Mind the gap
Ari Mahairas is the special agent in charge of the Special Operations and the Cyber Division at the F.B.I.’s New York field office. Peter J. Beshar is the general counsel of the Marsh & McLennan Companies, and has testified frequently before the US Congress on cybersecurity.
The two have written an article in the New York Times pointing to the vulnerability of water companies to attack by cybercriminals.
The security weaknesses relate to technology old and new – SCADA is more than 20 years old, maybe 40 depending on when you conclude that it was invented; and enterprise access to the internet is a relatively new phenomenon.
The article suggests that a ‘defense in depth’ approach is required from the water companies with an ‘air-gap’ that separates IT and OT. The article also notes that device manufacturers need to ensure that their hardware is more secure, and that many are vulnerable to attack. Specifically ‘Devices often are too small to include the necessary security hardware, lack the computing power to host security software or can’t be updated when flaws are discovered.’
Not only can clients be reassured that i2O devices are secure – they cannot be dialled up, unlike most competitors, denying criminals and miscreants an attack vector, data is encrypted, firmware can be updated over the air if any vulnerabilities are discovered but using i2O’s software as a service ensures ‘defense in depth’ with its multi-layered security, and assures the ‘air-gap’ and the degree of separation that Mahairas and Beshar recommend.