by national and international rules and standards, such as the GDPR, HIPAA, CCPA or PIPEDA. At the level of secure access, the basic approach currently adopted is that of zero trust. Zero trust allows dynamic, granular management of access to data, based on the user and the type of data, considering even what is within the company’s perimeter untrusted. This approach, dedicated to micro-segmentation, allows a sort of immunization with respect to data exfiltration and lateral movement and provides the maximum guarantee of secure access to data.

– Accountability and privacy. These are extremely topical issues and which require a clear rethinking of the practices in use in the company. How can your services and platforms help companies achieve regulatory compliance? What strategies and solutions do you offer customers to secure their businesses?

Organizations are subject to many regulatory and standards compliance requirements. Some, such as the Payment Card Industry Data Security Standard (PCI DSS), pertain only to organizations that process credit card transactions. Others, such as the European Union’s General Data Protection Regulation (GDPR), affect all organizations with European customers who collect personal data. Although regulatory compliance cannot be achieved through technology alone, having solutions that are “state of the art” is clearly one of the prerequisites to avoid the possibility of serious and penalizing events, such as data breaches and network, and that, if they occur, they are detected and contained in the shortest possible time.

Cybersecurity, protect the cloud and distributed workloads.

In order to be effective, the security solutions adopted must also build an interconnected framework that Gartner identifies with the acronym CSMA (Cybersecurity Mesh Architecture), in Fortinet called “Fortinet Security Fabric”: a cybersecurity mesh platform with the highest performance in the sector, based on FortiOS. The key pillars of this approach are: FortiGuard labs services, i.e. the laboratories that provide threat intelligence, network security and secure SDWAN solutions based on the FortiGate platform, Zero Trust Access solutions with Endpoint Protection and XDR and NOC solutions & SOC (FortiSIEM, FortiSOAR, FortiMonitor, etc.) which complete the framework of a scalable and open architecture via API (Application Programming Interface) for third-party integrations.