Being Compliant Isn’t Secure Enough for Critical Infrastructure


            By: Marco Berger, Head of Utilities and Critical Infrastructures Vertical Solutions at ECI





            The attacks against critical infrastructure worldwide should be a reminder that there is a big difference
            between  network  security,  and  only  meeting  basic  compliance  mandates.  Cybersecurity  is  now  a
            constant concern for utilities and other critical infrastructure operators, especially as new exploits make
            headlines almost daily.




            With the number of changes impacting the critical infrastructure market, including but not limited to the
            need to replace older SDH/SONET OT networks with new optical-packet technologies, the Distributed
            Energy Resources effect (DER) that requires a smarter grid with more sensors and IoT technology, the
            convergence between IT and OT networks due to new IP-based applications and services, increased
            automation  of  metro-railway  systems,  an  increase  in  bandwidth  and  connectivity  requirements  and
            physical security threats to critical assets, there is an ever-growing awareness toward finding a much
            more holistic cybersecurity answer to protecting all of these assets.



            Rather than depend on basic compliance, here's a look at the main pillars needed for a complete security
            solution:









                                 84