Cybersecurity for critical infrastructure starts with a vision. On In the Cloud, host Daniel Litwin discussed the topic with Yair Poleg, CTO and Co-Founder of Ayyeka, and end-to-end hardware and software solutions for connecting asset and infrastructure networks to data systems.
Here are some takeaways from that interview
“Critical infrastructure has been area slow to upgrade from legacy systems. Historically, they haven’t been connected, but now the pressure of digital transformation is building. Unfortunately, with that comes the potential for more vulnerabilities, so what’s the right approach to reduce risk and improve performance? The majority of energy, wastewater, and other environmental aspects are still not connected. Becoming connected could improve performance, and industrial information systems weren’t designed with cybersecurity in mind,” Poleg said.
However, the increased risk of cyber attacks, which are at least driving awareness, doesn’t have to be a given. One key thing Poleg recommended is keeping things separated and isolated. “It’s very hard, though, to change infrastructure networks. They serve millions of people, so you can’t just go in and rework the network layout. It’s a gradual process.”
“The industrial information world wasn’t designed with cybersecurity in mind, but it doesn’t have to be this way.”
– Yair Poleg, Ayyeka CTO
Regulations could be a path forward to initiate standardization from a national level down to the local level. He noted that the biggest challenge is a gap between those that operate networks and security experts. “Engineers have a different background, and their main objective is to provide service, but there is a shift in organization with resources to make cybersecurity a bigger priority.”
Another concern is that municipalities object to upgrading because they can’t afford the time or expense to disrupt service. The CTO explained this is a misconception, “You don’t have to drop service to migrate. You can start small with a deployment, and companies like ours help utilities do this. What’s important is starting with a vision.”
Ayyeka has developed multiple layers of security and authentication to enable a communication session with its technology. Fundamental cyber-security considerations for telemetry device manufacturers or service providers include encryption, authorization, remote firmware update capabilities as well as physical access restrictions - all designed so that only those who have been granted permission can reach your device from afar!