Smart Industry: Why are networked legacy assets particularly tricky to protect from cyberthreats?
James: Rigid architecture and hard-coded configuration make both protection and recovery from cyberthreats challenging. These are often compounded by a lack of automatic threat-detection capability in the networked system.
This situation is similar to a building with no fire-prevention equipment nor an evacuation plan in place, so a tiny electric spark could result in a catastrophe. Generally speaking, once an early attack indication is detected, it is a race against the clock to reconfigure and lock down the affected region and scale down services—and, at the same time to record any suspicious activities to assist onsite security experts for diagnostics and planning for a counterattack or service recovery.
Smart Industry: What’s an example of how to scale your digital transformation efforts securely?
James: About six years ago, Wind River started its own digital transformation. Functional safety and security are keys to our products, which are tested continuously. There were three lessons learned about a successful digital transformation: 1) Start small and be specific, 2) Scale both up and down fast with automation, and 3) Create a digital feedback loop to make data-driven engineering decisions.
Smart Industry: You have an interesting educational background. How does philosophy factor into your work with cybersecurity-implementation approaches?
James: Actually, I consider myself a software engineer, and I believe well-designed software should stand the test of time.
Over the years working in many interesting projects, I learned to ask myself, “What is the right thing to do, before doing the thing right, while knowing you are often wrong?”
Hence, a practical cybersecurity implementation should be flexible to empower engineers to make swift updates when required. We should always simulate and test assumptions to continuously challenge the system, and not be afraid to make calculated decisions based on telemetry collected.
Change is the only constant in life. There are always new cyberattacks; hence security measures need reflection continuously.
Smart Industry: What most concerns you about the current state of cybersecurity?
James: I am concerned that project teams have cognitive bias resulting in a bipolar attitude toward cybersecurity—either completely ignoring cybersecurity measures or thinking cybersecurity is too complex and delaying toward the latter part of the design cycle. The key to a successful deployment is understanding what is just enough cybersecurity for the product and implementing an automatic test framework before building the product.
Smart Industry: What most encourages you about the near future of cybersecurity?
James: Based on feedback from webinars and working with my customers, it is encouraging that more people are aware of the importance of cybersecurity and agility in design. Also, simulation and DevSecOps practices have become part of engineering standards in middle- to large-size organizations, while automation tools are becoming more affordable, contributing to a growing adoption trend.
