Skip to content

Term of the Week: Hardening

What is it?

The act or process of making a network, data repository, sensor, computer system, software, or other equipment resistant to unauthorized access or damage.

Why is it important?

Unauthorized access is one of the primary catalysts for operational, financial, strategic, legal, and other damage to an organization. These breaches also increase the risk of harm to third parties, including customers, patients, and other stakeholders. Hardening hardware, software, and data systems is a key risk mitigation strategy.

Why does a business professional need to know this?

Hardening is necessary when there is a mission-critical need to:

  • Protect information, content, or application data such as health records, credit card information, intellectual property, or location information
  • Ensure continuous availability and reliable performance of facilities such as electric grids, factories, or data centers
  • Safeguard hardware and other resources, such as computer servers, passenger vehicles, building sensor networks, or point-of-sale systems

Hardening is an ongoing, never-ending process that business professionals must understand and support. Frequently, the value of hardening -- and the need to invest in workforce development and processes -- is not apparent until a high-profile failure occurs.

A recent galvanizing event was the loss of credit card information for 40 million Target customers during the 2013 Christmas season(Radichel 2014). This breach resulted in a 46% drop in profits for that quarter, a CEO exit, and nearly $150 million in settlements. The vulnerabilities exposed included significant failures in hardening networking and other equipment found in most businesses.

In 2016, a Distributed Denial-of-Service (DDoS) attack left Twitter and Reddit inaccessible for many US web users(Meyer 2016). Similar questions about the amount of hardening applied to in-flight entertainment systems were raised in 2015, when a cybersecurity researcher was accused of unauthorized access to flight systems and issuing a command to one of the airplane engines that resulted in a change of flight movement(APTN News 2015).

Security industry analysis indicates that crisis planning and the application of lessons learned from a breach can minimize losses. Effective teams should be multi-disciplinary to ensure deep subject-matter expertise and capabilities. Funding for these teams should be available from product/service conception to end of life, because hardening approaches can differ at each point in the lifecycle.

Security culture has developed a number of ways to share lessons learned and build practical expertise in identifying and fixing vulnerabilities across a wide array of equipment and software. Investing in continued learning, such as conferences and certification, empowers cybersecurity teams to plan for, prepare for, and address the ever-shifting threat landscape.

References

About Linda Maepa

Photo of Linda Maepa

Linda Maepa brings several decades of information systems, cybersecurity, and systems science experience to the energy sector. She currently leads an energy and transportation advisory and project development firm. She is an active advisor to academia, government, and industry worldwide regarding energy and economic security, energy sector cyber-physical security, risk management, energy storage, and project finance. She holds a BS degree from the California Institute of Technology (Caltech) and is currently writing the first book in the Cyber-physical Security and Battery System Design series.

Term: Hardening

Email: linda@electroferocious.com

Website: electroferocious.com

LinkedIn: linkedin.com/in/lmaepa

Leave a Reply