(Part 1 of our 3 part 2024 Summer IoT Security Series)
The starting point for many cyber-physical systems (IoT/OT/ICS) having security vulnerabilities is in how they are setup and managed by either an internal team or an outside service provider. It’s an often-overlooked part of reducing corporate risk and sets the stage for ongoing vulnerability remediation and cyber hygiene. Based on working with organizations who have contributed to Viakoo’s more than 2 billion hours of production use, here’s a “top 10 list” of best practices in your deployment and commissioning of new CPS and IoT systems.
- Putting all security devices and applications within a segmented network that is firewalled off from the corporate network and with no internet-exposed ports.
- Having a plan for managing configurations of your CPS systems. Assuming that what was set up and commissioned stays exactly as it was is not going to work. Configuration drift, network changes, storage issues, and others can all change the cybersecurity posture once a system is deployed.
- Use your organizations single sign-on capabilities to authenticate users
- Deploy device certificates to encrypt traffic and to authenticate IoT/OT devices.
- Have a strategy on how to quickly gather data that is relevant to cyber insurance.
- Get an IoT/OT-specific asset discovery solution, so as your inventory changes you always have visibility and knowledge about all devices and applications.
- Verify if the data stream from the device is the same as what is put into storage
- Align your ongoing maintenance plans (such as for rotating passwords or updating firmware) to your existing corporate governance around passwords and firmware.
- Budgeting for a new deployment should have both capital (CapEx) and operating cost (OpEx) factored in. Starting off with an OpEx-only model can create problems quickly after deployment.
- Share best practices with other parts of the organization, and work with the CISO to include CPS & IoT systems in corporate policies.
Any additional tips you’ve used to improve IoT security when deploying new systems or devices? Feel free to add to the comments section below. Check out the next in our Summer IoT Security Series on maintaining the security of CPS and IoT series over time.