UPDATED 14:28 EDT / APRIL 21 2020

SECURITY

Edge exposure during pandemic requires renewed focus on cybersecurity

Security at the edge has been discussed for quite a while, but the timetable for solutions extended to years. That’s no longer true.

With the outbreak of coronavirus and a migration of much of the global workforce away from internal corporate networks to connecting via mobile devices using home routers, the need for edge security has become more urgent.

A recent Network World survey found that edge security was very much on the minds of information technology executives, with 77% concerned about overall security and 55% who believed that edge devices were not built with proper protections.

“All of a sudden what we’re seeing, not just in the U.S. but the world as well, is that the edge is being extended in places that we just hadn’t planned for before,” said Phil Quade (pictured), chief information security officer of Fortinet Inc. “Sometimes there are catalysts that cause major changes in the way you do things. We’re in one of those right now.”

Quade spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the impact of internet of things devices on edge security, Quade’s recent book on cybersecurity as a science and rising vulnerabilities in operational technology. (* Disclosure below.)

Evaluating IoT devices

The global pandemic offered both benefits and challenges for Quade’s fellow CISOs. For many firms, security rose to the top of the priority list as businesses scrambled to protect assets in a suddenly less-secure work environment.

On the other hand, protection of critical data and IT infrastructure just got a lot harder. Last year, Fortinet published a list of actions CISOs should consider to secure IoT devices at the edge. These included evaluating every IoT device that connected to the network and assessing all edge-related traffic, encrypted or otherwise.

“It’s a very important time to step up as a CISO and do what’s helpful to sustain the mission,” Quade said. “This isn’t just a surge for 30 days; this is a surge for being agile with no end in sight.”

A virus once raged through the internet, causing millions of dollars in damage and crashing thousands of machines. While this sounds like a scenario that could have happened yesterday, it actually occurred in November 1988, when some of the early Web pioneers realized that what they envisioned as a friendly academic research tool could have far greater implications.

This historical perspective and how it should be applied to the current world are part of a thesis outlined in Quade’s recent book, “The Digital Big Bang: The Hard Stuff, the Soft Stuff, and the Future of Cybersecurity.” Like the “Big Bang Theory,” a leading explanation for how the Universe began, the internet has fostered a different world and cybersecurity must be taken as seriously as the discipline of scientific thought.

“Fifty years ago, we had a digital big bang where there was a massive explosion of bits with the invention of the internet,” Quade explained. “It’s time to start treating cybersecurity like a science. Let’s not pretend it’s a dark art that we have to relearn every couple of years.”

Integrating IT with OT

Part of what is keeping Quade and his colleagues up at night are concerns around the operational technology space. A survey of enterprise security professionals conducted last year by the SANS Institute found that less than half of respondents had conducted a security inventory of control system devices and software applications, even though 78% of the equipment had external connectivity.

“You want to make sure your solutions in the IT space are well integrated with solutions in the OT space so an adversary or mistake can’t work into the crack and cause a disruption,” Quade said. “With the rapid introduction of IoT technologies into the physical world, we’re going to have a whole lot of dependencies and inconveniences on things that instrument our physical space.”

The power grid system in the U.S. offers an instructional model, according to Quade. Contrary to what some people believe, there is not one main power grid, but actually three. There are Eastern and Western interconnections, along with one in the state of Texas. This is the kind of diversified, resilient model the cybersecurity community needs to consider.

“There’s fabulous strategies of implementation and diversification to allow the grid to fail safely so it is not catastrophic,” Quade said. “We ought to base cybersecurity around a similar principle — that a catastrophic failure in one part of the architecture shouldn’t result in a catastrophe cascading across your whole architecture.”

Recognizing the increased risk profile as a result of a dramatic increase in remote work arrangements, Fortinet is offering free training that leverages the curriculum from its certification program. The hope is that users will embrace a time of uncertainty and risk with a more informed view of security practices.

“A lot of things that some people might use as scare tactics — convergence and Skynet and robotics and things like that — I believe these are things that will make our lives better not worse,” Quade said. “The future remains bright, but we still have some work to do.”

Here’s the complete video interview, one of many CUBE Conversations from theCUBE. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU