News
Limiting connectivity
something to be proud of
Tom Cruise in Mission: Impossible (1996)
The security services have a simple rule: if a digital device has to be safe, it should not be connected in any way to a network… let alone the internet.
Recently this best practice was reinforced by Microsoft, the world’s second largest cloud provider. Their advice: critical systems should be disconnected from the internet and segmented.
Let that sink in for a moment.
The possibilities of increased connectivity have been a main driver of innovation for many years. We have however deliberately been denying the risks. In order to mitigate this we have added technical solutions that cover the attack surface with a small layer of veneer, what lies below is left exposed.
Common culprits are acronyms with V’s. Virtual Private Networks (VPNs), Virtual Local Area Networks (VLANs) or Virtual Machines (VMs), they are just that: Virtual. Pseudo. Not real. Engaging concepts like security by design and zero trust architecture make us feel that we have control, but provide us with a false sense of security.
To disconnect feels like a step backwards. You deny your organisation the comfort, efficiency and potential economic rewards of a connected world. Most vendors stimulate this dynamic, it is a fact that virtual products scale easier than physical systems.
But only logical and physical separation can achieve strong security. This is especially true when it comes to operational technology like Industrial Control Systems.
For the security experts this is nothing new. From frameworks such as the Purdue model, NIST SP800-82 and IEC 62443 to architectural advisories by OT-security consultants like Dragos and Applied Risk, they all underline the paradigm of network isolation and true communication control between segments.
P-X technology was designed to provide visibility of secured systems.
Using our ultra secure passive cyber sensors which have their own communication medium, customers can now know what is happening in their secure networks without opening them up to external attacks. What’s more, no alterations have to be made to existing infrastructure and the sensors will continue to work transparently regardless of future updates of the assets they monitor.
There is a practical cost when isolating critical systems and securing them to industry standards, P-X helps you minimise these costs.