Silos, Collaboration and Blockchain: The Future of Cybersecurity
Interviewee: George Eapen, Chief Information Security Officer for GE Digital, Middle East, North Africa, Latin America, Europe, Russia, South Asia and Asia Pacific
In a wide-ranging interview with Hewar, George Eapen explains how cybersecurity has evolved its focus over the years, as well as why breaking down silos must be priority number one for CISOs, and why he’s excited about blockchain’s potential to strengthen data integrity.
His insights demonstrate why this year alone he’s been named for the CISO Awards by both the Middle East Security Association and the Security Middle East magazine and, was also featured in the Security Middle East magazine and also as a speaker in GISEC, largest Cyber conference in the Middle East
Q. To set the scene, can you explain how IT security, cybersecurity, information security and OT security are related?
Actually, what these terms reflect is an evolution. In the beginning, there was “IT security,” which looked to keep IT systems safe and available. You’d patch software and keep computer antivirus software updated.
This evolved into “information security,” as we began to focus on the value of data and intellectual property, and how to prevent its leakage and protect its integrity. Next came “cybersecurity,” as we began to use logging and network traffic monitoring to enable more advanced capabilities, such as threat analysis, and to identify behavior-based patterns using algorithms to identify anomalous behavior that could signal potentially suspicious activity.
We’re now at the point where cybersecurity is evolving into “digital security.” Today, API interfaces, cloud computing, and the industrial internet of things are creating a new world of interconnected digital risks linking customers, supplies and partners.
Q. Is this where operational technology (OT) security comes into play?
Yes, that’s right. In the past, OT components such as SCADA (supervisory control and data acquisition), human-machine interface (HMI), programmable logic controllers (PLCs), and industrial control systems (ICSs) were generally safe because they were not connected to the internet. But with digital industrial and IIoT solutions that are helping plant operators improve efficiencies, availability, predictive maintenance and other operational improvements, OT components are now exposed to the internet and to attack.
Q. Is the risk the same for both legacy OT systems and new ones?
Yes, in that both old and new are at risk; however, the approach we take to address this risk is different. For new equipment and systems, the best solution is “security by design.” That means ensuring that digital security is baked into the product or solution from the start and is integral to the entire product lifecycle.
For older OT systems and equipment, their operational lifetime is 20 or 25 years. That means there are lots of systems operating today that were commissioned before most of us had even heard of the internet. They also likely using old software with code that over the years has been identified as having a number of vulnerabilities. These weaknesses are well known to bad actors.
For those OT systems, the solution is about securing the perimeter — restricting and managing traffic to control for what is coming in and going out.
Q. With this brief history as prelude, what’s the top challenge today for CISOs and other security and risk officers?
Ensuring collaboration and breaking down information silos. The threats today are coming from sources halfway across the globe as much as across town. They are originating within our own industry or from another industry entirely. They may be identified by a government entity or the private sector. You could be compromised through a different department, a subsidiary or partner.
That’s why we have to build a 360-degree view of our security to really get all the right information. We need to collaborate both within and across geographies; within and across industries, across our own organization, and with all our business partners.
It’s no longer safe to think that some problem identified in Australia is too far away to be relevant to our operations in the Middle East, or that some vulnerability affecting the aviation sector is of no relevance to power generation.
The reality today is that neither industry nor geography can provide protection. Threats, vulnerabilities and attack vectors can flow seamlessly in any direction. And that means collaboration is key.
Q. I take from this that as you look ahead, collaboration will be your mantra. What else does the future hold?
Blockchain-based digital security solutions. Blockchain can provide CISOs with some extremely powerful capabilities that can help us secure our systems and data. First, it’s distributed ledger structure means we may be able to use it to control the execution of administration rights.
Today, if you’ve been given such rights, on your own, you can take action that could cause extensive harm. But, if your admin rights were structured on a blockchain, and two or five other people had the same rights, you wouldn’t be able to make changes on your own, as the blockchain could be structured to require a majority when changes of a certain type were being attempted. It’s like the movies, where it requires two people to turn keys to launch certain types of attacks.
Q. What’s the second aspect of blockchain that’s so powerful?
As the name implies, the technology involves the addition of consecutive blocks, each of which represents some sort of transaction. What’s so promising is that every time a new block is added, it generates a new hash and a timestamp.
This means data integrity is built into the heart of blockchain’s technology. Today, I have to check logs to see how data has changed, but with blockchain, I can look directly at the hash key and timestamp to understand what’s changed in a piece of data.
Read more stories here about how GE Digital is helping customers across the Middle East, North Africa, Turkey and Pakistan region use digital industrial solutions to improve operations while ensuring the security of these solutions.