FEATURE : CONTROL SYSTEMS choose is one from which you can extricate yourself if it stops aligning with your needs .
Selecting a partner to secure your control systems : The OPSWAT approach
The cybersecurity industry is currently in the midst of market consolidation . While fewer vendors may seem like a welcome simplification of the procurement and support processes , they may also bring more risk during a major incident . Look for records of innovation among vendors . Is the company financially stable ? What is its reputation ? How open and interoperable is it ? Here are other parameters to consider .
Lifecycle
The procurement team must be sure of certain milestones regarding the product that will protect critical infrastructure from threat actors . Release schedules for updates , end of sale , end of support , and end of life are some examples .
Support
Just as the product must be a good functional fit , so should any service be a natural extension of your talent pool , dependable and backed by Service Level Agreements , and Experience Level Agreements .
Real world
Vendor sales teams may come at you with a lot of hyperbole to create a sense of urgency . Having established your own requirements , you can ensure your decision is based on real-world facts and that your return on investment emanates from real risk reduction .
Performance metrics
Your organisation ’ s operating goals , such as RTOs and RPOs , along with your budget , regulatory obligations , growth targets , and the ins and outs of your infrastructure , are data points that should be kept front of mind by your procurement team .
Licensing models
Make sure that you thoroughly review licensing models . They can have significant impacts on costs , but also on flexibility and scalability . Product bundles are only as viable as their cost-effectiveness and capability to fit requirements . There is no point in paying for features that will never be used .
Integration
If you find a partner you can really trust , you can strengthen your security posture by the integration of its team . You gain access to a wealth of solutions and expertise , and you can end up reducing costs and increasing efficiency because you have minimised the number of solutions in your stack .
Follow the data
The cybersecurity market is becoming more competitive by the month . Your procurement team faces a stiff challenge as it sifts through the many vendors , value-added distributors , resellers , and systems integrators for the one partner that can fulfil all the business ’ s needs . Always remember to agree internally on what is required before launching the procurement process .
Some vendors are in aggressive acquisition mode to shore up their capabilities in a changing threat landscape . It is important to remember that this can impact pricing and limit your options with regard to integration and support .
Source of threats
“ Security threats and vulnerabilities in autonomous and connected vehicles , stem from various sources . These include potential cyber-attacks targeting vehicle software , communication networks , and data storage systems ,” says Ezzeldin Hussein , Regional Senior Director , Solution Engineering , META , SentinelOne .
Vulnerabilities arise from insufficient encryption protocols , weak authentication mechanisms , flaws in software design and physical tampering , such as hijacking control systems or GPS spoofing .
As vehicles become data centres on wheels , they are susceptible to privacy breaches and data theft . Moreover , the interconnected nature of transportation ecosystems increases exposure to supply chain attacks and third-party vulnerabilities .
With 3D mapping , smart device integration , cloudbased services , advanced LAN , CAN networks , and autonomous driving defining the connected car of the future , the cyber risks are enormous . With IoT devices connecting to and accessing content and applications , the attack surface is even larger .
As the demand for electric vehicles , EV increases , so does the demand for a secure charging infrastructure . Threats across the digitally connected EV charging ecosystem are on the rise . Cybersecurity controls are a must-have to reduce risks and protect all concerned parties .
“ A single compromised device , whether the EV itself , the EV charger , or any other device in the ecosystem , can be used to infiltrate all devices on the network . Security and segmentation features are critical to prevent widespread security incidents ,” says Kalle Bjorn , Senior Director , Systems Engineering Middle East , Fortinet .
How to secure
Encryption , secure boot mechanisms , intrusion detection systems , and over-the-air update authentication are some of the methods . At the edge , solutions like firewalls , intrusion detection , and
42 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com