What’s In Your Switch?

The need for robust and secure networks is more important as the world becomes increasingly connected. With the emergence of things like the Internet of Things, data has revolutionized business operations by connecting assets within cells, plants, and facilities around the globe. However, with this increased connectivity comes an increased risk of cyber attacks. The result clearly indicates the growing threat that cyber attacks pose to businesses and organizations of all sizes. One key component of any network that is particularly vulnerable to these attacks is the switch.

Switches are the backbone of any network, connecting devices and allowing them to communicate with each other. Without switches, networks would be unable to function, making them a prime target for cyber attackers. If compromised, an attacker can gain access to sensitive data through backdoor communications or corrupted firmware, causing damage to the network, the organization, and the company’s brand. Given the criticality of a switch, why would anyone install hardware they didn’t have complete confidence in? If mitigating your network security risk starts with your switches, then it is vital that you know the sources of where they were manufactured.

In recent years, there has been a growing emphasis on the need for critical infrastructure switches that are manufactured in the United States and other non-adversarial countries, that are built to  ISO supply chain certified standards. In doing so, companies can ensure that the switches have been built to rigorous specifications and are less likely to be compromised by cyber attackers. This is essential for any industry that handles sensitive data and needs to protect its infrastructure.

An easy thing to watch for is where the switch is made. Some countries may not have the same level of security as the United States and these switches may be more susceptible to cyber attacks or may contain compromised hardware or firmware. This is a significant concern for businesses that rely on critical infrastructure, such as power and energy companies, as a single point of failure in a switch can result in significant damage to the network and the organization. One example of this vulnerability is the 2020 SolarWinds attack where the company unknowingly sent a software update to thousands of customers containing hacked code. This breach created a backdoor to those customers’ IT systems where malware was then able to go unnoticed for months, spying on businesses including multiple US government agencies and Fortune 500 companies.

Another example is that there have been a number of security alerts in recent years where regulators have asked operators of critical infrastructure assets to audit and then remove and remediate software and hardware components that came from adversarial countries due to high cyber-security risk. When architecting new projects or refreshing OT network systems, purchasing critical infrastructure switches will prevent an episode like this on your switch gear.  Purchasing commodity switches with unknown content can make it difficult to quantify this type of risk.

To prevent similar attacks, it is imperative for businesses to source from switch manufacturers that they trust. Taking it one step further, you may want to consider investing in software-defined networking (SDN) switches, which are designed to be more secure and provide better visibility and control over the network. SDN switches provide a centralized view of the network, allowing network administrators to monitor and control the network in real time. This is essential for detecting and preventing breaches, as well as protecting sensitive data and information from unauthorized access. By forgoing SDN-enabled switches, you are opening yourself up to an increased risk of a cyber attack.

In summary, as the world becomes more connected, it is important to research your vendors and the hardware sources they are using to build their products. By investing in switches that are made in the United States, businesses can reduce the risk of cyber attacks and ensure that their networks are secure. If you have questions about critical infrastructure switches, contact us today.