In this episode, Darren hosts Carla Trevino, Solutions Architect, Irdeto, to talk about the importance of security in critical infrastructure.
Carla is originally from Mexico, living in Amsterdam after living in several countries, including Germany, over the past four years. She studied industrial and mechatronic engineering, then after working for a few years in the field, she earned an M.S. in mobility systems engineering, where she focused on autonomous vehicles.
The definition of OT critical infrastructure is any point that can trigger chaos in the real world. This is very different from IT infrastructure; IT lacks vital infrastructure. In the OT world, people can die if things go wrong. There can undoubtedly be chaos in the IT world, but the problem can be solved by fixing things. When there is chaos in critical infrastructure such as transportation, accidents can happen, and people’s lives are at stake.
There has been an uptick in the importance of security in critical infrastructure in the last five years, and certainly during the COVID pandemic; critical infrastructure has been relentlessly attacked in some cases. This can be attributed to people becoming bored and more creative, but also because the attack surface increased with the sudden shift to remote work, which broke down some of the security measures previously in place.
In transportation, part of the issue is the increase in connectivity, which brings potential attacks. Customers want more services, and companies want more data and access to information. With that comes opening up the transport network. The air gap, which previously offered safeguards, is diminishing.
The industry cannot use security measures that IT has been using for years because IT and OT are entirely different. It is generally standardized, whereas OT is not. OT has a massive ecosystem with significant differences in devices that follow other protocols and implementations. For example, every country has different implementations. OT is also on another level because lives are literally on the line.
Another difference between IT and OT critical infrastructure is that in IT, if there’s a problem in your network, you can isolate it and even shut it down and move the workload elsewhere. That is not possible in critical infrastructure, so the approach is different.
The danger is that IT and OT networks have collapsed because of the desire for more connectivity, and at the same time, there has been an increase in cyber threats. Irdeto seeks to educate the industry on the complexities of these problems and offer solutions. It’s all about preventative solutions, not reacting after a disaster strikes.
Carla says organizations must have experts for security. Developing security in-house based on mandated standards is not good enough as the standards run behind the development.
Irdeto has been securing critical infrastructure for 50 years. They have about 1,000 employees, and 70 percent of them are in research and development to keep on top of what type of attacks are happening today and what kind of attacks can exist in the future. Irdeto strives to be one step ahead or future-proof. Their services evolve as the system evolves.
Irdeto can help customers who know what they need, whether PKI, keys and credentials, lifecycle management, or software protection. They can also help customers who do not know what they need and provide lasting solutions as threats evolve.
For more information about Irdeto, go to their website Irdeto.com/connected-transport to learn more about their products or contact them directly.
Notices and Disclaimers
Intel® technologies may require enabled hardware, software, or service activation.
No product or component can be absolutely secure.
Your costs and results may vary.
Intel does not control or audit third-party data. You should consult other sources to evaluate accuracy.