Cyber at the Edge

The idea

IT, OT, IoT, and AI are now one system. Assume breach. Design for containment, verification, and fast recovery.

Threat surface

• Devices and firmware (long-lived, hard to patch)
• Supply chain (updates, images, keys)
• Data/model abuse (prompt/command injection, drift)
• Control paths to physical processes

Pattern (what good looks like)

• Identity & inventory: complete asset list; device identity (mTLS/HSM); SBOM & firmware versions.
• Network: zones & conduits; micro-segmentation; default-deny allowlists; brokered control plane.
• Data: signed telemetry; tamper-evident logs; time sync; PII policy at the edge.
• Access: least privilege; JIT access; MFA; session recording; break-glass with audit.
• Detect/Respond: edge EDR; anomaly + canary sensors; playbooks; drills quarterly.
• Safety: rate limits; dual-control for critical commands; local kill-switch.

First 30–60 days

• Build a live asset inventory; tag crown-jewel systems and flows.
• Create zones; block east-west by default; stand up a zero-trust remote access gateway.
• Enable signed logging (syslog/time-series); verify time across fleet.
• Choose one control loop; add human-in-the-loop, command logging, and rollback.
• Run a 90-minute tabletop for an edge breach; fix the gaps you find.

Signals / KPIs

• % assets inventoried & authenticated; patch latency (days)
• MTTD / MTTR; unauthorized comms blocked/week
• % signed messages; time to revoke/rotate keys
• # of successful drills/quarter; change failure rate for security changes

Risks & mitigations

• Legacy gear can’t auth: put a gateway/diode in front; isolate.
• Over-segmentation breaks ops: canary segments; staged policies; change windows.
• Supply-chain tampering: signed artifacts; SBOM checks; vendor security questionnaires.
• Human error: least privilege; runbooks; drills; clear break-glass.

If it moves electrons, it deserves identity, logging, and a plan to fail safely.