• The ASD’s ACSC recommends ‘Secure-by-Design’ best practices for network security, wielding as essential factors when choosing a vendor or digital product in the critical infrastructure supply chain.
• The principles of Secure-by-Design is a ‘proactive’ risk-resilience methodology, applied best with its ‘reactive’ and ‘in-built’ development model counterparts i.e. Secure-by-Demand and Secure-by-Default, respectively.
• Latest trends in network security may create a buzz in the market but might hold you back than push forward if followed insubstantially.

The organisations in the critical infrastructure sector are coming to the realisation that compromising on cybersecurity mechanisms has more implications than just data breach. In the chase for the most comprehensive and latest solutions, they are falling for the newest buzzwords that may not be the best practice for them.

While it’s aspirational to stay competitive by leading the industry trends, but following them comes with the innate risks of an under-developed technology or nascent implementation model which can do more harm than good, for your critical assets. And security doesn’t just end at deploying a solution but runs throughout the supply chain, which includes product developers, manufacturers, asset owners, operators, and such various parties involved with the systems.

The Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) calls to action the ‘Secure by Design’ initiative by Cybersecurity and Infrastructure Security Agency (CISA’s). These advisory principles are formulated in consultation with the peak body institutes, organisations, governance, and regulatory bodies, ethical hackers and so on.  

Let’s debunk the different approaches or ‘best practices’ in the ongoing security related discussions worldwide:

Secure by Design

A ‘risk-minimising’ approach, to proactively integrate security measures at the design stage and prevent incidents by prior testing and implementation. Applying design-thinking may involve encryption protocols, authentication mechanisms, and vulnerability testing.

Secure by Default

An ‘in-built’ development where security systems activate upon deployment due to the default configurations, without manual input from the user or administrator. It avoids the requirement of additional configurations which may be through multi-factor authentication and controlling access rights and responsibilities.

Secure by Demand

An ‘agile’ approach where security protocols are established on emergence of threats, by monitoring, identifying, and patching or tooling at a later stage. If a new vulnerability is discovered in the system after deployment, security patches or new measures are applied.

Secure by Strategy

The risk management strategy should be approached with the understanding that the IT-OT integration differs across assets, organisations, and industry domains. To address the emerging threats from new technologies, AI, IoT, and 5G, it is important to first assess priorities, business maturity, and compatibility with the existing foundation, as well as who to trust in the process.  

In the grand scheme of things, the common goal is to enhance operational efficiencies, seamlessly integrate advancements, and prevent cybersecurity blind spots. There are 16 sectors identified to have critical infrastructure with demanding security needs for their assets, systems, and networks.  

Following are the key elements recommended by experts as factors to vet all people, products, and processes dealing with critical infrastructure:

Open Standards

Open standards are guidelines or ways to keep the software development and functioning protocols ‘open’ with an intention to allow interoperability, consistency, open accessibility, transparent or unrestrictive implementation, and transferability. It helps lowering the cost of compatibility for future IT and OT requirements. Open standards can be applied through new encryption algorithms, advanced migration configurations, open logging formats, etc., while OpenID and SAML remain to be the essential open standard protocols responsible for ensuring strong authentication. ‍

Strong Authentication

For baseline security of critical infrastructure, strong authentication is not only good-to-have but a must-have for maintaining confidentiality, preventing social engineering attacks, and regulatory compliance. The identity access management tools are one of the great solutions for setting up multi-factor authentication and role-based authorisation of platform, devices, and sites. Other helpful solutions can be Passkeys, RSA SecureID, or cryptographic challenge response protocol

Threat Modelling

‍‍This is a proactive and structured approach to identify and mitigate risks by articulating hypothetical scenarios throughout the product lifecycle. Threats can range anywhere from device hacking to employee compromising sensitive information. So, threat modelling essentially involves threat landscape identification, Data Flow Diagrams (DFD) of attack, collaborative analyses and compatibility checks, risk management scores and calculations and lastly, countermeasures or defence mechanism. Buyers should seek products with transparent threat models to make an informed choice. ‍‍

Vulnerability Management

‍‍It is a reactive and continuous attempt at remediation of new and emerging risks to assets, systems, and networks. With upgrading, patching, and tooling at the centre, the process begins from asset discovery, tests and scanners, and transitions to Security Configuration Management (SCM), Security Incident and Event Management (SIEM), ending with protection and executing fixes on live production systems. Hence, buyers should look for products with transparency, clear documentation about patching procedures, penetration testing, and end-of-life policy for operators to plan effectively.

Secure Communications and Controls

‍The potentially latent threats of IoT devices draw attention to the need of modern zero-trust architectures. To avoid downtime due to adversities, simple deployment and renewal of certificates is a must and shouldn’t require the need of cyber experts. Digital certificates like Transport Layer Security (TLS) and Secure Socket Layers (SSL) help protecting data flow on the internet and offer encryption for internet-based applications, servers, and authentic machine-to-machine communication. As part of the process, public key helps maintain integrity of the communication through verifiability. Such secure communication network designs and controls create resistance to malicious commands and operator-errors, making it another influential factor in buyer decision.

Autonomy & Ownership

‍This pertains to owner’s autonomy and ability to independently manage operational efficiencies and exercise agency over products and risk management. It allows the owners to facilitate additional security, while eliminating barriers to data ecosystem and warranty policies restricting upgrades or testing. Another aspect here is the need and ease of having coordinated disclosure policy in place for a quick response and recovery time, phasing out the need for support/helpdesk contracts.

Secure Today, for Tomorrow

Building cyber resilient OT system requires a forward-looking outlook on security, starting with product design and extending through deployment phases. Buyers play a significant role in this ecosystem involving manufacturers that integrate security into operational workflows, support open standards, strong authentication, and maintain vulnerability management. By adopting these best practices, you can safeguard critical infrastructure whether you are the owner, operator, or supply chain vendor. It gives you immunity against evolving threats while ensuring business continuity and safety, across critical infrastructure, even in the face of evolving threats.