CPS & IoT Security Starts at Deployment

Blog

(Part 1 of our 3 part 2024 Summer IoT Security Series)

The starting point for many cyber-physical systems (IoT/OT/ICS) having security vulnerabilities is in how they are setup and managed by either an internal team or an outside service provider.  It’s an often-overlooked part of reducing corporate risk and sets the stage for ongoing vulnerability remediation and cyber hygiene.  Based on working with organizations who have contributed to Viakoo’s more than 2 billion hours of production use, here’s a “top 10 list” of best practices in your deployment and commissioning of new CPS and IoT systems.

  1. Putting all security devices and applications within a segmented network that is firewalled off from the corporate network and with no internet-exposed ports. 
  2. Having a plan for managing configurations of your CPS systems.  Assuming that what was set up and commissioned stays exactly as it was is not going to work.  Configuration drift, network changes, storage issues, and others can all change the cybersecurity posture once a system is deployed. 
  3. Use your organizations single sign-on capabilities to authenticate users
  4. Deploy device certificates to encrypt traffic and to authenticate IoT/OT devices. 
  5. Have a strategy on how to quickly gather data that is relevant to cyber insurance.
  6. Get an IoT/OT-specific asset discovery solution, so as your inventory changes you always have visibility and knowledge about all devices and applications. 
  7. Verify if the data stream from the device is the same as what is put into storage
  8. Align your ongoing maintenance plans (such as for rotating passwords or updating firmware) to your existing corporate governance around passwords and firmware.
  9. Budgeting for a new deployment should have both capital (CapEx) and operating cost (OpEx) factored in.  Starting off with an OpEx-only model can create problems quickly after deployment. 
  10. Share best practices with other parts of the organization, and work with the CISO to include CPS & IoT systems in corporate policies.

Any additional tips you’ve used to improve IoT security when deploying new systems or devices?  Feel free to add to the comments section below.  Check out the next in our Summer IoT Security Series on maintaining the security of CPS and IoT series over time. 

Share this

Recent Posts
Awards - Briefs - Solutions
Viakoo Honored as Next Gen IoT Security Winner in Cyber Defense Magazine's 2023 Global InfoSec Awards
SINET-award-2022
IoT breakthrough award
viakoo wins 2022 global 100
armis and Viakoo end to end cyber security protection

Viakoo, Inc.
650 Castro St. Suite 120-203
Mountain View, CA 94041
(650) 263-8225
[email protected]

Support
Phone: (650)263-8225
Email: [email protected]

Get the Latest from Viakoo

Solutions

Device Remediation

IoT Ecosystem Security

IoT Device Security

Zero Trust Environments

Zero Trust Model

Compliance and Reporting

IoT Cybersecurity

OT Cybersecurity

Products

The Viakoo Architecture

Viakoo Action Platform

Device Firmware Manager

Device Certificate Manager

Device Password Manager

Service Assurance Manager

 

Resources

Blog
Webinars on Demand
Video
White Papers
Data Sheets
Case Studies

Company

About Us
Newsroom
Careers
Contact Us

Request a Demo
Linkedin Twitter


SOC-2 Certification
Viakoo is certified to the highest level of datacenter security

© 2023 Viakoo Inc All rights reserved.

Privacy Policy | SOC-2 | Terms & ConditionsResponsible Disclosure Policy | Whistleblower Process