10451951293?profile=RESIZE_710x

In this week’s blog, we’re sharing insights based on our latest interview with Sachin Shah. He is an experienced information security leader with more than 20 years of experience. He is currently the Chief Technology Officer, OT at Armis and a member of the UCSB Advisory Board. Within Armis, he is responsible for setting a technology standard, outlining the goals, resources, and timelines for the research and development team of all technological services, and much more. Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IOT devices.

Today’s topic is focused on the technological advancements around life safety systems and critical infrastructure systems, which are also known in the cyber-world as the “cyber-physical systems.”

What are Life Safety Systems and Critical Infrastructure?

Life safety systems are made up of several components that are all designed to promote the safety of the occupants of a building or any other infrastructure. Critical infrastructures include nuclear power plants, power generation, hospitals, emergency services, and financial services, just to mention a few — but of course, life safety systems are integrated in each building to protect facilities and the people in it from fires, break-ins, or other emergency situations.

Considering the vast amount of components and safety requirements, it’s important to look into these from a broad perspective, and not only just from one single niche standpoint, like IT or IOT alone. This can be demonstrated with an example that is something we use often in our daily lives, such as with how Google Maps work. Just like the way Google Maps is a basic map providing all the information that you need to find a location to get from point A to point B, it also goes much deeper into providing the details and the context that dramatically enhance the information that is available to you. This includes the locations, good restaurants, vegetarian options, dietary restrictions, or whether restaurants can serve many people. Similarly, life safety systems and critical instruction should be approached the same way, since you need to understand what’s happening at a larger scale within your infrastructure to understand the visibility of it to provide better protection and security.

Why is this approach crucial?

There are three main reasons why we should look at life safety systems from a broader perspective. Firstly, critical infrastructure directly deals with life safety issues. That on its own could become a big risk factor if not handled properly. Secondly, it has a direct impact on the environment — especially in the infrastructures such as power plants. Thirdly, the industrial production interruption can be better explained as a sort of factory down. For instance, if an infrastructure is going to be running or the main engine covers the life safety of employees or the people who are working within the factory or operations, it is tremendously important.

This also explains why these are called critical infrastructure. It’s not the terminology that is used by just anybody else, but it’s coined by all the governments. It is therefore extremely important to protect this infrastructure. That means you need to utilize technological advancements to the most, and consider systems that enable a real-time, and integrated safety and security system.

Risk and Critical Infrastructures

The risk is aversive in terms of how it’s always going to be adjudicated in your environment. It’s how much you can mitigate, and remediate. These are 24/7, 365-day continuous operations. With that being the case, the risks are also always present. On that note, risk management is an absolute ingredient as part of the critical infrastructure. However, organisations should not be just focusing on the risk posture and do the mitigation since without a broader asset visibility as to what the asset is running on, you might still encounter quite a few operational risks or environmental risks in particular. Organisations should instead utilise advanced technologies such as great risk management solutions and safety systems hand in hand.

Critical Infrastructure on Manufacturing Sector

Critical infrastructure is embedded in each and every sector. In our interview, to give more in depth information on why a broad approach is crucial, Sachin has shared some examples from the manufacturing sector. Understanding of the manufacturing sector is quite a broad term, and it can range from critical manufacturing or ministerial manufacturing. With that being said, it is a great example, as you have to think about what it encompasses in detail based on the specific thing you are manufacturing. For instance, you have to know everything that a particular country, region, state, or a city does about that type of manufacturing. And this can range from for example, automatic car productions, or cloud production or medicine production. All these things are under the term of manufacturing.

Regardless of what they are producing, within a manufacturing factory, you have to encompass quite a few industrial control systems or an operator in operational technology systems that run the factory. Although the amount of safety measures might differ depending on what you are manufacturing, you need to incorporate various systems such as life safety systems, fire systems, security systems and so on.

If you are manufacturing something specific or considered more dangerous, you will need to implement even more than that. For example, some gases and chemicals are not commodities that you can buy out in the open market. You really need government permission to process these chemicals in your factory plant. And the chemical in question is not something that you, as an individual, can handle. It requires the appropriate skill set and the certification issuance from a government agency to have a permit to process these chemicals in your plant because these are deadly chemicals.

This is why while doing factory production; it all goes back to the three main reasons we’ve mentioned, starting with life safety. On top of that, if one of these chemical factories surrounds public property, and one of its wastewater treatment or chemicals has a leak and goes into the nearby public property, that is an environmental disaster in the making. This also goes back directly to the branding of a company. In short, protecting these core keys and assessing critical infrastructure in depth and broadly with the right technology is extremely imperative.

Takeaway point to Ensure A Better Safety on Critical Infrastructure

When looking into creating a better safety and security system, avoid going into point-blind solutions such as, “I just want to protect my factory”. This will result in a situation where you may not have information or equal protection for each aspect of the safety. For instance, from an IT standpoint, people should not be saying they only care about IT systems. Going back to the Google Maps analogy, if you want to go from point A to B, you want to understand everything that is in between. It could be a blocked route, if a route, an accident, or a fire. Similarly, when it comes into the enterprise world, you must understand all your assets, not just IT, operational technology, ICS, internet of things, or industrial IOT; you need to understand what’s happening within all aspects of your infrastructure to provide proper protection while making good use of the technology.

Closing Words

For now, this sums up the key points of our interview. As the Global Risk Community team, we once again thank Sachin Shah, for providing insights on life safety systems and critical infrastructure from a broader perspective. More information about this topic is available in our original interview, which is accessible here.

  
Votes: 0
E-mail me when people leave their comments –

Ece Karel - Community Manager - Global Risk Community

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead