Curated by: Sergio A. Martínez
What is cybersecurity about? With the advent of digital networks, businesses and individuals have become increasingly reliant on the Internet infrastructure to communicate and store all kinds of important information, making it easier and more convenient than ever to stay “connected” to the world. However, this increased dependence has also made us more vulnerable to a specific risk that has become a major concern for businesses and government agencies alike: cyberattacks, which necessitates effective measures to counter them. But what exactly is cybersecurity? And what is its role in protecting our digital data and infrastructure?
First, let’s talk about definitions. In its simplest form, cybersecurity is protecting electronic information from unauthorized access or theft in a specific environment, consisting of every component of a digital network: hardware, storage, ROM, RAM, Firmware, Input/Output devices, connections, etc. Everything that can take place in these points is the concern of cybersecurity, where implementing measures of control and defense are of critical importance for any organization relying on these networks, which are most of them.
However, what is the actual difference between the popular image of cybersecurity stemming from pop culture, and the reality of it? What exactly is the goal of real cybersecurity, and what is the approach that this discipline takes to secure and protect an infrastructure that grows in importance every day? And what are the challenges when it comes to protecting information and access on a system that humans have to interact with daily? To answer these questions, we talked to Dennis Hackney, an OT Cybersecurity Practitioner for a wide range of industries, and who has worked in the field for more than 20 years, to get a close overview of cybersecurity and the actual goals and applications of this area of technology, along with some insights that might tell us the direction where cybersecurity is headed towards.
A challenge of size and numbers
We all know that cybersecurity is something to be aware of. Just turn on the news and you’ll see stories about the latest data breach or cyberattack. And it’s not just large businesses that are at risk — individuals are increasingly vulnerable to cyber criminals, as more and more of our lives are happening in online spaces. But what most people don’t realize is that cybersecurity is not just about protecting computers from viruses or keeping passwords safe; it’s taking a proactive approach and working to identify and mitigate vulnerabilities before they can cause damage.
As Dennis tells us, cybersecurity is a kind of social behavior applied to a digital space. For most people, it’s possible to read a real-life situation more easily to know if there’s a risk involved (for example, learning how to cross a street, or if it is acceptable to accept a gift from a stranger) and act accordingly to that. But in digital environments, whose complexity and invisibility are so much bigger than we can instinctively understand, it’s very easy to miss if a problem is occurring, or if we should be aware of a risk. And depending on the level of computer literacy of the people involved in that situation, it can be challenging to know what to do if a problem arises. “Think of it like going to the doctor for severe pain. You wouldn’t operate on yourself, would you?”, explains Dennis. “If you have certain symptoms and suspect there’s something wrong with you, the best idea is to see a qualified expert to diagnose the problem.”
And the most effective way to do so is with awareness of the operational technology (OT) involved in any system or network. While information technology (IT) specializes in the communication and data that travels through a network, OT, on the other hand, “is a category of hardware and software that monitors and controls how physical devices perform”. And having a complete view of these devices is critical to secure the networks and their users from unwanted intrusions, so the biggest problem here is numbers, and the scale of the measures necessary that comes with it. Can you know the number of devices interacting with a network in any given organization? Or could you be sure that authenticated users will not bring unwanted connections to this system? And if that happens, how can you be sure that any device connected to the network is being used by a validated person? As this article from CyberArk explains:
“The connectedness of OT environments, IT-OT convergence and the proliferation of cyber-physical systems have expanded OT owners’ attack surface. Considering the importance of industrial process continuity, value of trade secrets, and public safety-related impacts of a critical infrastructure (CI) compromise, it comes as no surprise that both organized crime and state-sponsored actors view industrial organizations and CI as lucrative targets for financial gain, espionage, or cyberwarfare operations. Correspondingly, cyber-attacks on this sector have intensified.”
According to what Dennis tells us, one important aspect of cybersecurity is access and identity control, which results in a “Zero Trust Architecture” (ZTA) where the identities of everyone connecting to a network must be verified thoroughly, with enforced policies that diminish the risk of anonymity among users and devices with access to a system. A holistic view of the network where the administrators can see every single user/device connected is a must. In that sense, frameworks like D3FEND might hold an answer.
