CNI Checklist 1 – Identify and Assess Every Connected Device

While many IT and OT projects still frame these as separate services, run by different teams, and in some cases still on separate networks, the reality we face is that various ingress and cross over points will exist. These include: shared internet access, remote and management hooks or a USB thumb drive being physically plugged into an ‘isolated’ system. 

Taken together, the result is in an increase in attack vectors, cyber security risks, and increased network exposure. 

The first step to addressing risks and vulnerabilities is to identify and assess the environment. North’s security assessment focuses on this by reviewing systems, assets, data and capabilities, categorising and then addressing security risks in your OT and IT environment and creating a pathway to resolve and manage future risks. A high-level review of alignment with key regulations, standards and industry best practice is also shared. 

It is then possible to prioritise projects that align with strategic business objectives which in conjunction with assessment outputs, inform a cyber security resilience roadmap and journey towards a Zero Trust Security Architecture. 

Key Outcomes for Data Centre and CNI customers: 

• Protect Critical Infrastructure: Building management, physical security and smart, connected environmental systems are critical to a successful and secure Data Centre operation. Failure of these systems can have severe consequences, including service disruption, loss of visibility and reporting, and even risk to life. OT security helps protect these critical systems from cyber risk. 
• Business Continuity: OT systems often run continuously, and disruption can result in downtime, lost revenue, and business risk. OT security ensures continuity of operations by protecting systems from IT security threats. 
• Protect Intellectual Property: Intellectual property such as customer data, trading information and proprietary data are valuable assets. OT security helps to protect these assets from theft or damage due to ransomware and other security threats. 
• Compliance: CNI categorised organisations are subject to regulatory requirements that mandate security standards. OT security helps organisations comply with these regulations by implementing the necessary security and reporting procedures. 
• Maintain Reputation: A cyber-attack can cause significant damage to an organisation’s reputation alongside any financial impact. OT security helps prevent such attacks, protecting brand and reputation. 

Cybersecurity and resilience begin with visibility. By identifying and assessing all every connected device, it allows for a proactive threat response to be implemented. 

As the lines between IT and OT continue to blur, and as supply chains grow increasingly complex, the ability to secure every connection becomes vital to aligning with key regulations. Attackers are increasingly not focusing on the data directly but side-stepping conventional paths to instead look for vulnerabilities in the actual systems and devices designed to protect the data. 

By assessing and understanding all your devices, it lays the groundwork for zero trust, segmentation, and robust supply chain resilience.