Editing Chapter 6: Edge Security and Privacy (section)

====SOLUTIONS IMPLEMENTED====
To solve these problems, stringent onboarding procedures were put in place: each sensor or
controller must now present a digital certificate signed by the organization before being allowed
onto the network. Any unknown device attempting to gain access is rejected and notification
alerts are immediately sent out to ensure the remedying of bogus sensors does not take place in
future.
Additionally, they created a blockchain ledger to monitor device identities and to log any
configuration changes over time. Every new addition or firmware update triggers a blockchain
transaction being recorded to guarantee the creation of an immutable audit trail that can be
reviewed by IT as well as OT (operational technology) teams increasing trust and accountability
between departments. They segmented their network by listener and gateway: your sensors only
talk to local gateway, and then your gateway only talks to central controls understanding that if
any one part is breached there are limitations to how much of your network is attacked. More
importantly, they rolled out an AI-powered detection system that monitored sensor readings for
abnormalities.
For known rogue sensors where outputs were statistically different from expected machine
behavior; it is likely that ML models would have picked up on this irregularity early enough to
allow for preemptive safety shutters before doing damage.In addition, maintenance processes
were revised to ensure that scheduled downtimes were regular intervals of time explicitly
dedicated towards security (for example, patching software vulnerabilities and routine
equipment calibration checks). Training of staff on basic cyber hygiene such as ensuring that a
USB drive or laptop was validated before connecting it into the organization edge networks have
reduced the threat of the organization network being infected by malware.