“Knowledge is essential to estimate operational applicability, identify strengths and weaknesses, and develop enterprise solutions comprising multiple capabilities. To address this recurring need in the near-term, we created D3FEND, a framework in which we encode a countermeasure knowledge base, but more specifically, a knowledge graph. The graph contains semantically rigorous types and relations that define both the key concepts in the cybersecurity countermeasure domain and the relations necessary to link those concepts to each other.”
In other words, the single most important element when securing a system is knowledge, and how to manage it to address any risk or invulnerability within a network. What D3FEND offers is a new way of thinking about security, helping organizations to proactively identify and understand potential threats, and then design effective mitigation strategies. This framework is based on the principles of in-depth defense, and it provides a comprehensive approach to security that can be tailored to the needs of any organization.
“Like ATT&CK, D3FEND is designed to help create a standard vocabulary by defining the specific functions of countermeasures. By doing this, the matrix can help organizations understand countermeasures in detail, which supports both high-level executives comparing the cost vs. risk of a new security tool, and the security architect looking to build or test a strategic toolset”, according to CSO.
Security in an ideal world
However, while the D3FEND framework can help organizations protect their assets and reduce their risk exposure, it’s not an end-all-be-all for cybersecurity. By adopting tools like the D3FEND framework, organizations can ensure that they are better prepared to defend themselves against the ever-changing threat landscape, but without networks with zero-percent invisibility when it comes to OT, the fight has to continue. An ideal network where every single device is visible and authenticated by an administrator would be the pinnacle of efficiency. No more lost devices or unauthorized access. But is such a thing even possible?
As we keep expanding our technological footprint, cybersecurity is not a means of defense but a proactive approach. Sure, a system or network where every single device can be controlled and taken into account in such a way that no unauthorized user might get in sounds great, but it brings challenges beyond our capabilities. Such a network would be incredibly difficult to manage, especially if it included devices not under the administrator’s control. For these reasons, it is unlikely that a digital network where every single device is visible and authenticated by an administrator would be feasible.
And that’s without going into the question of whether or not such a network is desirable in the first place. For many people, the appeal of a digital network lies in its ability to provide anonymity and privacy. If every device on a network is subject to authentication and monitoring, then that takes away much of the freedom that users enjoy, a major concern for many people in the age of the Internet. So, while a digital network where every single device is visible and authenticated by an administrator is possible, it might not be something that everyone wants. Hitting the right balance is key here, finding solutions that respect the users, but also gives the degree of control necessary to ensure no intrusions are possible.
What we can guarantee, though, is that waiting until something goes wrong is not an effective strategy. Too often, users adopt a passive attitude towards cybersecurity, assuming that their network is secure as long as they don’t see any evidence of an intrusion, a dangerous way to think about network security, and always there will be new threats emerging, impossible to know when or how they will strike.
So, the only way to truly protect a network is to be proactive about cybersecurity, stay up-to-date on the latest threats, and take steps to keep ahead of the curve to defend against them. It may seem like extra work at the moment, but it’s the only way to ensure that the information flowing through a network remains safe and secure, helping to thwart threats before they have a chance to do damage. And if they do manage to get in, you’ll be better prepared to deal with the consequences.
Because one thing is clear: cybersecurity must be constantly evolving to keep up with the ever-changing landscape of the digital world.
The Key Takeaways
- More than the popular image of “passwords and antivirus”, cybersecurity is about social behavior, knowledge, and proactivity in the face of threats.
- A key element of this knowledge is having a complete view of a network, and measures to validate and control who has access to them.
- The practicality of this is up for debate. So, the answer to cybersecurity concerns is to remain proactive, aware of potential risks, and have a clear plan of action (like a D3FEND framework) in case of risk is critical.
- As our digital networks grow, keeping ahead of the curve in terms of security will make this proactivity more significant than ever.
Scio is an established Nearshore software development company based in Mexico that specializes in providing high-quality, cost-effective technologies for pioneering tech companies. We have been building and mentoring teams of engineers since 2003 and our experience gives us access not only to the knowledge but also the expertise needed when tackling any project. Get started today by contacting us about your project needs – We have teams available to help you achieve your business goals. Get in contact today!