Staying Ahead with Holistic Perimeter Defense in IT and OT Security

As a Solutions Engineering Manager at OPSWAT, staying on top of emerging trends and technologies in cybersecurity is both a professional responsibility and a personal passion.

Unsurprisingly, there continues to be a lot of buzz and active discussion around AI and its implications across the cybersecurity space. Sessions and content that explore AI-related topics consistently draw strong interest, with many looking to better understand how it can be used both defensively and offensively.

While AI dominates many current conversations, another equally important challenge I’ve been focusing on is how to strengthen perimeter defense—particularly how to build a holistic strategy that bridges both IT and OT environments, which are increasingly interconnected.

The key principles for holistic perimeter defence strategy include:

• Minimise Attack Surface: Focus on reducing vulnerabilities and potential entry points for cyber threats to enhance overall security posture and resilience;

• Address Weak Links: Prioritise addressing vulnerabilities within organisations, focusing on the weakest links rather than solely relying on perimeter defences;

• Secure Data Transfer: Implement robust encryption protocols and data transfer mechanisms to safeguard critical assets’ integrity and confidentiality;

• Proactive Defense: Adopt a proactive approach to identify and mitigate threats before they escalate rather than reacting after incidents occur; and

• Tailored Threat Prevention: Leverage advanced threat prevention technologies tailored to specific organisational needs and threat landscapes.

These steps made the OPSWAT Australian team think about how it can align information in its presentation with the Australian Signals Directorate’s Information Security Manual (ISM). The plans will hopefully guide how OPSWAT can help prevent the exploitation of known attack vectors while also being within the recommended guidelines from the ASD.

Mapping ASD Guidelines to Perimeter Defense Strategies:

Guidelines for Data Transfers: Describes controls for both manual data transfers and data transfers using Gateways or Cross Domain Solutions.

• Manual import of data – ISM-0657; Revision 6, Ensure the data is scanned for malicious and active content.
• Manual import of data – ISM-1778; Revision 0, All data that fails security checks is quarantined until reviewed and subsequently approved or not approved for release.
• Manual export of data – ISM-1187; Revision 3, Data is checked for unsuitable protective markings.
• Manual export of data – ISM-0669; Revision 6, Keyword checks are performed within all textual data.

Guidelines for Media: Describes controls to enforce management of media, including removable media usage.

• ISM-1600; Revision 1, Media is sanitised before it is used for the first time.
• ISM-1642; Revision 0, Media is sanitised before it is reused in a different security domain.

Guidelines for Gateways: Zero-trust architecture is gaining traction as organisations recognise the necessity of fortifying their security postures in a perimeter-less environment, enhancing access controls and reducing the attack surface.

• ISM-0626; Revision 6, Cross Domain Solutions are implemented between Secret or Top-Secret networks and any other networks belonging to different security domains.
• ISM-0635; Revision 7, Cross Domain Solutions implement isolated upward and downward network paths.
• ISM-1522; Revision 3, Cross Domain Solutions implement independent security-enforcing functions for upward and downward network paths.
• ISM-1521; Revision 3, Cross Domain Solutions implement protocol breaks at each network layer.
• ISM-0643; Revision 7, Evaluated diodes are used for controlling the data flow of unidirectional gateways between an organisation’s networks and public network infrastructure.
• ISM-0645; Revision 7, Evaluated diodes used for controlling the data flow of unidirectional gateways between SECRET or TOP SECRET networks and public network infrastructure complete a high assurance evaluation.
• ISM-1157; Revision 5, Evaluated diodes are used for controlling the data flow of unidirectional gateways between networks.
• ISM-1158; Revision 6, Evaluated diodes used for controlling the data flow of unidirectional gateways between SECRET or TOP SECRET networks and any other networks complete a high assurance evaluation.
• ISM-0659; Revision 6, Files imported or exported via gateways or Cross Domain Solutions undergo content filtering checks.
• ISM-0651; Revision 5, Files identified by content filtering checks as malicious, or that cannot be inspected, are blocked.
• ISM-1288; Revision 2, Files imported or exported via gateways or Cross Domain Solutions undergo antivirus scanning using multiple different scanning engines.
• ISM-0649; Revision 8, Files imported or exported via gateways or Cross Domain Solutions are filtered for allowed file types.
• ISM-1287; Revision 2, Files imported or exported via gateways or Cross Domain Solutions undergo content sanitisation.

Guidelines for Software Development: Recent supply chain attacks underscore the urgency of securing the entire supply chain ecosystem. Enhanced vetting processes, continuous monitoring, and threat intelligence sharing are imperative for mitigating supply chain risks.

• ISM-1730; Revision 0, A software bill of materials is produced and made available to consumers of software.

Guidelines for Email: Proactive risk management and the cultivation of cyber resilience are paramount as cyber threats grow in sophistication and unpredictability. Comprehensive risk assessment frameworks, incident response plans, and cyber insurance are essential components of resilience strategies.

• ISM-1234; Revision 5, Email content filtering is implemented to filter potentially harmful content in email bodies and attachments.
• ISM-0270; Revision 6, Protective markings are applied to emails and reflect the highest sensitivity or classification of the subject, body and attachments.

• ISM-0271; Revision 3, Protective marking tools do not automatically insert protective markings into emails.

• ISM-0272; Revision 4, Protective marking tools do not allow users to select protective markings that a system has not been authorised to process, store or communicate.

By aligning cybersecurity strategies with ASD guidelines, organisations can strengthen their security posture, reduce exposure to evolving threats, and ensure alignment with national standards—all while building a more resilient, future-ready infrastructure.