Impact of Edge Computing on Industrial Cybersecurity

Edge computing, or the ability to store and process data on servers close to the source or destination of that data, is becoming increasingly fashionable. The IT world has been using it for years with regional data centers that serve content more efficiently. What is new today is the beginning of its incursion into industrial environments.

Cybersecurity
Written by:
David Purón

Energy companies, utilities or factories are implementing Edge Computing to digitize their operational processes, and this can absolutely change the dimension and criticality of the use of this technology.

There is no doubt that efficiency and sustainability objectives are forcing the industry to digitize. The position of Chief Digital Data Officer, whose objective is to make the most of millions of data captured in operations, is becoming increasingly relevant in large corporations.

The CDO needs to modernize its data processing infrastructure, but the Cloud falls short in many cases due to 3 limitations. First, processing in the cloud a lot of data in real time can be unfeasible or extremely expensive. Second, when digitized processes require continuity and resilience, relying on an Internet or Intranet connection is risky. And third but not least, the regulation or certifications required in terms of information security and privacy do not allow in many cases to process data outside the company's local environment.

Distributed computing at the edge appears as an answer to these challenges, offering lower latencies, greater resilience to failures, and higher levels of cybersecurity and privacy in the data stored and processed.

So much so that some analysts already indicate that Edge AI, i.e. the ability to run artificial intelligence algorithms on distributed machines with limited resources, will probably be one of the technology trends that will have the greatest impact on the results of many companies.

The leap will be greater in those industries and areas that manage highly distributed and critical assets, where the cloud has not been able to penetrate. Energy generation and distribution, transportation, or water treatment and supply are simple examples where Edge AI is beginning to transform the operations and future results of those who operate these businesses.

While the applications are varied, from computer vision to detect anomalies and predict failures, to complex mathematical calculations to adapt processes in real time in ways that a human mind could never do, what all these cases share is that the Edge is accelerating the convergence of IT (information technologies) with OT (industrial automation technologies) .

Industrial Cybersecurity in the Spotlight

Of all the challenges involved in this convergence, the one that is viewed most warily by industry is the challenge of cybersecurity. Traditionally, the security of industrial systems has been achieved by isolation, but as Barbara's Industrial Cybersecurity 2022 report shows, companies are increasingly likely to connect industrial systems with IT systems, making them more accessible to cybercriminals, and more vulnerable when using technology stacks designed for a less critical world.

As a GE report reveals, 67% of critical asset companies surveyed suffered at least one cyberattack during 2021, some of them have become very notorious as industrial, we have seen high-profile attacks such as the one suffered by the companies Colonial Pipeline and SolarWinds,which put thousands of organizations in check in the United States.

Edge computing as a digitization tool, being more distributed and isolated, is by definition more secure than the Cloud. But that does not mean that it is risk-free, since being connected in many cases directly to sensors, actuators or industrial equipment makes it a clear target for cybercriminals. Moreover, this distributed nature also makes it more complex to manage in terms of monitoring and protection.

What are some best practices for ensuring the cybersecurity of an edge infrastructure? As always in these cases, it is a matter of properly combining three aspects: people, technology and processes.

Combining people, technology and processes

Starting with people, a transversal aspect of any company or technology, but probably the most important. It is essential that from a certain size and criticality of managed assets, a company has a CSO (Chief Security Officer) with a dedicated budget, but above all with objectives and metrics agreed with senior management, in the same way that other areas of the company work.

This CSO must have a team of cybersecurity experts who can be able to define requirements and manage and operate their suppliers. All of this is currently a challenge, as the talent gap in this area is high. In Spain alone, more than 24,119 positions remained unfilled according to Observaciber's 'Analysis and Diagnosis of Cybersecurity Talent in Spain'.

In the technological field, Edge Computing requires very specific capabilities. One of the most important aspects is to have the ability to update with security patches the hundreds or thousands of nodes distributed throughout the operations, an aspect that many companies neglect and that ends up leaving "holes" as time goes by and the software of the Nodes becomes more and more vulnerable.

In addition, network "segmentation" is another fundamental aspect, whereby the Edge Nodes must be able to operate without the need to accept incoming connections without exception, so that the possibilities of attack are reduced to the maximum.

Finally, and also linked to the distributed nature of the Edge, it is essential to have good centralized monitoring tools, such as "SIEM", and a Security Operation Center -generally outsourced- that allows us to identify early warnings at any point in the deployment, in order to act as soon as possible.

All these technological recommendations are perfectly encompassed in the standard that is becoming a reference for securing industrial IT/OT connected environments, the IEC-62443, which has four degrees of cybersecurity, and can be an excellent framework for certifying an Edge Computing deployment in critical environments .

Certifications should undoubtedly be at the heart of the processes to be carried out to raise the security level of an organization, and included in all of them is the most important process that must be perfectly defined: incident response. Because the question, for industrial companies that are undertaking a process of digitization of their assets and core processes through Edge Computing or other alternatives, is not if they will have an incident, but when they will have one, and how they will manage to minimize the impact.